def decorated_function(): if request.method == 'GET': args = request.args elif request.method in ['POST', 'PUT', 'DELETE']: args = request.form else: abort(405) if 'Authorization' in request.headers: token_match = auth_bearer_re.search( request.headers['Authorization']) if token_match: token = token_match.group(1) else: # Unrecognized Authorization header return resource_auth_error( _("A Bearer token is required in the Authorization header" )) else: # No token provided in Authorization header return resource_auth_error( _("An access token is required to access this resource" )) authtoken = AuthToken.get(token=token) if not authtoken: return resource_auth_error(_("Unknown access token")) if not authtoken.is_valid(): return resource_auth_error(_("Access token has expired")) tokenscope = set(authtoken.effective_scope ) # Read once to avoid reparsing below wildcardscope = usescope.split('/', 1)[0] + '/*' if not (authtoken.auth_client.trusted and '*' in tokenscope): # If a trusted client has '*' in token scope, all good, else check further if (usescope not in tokenscope) and (wildcardscope not in tokenscope): # Client doesn't have access to this scope either directly or via a wildcard return resource_auth_error( _("Token does not provide access to this resource") ) if trusted and not authtoken.auth_client.trusted: return resource_auth_error( _("This resource can only be accessed by trusted clients" )) # All good. Return the result value try: result = f(authtoken, args, request.files) response = jsonify({'status': 'ok', 'result': result}) except Exception as exception: exception_catchall.send(exception) response = jsonify({ 'status': 'error', 'error': exception.__class__.__name__, 'error_description': str(exception), }) response.status_code = 500 # XXX: Let resources control how they return? response.headers[ 'Cache-Control'] = 'no-cache, no-store, max-age=0, must-revalidate' response.headers['Pragma'] = 'no-cache' return response
def decorated_function(): if request.method == "GET": args = request.args elif request.method in ["POST", "PUT", "DELETE"]: args = request.form else: abort(405) if "Authorization" in request.headers: token_match = auth_bearer_re.search(request.headers["Authorization"]) if token_match: token = token_match.group(1) else: # Unrecognized Authorization header return resource_auth_error(_(u"A Bearer token is required in the Authorization header")) if "access_token" in args: return resource_auth_error(_(u"Access token specified in both header and body")) else: token = args.get("access_token") if not token: # No token provided in Authorization header or in request parameters return resource_auth_error(_(u"An access token is required to access this resource")) authtoken = AuthToken.get(token=token) if not authtoken: return resource_auth_error(_(u"Unknown access token")) if not authtoken.is_valid(): return resource_auth_error(_(u"Access token has expired")) tokenscope = set(authtoken.scope) # Read once to avoid reparsing below wildcardscope = usescope.split("/", 1)[0] + "/*" if not (authtoken.client.trusted and "*" in tokenscope): # If a trusted client has '*' in token scope, all good, else check further if (usescope not in tokenscope) and (wildcardscope not in tokenscope): # Client doesn't have access to this scope either directly or via a wildcard return resource_auth_error(_(u"Token does not provide access to this resource")) if trusted and not authtoken.client.trusted: return resource_auth_error(_(u"This resource can only be accessed by trusted clients")) # All good. Return the result value try: result = f(authtoken, args, request.files) response = jsonify({"status": "ok", "result": result}) except Exception as exception: exception_catchall.send(exception) response = jsonify( { "status": "error", "error": exception.__class__.__name__, "error_description": unicode(exception), } ) response.status_code = 500 # XXX: Let resources control how they return? response.headers["Cache-Control"] = "no-cache, no-store, max-age=0, must-revalidate" response.headers["Pragma"] = "no-cache" return response
def login_service(service): """ Handle login with a registered service. """ if service not in login_registry: abort(404) provider = login_registry[service] next_url = get_next_url(referrer=False, default=None) callback_url = url_for('.login_service_callback', service=service, next=next_url, _external=True) try: return provider.do(callback_url=callback_url) except (LoginInitError, LoginCallbackError) as e: msg = _(u"{service} login failed: {error}").format(service=provider.title, error=unicode(e)) exception_catchall.send(e, message=msg) flash(msg, category='danger') return redirect(next_url or get_next_url(referrer=True))
def login_service_callback(service): """ Callback handler for a login service. """ if service not in login_registry: abort(404) provider = login_registry[service] try: userdata = provider.callback() except (LoginInitError, LoginCallbackError) as e: msg = _(u"{service} login failed: {error}").format(service=provider.title, error=unicode(e)) exception_catchall.send(e, message=msg) flash(msg, category='danger') if current_auth.is_authenticated: return redirect(get_next_url(referrer=False)) else: return redirect(url_for('.login')) return login_service_postcallback(service, userdata)
def login_service_callback(service): """ Callback handler for a login service. """ if service not in login_registry: abort(404) provider = login_registry[service] try: userdata = provider.callback() except (LoginInitError, LoginCallbackError) as e: msg = _("{service} login failed: {error}").format( service=provider.title, error=str(e)) exception_catchall.send(e, message=msg) flash(msg, category='danger') if current_auth.is_authenticated: return redirect(get_next_url(referrer=False)) else: return redirect(url_for('.login')) return login_service_postcallback(service, userdata)
def login_service(service): """ Handle login with a registered service. """ if service not in login_registry: abort(404) provider = login_registry[service] next_url = get_next_url(referrer=False, default=None) callback_url = url_for('.login_service_callback', service=service, next=next_url, _external=True) try: return provider.do(callback_url=callback_url) except (LoginInitError, LoginCallbackError) as e: msg = _("{service} login failed: {error}").format( service=provider.title, error=str(e)) exception_catchall.send(e, message=msg) flash(msg, category='danger') return redirect(next_url or get_next_url(referrer=True))