def set_client_credentials():
session.clear()
# Set the client credentials in the session
# If this is a GET, the credentials in the form
# will both be None, so we default to the credentials
# set as environment variables
set_client_credentials_in_session(
request.form.get('client_id'),
request.form.get('client_secret')
)
if request.form.get('base_url'):
base_url = 'https://{}.inside-box.net/api/oauth2'.format(
request.form.get('base_url')
)
else:
base_url = None
# Set the base_url in the session, if there was no base_url
# in the form, we're ok because we only access the session
# through dict.get()
session['base_url'] = base_url
redirect_uri = request.url_root + 'box_auth'
# If we are on a local machine, we can't do https
if '0.0.0.0:5000' not in redirect_uri:
redirect_uri = redirect_uri.replace('http://', 'https://')
box = BoxAuth(*get_client_credentials(), base_url=base_url)
return redirect(box.get_authorization_url(
redirect_uri=urllib.quote_plus(redirect_uri))
)
def show_tokens():
# If there are no tokens set on the session, show the modal to enter
# client credentials
if not session.get('access_token') or not session.get('refresh_token'):
return render_template(
'token.html',
access_token='',
refresh_token='',
client_id='',
show_modal=True,
show_base_url=request.args.get('dev')
)
box = BoxAuth(
*get_client_credentials(),
access_token=session.get('access_token'),
refresh_token=session.get('refresh_token'),
base_url=session.get('base_url')
)
box.refresh_tokens()
set_tokens_in_session(box)
return render_template(
'token.html',
access_token=box.access_token,
refresh_token=box.refresh_token,
client_id=box.client_id,
base_url=session.get('base_url')
)
def box_auth():
box = BoxAuth(*get_client_credentials(), base_url=session.get('base_url'))
try:
box.authenticate_with_code(request.args.get('code'))
set_tokens_in_session(box)
except:
print 'OAuth 2 Error: {}'.format(request.args)
return redirect(url_for('show_tokens'))
def logout():
# Revoke current tokens, if there are any
box = BoxAuth(
*get_client_credentials(),
access_token=session.get('access_token'),
refresh_token=session.get('refresh_token'),
base_url=session.get('base_url')
)
box.revoke_tokens()
# Clear everything out of the session
session.clear()
return render_template('logged_out.html')
