def _process(self, **kwargs):
if request.method == 'POST':
if 'confirm' not in request.form:
return False
logger.info('User %s authorized %s', session.user,
self.application)
return True
if self.application.is_trusted:
logger.info('User %s automatically authorized %s', session.user,
self.application)
return True
requested_scopes = set(kwargs['scopes'])
token = self.application.tokens.filter_by(user=session.user).first()
authorized_scopes = token.scopes if token else set()
if requested_scopes <= authorized_scopes:
return True
new_scopes = requested_scopes - authorized_scopes
return render_template(
'oauth/authorize.html',
application=self.application,
authorized_scopes=[
_f for _f in [SCOPES.get(s) for s in authorized_scopes] if _f
],
new_scopes=[
_f for _f in [SCOPES.get(s) for s in new_scopes] if _f
])
def save_token(token_data, request, *args, **kwargs):
# For the implicit flow
# Check issue: https://github.com/lepture/flask-oauthlib/issues/209
if request.grant_type == 'authorization_code':
user = request.user
elif request.grant_type is None: # implicit flow
user = session.user
else:
raise ValueError('Invalid grant_type')
requested_scopes = set(token_data['scope'].split())
token = OAuthToken.find_first(OAuthApplication.client_id == request.client.client_id,
OAuthToken.user == user,
_join=OAuthApplication)
if token is None:
application = OAuthApplication.find_one(client_id=request.client.client_id)
token = OAuthToken(application=application, user=user)
db.session.add(token)
token.access_token = token_data['access_token']
token.scopes = requested_scopes
elif requested_scopes - token.scopes:
logger.info('Added scopes to {}: {}'.format(token, requested_scopes - token.scopes))
# use the new access_token when extending scopes
token.access_token = token_data['access_token']
token.scopes |= requested_scopes
else:
token_data['access_token'] = token.access_token
token_data.pop('refresh_token', None) # we don't support refresh tokens so far
token_data.pop('expires_in', None) # our tokens currently do not expire
return token
def save_token(token_data, request, *args, **kwargs):
# For the implicit flow
# Check issue: https://github.com/lepture/flask-oauthlib/issues/209
if request.grant_type == 'authorization_code':
user = request.user
elif request.grant_type is None: # implicit flow
user = session.user
else:
raise ValueError('Invalid grant_type')
requested_scopes = set(token_data['scope'].split())
token = (OAuthToken.query.filter(
OAuthApplication.client_id == request.client.client_id,
OAuthToken.user == user).join(OAuthApplication).first())
if token is None:
application = OAuthApplication.query.filter_by(
client_id=request.client.client_id).one()
token = OAuthToken(application=application, user=user)
db.session.add(token)
token.access_token = token_data['access_token']
token.scopes = requested_scopes
elif requested_scopes - token.scopes:
logger.info('Added scopes to %s: %s', token,
requested_scopes - token.scopes)
# use the new access_token when extending scopes
token.access_token = token_data['access_token']
token.scopes |= requested_scopes
else:
token_data['access_token'] = token.access_token
token_data.pop('refresh_token',
None) # we don't support refresh tokens so far
token_data.pop('expires_in', None) # our tokens currently do not expire
return token
def _process(self):
form = ApplicationForm(obj=self.application, application=self.application)
if form.validate_on_submit():
form.populate_obj(self.application)
logger.info("Application %s updated by %s", self.application, session.user)
flash(_("Application {} was modified").format(self.application.name), 'success')
return redirect(url_for('.apps'))
return WPOAuthAdmin.render_template('app_details.html', application=self.application, form=form)
def _process(self):
form = ApplicationForm(obj=self.application, application=self.application)
if form.validate_on_submit():
form.populate_obj(self.application)
logger.info("Application %s updated by %s", self.application, session.user)
flash(_("Application {} was modified").format(self.application.name), 'success')
return redirect(url_for('.apps'))
return WPOAuthAdmin.render_template('app_details.html', application=self.application, form=form)
def _process(self):
self.application.tokens.delete()
logger.info("All user tokens for {} have been revoked.".format(
self.application))
flash(
_("All user tokens for this application were revoked successfully"
), 'success')
return redirect(url_for('.app_details', self.application))
def _process(self):
db.session.delete(self.token)
logger.info("Token of application %s for user %s was revoked.",
self.token.application, self.token.user)
flash(
_("Token for {} has been revoked successfully").format(
self.token.application.name), 'success')
return redirect(url_for('.user_profile'))
def _process(self):
self.application.tokens.delete()
logger.info("All user tokens for %s revoked by %s", self.application,
session.user)
flash(
_("All user tokens for this application were revoked successfully"
), 'success')
return redirect(url_for('.app_details', self.application))
def _process(self):
form = ApplicationForm(obj=FormDefaults(is_enabled=True))
if form.validate_on_submit():
application = OAuthApplication()
form.populate_obj(application)
db.session.add(application)
db.session.flush()
logger.info("Application %s created by %s", application, session.user)
flash(_("Application {} registered successfully").format(application.name), 'success')
return redirect(url_for('.app_details', application))
return WPOAuthAdmin.render_template('app_new.html', form=form)
def _process(self):
form = ApplicationForm(obj=FormDefaults(is_enabled=True))
if form.validate_on_submit():
application = OAuthApplication()
form.populate_obj(application)
db.session.add(application)
db.session.flush()
logger.info("Application %s created by %s", application, session.user)
flash(_("Application {} registered successfully").format(application.name), 'success')
return redirect(url_for('.app_details', application))
return WPOAuthAdmin.render_template('app_new.html', form=form)
def _process(self, **kwargs):
if request.method == 'POST':
if 'confirm' not in request.form:
return False
logger.info('User %s authorized %s', session.user, self.application)
return True
if self.application.is_trusted:
logger.info('User %s automatically authorized %s', session.user, self.application)
return True
requested_scopes = set(kwargs['scopes'])
token = self.application.tokens.filter_by(user=session.user).first()
authorized_scopes = token.scopes if token else set()
if requested_scopes <= authorized_scopes:
return True
new_scopes = requested_scopes - authorized_scopes
return render_template('oauth/authorize.html', application=self.application,
authorized_scopes=filter(None, [SCOPES.get(s) for s in authorized_scopes]),
new_scopes=filter(None, [SCOPES.get(s) for s in new_scopes]))
def _process(self):
self.application.tokens.delete()
logger.info("All user tokens for %s revoked by %s", self.application, session.user)
flash(_("All user tokens for this application were revoked successfully"), 'success')
return redirect(url_for('.app_details', self.application))
def _process(self):
self.application.reset_client_secret()
logger.info("Client secret of %s reset by %s", self.application,
session.user)
flash(_("New client secret generated for the application"), 'success')
return redirect(url_for('.app_details', self.application))
def _process(self):
db.session.delete(self.application)
logger.info("Application %s deleted by %s", self.application,
session.user)
flash(_("Application deleted successfully"), 'success')
return redirect(url_for('.apps'))
def _process(self):
db.session.delete(self.application)
logger.info("Application {} was deleted.".format(self.application))
flash(_("Application deleted successfully"), 'success')
return redirect(url_for('.apps'))
def _process(self):
db.session.delete(self.application)
logger.info("Application {} was deleted.".format(self.application))
flash(_("Application deleted successfully"), 'success')
return redirect(url_for('.apps'))
def reset_client_secret(self):
self.client_secret = unicode(uuid4())
logger.info("Client secret for %s has been reset.", self)
def _process(self):
self.application.tokens.delete()
logger.info("All user tokens for {} have been revoked.".format(self.application))
flash(_("All user tokens for this application were revoked successfully"), 'success')
return redirect(url_for('.app_details', self.application))
def _process(self):
db.session.delete(self.application)
logger.info("Application %s deleted by %s", self.application, session.user)
flash(_("Application deleted successfully"), 'success')
return redirect(url_for('.apps'))
def _process(self):
self.application.reset_client_secret()
logger.info("Client secret of %s reset by %s", self.application, session.user)
flash(_("New client secret generated for the application"), 'success')
return redirect(url_for('.app_details', self.application))
def reset_client_secret(self):
self.client_secret = unicode(uuid4())
logger.info("Client secret for %s has been reset.", self)
def _process(self):
db.session.delete(self.token)
logger.info("Token of application %s for user %s was revoked.", self.token.application, self.token.user)
flash(_("Token for {} has been revoked successfully").format(self.token.application.name), 'success')
return redirect(url_for('.user_profile'))
