def authorize(*args, **kwargs): """ OAuth authorization screen, will display the list of scopes and a yes/no TODO: Make sure this is somewhat secure """ client_id = kwargs.get('client_id') client = Client.query.filter_by(client_id=client_id).first() kwargs['client'] = client if request.method == 'GET': # Let's see if we don't already have a token for this user/app ? token = Token.query.filter_by( user_id=current_user.id, client_id=client_id).first() kwargs['Scopes'] = Scope.all() if token and token.scopes != kwargs['scopes']: # We already have a token but different permissions kwargs['token'] = token kwargs['new_scopes'] = [scope for scope in kwargs['scopes'] if scope not in token.scopes] return render_template('oauth_authorize_scopes.html', query_string=request.query_string, **kwargs) if not token: # No ? Let's ask the user then kwargs['token'] = token print(kwargs['scopes']) kwargs['scopes'] = kwargs['scopes'] return render_template('oauth_authorize.html', query_string=request.query_string, **kwargs) # Everything match ? Done. return oauth.confirm_authorization_request() # Request is POST return request.form.get('accept', 'false') == 'true'
def import_scopes(): db_scopes = Scope.query.all() for db_scope in db_scopes: db.session.delete(db_scope) db.session.commit() with open("scopes.json") as f: scopes = json.loads(f.read()) for scope in scopes: s = Scope.from_dict(scope) db.session.add(s) try: db.session.commit() except Exception as e: print(e) else: redis.delete('j4oauth:scopes') Scope.all() print('Scopes imported with success !')