def authorize(request): """Client authorize page (protocol ignored since there are no clients). For more information see oauth2app docs. http://oauth2app.readthedocs.org/en/latest/ """ authorizer = Authorizer() try: authorizer.validate(request) except MissingRedirectURI, e: return HttpResponseRedirect("/oauth2/missing_redirect_uri")
def authorize(request): authorizer = Authorizer() try: authorizer.validate(request) except MissingRedirectURI, e: return HttpResponseRedirect(reverse('oauth_missing_redirect_uri'))
def authorize(request): CODE_AND_TOKEN = 3 authorizer = Authorizer(response_type=CODE_AND_TOKEN) try: authorizer.validate(request) except MissingRedirectURI, e: return HttpResponseRedirect("/oauth2/missing_redirect_uri")
def authorize(request): # pdb.set_trace() CODE_AND_TOKEN = 3 authorizer = Authorizer(response_type=CODE_AND_TOKEN) try: authorizer.validate(request) except MissingRedirectURI, e: return HttpResponseRedirect("/oauth2/missing_redirect_uri")
def authorize_refreshed(request): authorizer = Authorizer(response_type=CODE_AND_TOKEN) try: authorizer.validate(request) except MissingRedirectURI, e: return HttpResponseRedirect( settings.ROOT_URL + "authorization_manager/oauth2/missing_redirect_uri")
def authorize(request): """ Normal or non-aadhaar authorization of requests. Note that this request is coming from the client (thirdparty site). """ print "Came here - authorizer" authorizer = Authorizer() try: # Check if all the parameters have been specified in the # call authorizer.validate(request) except MissingRedirectURI, e: return HttpResponseRedirect("/oauth2/missing_redirect_uri")
def authorize_first_and_last_name(request): scope = AccessRange.objects.filter(key__in=["first_name", "last_name"]) authorizer = Authorizer(scope=scope) try: return authorizer(request) except MissingRedirectURI as e: return HttpResponseRedirect("/oauth2/missing_redirect_uri")
def authorize_last_name(request): scope = AccessRange.objects.get(key="last_name") authorizer = Authorizer(scope=scope) try: return authorizer(request) except MissingRedirectURI as e: return HttpResponseRedirect("/oauth2/missing_redirect_uri")
def dispatch(self, request): self.authorizer = Authorizer() try: self.authorizer.validate(request) except MissingRedirectURI as e: return self.missing_redirect_url_view(request) except AuthorizationException as e: # The request is malformed or invalid. Automatically # redirects to the provided redirect URL. return self.authorizer.error_redirect() return super(AuthorizeView, self).dispatch(request)
def authorize(request): authorizer = Authorizer() try: authorizer.validate(request) except MissingRedirectURI: return HttpResponseRedirect("/oauth2/missing_redirect_uri") except AuthorizationException: # The request is malformed or invalid. Automatically # redirects to the provided redirect URL. return authorizer.error_redirect() if request.method == 'GET': # Make sure the authorizer has validated before requesting the client # or access_ranges as otherwise they will be None. template = { "client": authorizer.client, "access_ranges": authorizer.access_ranges} template["form"] = AuthorizeForm() helper = FormHelper() no_submit = Submit('connect', 'No') helper.add_input(no_submit) yes_submit = Submit('connect', 'Yes') helper.add_input(yes_submit) helper.form_action = '/oauth2/authorize?%s' % authorizer.query_string helper.form_method = 'POST' template["helper"] = helper return render_to_response('oauth2/authorize.html', template, RequestContext(request)) elif request.method == 'POST': form = AuthorizeForm(request.POST) if form.is_valid(): if request.POST.get("connect") == "Yes": return authorizer.grant_redirect() else: return authorizer.error_redirect() return HttpResponseRedirect("/")
def authorize(request): authorizer = Authorizer() try: authorizer.validate(request) except MissingRedirectURI: return HttpResponseRedirect("/oauth2/missing_redirect/") # XXX: Fix. except AuthorizationException: # The request is malformed or invalid. Automatically # redirects to the provided redirect URL. return authorizer.error_redirect() if request.method == 'GET': # Make sure the authorizer has validated before requesting the client # or access_ranges as otherwise they will be None. if settings.SHOELACE_QUERY_AUTH_ALWAYS: return authorizer.grant_redirect() if settings.SHOELACE_QUERY_AUTH_FIRST_LOGIN: if authorizer.client.id in [ x.id for x in get_authorized_clients(request.user) ]: return authorizer.grant_redirect() profile = ClientProfile.objects.filter(client=authorizer.client) profile = None if len(profile) <= 0 else profile[0] template = { "client": authorizer.client, "access_ranges": authorizer.access_ranges, "GET": request.GET, "profile": profile } return render_to_response( 'oauth2/authorize.html', template, RequestContext(request) ) elif request.method == 'POST': form = AuthorizeForm(request.POST) if form.is_valid(): if request.POST.get("connect") == "Yes": return authorizer.grant_redirect() else: return authorizer.error_redirect() return HttpResponseRedirect("/")
def authorize_aadhaar(request): """ Authorize using aadhaar. Unnecessarily duplicates the normal authorize and To be DRY'd out. Note that this request is coming from the client (thirdparty site). """ # XXX DRY out this code. 80% is repeated from normal authorize. print "Came here - authorizer " authorizer = Authorizer() try: loggedin_user = request.user client_id = request.REQUEST.get('client_id') client = Client.objects.get(key=client_id) if client == None: raise AuthorizationException("Unknown client") print "Authorizing the request" authorizer.validate(request) except MissingRedirectURI, e: return HttpResponseRedirect("/oauth2/missing_redirect_uri")
def authorize(request, aadhaar=False): raise Exception("Client authorize. Should not come here") print "Came here - authorizer aadhaar = ", aadhaar authorizer = Authorizer() try: # Check if the correct user is logged in. Else redirect to login # page loggedin_user = request.user print "logged in user = "******"Unknown client") # This is necessary if the logged in user is different from # the client identified. This is possibly a legacy issue. The # check is useful anyway. resource_owner = client.user print "resource owner = ", resource_owner if (loggedin_user != resource_owner): auth.logout(request) next=django_urlquote(request.get_full_path()) if aadhaar: nexturl = ("/account/aadhaar/authenticate/?next=%s" % next) else: nexturl = ("/account/login/?next=%s" % next) print "sending the user to ", nexturl return HttpResponseRedirect(nexturl) # Now authorize authorizer.validate(request) except MissingRedirectURI, e: return HttpResponseRedirect("/oauth2/missing_redirect_uri")
def authorize(request, aadhaar=False): raise Exception("Client authorize. Should not come here") print "Came here - authorizer aadhaar = ", aadhaar authorizer = Authorizer() try: # Check if the correct user is logged in. Else redirect to login # page loggedin_user = request.user print "logged in user = "******"Unknown client") # This is necessary if the logged in user is different from # the client identified. This is possibly a legacy issue. The # check is useful anyway. resource_owner = client.user print "resource owner = ", resource_owner if (loggedin_user != resource_owner): auth.logout(request) next = django_urlquote(request.get_full_path()) if aadhaar: nexturl = ("/account/aadhaar/authenticate/?next=%s" % next) else: nexturl = ("/account/login/?next=%s" % next) print "sending the user to ", nexturl return HttpResponseRedirect(nexturl) # Now authorize authorizer.validate(request) except MissingRedirectURI, e: return HttpResponseRedirect("/oauth2/missing_redirect_uri")
def authorize(request): authorizer = Authorizer() try: authorizer.validate(request) except MissingRedirectURI as e: return HttpResponseRedirect("/oauth2/missing_redirect_uri") except AuthorizationException as e: # The request is malformed or invalid. Automatically # redirects to the provided redirect URL. return authorizer.error_redirect() if request.method == 'GET': # Make sure the authorizer has validated before requesting the client # or access_ranges as otherwise they will be None. template = { "client": authorizer.client, "access_ranges": authorizer.access_ranges } template["form"] = AuthorizeForm() helper = FormHelper() no_submit = Submit('connect', 'No') helper.add_input(no_submit) yes_submit = Submit('connect', 'Yes') helper.add_input(yes_submit) helper.form_action = '/oauth2/authorize?%s' % authorizer.query_string helper.form_method = 'POST' template["helper"] = helper return render_to_response('oauth2/authorize.html', template, RequestContext(request)) elif request.method == 'POST': form = AuthorizeForm(request.POST) if form.is_valid(): if request.POST.get("connect") == "Yes": return authorizer.grant_redirect() else: return authorizer.error_redirect() return HttpResponseRedirect("/")
class AuthorizeView(TemplateResponseMixin, View): template_name = 'oauth2app/authorize.html' missing_redirect_url_view = staticmethod(MissingRedirectURLView.as_view()) @method_decorator(login_required) def dispatch(self, request): self.authorizer = Authorizer() try: self.authorizer.validate(request) except MissingRedirectURI as e: return self.missing_redirect_url_view(request) except AuthorizationException as e: # The request is malformed or invalid. Automatically # redirects to the provided redirect URL. return self.authorizer.error_redirect() return super(AuthorizeView, self).dispatch(request) def get_context_data(self): #import pdb;pdb.set_trace() return {'authorizer': self.authorizer, 'access_ranges': self.authorizer.access_ranges, 'client': self.authorizer.client, 'form': forms.AuthorizeForm(self.request.POST or \ self.request.GET or None)} def get(self, request): context = self.get_context_data() if self.authorizer.client.auto_authorize: return self.authorizer.grant_redirect() return self.render_to_response(context) def post(self, request): context = self.get_context_data() if context['form'].is_valid(): if 'accept' in request.POST: return self.authorizer.grant_redirect() else: return self.authorizer.error_redirect() return HttpResponseBadRequest()
def authorize(request): authorizer = Authorizer() try: authorizer.validate(request) except MissingRedirectURI, e: return HttpResponseRedirect("/oauth2/missing_redirect_uri")
def authorize_code(request): authorizer = Authorizer(response_type=CODE) try: return authorizer(request) except MissingRedirectURI, e: return HttpResponseRedirect("/oauth2/missing_redirect_uri")
def authorize_token(request): authorizer = Authorizer(response_type=TOKEN) try: return authorizer(request) except MissingRedirectURI as e: return HttpResponseRedirect("/oauth2/missing_redirect_uri")
def authorize(request): # Workaround for OAuth2 issue in 0.6.9 (and earlier) remoteStorage.js versions. # http://www.w3.org/community/unhosted/wiki/RemoteStorage-2011.10#OAuth # Also see "Known Issues / OAuth2" section in README. scope = request.REQUEST.get('scope') if scope and ':' not in scope: query = urllib.urlencode(dict(it.chain( request.REQUEST.items(), [('scope', ' '.join( canonical_path_spec(path) for path in scope.split(',') ))] ))) return HttpResponseRedirect('{}?{}'.format(request.path, iri_to_uri(query))) # Process OAuth2 request from query_string authorizer = Authorizer(response_type=TOKEN) validate_missing, validate_kwz = None, dict(check_scope=False) try: try: authorizer.validate(request, **validate_kwz) except TypeError: # older version validate_kwz.pop('check_scope') authorizer.validate(request) except MissingRedirectURI: return HttpResponseRedirect(reverse('remotestorage:oauth2:missing_redirect_uri')) except (InvalidClient, InvalidScope) as err: if isinstance(err, InvalidClient): validate_missing = 'client' else: validate_missing = 'scope' except AuthorizationException: # The request is malformed or otherwise invalid. # Automatically redirects to the provided redirect URL, # providing error parameters in GET, as per spec. return authorizer.error_redirect() paths = authorizer.scope form = ft.partial(AuthorizeForm, paths=paths, app=authorizer.client_id) if request.method == 'GET': # Display form with a glorified "authorize? yes/no" question. if validate_missing == 'client': # With remoteStorage (0.6.9), client_id is the hostname of a webapp site, # which is requesting storage, so it's a new app, and that fact should be # made clear to the user. messages.add_message( request, messages.WARNING, ( 'This is the first time app from domain "{}"' " tries to access this storage, make sure it's" ' the one you want to grant access to.' )\ .format(smart_unicode(authorizer.client_id)) ) form = form() # Stored to validate that nothing has extended the submitted list client-side request.session['authorizer.paths'] = paths elif request.method == 'POST': if not paths or paths != request.session.get('authorizer.paths'): # These paths can potentially be tampered with in the submitted form client-side, # resulting in granting access to something user didn't see in the displayed form, # hence passing the list server-side as well within the session return HttpResponseRedirect(request.get_full_path()) form = form(request.POST) if form.is_valid(): # Check list of authorized paths, building new scope paths_auth, paths_form = set(), set(form.cleaned_data['path_access']) while paths_form: path_spec = paths_form.pop() # Try to condense :r and :w to :rw path, cap = path_spec.split(':') for a, b in 'rw', 'wr': if cap == a and '{}:{}'.format(path, b) in paths_form: paths_auth.add('{}:rw'.format(path)) paths_form.remove('{}:{}'.format(path, b)) break else: paths_auth.add(path_spec) # Re-validate form, creating missing models if validate_missing: try: with transaction.commit_on_success(): if validate_missing == 'client': Client.objects.create( user=request.user, name=authorizer.client_id, key=authorizer.client_id ) if 'check_scope' not in validate_kwz: # Create all these just to delete them after validation for path_spec in paths: AccessRange.objects.get_or_create(key=path_spec) authorizer.validate(request, **validate_kwz) for path_spec in paths_auth: AccessRange.objects.get_or_create(key=path_spec) if 'check_scope' not in validate_kwz: for path_spec in paths.difference(paths_auth): try: AccessRange.objects.get(key=path_spec).delete() except (IntegrityError, ObjectDoesNotExist): pass except AuthorizationException: return authorizer.error_redirect() authorizer.scope = paths_auth return authorizer.grant_redirect()\ if form.cleaned_data['authorize'] == 'allow'\ else authorizer.error_redirect() if request.method in ['GET', 'POST']: return render_to_response( 'oauth2/authorize.html', dict(form=form, app_host=authorizer.client_id), RequestContext(request) ) # Shouldn't get here unless by mistake return HttpResponse( '<h1>Please issue proper' ' GET request with OAuth2 authorization parameters.</h1>', status=501 )
def authorize_no_scope(request): authorizer = Authorizer() try: return authorizer(request) except MissingRedirectURI as e: return HttpResponseRedirect("/oauth2/missing_redirect_uri")
def authorize_token_mac(request): authorizer = Authorizer(response_type=TOKEN, authentication_method=MAC) try: return authorizer(request) except MissingRedirectURI as e: return HttpResponseRedirect("/oauth2/missing_redirect_uri")
def authorize_not_refreshable(request): authorizer = Authorizer(refreshable=False) try: return authorizer(request) except MissingRedirectURI as e: return HttpResponseRedirect("/oauth2/missing_redirect_uri")
def authorize_refreshed(request): authorizer = Authorizer(response_type=CODE_AND_TOKEN) try: authorizer.validate(request) except MissingRedirectURI, e: return HttpResponseRedirect(settings.ROOT_URL+"authorization_manager/oauth2/missing_redirect_uri")