Example #1
def authorize(request):
    authorizer = Authorizer()
    except MissingRedirectURI:
        return HttpResponseRedirect("/oauth2/missing_redirect_uri")
    except AuthorizationException:
        # The request is malformed or invalid. Automatically 
        # redirects to the provided redirect URL.
        return authorizer.error_redirect()
    if request.method == 'GET':
        # Make sure the authorizer has validated before requesting the client
        # or access_ranges as otherwise they will be None.
        template = {
            "client": authorizer.client, 
            "access_ranges": authorizer.access_ranges}
        template["form"] = AuthorizeForm()
        helper = FormHelper()
        no_submit = Submit('connect', 'No')
        yes_submit = Submit('connect', 'Yes')
        helper.form_action = '/oauth2/authorize?%s' % authorizer.query_string
        helper.form_method = 'POST'
        template["helper"] = helper
        return render_to_response('oauth2/authorize.html', template, RequestContext(request))
    elif request.method == 'POST':
        form = AuthorizeForm(request.POST)
        if form.is_valid():
            if request.POST.get("connect") == "Yes":
                return authorizer.grant_redirect()
                return authorizer.error_redirect()
    return HttpResponseRedirect("/")
def authorize(request):
    authorizer = Authorizer()
    except MissingRedirectURI:
        return HttpResponseRedirect("/oauth2/missing_redirect/")  # XXX: Fix.
    except AuthorizationException:
        # The request is malformed or invalid. Automatically
        # redirects to the provided redirect URL.
        return authorizer.error_redirect()
    if request.method == 'GET':
        # Make sure the authorizer has validated before requesting the client
        # or access_ranges as otherwise they will be None.
        if settings.SHOELACE_QUERY_AUTH_ALWAYS:
            return authorizer.grant_redirect()

            if authorizer.client.id in [
                x.id for x in get_authorized_clients(request.user)
                return authorizer.grant_redirect()

        profile = ClientProfile.objects.filter(client=authorizer.client)
        profile = None if len(profile) <= 0 else profile[0]

        template = {
            "client": authorizer.client,
            "access_ranges": authorizer.access_ranges,
            "GET": request.GET,
            "profile": profile
        return render_to_response(
    elif request.method == 'POST':
        form = AuthorizeForm(request.POST)
        if form.is_valid():
            if request.POST.get("connect") == "Yes":
                return authorizer.grant_redirect()
                return authorizer.error_redirect()
    return HttpResponseRedirect("/")
Example #3
class AuthorizeView(TemplateResponseMixin, View):
    template_name = 'oauth2app/authorize.html'
    missing_redirect_url_view = staticmethod(MissingRedirectURLView.as_view())

    def dispatch(self, request):
        self.authorizer = Authorizer()
        except MissingRedirectURI as e:
            return self.missing_redirect_url_view(request)
        except AuthorizationException as e:
            # The request is malformed or invalid. Automatically
            # redirects to the provided redirect URL.
            return self.authorizer.error_redirect()
        return super(AuthorizeView, self).dispatch(request)
    def get_context_data(self):
        #import pdb;pdb.set_trace()
        return {'authorizer': self.authorizer,
                'access_ranges': self.authorizer.access_ranges,
                'client': self.authorizer.client,
                'form': forms.AuthorizeForm(self.request.POST or \
                                            self.request.GET or None)}

    def get(self, request):
        context = self.get_context_data()
        if self.authorizer.client.auto_authorize:
            return self.authorizer.grant_redirect()
        return self.render_to_response(context)

    def post(self, request):
        context = self.get_context_data()
        if context['form'].is_valid():
            if 'accept' in request.POST:
                return self.authorizer.grant_redirect()
                return self.authorizer.error_redirect()
        return HttpResponseBadRequest()
Example #4
def authorize(request):
    authorizer = Authorizer()
    except MissingRedirectURI as e:
        return HttpResponseRedirect("/oauth2/missing_redirect_uri")
    except AuthorizationException as e:
        # The request is malformed or invalid. Automatically
        # redirects to the provided redirect URL.
        return authorizer.error_redirect()
    if request.method == 'GET':
        # Make sure the authorizer has validated before requesting the client
        # or access_ranges as otherwise they will be None.
        template = {
            "client": authorizer.client,
            "access_ranges": authorizer.access_ranges
        template["form"] = AuthorizeForm()
        helper = FormHelper()
        no_submit = Submit('connect', 'No')
        yes_submit = Submit('connect', 'Yes')
        helper.form_action = '/oauth2/authorize?%s' % authorizer.query_string
        helper.form_method = 'POST'
        template["helper"] = helper
        return render_to_response('oauth2/authorize.html', template,
    elif request.method == 'POST':
        form = AuthorizeForm(request.POST)
        if form.is_valid():
            if request.POST.get("connect") == "Yes":
                return authorizer.grant_redirect()
                return authorizer.error_redirect()
    return HttpResponseRedirect("/")
def authorize(request):
	# Workaround for OAuth2 issue in 0.6.9 (and earlier) remoteStorage.js versions.
	#  http://www.w3.org/community/unhosted/wiki/RemoteStorage-2011.10#OAuth
	# Also see "Known Issues / OAuth2" section in README.
	scope = request.REQUEST.get('scope')
	if scope and ':' not in scope:
		query = urllib.urlencode(dict(it.chain(
			[('scope', ' '.join(
				canonical_path_spec(path) for path in scope.split(',') ))] )))
		return HttpResponseRedirect('{}?{}'.format(request.path, iri_to_uri(query)))

	# Process OAuth2 request from query_string
	authorizer = Authorizer(response_type=TOKEN)
	validate_missing, validate_kwz = None, dict(check_scope=False)
		try: authorizer.validate(request, **validate_kwz)
		except TypeError: # older version
	except MissingRedirectURI:
		return HttpResponseRedirect(reverse('remotestorage:oauth2:missing_redirect_uri'))
	except (InvalidClient, InvalidScope) as err:
		if isinstance(err, InvalidClient): validate_missing = 'client'
		else: validate_missing = 'scope'
	except AuthorizationException:
		# The request is malformed or otherwise invalid.
		# Automatically redirects to the provided redirect URL,
		#  providing error parameters in GET, as per spec.
		return authorizer.error_redirect()

	paths = authorizer.scope
	form = ft.partial(AuthorizeForm, paths=paths, app=authorizer.client_id)

	if request.method == 'GET':
		# Display form with a glorified "authorize? yes/no" question.
		if validate_missing == 'client':
			# With remoteStorage (0.6.9), client_id is the hostname of a webapp site,
			#  which is requesting storage, so it's a new app, and that fact should be
			#  made clear to the user.
				request, messages.WARNING,
				( 'This is the first time app from domain "{}"'
					" tries to access this storage, make sure it's"
					' the one you want to grant access to.' )\
				.format(smart_unicode(authorizer.client_id)) )
		form = form()
		# Stored to validate that nothing has extended the submitted list client-side
		request.session['authorizer.paths'] = paths

	elif request.method == 'POST':
		if not paths or paths != request.session.get('authorizer.paths'):
			# These paths can potentially be tampered with in the submitted form client-side,
			#  resulting in granting access to something user didn't see in the displayed form,
			#  hence passing the list server-side as well within the session
			return HttpResponseRedirect(request.get_full_path())
		form = form(request.POST)
		if form.is_valid():
			# Check list of authorized paths, building new scope
			paths_auth, paths_form = set(), set(form.cleaned_data['path_access'])
			while paths_form:
				path_spec = paths_form.pop()
				# Try to condense :r and :w to :rw
				path, cap = path_spec.split(':')
				for a, b in 'rw', 'wr':
					if cap == a and '{}:{}'.format(path, b) in paths_form:
						paths_form.remove('{}:{}'.format(path, b))
				else: paths_auth.add(path_spec)
			# Re-validate form, creating missing models
			if validate_missing:
					with transaction.commit_on_success():
						if validate_missing == 'client':
							Client.objects.create( user=request.user,
								name=authorizer.client_id, key=authorizer.client_id )
						if 'check_scope' not in validate_kwz:
							# Create all these just to delete them after validation
							for path_spec in paths:
						authorizer.validate(request, **validate_kwz)
						for path_spec in paths_auth:
						if 'check_scope' not in validate_kwz:
							for path_spec in paths.difference(paths_auth):
								try: AccessRange.objects.get(key=path_spec).delete()
								except (IntegrityError, ObjectDoesNotExist): pass
				except AuthorizationException:
					return authorizer.error_redirect()
			authorizer.scope = paths_auth
			return authorizer.grant_redirect()\
				if form.cleaned_data['authorize'] == 'allow'\
				else authorizer.error_redirect()

	if request.method in ['GET', 'POST']:
		return render_to_response( 'oauth2/authorize.html',
			dict(form=form, app_host=authorizer.client_id), RequestContext(request) )

	# Shouldn't get here unless by mistake
	return HttpResponse( '<h1>Please issue proper'
		' GET request with OAuth2 authorization parameters.</h1>', status=501 )