Example #1
0
def getToken():		#client does this
	client = lookupClientByID(request.form.get("client_id"))
	#logging.warning("CLIENT ID: " + str(request.form.get("client_id")))
	if client and client.client_secret == request.form.get("client_secret"):
		time.sleep(0.1)
		codeInDB = AuthCode.query(AuthCode.code == request.form.get("code")).get()
		#logging.warning("CODE IN DB:" + str(codeInDB))
		if codeInDB:
			tokenGrant = Token(client = client.key, user = codeInDB.user, access_token = randomString(32),
							   refresh_token = randomString(32), expires = datetime.now() + timedelta(seconds=app.config["ACCESSTOKEN_EXPIRATION"]))
			ndb.delete_multi(Token.query(Token.client == client.key and Token.user == codeInDB.user).fetch(keys_only = True)) #delete prior tokens
			tokenGrant.put()
			codeInDB.key.delete()
			taskqueue.add(url='/_expire-token', params={'access_token': tokenGrant.access_token, "secret": app.config["QUEUE_SECRET"]}, 
						  method="GET", countdown = app.config["ACCESSTOKEN_EXPIRATION"])
			return jsonify({"access_token": tokenGrant.access_token, 
							"refresh_token": tokenGrant.refresh_token, "expires": app.config["ACCESSTOKEN_EXPIRATION"]})
		else:
			return jsonify({"error": "Auth code expired or invalid"})
	return jsonify({"error": "Invalid credentials"})
Example #2
0
def getAuthCode():
	#logging.warning("GETCODE THE USER IS " + str(g.user.username))
	code = randomString(32)
	client = lookupClientByID(request.form.get("client_id"))
	if client and request.form.get("confirm_yes"):
		redirectUrl = client.redirect_url
		codeDB = AuthCode(client_id = client.client_id, client = client.key, 
						  user = g.user.key, code = code, expires = datetime.now() + timedelta(seconds=app.config["AUTHCODE_EXPIRATION"]))
		codeDB.put()
		taskqueue.add(url='/_expire-authcode', params={'code': code, "secret": app.config["QUEUE_SECRET"]}, method="GET", countdown = app.config["AUTHCODE_EXPIRATION"])
		return redirect("{0}?code={1}&expires={2}".format(redirectUrl, code, app.config["AUTHCODE_EXPIRATION"]))
	else:
		logging.warning("DID NOT CONFIRM")
		return "<script>window.close()</script>"