def developer_application_delete(request):
app_id = request.matchdict['app']
try:
uuid.UUID(app_id)
except ValueError:
return HTTPBadRequest()
try:
app = Session.query(Application).filter(Application.id == app_id).one()
except NoResultFound:
return HTTPNotFound()
assert_authenticated_user_is_registered(request)
if app.user != request.user:
return HTTPUnauthorized()
if 'submit' in request.POST:
Session.delete(app)
request.session.flash(
_('The application ${app} was deleted successfully',
mapping={'app': app.name}),
'success',
)
return HTTPFound(
location=request.route_path('oauth2_developer_applications'))
return {'app': app}
def revoke_application(request):
app_id = request.matchdict['app']
try:
uuid.UUID(app_id)
except ValueError:
return HTTPBadRequest()
try:
app = Session.query(Application).filter(Application.id == app_id).one()
except NoResultFound:
return HTTPNotFound()
assert_authenticated_user_is_registered(request)
if 'submit' in request.POST:
authorized_apps = Session.query(AuthorizedApplication).filter(
AuthorizedApplication.application == app,
AuthorizedApplication.user == request.user
).all()
for authorized_app in authorized_apps:
Session.delete(authorized_app)
request.session.flash(
_('The access to application ${app} has been revoked',
mapping={'app': app.name}),
'success',
)
return HTTPFound(
location=request.route_path('oauth2_authorized_applications'))
return {'app': app}
def revoke_application(request):
app_id = request.matchdict['app']
try:
uuid.UUID(app_id)
except ValueError:
return HTTPBadRequest()
try:
app = Session.query(Application).filter(Application.id == app_id).one()
except NoResultFound:
return HTTPNotFound()
assert_authenticated_user_is_registered(request)
if 'submit' in request.POST:
authorized_apps = Session.query(AuthorizedApplication).filter(
AuthorizedApplication.application == app,
AuthorizedApplication.user == request.user).all()
for authorized_app in authorized_apps:
Session.delete(authorized_app)
request.session.flash(
_('The access to application ${app} has been revoked',
mapping={'app': app.name}),
'success',
)
return HTTPFound(
location=request.route_path('oauth2_authorized_applications'))
return {'app': app}
def developer_application_delete(request):
try:
app_id = bson.ObjectId(request.matchdict['app'])
except bson.errors.InvalidId:
return HTTPBadRequest(body='Invalid application id')
app = request.db.applications.find_one(app_id)
if app is None:
return HTTPNotFound()
assert_authenticated_user_is_registered(request)
if app['owner'] != request.user['_id']:
return HTTPUnauthorized()
if 'submit' in request.POST:
request.db.applications.remove(app_id, safe=True)
request.session.flash(
_('The application ${app} was deleted successfully',
mapping={'app': app['name']}),
'success',
)
return HTTPFound(
location=request.route_path('oauth2_developer_applications'))
return {'app': app}
def developer_application_delete(request):
app_id = request.matchdict['app']
try:
uuid.UUID(app_id)
except ValueError:
return HTTPBadRequest()
try:
app = Session.query(Application).filter(Application.id == app_id).one()
except NoResultFound:
return HTTPNotFound()
assert_authenticated_user_is_registered(request)
if app.user != request.user:
return HTTPUnauthorized()
if 'submit' in request.POST:
Session.delete(app)
request.session.flash(
_('The application ${app} was deleted successfully',
mapping={'app': app.name}),
'success',
)
return HTTPFound(
location=request.route_path('oauth2_developer_applications'))
return {'app': app}
def revoke_application(request):
assert_authenticated_user_is_registered(request)
try:
app_id = bson.ObjectId(request.matchdict['app'])
except bson.errors.InvalidId:
return HTTPBadRequest(body='Invalid application id')
app = request.db.applications.find_one(app_id)
if app is None:
return HTTPNotFound()
authorizator = Authorizator(request.db, app)
if not authorizator.is_app_authorized(request.user):
return HTTPUnauthorized()
if 'submit' in request.POST:
authorizator.remove_user_authorization(request.user)
request.session.flash(
_('The access to application ${app} has been revoked',
mapping={'app': app['name']}),
'success',
)
return HTTPFound(
location=request.route_path('oauth2_authorized_applications'))
return {'app': app}
def test_assert_authenticated_user_is_registered_no_user(self):
user_id = "00000000-0000-0000-0000-000000000000"
self.config.testing_securitypolicy(userid=user_id)
request = testing.DummyRequest()
self.assertRaises(HTTPFound, assert_authenticated_user_is_registered, request)
try:
assert_authenticated_user_is_registered(request)
except HTTPFound as exp:
self.assertEqual(exp.location, "/register")
def test_assert_authenticated_user_is_registered_no_user(self):
user_id = '00000000-0000-0000-0000-000000000000'
self.config.testing_securitypolicy(userid=user_id)
request = testing.DummyRequest()
self.assertRaises(HTTPFound, assert_authenticated_user_is_registered,
request)
try:
assert_authenticated_user_is_registered(request)
except HTTPFound as exp:
self.assertEqual(exp.location, '/register')
def test_assert_authenticated_user_is_registered(self):
self.config.testing_securitypolicy(userid='john')
request = testing.DummyRequest()
request.db = self.db
self.assertRaises(HTTPFound, assert_authenticated_user_is_registered, request)
try:
assert_authenticated_user_is_registered(request)
except HTTPFound as exp:
self.assertEqual(exp.location, '/register')
user_id = self.db.users.insert({'screen_name': 'John Doe'})
self.config.testing_securitypolicy(userid=str(user_id))
res = assert_authenticated_user_is_registered(request)
self.assertEqual(res['_id'], user_id)
self.assertEqual(res['screen_name'], 'John Doe')
def test_assert_authenticated_user_is_registered(self):
self.config.testing_securitypolicy(userid="john")
request = testing.DummyRequest()
request.db = self.db
self.assertRaises(HTTPFound, assert_authenticated_user_is_registered, request)
try:
assert_authenticated_user_is_registered(request)
except HTTPFound as exp:
self.assertEqual(exp.location, "/register")
user_id = self.db.users.insert({"screen_name": "John Doe"}, safe=True)
self.config.testing_securitypolicy(userid=str(user_id))
res = assert_authenticated_user_is_registered(request)
self.assertEqual(res["_id"], user_id)
self.assertEqual(res["screen_name"], "John Doe")
def developer_application_new(request):
assert_authenticated_user_is_registered(request)
schema = ApplicationSchema()
button1 = Button('submit', _('Save application'))
button1.css_class = 'btn-primary'
button2 = Button('cancel', _('Cancel'))
button2.css_class = ''
form = Form(schema, buttons=(button1, button2))
if 'submit' in request.POST:
controls = request.POST.items()
try:
appstruct = form.validate(controls)
except ValidationFailure as e:
return {'form': e.render()}
# the data is fine, save into the db
application = {
'owner': request.user['_id'],
'name': appstruct['name'],
'main_url': appstruct['main_url'],
'callback_url': appstruct['callback_url'],
'authorized_origins': appstruct['authorized_origins'],
'production_ready': appstruct['production_ready'],
'image_url': appstruct['image_url'],
'description': appstruct['description'],
}
create_client_id_and_secret(application)
request.session.flash(
_('The application ${app} was created successfully',
mapping={'app': appstruct['name']}),
'success')
request.db.applications.insert(application, safe=True)
return HTTPFound(
location=request.route_path('oauth2_developer_applications'))
elif 'cancel' in request.POST:
return HTTPFound(
location=request.route_path('oauth2_developer_applications'))
# this is a GET
return {'form': form.render()}
def developer_application_new(request):
assert_authenticated_user_is_registered(request)
schema = ApplicationSchema()
button1 = Button('submit', _('Save application'))
button1.css_class = 'btn-primary'
button2 = Button('cancel', _('Cancel'))
button2.css_class = 'btn-default'
form = Form(schema, buttons=(button1, button2))
if 'submit' in request.POST:
controls = request.POST.items()
try:
appstruct = form.validate(controls)
except ValidationFailure as e:
return {'form': e.render()}
# the data is fine, save into the db
application = Application(
name=appstruct['name'],
main_url=appstruct['main_url'],
callback_url=appstruct['callback_url'],
authorized_origins=appstruct['authorized_origins'],
production_ready=appstruct['production_ready'],
image_url=appstruct['image_url'],
description=appstruct['description'],
)
request.user.applications.append(application)
request.session.flash(
_('The application ${app} was created successfully',
mapping={'app': appstruct['name']}), 'success')
Session.add(request.user)
return HTTPFound(
location=request.route_path('oauth2_developer_applications'))
elif 'cancel' in request.POST:
return HTTPFound(
location=request.route_path('oauth2_developer_applications'))
# this is a GET
return {'form': form.render()}
def test_assert_authenticated_user_is_registered_existing_user(self):
user = User(screen_name="John Doe")
Session.add(user)
Session.flush()
user_id = user.id
self.config.testing_securitypolicy(userid=user_id)
request = testing.DummyRequest()
res = assert_authenticated_user_is_registered(request)
self.assertEqual(res.id, user_id)
self.assertEqual(res.screen_name, "John Doe")
def test_assert_authenticated_user_is_registered_existing_user(self):
user = User(screen_name='John Doe')
Session.add(user)
Session.flush()
user_id = user.id
self.config.testing_securitypolicy(userid=user_id)
request = testing.DummyRequest()
res = assert_authenticated_user_is_registered(request)
self.assertEqual(res.id, user_id)
self.assertEqual(res.screen_name, 'John Doe')
def developer_application_edit(request):
app_id = request.matchdict['app']
try:
uuid.UUID(app_id)
except ValueError:
return HTTPBadRequest()
try:
app = Session.query(Application).filter(Application.id == app_id).one()
except NoResultFound:
return HTTPNotFound()
assert_authenticated_user_is_registered(request)
if app.user != request.user:
return HTTPUnauthorized()
schema = FullApplicationSchema()
button1 = Button('submit', _('Save application'))
button1.css_class = 'btn-primary'
button2 = Button('delete', _('Delete application'))
button2.css_class = 'btn-danger'
button3 = Button('cancel', _('Cancel'))
button3.css_class = 'btn-default'
form = Form(schema, buttons=(button1, button2, button3))
if 'submit' in request.POST:
controls = request.POST.items()
try:
appstruct = form.validate(controls)
except ValidationFailure as e:
return {'form': e.render(), 'app': app}
# the data is fine, save into the db
app.name = appstruct['name']
app.main_url = appstruct['main_url']
app.callback_url = appstruct['callback_url']
app.authorized_origins = appstruct['authorized_origins']
app.production_ready = appstruct['production_ready']
app.image_url = appstruct['image_url']
app.description = appstruct['description']
Session.add(app)
request.session.flash(_('The changes were saved successfully'),
'success')
return HTTPFound(
location=request.route_path('oauth2_developer_applications'))
elif 'delete' in request.POST:
return HTTPFound(
location=request.route_path('oauth2_developer_application_delete',
app=app.id))
elif 'cancel' in request.POST:
return HTTPFound(
location=request.route_path('oauth2_developer_applications'))
# this is a GET
return {
'form': form.render({
'name': app.name,
'main_url': app.main_url,
'callback_url': app.callback_url,
'authorized_origins': app.authorized_origins,
'production_ready': app.production_ready,
'image_url': app.image_url,
'description': app.description,
'client_id': app.id,
'client_secret': app.secret,
}),
'app': app,
}
def developer_applications(request):
assert_authenticated_user_is_registered(request)
owned_apps_filter = {'owner': request.user['_id']}
return {
'applications': request.db.applications.find(owned_apps_filter)
}
def authorized_applications(request):
assert_authenticated_user_is_registered(request)
authorized_apps_filter = {'_id': {'$in': request.user['authorized_apps']}}
authorized_apps = request.db.applications.find(authorized_apps_filter)
return {'authorized_apps': authorized_apps}
def authorization_endpoint(request):
response_type = request.params.get('response_type')
if response_type is None:
return HTTPBadRequest('Missing required response_type')
if response_type != 'code':
return HTTPNotImplemented('Only code is supported')
client_id = request.params.get('client_id')
if client_id is None:
return HTTPBadRequest('Missing required client_type')
app = request.db.applications.find_one({'client_id': client_id})
if app is None:
return HTTPNotFound()
redirect_uri = request.params.get('redirect_uri')
if redirect_uri is None:
redirect_uri = app['callback_url']
else:
if redirect_uri != app['callback_url']:
return HTTPBadRequest(
'Redirect URI does not match registered callback URL')
scope = request.params.get('scope', DEFAULT_SCOPE)
state = request.params.get('state')
user = assert_authenticated_user_is_registered(request)
authorizator = Authorizator(request.db, app)
if 'submit' in request.POST:
if not authorizator.is_app_authorized(request.user):
authorizator.store_user_authorization(request.user)
code = authorizator.auth_codes.create(
request.user['_id'], app['client_id'], scope)
url = authorizator.auth_codes.get_redirect_url(
code, redirect_uri, state)
return HTTPFound(location=url)
elif 'cancel' in request.POST:
return HTTPFound(app['main_url'])
else:
if authorizator.is_app_authorized(user):
code = authorizator.auth_codes.create(
user['_id'], app['client_id'], scope)
url = authorizator.auth_codes.get_redirect_url(
code, redirect_uri, state)
return HTTPFound(location=url)
else:
authorship_information = ''
owner_id = app.get('owner', None)
if owner_id is not None:
owner = request.db.users.find_one({'_id': owner_id})
if owner:
email = owner.get('email', None)
if email:
authorship_information = _('By ${owner}',
mapping={'owner': email})
scopes = [SCOPE_NAMES.get(scope, scope)
for scope in scope.split(' ')]
return {
'response_type': response_type,
'client_id': client_id,
'redirect_uri': redirect_uri,
'scope': scope,
'state': state,
'app': app,
'scopes': scopes,
'authorship_information': authorship_information,
}
def developer_application_edit(request):
app_id = request.matchdict['app']
try:
uuid.UUID(app_id)
except ValueError:
return HTTPBadRequest()
try:
app = Session.query(Application).filter(Application.id == app_id).one()
except NoResultFound:
return HTTPNotFound()
assert_authenticated_user_is_registered(request)
if app.user != request.user:
return HTTPUnauthorized()
schema = FullApplicationSchema()
button1 = Button('submit', _('Save application'))
button1.css_class = 'btn-primary'
button2 = Button('delete', _('Delete application'))
button2.css_class = 'btn-danger'
button3 = Button('cancel', _('Cancel'))
button3.css_class = 'btn-default'
form = Form(schema, buttons=(button1, button2, button3))
if 'submit' in request.POST:
controls = request.POST.items()
try:
appstruct = form.validate(controls)
except ValidationFailure as e:
return {'form': e.render(), 'app': app}
# the data is fine, save into the db
app.name = appstruct['name']
app.main_url = appstruct['main_url']
app.callback_url = appstruct['callback_url']
app.authorized_origins = appstruct['authorized_origins']
app.production_ready = appstruct['production_ready']
app.image_url = appstruct['image_url']
app.description = appstruct['description']
Session.add(app)
request.session.flash(_('The changes were saved successfully'),
'success')
return HTTPFound(
location=request.route_path('oauth2_developer_applications'))
elif 'delete' in request.POST:
return HTTPFound(location=request.route_path(
'oauth2_developer_application_delete', app=app.id))
elif 'cancel' in request.POST:
return HTTPFound(
location=request.route_path('oauth2_developer_applications'))
# this is a GET
return {
'form':
form.render({
'name': app.name,
'main_url': app.main_url,
'callback_url': app.callback_url,
'authorized_origins': app.authorized_origins,
'production_ready': app.production_ready,
'image_url': app.image_url,
'description': app.description,
'client_id': app.id,
'client_secret': app.secret,
}),
'app':
app,
}
def developer_application_edit(request):
try:
app_id = bson.ObjectId(request.matchdict['app'])
except bson.errors.InvalidId:
return HTTPBadRequest(body='Invalid application id')
assert_authenticated_user_is_registered(request)
app = request.db.applications.find_one(app_id)
if app is None:
return HTTPNotFound()
if app['owner'] != request.user['_id']:
return HTTPUnauthorized()
schema = FullApplicationSchema()
button1 = Button('submit', _('Save application'))
button1.css_class = 'btn-primary'
button2 = Button('delete', _('Delete application'))
button2.css_class = 'btn-danger'
button3 = Button('cancel', _('Cancel'))
button3.css_class = ''
form = Form(schema, buttons=(button1, button2, button3))
if 'submit' in request.POST:
controls = request.POST.items()
try:
appstruct = form.validate(controls)
except ValidationFailure as e:
return {'form': e.render(), 'app': app}
# the data is fine, save into the db
application = {
'owner': request.user['_id'],
'name': appstruct['name'],
'main_url': appstruct['main_url'],
'callback_url': appstruct['callback_url'],
'authorized_origins': appstruct['authorized_origins'],
'production_ready': appstruct['production_ready'],
'image_url': appstruct['image_url'],
'description': appstruct['description'],
'client_id': app['client_id'],
'client_secret': app['client_secret'],
}
request.db.applications.update({'_id': app['_id']},
application, safe=True)
request.session.flash(_('The changes were saved successfully'),
'success')
return HTTPFound(
location=request.route_path('oauth2_developer_applications'))
elif 'delete' in request.POST:
return HTTPFound(
location=request.route_path('oauth2_developer_application_delete',
app=app['_id']))
elif 'cancel' in request.POST:
return HTTPFound(
location=request.route_path('oauth2_developer_applications'))
# this is a GET
return {'form': form.render(app), 'app': app}
def developer_applications(request):
assert_authenticated_user_is_registered(request)
return {
'applications': request.user.applications,
}
def authorized_applications(request):
assert_authenticated_user_is_registered(request)
return {'authorized_apps': request.user.authorized_applications}
def authorized_applications(request):
assert_authenticated_user_is_registered(request)
return {'authorized_apps': request.user.authorized_applications}
def developer_applications(request):
assert_authenticated_user_is_registered(request)
return {
'applications': request.user.applications,
}
