def function(*args, **kwargs):
u = current_user()
if u is None or not u.is_admin():
# 用户非管理员
return redirect(url_for('topic.index'))
else:
# 用户是管理员, 扔给路由函数处理
return f(*args, **kwargs)
def save_verifier(token, verifier, *args, **kwargs):
print 'verifiersetter'
tok = RequestToken.query.filter_by(token=token).first()
tok.verifier = verifier['oauth_verifier']
tok.user = current_user()
db.session.add(tok)
db.session.commit()
return tok
def home():
if request.method == 'POST':
username = request.form.get('username')
user = User.query.filter_by(username=username).first()
if not user:
user = User(username=username)
db.session.add(user)
db.session.commit()
session['id'] = user.id
return redirect('/')
user = current_user()
if user:
clients = OAuth2Client.query.filter_by(user_id=user.id).all()
else:
clients = []
return render_template('home.html', user=user, clients=clients)
def authorize(*args, **kwargs):
print 'authorize_handler'
user = current_user()
print args
print kwargs
#if not user:
# print 'not user'
# return redirect('/')
if request.method == 'GET':
print kwargs
client_key = kwargs.get('resource_owner_key')
client = Client.query.filter_by(client_key=client_key).first()
kwargs['client'] = client
kwargs['user'] = user
return render_template('authorize.html', **kwargs)
confirm = request.form.get('confirm', 'no')
return confirm == 'yes'
def authorize():
user = current_user()
# if user log status is not true (Auth server), then to log it in
if not user:
return redirect(url_for('website.routes.home', next=request.url))
if request.method == 'GET':
try:
grant = authorization.validate_consent_request(end_user=user)
except OAuth2Error as error:
return error.error
return render_template('authorize.html', user=user, grant=grant)
if not user and 'username' in request.form:
username = request.form.get('username')
user = User.query.filter_by(username=username).first()
if request.form['confirm']:
grant_user = user
else:
grant_user = None
return authorization.create_authorization_response(grant_user=grant_user)
def client():
try:
user = current_user()
if not user:
return redirect(url_for('login'))
client = Client.query.filter_by(user_id=user.id).first()
if client is None:
item = Client(
client_key=gen_salt(40),
client_secret=gen_salt(50),
_redirect_uris='http://localhost:8000/authorized',
user_id=user.id,
)
db.session.add(item)
db.session.commit()
return jsonify(client_key=item.client_key,
client_secret=item.client_secret)
else:
return jsonify(client_key=client.client_key,
client_secret=client.client_secret)
except Exception as e:
flash(e.message)
return redirect(url_for('login'))
def authorize(*args, **kwargs):
# pylint: disable=unused-argument
"""
This endpoint asks user if he grants access to his data to the requesting
application.
"""
# TODO: improve implementation. This implementation is broken because we
# don't use cookies, so there is no session which client could carry on.
# OAuth2 server should probably be deployed on a separate domain, so we
# can implement a login page and store cookies with a session id.
# ALTERNATIVELY, authorize page can be implemented as SPA (single page
# application)
from flask_login import login_user
user = current_user()
if request.method == 'GET':
try:
grant = oauth2.validate_consent_request(end_user=user)
except OAuth2Error as error:
return error.error
return render_template('authorize.html', user=user, grant=grant)
if not user and 'username' in request.form:
username = request.form.get('username')
password = request.form.get('password')
user = User.find_with_password(username, password)
if user:
login_user(user)
if request.form['confirm']:
grant_user = user
else:
grant_user = None
with db.session.begin():
response = oauth2.create_authorization_response(grant_user=grant_user)
return response or None
def require_admin():
u = current_user()
# u 不存在或者不是管理员
if u is None or not u.is_admin():
flask.abort(404)
def request_token():
u = current_user()
print u is None
print 'request_token_handler'
return {}