def device_login(self, path=None):
"""
REDIRECT BROWSER TO AUTH0 LOGIN
"""
state = request.args.get("state")
self.session_manager.setup_session(session)
session.code_verifier = bytes2base64URL(Random.bytes(32))
code_challenge = bytes2base64URL(
sha256(session.code_verifier.encode("utf8")))
query = Data(
client_id=self.device.auth0.client_id,
redirect_uri=self.device.auth0.redirect_uri,
state=state,
nonce=bytes2base64URL(Random.bytes(32)),
code_challenge=code_challenge,
response_type="code",
code_challenge_method="S256",
response_mode="query",
audience=self.device.auth0.audience,
scope=self.device.auth0.scope,
)
url = str(
URL("https://" + self.device.auth0.domain + "/authorize",
query=query))
Log.note("Forward browser to {{url}}", url=url)
return redirect(url, code=302)
def device_login(self, path=None):
"""
REDIRECT BROWSER TO AUTH0 LOGIN
"""
now = Date.now()
expires = now + parse(self.device.login.session['max-age'])
state = request.args.get("state")
self.session_manager.create_session(session)
session.expires = expires.unix
session.code_verifier = bytes2base64URL(crypto.bytes(32))
code_challenge = bytes2base64URL(
sha256(session.code_verifier.encode("utf8")))
query = Data(
client_id=self.device.auth0.client_id,
redirect_uri=self.device.auth0.redirect_uri,
state=state,
nonce=bytes2base64URL(crypto.bytes(32)),
code_challenge=code_challenge,
response_type="code",
code_challenge_method="S256",
response_mode="query",
audience=self.device.auth0.audience,
scope=self.device.auth0.scope,
)
url = str(
URL("https://" + self.device.auth0.domain + "/authorize",
query=query))
Log.note("Forward browser to {{url}}", url=url)
response = redirect(url, code=302)
response.set_cookie(self.device.login.session.name,
session.session_id,
path=self.device.login.session.path,
domain=self.device.login.session.domain,
expires=expires.format(RFC1123),
secure=self.device.login.session.secure,
httponly=self.device.login.session.httponly)
return response
def device_register(self, path=None):
"""
EXPECTING A SIGNED REGISTRATION REQUEST
RETURN JSON WITH url FOR LOGIN
"""
now = Date.now()
expires = now + parse(self.device.register.session['max-age'])
request_body = request.get_data()
signed = json2value(request_body.decode("utf8"))
command = json2value(base642bytes(signed.data).decode("utf8"))
session.public_key = command.public_key
rsa_crypto.verify(signed, session.public_key)
self.session_manager.create_session(session)
session.expires = expires.unix
session.state = bytes2base64URL(crypto.bytes(32))
with self.device.db.transaction() as t:
t.execute(
sql_insert(
self.device.table,
{
"state": session.state,
"session_id": session.session_id
},
))
body = value2json(
Data(
session_id=session.session_id,
interval="5second",
expires=session.expires,
url=URL(
self.device.home,
path=self.device.endpoints.login,
query={"state": session.state},
),
))
response = Response(body,
headers={"Content-Type": mimetype.JSON},
status=200)
response.set_cookie(self.device.register.session.name,
session.session_id,
path=self.device.login.session.path,
domain=self.device.login.session.domain,
expires=expires.format(RFC1123),
secure=self.device.login.session.secure,
httponly=self.device.login.session.httponly)
return response
def device_register(self, path=None):
"""
EXPECTING A SIGNED REGISTRATION REQUEST
RETURN JSON WITH url FOR LOGIN
"""
now = Date.now().unix
request_body = request.get_data().strip()
signed = json2value(request_body.decode("utf8"))
command = json2value(base642bytes(signed.data).decode("utf8"))
session.public_key = command.public_key
rsa_crypto.verify(signed, session.public_key)
self.session_manager.setup_session(session)
session.expires = now + parse("10minute").seconds
session.state = bytes2base64URL(Random.bytes(32))
with self.device.db.transaction() as t:
t.execute(
sql_insert(
self.device.table,
{
"state": session.state,
"session_id": session.session_id
},
))
response = value2json(
Data(
session_id=session.session_id,
interval="5second",
expiry=session.expires,
url=URL(
self.device.home,
path=self.device.endpoints.login,
query={"state": session.state},
),
))
return Response(response,
headers={"Content-Type": "application/json"},
status=200)
def generate_sid():
"""
GENERATE A UNIQUE SESSION ID
"""
return bytes2base64URL(crypto.bytes(32))