def authorize(): if request.method == "GET": print "123445566" context_id = None # scopes requesting resource accesses resource_scopes = [] for scope in request.args["scope"].split(" "): if scope.startswith("launch:"): _, context_id = scope.rsplit(":", 1) elif scope.startswith("patient/") or scope.startswith("user/"): resource_scopes.append(scope) if context_id is None: # create launch context for app launched outside of EHR env # TODO clean this up return redirect( "%s?%s" % (url_for("auth.create_context"), urlencode({"auth_req": json.dumps(request.args)})) ) assert request.args["response_type"] == "code" # find app requested this authorization app = App.query.filter_by( client_id=request.args["client_id"], redirect_uri=request.args["redirect_uri"] ).first() assert app is not None client = Client( authorizer=request.session.user, app=app, state=request.args.get("state"), scope=request.args["scope"], context_id=context_id, ) db.session.add(client) ctx = Context.query.get(context_id) # id of patient selected in launch time, could be none pid = json.loads(ctx.context).get("Patient") # parse requested scopes scopes = [OAuthScope(scp_str, pid) for scp_str in resource_scopes] readable_accesses = map(OAuthScope.to_readable, scopes) # we grant access despite user's reaction so that we don't have to keep tract of requested scope # security is being taken care of by marking the authorized client as un authorized for scope in scopes: scope.get_access_from_user(request.session.user, client) db.session.commit() return render_template( "authorization.html", appname=app.name, accesses=readable_accesses, auth_code=client.code ) else: client = Client.query.filter_by(code=request.form["auth_code"]).first() assert client is not None app = App.query.filter_by(client_id=client.client_id).first() redirect_uri = app.redirect_uri if request.form["authorize"] == "yes": # authorize the client and redirect client.authorized = True db.session.commit() redirect_args = {"code": request.form["auth_code"]} if client.state is not None: redirect_args["state"] = client.state else: redirect_args = {"error": "Authorization declined"} return redirect("%s?%s" % (redirect_uri, urlencode(redirect_args)))
def authorize(): if request.method == 'GET': print '123445566' context_id = None # scopes requesting resource accesses resource_scopes = [] for scope in request.args['scope'].split(' '): if scope.startswith('launch:'): _, context_id = scope.rsplit(':', 1) elif scope.startswith('patient/') or scope.startswith('user/'): resource_scopes.append(scope) if context_id is None: # create launch context for app launched outside of EHR env # TODO clean this up return redirect( '%s?%s' % (url_for('auth.create_context'), urlencode({'auth_req': json.dumps(request.args)}))) assert request.args['response_type'] == 'code' # find app requested this authorization app = App.query.filter_by( client_id=request.args['client_id'], redirect_uri=request.args['redirect_uri']).first() assert app is not None client = Client(authorizer=request.session.user, app=app, state=request.args.get('state'), scope=request.args['scope'], context_id=context_id) db.session.add(client) ctx = Context.query.get(context_id) # id of patient selected in launch time, could be none pid = json.loads(ctx.context).get('Patient') # parse requested scopes scopes = [OAuthScope(scp_str, pid) for scp_str in resource_scopes] readable_accesses = map(OAuthScope.to_readable, scopes) # we grant access despite user's reaction so that we don't have to keep tract of requested scope # security is being taken care of by marking the authorized client as un authorized for scope in scopes: scope.get_access_from_user(request.session.user, client) db.session.commit() return render_template('authorization.html', appname=app.name, accesses=readable_accesses, auth_code=client.code) else: client = Client.query.filter_by(code=request.form['auth_code']).first() assert client is not None app = App.query.filter_by(client_id=client.client_id).first() redirect_uri = app.redirect_uri if request.form['authorize'] == 'yes': # authorize the client and redirect client.authorized = True db.session.commit() redirect_args = {'code': request.form['auth_code']} if client.state is not None: redirect_args['state'] = client.state else: redirect_args = {'error': 'Authorization declined'} return redirect('%s?%s' % (redirect_uri, urlencode(redirect_args)))
def authorize(): if request.method == 'GET': context_id = None # scopes requesting resource accesses resource_scopes = [] for scope in request.args['scope'].split(' '): if scope.startswith('launch:'): _, context_id = scope.rsplit(':', 1) elif scope.startswith('patient/') or scope.startswith('user/'): resource_scopes.append(scope) if context_id is None: # create launch context for app launched outside of EHR env # TODO clean this up return redirect('%s?%s'% (url_for('auth.create_context'), urlencode({'auth_req': json.dumps(request.args)}))) assert request.args['response_type'] == 'code' # find app requested this authorization app = App.query.filter_by( client_id=request.args['client_id'], redirect_uri=request.args['redirect_uri']).first() assert app is not None client = Client(authorizer=request.session.user, app=app, state=request.args.get('state'), scope=request.args['scope'], context_id=context_id) db.session.add(client) ctx = Context.query.get(context_id) # id of patient selected in launch time, could be none pid = json.loads(ctx.context).get('Patient') # parse requested scopes scopes = [OAuthScope(scp_str, pid) for scp_str in resource_scopes] readable_accesses = map(OAuthScope.to_readable, scopes) # we grant access despite user's reaction so that we don't have to keep tract of requested scope # security is being taken care of by marking the authorized client as un authorized for scope in scopes: scope.get_access_from_user(request.session.user, client) db.session.commit() return render_template('authorization.html', appname=app.name, accesses=readable_accesses, auth_code=client.code) else: client = Client.query.filter_by(code=request.form['auth_code']).first() assert client is not None app = App.query.filter_by(client_id=client.client_id).first() redirect_uri = app.redirect_uri if request.form['authorize'] == 'yes': # authorize the client and redirect client.authorized = True db.session.commit() redirect_args = {'code': request.form['auth_code']} if client.state is not None: redirect_args['state'] = client.state else: redirect_args = {'error': 'Authorization declined'} return redirect('%s?%s'% (redirect_uri, urlencode(redirect_args)))