Exemple #1
0
def auth_request():
    """Check RFC6749 4.1.1 for more information.

    :param response_type : Value MUST be "code".
    :param client_id string: client id.
    :param redirect_uri string: 
    :param scope string: list of space-delimited strings, `structure.Scope`
    :param state string:

    Customlize template:
    """

    # validate client
    client_id = request.values.get('client_id')
    scopes = request.values.get('scope')
    redirect_uri = request.values.get('redirect_uri')
    if not auth_request_validate():
        return auth_response_error(client_id, redirect_uri,
                                   request.values.get('state'), AUTH_ERROR[101])
    try:
        Client.valid_codeauth(client_id, scopes)
    except ClientNotExists:
        # if not validate, return a 404 page.
        return auth_response_error(client_id, redirect_uri,
                                   request.values.get('state'), AUTH_ERROR[102])

    # if validate success, return decision.html.
    return render_template("decision.html")
Exemple #2
0
def auth_response():
    """Check RFC6749 4.1.2 for more information.

    Need all parameters which present in `auth_request`, and another more
    `grant`.
    
    :param grant: [YES/NO]

    If authorization is success, return code, state, redirect user agent to
    client.
    """
    # validate client
    client_id = request.values.get('client_id')
    scopes = request.values.get('scope')
    redirect_uri = request.values.get('redirect_uri')
    state = request.values.get('state')
    grant = request.values.get('grant')
    try:
        Client.valid_codeauth(client_id, scopes)
    except ClientNotExists:
        return auth_response_error(client_id, redirect_uri, state,
                                   AUTH_ERROR[102])

    if grant == 'NO':
        return auth_response_error(client_id, redirect_uri, state,
                                   AUTH_ERROR[103])

    if request.values.get('response_type') != 'code':
        return auth_response_error(client_id, redirect_uri, state,
                                   AUTH_ERROR[104])

    if Scope.validate(scopes) == False:
        return auth_response_error(client_id, redirect_uri, state,
                                   AUTH_ERROR[105])

    # authorization
    if grant == 'YES':
        return auth_response_succed(client_id, redirect_uri, state)
    else:
        return auth_response_error(client_id, redirect_uri, state,
                                   AUTH_ERROR[106])