def validate_client_authorization(self):
database = self.application.database
client = database.find_client(self.client_id)
if not client:
self.raise_http_401({'error': 'invalid_client',
'error_description': 'Invalid client_id or code on Authorization header'})
if not database.client_has_authorization_code(self.client_id, self.code_from_header):
self.raise_http_401({'error': 'invalid_client',
'error_description': 'Invalid client_id or code on Authorization header'})
if not database.client_has_authorization_code(self.client_id, self.code):
self.raise_http_400({'error': 'invalid_grant',
'error_description': 'Invalid code for this client'})
if not database.client_has_redirect_uri_for_code(self.client_id, self.code, self.redirect_uri):
self.raise_http_400({'error': 'invalid_grant',
'error_description': 'redirect_uri does not match'})
if database.is_client_authorization_code_used(self.client_id, self.code):
self.raise_http_400({'error': 'invalid_grant',
'error_description': 'Authorization grant already used'})
plugins.call('access-token-validation', self)
def build_response(self):
response = {
'access_token': self.build_access_token(),
'token_type': 'bearer',
'expires_in': 3600,
}
plugins.call('access-token-response', self, response)
self.write(response)
def build_response(self):
response = {
'access_token': self.build_access_token(),
'token_type': 'bearer',
'expires_in': 3600,
}
plugins.call('access-token-response', self, response)
self.write(response)
def validate_client_authorization(self):
database = self.application.database
client = database.find_client(self.client_id)
if not client:
self.raise_http_401({
'error':
'invalid_client',
'error_description':
'Invalid client_id or code on Authorization header'
})
if not database.client_has_authorization_code(self.client_id,
self.code_from_header):
self.raise_http_401({
'error':
'invalid_client',
'error_description':
'Invalid client_id or code on Authorization header'
})
if not database.client_has_authorization_code(self.client_id,
self.code):
self.raise_http_400({
'error':
'invalid_grant',
'error_description':
'Invalid code for this client'
})
if not database.client_has_redirect_uri_for_code(
self.client_id, self.code, self.redirect_uri):
self.raise_http_400({
'error':
'invalid_grant',
'error_description':
'redirect_uri does not match'
})
if database.is_client_authorization_code_used(self.client_id,
self.code):
self.raise_http_400({
'error':
'invalid_grant',
'error_description':
'Authorization grant already used'
})
plugins.call('access-token-validation', self)
def get(self):
self.load_parameters()
self.verify_response_type()
self.create_authorization_token()
self.save_client_tokens()
if not plugins.call('authorization-GET', self):
self.redirect_access_granted(self.client_id, self.code)
def get(self):
self.load_parameters()
self.verify_response_type()
self.create_authorization_token()
self.save_client_tokens()
if not plugins.call('authorization-GET', self):
self.redirect_access_granted(self.client_id, self.code)
def get(self):
self.validate_arguments()
self.load_arguments()
self.create_authorization_token()
self.save_client_tokens()
if not plugins.call('authorization-GET', self):
self.redirect_with_token()
def test_call_should_return_True_if_plugin_called():
called = []
@plugins.register('authorization-GET')
def on_authorization_GET(handler):
called.append(handler)
assert plugins.call('authorization-GET', "handler") is True
assert ["handler"] == called
def test_call_should_return_True_if_plugin_called():
called = []
@plugins.authorization_GET
def on_authorization_GET(handler):
called.append(handler)
assert plugins.call('authorization-GET', "handler") is True
assert ["handler"] == called
def test_call_should_return_False_if_plugin_raises_IgnorePlugin():
called = []
@plugins.register('authorization-GET')
def on_authorization_GET(handler):
called.append(handler)
raise plugins.IgnorePlugin()
assert plugins.call('authorization-GET', "handler") is False
assert ["handler"] == called
def test_call_should_return_False_if_plugin_raises_IgnorePlugin():
called = []
@plugins.authorization_GET
def on_authorization_GET(handler):
called.append(handler)
raise plugins.IgnorePlugin()
assert plugins.call('authorization-GET', "handler") is False
assert ["handler"] == called
def post(self):
if not plugins.call('authorization-POST', self):
self.raise_http_error(405)
def post(self):
if not plugins.call('authorization-POST', self):
self.raise_http_error(405)
def test_call_should_let_InvalidPlugin_exception_to_be_raised():
with pytest.raises(plugins.InvalidPlugin):
plugins.call('INVALID-PLUGIN')
def test_call_should_return_False_if_plugin_not_found():
assert plugins.call('authorization-GET') is False
def test_call_should_return_False_if_plugin_not_found():
assert plugins.call('authorization-GET') is False
def test_call_should_let_InvalidPlugin_exception_to_be_raised():
with pytest.raises(plugins.InvalidPlugin):
plugins.call('INVALID-PLUGIN')