Exemple #1
0
def exchange():
    client_id = request.form.get("client_id")
    client_secret = request.form.get("client_secret")
    code = request.form.get("code")
    if not client_id:
        return { "error": "Missing client_id" }, 400

    client = OAuthClient.query.filter(OAuthClient.client_id == client_id).first()
    if not client:
        return { "error": "Unknown client" }, 404

    if client.client_secret != client_secret:
        return { "error": "Incorrect client secret" }, 401

    r = redis.Redis(unix_socket_path=_cfg("socket"), db=_cfg("database"))
    _client_id = r.get("oauth.exchange.client." + code)
    user_id = r.get("oauth.exchange.user." + code)
    if not client_id or not user_id:
        return { "error": "Unknown or expired exchange code" }, 404

    _client_id = _client_id.decode("utf-8")
    user_id = int(user_id.decode("utf-8"))
    user = User.query.filter(User.id == user_id).first()
    if not user or _client_id != client.client_id:
        return { "error": "Unknown or expired exchange code" }, 404

    token = OAuthToken.query.filter(OAuthToken.client == client, OAuthToken.user == user).first()
    if not token:
        token = OAuthToken(user, client)
        db.add(token)
        db.commit()

    r.delete("oauth.exchange.client." + code)
    r.delete("oauth.exchange.user." + code)
    return { "token": token.token }
Exemple #2
0
def create_user(arguments):
    u = User(arguments['<name>'], arguments['<email>'],
             arguments['<password>'])
    if (u):
        u.approved = True  # approve user
        u.approvalDate = datetime.now()
        db.add(u)
        db.commit()
        print('User created')
    else:
        print('Couldn\'t create the uer')
Exemple #3
0
def clients_POST():
    name = request.form.get("name")
    info_url = request.form.get("info_url")
    redirect_uri = request.form.get("redirect_uri")
    if not name or not info_url or not redirect_uri:
        return render_template("oauth-clients.html", errors="All fields are required.")
    if not info_url.startswith("http://") and not info_url.startswith("https://"):
        return render_template("oauth-clients.html", errors="URL fields must be a URL.")
    if not redirect_uri.startswith("http://") and not redirect_uri.startswith("https://"):
        return render_template("oauth-clients.html", errors="URL fields must be a URL.")
    if len(current_user.clients) > 10:
        return render_template("oauth-clients.html", errors="You can only have 10 clients, chill out dude.")
    client = OAuthClient(current_user, name, info_url, redirect_uri)
    db.add(client)
    db.commit()
    return redirect("/oauth/clients")
Exemple #4
0
def clients_POST():
    name = request.form.get("name")
    info_url = request.form.get("info_url")
    redirect_uri = request.form.get("redirect_uri")
    if not name or not info_url or not redirect_uri:
        return render_template("oauth-clients.html",
                               errors="All fields are required.")
    if not info_url.startswith("http://") and not info_url.startswith(
            "https://"):
        return render_template("oauth-clients.html",
                               errors="URL fields must be a URL.")
    if not redirect_uri.startswith("http://") and not redirect_uri.startswith(
            "https://"):
        return render_template("oauth-clients.html",
                               errors="URL fields must be a URL.")
    if len(current_user.clients) > 10:
        return render_template(
            "oauth-clients.html",
            errors="You can only have 10 clients, chill out dude.")
    client = OAuthClient(current_user, name, info_url, redirect_uri)
    db.add(client)
    db.commit()
    return redirect("/oauth/clients")
Exemple #5
0
def exchange():
    client_id = request.form.get("client_id")
    client_secret = request.form.get("client_secret")
    code = request.form.get("code")
    if not client_id:
        return {"error": "Missing client_id"}, 400

    client = OAuthClient.query.filter(
        OAuthClient.client_id == client_id).first()
    if not client:
        return {"error": "Unknown client"}, 404

    if client.client_secret != client_secret:
        return {"error": "Incorrect client secret"}, 401

    r = redis.Redis(unix_socket_path=_cfg("socket"), db=_cfg("database"))
    _client_id = r.get("oauth.exchange.client." + code)
    user_id = r.get("oauth.exchange.user." + code)
    if not client_id or not user_id:
        return {"error": "Unknown or expired exchange code"}, 404

    _client_id = _client_id.decode("utf-8")
    user_id = int(user_id.decode("utf-8"))
    user = User.query.filter(User.id == user_id).first()
    if not user or _client_id != client.client_id:
        return {"error": "Unknown or expired exchange code"}, 404

    token = OAuthToken.query.filter(OAuthToken.client == client,
                                    OAuthToken.user == user).first()
    if not token:
        token = OAuthToken(user, client)
        db.add(token)
        db.commit()

    r.delete("oauth.exchange.client." + code)
    r.delete("oauth.exchange.user." + code)
    return {"token": token.token}