def authorize(self): # Perform the initial API call and direct the user. api = API(config['api.endpoint'], config['api.identity'], config['api.private'], config['api.public']) success = str(url.complete('/authorized')) failure = str(url.complete('/nolove')) result = api.core.authorize(success=success, failure=failure) raise HTTPFound(location=result.location)
def authorize(self, success=None, failure=None): """Prepare a incoming session request. Error 'message' attributes are temporary; base your logic on the status and code attributes. success: web.core.url:URL (required) failure: web.core.url:URL (required) returns: location: web.core.url:URL the location to direct users to """ # Ensure success and failure URLs are present. if success is None: response.status_int = 400 return dict( status='error', code='argument.success.missing', message= "URL to return users to upon successful authentication is missing from your request." ) if failure is None: response.status_int = 400 return dict( status='error', code='argument.failure.missing', message= "URL to return users to upon authentication failure or dismissal is missing from your request." ) # Also ensure they are valid URIs. try: success_ = success success = URL(success) except: response.status_int = 400 return dict(status='error', code='argument.success.malformed', message="Successful authentication URL is malformed.") try: failure_ = failure failure = URL(failure) except: response.status_int = 400 return dict( status='error', code='argument.response.malformed', message= "URL to return users to upon successful authentication is missing from your request." ) # Deny localhost/127.0.0.1 loopbacks and 192.* and 10.* unless in development mode. if not boolean(config.get('debug', False)) and (success.host in ('localhost', '127.0.0.1') or \ success.host.startswith('192.168.') or \ success.host.startswith('10.')): response.status_int = 400 return dict( status='error', code='development-only', message= "Loopback and local area-network URLs disallowd in production." ) # Check blacklist and bail early. if AuthenticationBlacklist.objects( reduce(__or__, [ Q(scheme=success.scheme), Q(scheme=failure.scheme), Q(protocol=success.port or success.scheme), Q(protocol=failure.port or failure.scheme), ] + ([] if not success.host else [Q(domain=success.host)]) + ([] if not failure.host else [Q( domain=failure.host)]))).count(): response.status_int = 400 return dict( status='error', code='blacklist', message="You have been blacklisted. To dispute, contact {0}". format(config['mail.blackmail.author'])) # TODO: Check DNS. Yes, really. # Generate authentication token. log.info("Creating request for {0} with callbacks {1} and {2}.".format( request.service, success_, failure_)) ar = AuthenticationRequest( request. service, # We have an authenticated request, so we know the service ID is valid. success=success_, failure=failure_) ar.save() return dict(location=url.complete('/authorize/{0}'.format(ar.id)))
def authorize(self, success=None, failure=None): """Prepare a incoming session request. Error 'message' attributes are temporary; base your logic on the status and code attributes. success: web.core.url:URL (required) failure: web.core.url:URL (required) returns: location: web.core.url:URL the location to direct users to """ # Ensure success and failure URLs are present. if success is None: response.status_int = 400 return dict( status = 'error', code = 'argument.success.missing', message = "URL to return users to upon successful authentication is missing from your request." ) if failure is None: response.status_int = 400 return dict( status = 'error', code = 'argument.failure.missing', message = "URL to return users to upon authentication failure or dismissal is missing from your request." ) # Also ensure they are valid URIs. try: success_ = success success = URL(success) except: response.status_int = 400 return dict( status = 'error', code = 'argument.success.malformed', message = "Successful authentication URL is malformed." ) try: failure_ = failure failure = URL(failure) except: response.status_int = 400 return dict( status = 'error', code = 'argument.response.malformed', message = "URL to return users to upon successful authentication is missing from your request." ) # Deny localhost/127.0.0.1 loopbacks and 192.* and 10.* unless in development mode. if not boolean(config.get('debug', False)) and (success.host in ('localhost', '127.0.0.1') or \ success.host.startswith('192.168.') or \ success.host.startswith('10.')): response.status_int = 400 return dict( status = 'error', code = 'development-only', message = "Loopback and local area-network URLs disallowd in production." ) # Check blacklist and bail early. if AuthenticationBlacklist.objects(reduce(__or__, [ Q(scheme=success.scheme), Q(scheme=failure.scheme), Q(protocol=success.port or success.scheme), Q(protocol=failure.port or failure.scheme), ] + ([] if not success.host else [ Q(domain=success.host) ]) + ([] if not failure.host else [ Q(domain=failure.host) ]))).count(): response.status_int = 400 return dict( status = 'error', code = 'blacklist', message = "You have been blacklisted. To dispute, contact {0}".format(config['mail.blackmail.author']) ) # TODO: Check DNS. Yes, really. # Generate authentication token. log.info("Creating request for {0} with callbacks {1} and {2}.".format(request.service, success_, failure_)) ar = AuthenticationRequest( request.service, # We have an authenticated request, so we know the service ID is valid. success = success_, failure = failure_ ) ar.save() return dict( location = url.complete('/authorize/{0}'.format(ar.id)) )