def test_prompt(self): self.prepare_data() params = [('response_type', 'code'), ('client_id', 'code-client'), ('state', 'bar'), ('nonce', 'abc'), ('scope', 'openid profile'), ('redirect_uri', 'https://a.b')] query = url_encode(params) rv = self.client.get('/oauth/authorize?' + query) self.assertEqual(rv.data, b'login') query = url_encode(params + [('user_id', '1')]) rv = self.client.get('/oauth/authorize?' + query) self.assertEqual(rv.data, b'ok') query = url_encode(params + [('prompt', 'login')]) rv = self.client.get('/oauth/authorize?' + query) self.assertEqual(rv.data, b'login')
def prepare_form_encoded_body(oauth_params, body): """Prepare the Form-Encoded Body. Per `section 3.5.2`_ of the spec. .. _`section 3.5.2`: https://tools.ietf.org/html/rfc5849#section-3.5.2 """ # append OAuth params to the existing body return url_encode(_append_params(oauth_params, body))
def _create_oauth1_request(): if _req.method == 'POST': body = _req.form.to_dict(flat=True) else: body = None try: return OAuth1Request(_req.method, _req.url, body, _req.headers) except OAuth1Error as error: body = url_encode(error.get_body()) raise_http_exception(error.status_code, body, error.get_headers())
def prepare_request_uri_query(oauth_params, uri): """Prepare the Request URI Query. Per `section 3.5.3`_ of the spec. .. _`section 3.5.3`: http://tools.ietf.org/html/rfc5849#section-3.5.3 """ # append OAuth params to the existing set of query components sch, net, path, par, query, fra = urlparse.urlparse(uri) query = url_encode( _append_params(oauth_params, extract_params(query) or [])) return urlparse.urlunparse((sch, net, path, par, query, fra))
def authorize_get(request: Request): user_id = request.query_params.get("user_id") request.body = {} if user_id: end_user = db.query(User).filter(User.id == int(user_id)).first() else: end_user = None try: grant = server.validate_consent_request(request=request, end_user=end_user) return grant.prompt or "ok" except OAuth2Error as error: return url_encode(error.get_body())
def authorize(): if request.method == 'GET': try: server.check_authorization_request() return 'ok' except OAuth1Error: return 'error' user_id = request.form.get('user_id') if user_id: grant_user = User.query.get(int(user_id)) else: grant_user = None try: return server.create_authorization_response(grant_user=grant_user) except OAuth1Error as error: return url_encode(error.get_body())
def authorize(): if request.method == 'GET': user_id = request.args.get('user_id') if user_id: end_user = User.query.get(int(user_id)) else: end_user = None try: grant = server.get_consent_grant(end_user=end_user) return grant.prompt or 'ok' except OAuth2Error as error: return url_encode(error.get_body()) user_id = request.form.get('user_id') if user_id: grant_user = User.query.get(int(user_id)) else: grant_user = None return server.create_authorization_response(grant_user=grant_user)
def handle_response(self, status_code, payload, headers): return Response(url_encode(payload), status=status_code, headers=headers)
def test_token_from_fragment(self): sess = OAuth2Session(self.client_id) response_url = 'https://i.b/callback#' + url_encode(self.token.items()) self.assertEqual(sess.token_from_fragment(response_url), self.token) token = sess.fetch_access_token(authorization_response=response_url) self.assertEqual(token, self.token)
def test_token_from_fragment(): sess = OAuth2Client('foo') response_url = 'https://i.b/callback#' + url_encode(default_token.items()) assert sess.token_from_fragment(response_url) == default_token token = sess.fetch_token(authorization_response=response_url) assert token == default_token
def post(self, url, *, data, headers, auth): if isinstance(data, dict): data = url_encode(data.items()) return self.request('POST', url, data=data, headers=headers, auth=auth)
def handle_response(self, status_code, payload, headers): resp = HttpResponse(url_encode(payload), status=status_code) for k, v in headers: resp[k] = v return resp
def create_token_response(self): req = _create_oauth1_request() status, body, headers = self.create_valid_token_response(req) return Response(url_encode(body), status=status, headers=headers)
def create_authorization_response(self, grant_user=None): req = _create_oauth1_request() status, body, headers = self.create_valid_authorization_response( req, grant_user) return Response(url_encode(body), status=status, headers=headers)
def create_temporary_credential_response(self): req = _create_oauth1_request() status, body, headers = self.create_valid_temporary_credentials_response( req) return Response(url_encode(body), status=status, headers=headers)
async def authorize( request: Request, _query_params: OAuthAuthorizeRequestQueryParams = Depends( OAuthAuthorizeRequestQueryParams), auth_credentials: AuthCredentials = Body(...), ): """Perform authorization from given credentials and returns the result.""" retry_delay, retry_after = await async_throttle(request) if retry_delay is not None and retry_after is not None: raise HTTPException(403, "Wait", headers={ 'X-Retry-After': retry_after, 'X-Retry-Wait': retry_delay }) potential_users = async_user_collection.find( {'email': auth_credentials.email}) async for potential_user in potential_users: if potential_user.get('password') is not None: password_valid, new_hash = verify_and_update( auth_credentials.password, potential_user['password']) if password_valid: user_data = potential_user break else: retry_after, retry_delay = await async_throttle_failure_request(request ) raise HTTPException(403, "Invalid E-Mail or Password", headers={ 'X-Retry-After': retry_after, 'X-Retry-Wait': retry_delay }) user = User.validate(user_data) if new_hash is not None: await async_user_collection.update_one( {'_id': user.id}, {'$set': { 'password': new_hash }}) user.password = new_hash if user.registration_token: # If the user password is correct, but a registration token is pending, redirect to registration page from ...manager.api.user_helpers import check_token, create_token import urllib.parse registration_token = user.registration_token try: check_token(user.registration_token) except HTTPException: token_valid_until = int(time.time() + config.manager.token_valid.registration) registration_token = create_token(user_data['_id'], token_valid_until) await async_user_collection.update_one( {'_id': user.id}, {'$set': { 'registration_token': registration_token }}, ) args = dict(url_decode(request.url.query)) args.update((await request.form()) or {}) #: dict of query and body params return_url = urllib.parse.quote_plus(config.oauth2.base_url + '/authorize?' + url_encode(args.items())) return JSONResponse( content={ 'redirect_uri': f"{config.manager.frontend_base_url}/register/{registration_token}" f"?return_url={return_url}" }, status_code=200, headers=dict(default_json_headers), ) user_group_data = await UserWithRoles.async_load_groups( user, _query_params.client_id) oauth_request = await oauth2_request(request) resp = await run_in_threadpool( authorization.create_authorization_response, request=oauth_request, grant_user=user_group_data, ) if isinstance(resp, ErrorJSONResponse): return resp elif isinstance(resp, ErrorRedirectResponse): return resp.to_json_response() elif isinstance(resp, RedirectResponse): expires_in = config.oauth2.token_expiration.session add_session_state(resp, oauth_request.user) resp = resp.to_json_response() if auth_credentials.remember: now = int(time.time()) sess = Session( id=generate_token(config.oauth2.token_length), user_id=user.id, issued_at=now, expires_in=expires_in, expiration_time=datetime.utcnow() + timedelta(seconds=expires_in), ) await async_session_collection.insert_one( sess.dict(exclude_none=True, by_alias=True)) update_session_sid(resp, sess.id) update_session_state(resp, oauth_request.user) return resp assert False