def handleLoginSuccess(): current_app.logger.info('handleLoginSuccess [%s]' % request.method) scope = None me = request.args.get('me') code = request.args.get('code') current_app.logger.info('me [%s] code [%s]' % (me, code)) if current_app.dbRedis is not None: current_app.logger.info('getting data to validate auth code') key = 'login-%s' % me data = current_app.dbRedis.hgetall(key) if data: current_app.logger.info('calling [%s] to validate code' % data['auth_url']) r = ninka.indieauth.validateAuthCode( code=code, client_id=data['client_id'], redirect_uri=data['redirect_uri'], validationEndpoint=data['auth_url']) current_app.logger.info('validateAuthCode returned %s' % r['status']) if r['status'] == requests.codes.ok: current_app.logger.info('login code verified') if 'scope' in r['response']: scope = r['response']['scope'] else: scope = data['scope'] from_uri = data['from_uri'] token = str(uuid.uuid4()) current_app.dbRedis.hset(key, 'code', code) current_app.dbRedis.hset(key, 'token', token) current_app.dbRedis.expire(key, current_app.config['AUTH_TIMEOUT']) current_app.dbRedis.set('token-%s' % token, key) current_app.dbRedis.expire('token-%s' % code, current_app.config['AUTH_TIMEOUT']) session['indieauth_token'] = token session['indieauth_scope'] = scope session['indieauth_id'] = me else: current_app.logger.info('login invalid') clearAuth() else: current_app.logger.info('nothing found for [%s]' % me) if scope: if from_uri: return redirect(from_uri) else: return redirect('/') else: return 'authentication failed', 403
def handleLoginSuccess(): current_app.logger.info("handleLoginSuccess [%s]" % request.method) scope = None me = request.args.get("me") code = request.args.get("code") current_app.logger.info("me [%s] code [%s]" % (me, code)) if current_app.dbRedis is not None: current_app.logger.info("getting data to validate auth code") key = "login-%s" % me data = current_app.dbRedis.hgetall(key) if data: current_app.logger.info("calling [%s] to validate code" % data["auth_url"]) r = ninka.indieauth.validateAuthCode( code=code, client_id=data["client_id"], redirect_uri=data["redirect_uri"], validationEndpoint=data["auth_url"], ) current_app.logger.info("validateAuthCode returned %s" % r["status"]) if r["status"] == requests.codes.ok: current_app.logger.info("login code verified") if "scope" in r["response"]: scope = r["response"]["scope"] else: scope = data["scope"] from_uri = data["from_uri"] token = str(uuid.uuid4()) current_app.dbRedis.hset(key, "code", code) current_app.dbRedis.hset(key, "token", token) current_app.dbRedis.expire(key, current_app.config["AUTH_TIMEOUT"]) current_app.dbRedis.set("token-%s" % token, key) current_app.dbRedis.expire("token-%s" % code, current_app.config["AUTH_TIMEOUT"]) session["indieauth_token"] = token session["indieauth_scope"] = scope session["indieauth_id"] = me else: current_app.logger.info("login invalid") clearAuth() else: current_app.logger.info("nothing found for [%s]" % me) if scope: if from_uri: return redirect(from_uri) else: return redirect("/") else: return "authentication failed", 403
def handleLoginSuccess(): current_app.logger.info('handleLoginSuccess [%s]' % request.method) scope = None me = request.args.get('me') code = request.args.get('code') current_app.logger.info('me [%s] code [%s]' % (me, code)) if current_app.dbRedis is not None: current_app.logger.info('getting data to validate auth code') key = 'login-%s' % me data = current_app.dbRedis.hgetall(key) if data: current_app.logger.info('calling [%s] to validate code' % data['auth_url']) r = ninka.indieauth.validateAuthCode(code=code, client_id=data['client_id'], redirect_uri=data['redirect_uri'], validationEndpoint=data['auth_url']) current_app.logger.info('validateAuthCode returned %s' % r['status']) if r['status'] == requests.codes.ok: current_app.logger.info('login code verified') if 'scope' in r['response']: scope = r['response']['scope'] else: scope = data['scope'] from_uri = data['from_uri'] token = str(uuid.uuid4()) current_app.dbRedis.hset(key, 'code', code) current_app.dbRedis.hset(key, 'token', token) current_app.dbRedis.expire(key, current_app.config['AUTH_TIMEOUT']) current_app.dbRedis.set('token-%s' % token, key) current_app.dbRedis.expire('token-%s' % code, current_app.config['AUTH_TIMEOUT']) session['indieauth_token'] = token session['indieauth_scope'] = scope session['indieauth_id'] = me else: current_app.logger.info('login invalid') clearAuth() else: current_app.logger.info('nothing found for [%s]' % me) if scope: if from_uri: return redirect(from_uri) else: return redirect('/') else: return 'authentication failed', 403
def handleAuth(): current_app.logger.info('handleAuth [%s]' % request.method) result = False if current_app.dbRedis is not None: token = request.args.get('token') if token is not None: me = current_app.dbRedis.get('token-%s' % token) if me: data = current_app.dbRedis.hgetall(me) if data and data['token'] == token: result = True if result: return 'valid', 200 else: clearAuth() return 'invalid', 403
def handleAuth(): current_app.logger.info("handleAuth [%s]" % request.method) result = False if current_app.dbRedis is not None: token = request.args.get("token") if token is not None: me = current_app.dbRedis.get("token-%s" % token) if me: data = current_app.dbRedis.hgetall(me) if data and data["token"] == token: result = True if result: return "valid", 200 else: clearAuth() return "invalid", 403
def handleAccessToken(): current_app.logger.info('handleAccessToken [%s]' % request.method) form = MPTokenForm(me=current_app.config['BASEURL'], client_id=current_app.config['CLIENT_ID'], redirect_uri='%s/access' % current_app.config['BASEURL'], from_uri='%s/access' % current_app.config['BASEURL'], scope='post') if form.validate_on_submit(): me = 'https://%s/' % baseDomain(form.me.data, includeScheme=False) authEndpoints = ninka.indieauth.discoverAuthEndpoints(me) if 'authorization_endpoint' in authEndpoints: authURL = None for url in authEndpoints['authorization_endpoint']: authURL = url break if authURL is not None: url = ParseResult( authURL.scheme, authURL.netloc, authURL.path, authURL.params, urllib.urlencode({ 'me': me, 'redirect_uri': form.redirect_uri.data, 'client_id': form.client_id.data, 'scope': form.scope.data, 'response_type': 'id' }), authURL.fragment).geturl() key = 'access-%s' % me data = current_app.dbRedis.hgetall(key) if data and 'token' in data: # clear any existing auth data current_app.dbRedis.delete('token-%s' % data['token']) current_app.dbRedis.hdel(key, 'token') current_app.dbRedis.hset( key, 'auth_url', ParseResult(authURL.scheme, authURL.netloc, authURL.path, '', '', '').geturl()) current_app.dbRedis.hset(key, 'redirect_uri', form.redirect_uri.data) current_app.dbRedis.hset(key, 'client_id', form.client_id.data) current_app.dbRedis.hset(key, 'scope', form.scope.data) current_app.dbRedis.expire( key, current_app.config['AUTH_TIMEOUT'] ) # expire in N minutes unless successful current_app.logger.info('redirecting to [%s]' % url) return redirect(url) else: return 'insert fancy no auth endpoint found error message here', 403 else: me = request.args.get('me') code = request.args.get('code') current_app.logger.info('me [%s] code [%s]' % (me, code)) if code is None: templateContext = {} templateContext['form'] = form return render_template('mptoken.jinja', **templateContext) else: current_app.logger.info('getting data to validate auth code') key = 'access-%s' % me data = current_app.dbRedis.hgetall(key) if data: current_app.logger.info('calling [%s] to validate code' % data['auth_url']) r = ninka.indieauth.validateAuthCode( code=code, client_id=data['client_id'], redirect_uri=data['redirect_uri'], validationEndpoint=data['auth_url']) current_app.logger.info('validateAuthCode returned %s' % r['status']) if r['status'] == requests.codes.ok: current_app.logger.info('login code verified') token = str(uuid.uuid4()) current_app.dbRedis.hset(key, 'code', code) current_app.dbRedis.hset(key, 'token', token) current_app.dbRedis.expire( key, current_app.config['AUTH_TIMEOUT']) current_app.dbRedis.set( 'token-%s' % token, 'app-%s-%s-%s' % (me, data['client_id'], data['scope'])) current_app.dbRedis.expire( 'token-%s' % token, current_app.config['AUTH_TIMEOUT']) app_key = 'app-%s-%s-%s' % (me, data['client_id'], data['scope']) current_app.dbRedis.hset(app_key, 'auth_url', data['auth_url']) current_app.dbRedis.hset(app_key, 'redirect_uri', data['redirect_uri']) current_app.dbRedis.hset(app_key, 'client_id', data['client_id']) current_app.dbRedis.hset(app_key, 'scope', data['scope']) current_app.dbRedis.expire( app_key, current_app.config['AUTH_TIMEOUT'] ) # expire in N minutes unless successful return 'Access Token: %s' % token, 200 else: current_app.logger.info('login invalid') clearAuth() return 'Invalid', 401 else: current_app.logger.info('nothing found for [%s]' % me) clearAuth() return 'Invalid', 401
def handleAccessToken(): current_app.logger.info('handleAccessToken [%s]' % request.method) form = MPTokenForm(me=current_app.config['BASEURL'], client_id=current_app.config['CLIENT_ID'], redirect_uri='%s/access' % current_app.config['BASEURL'], from_uri='%s/access' % current_app.config['BASEURL'], scope='post') if form.validate_on_submit(): me = 'https://%s/' % baseDomain(form.me.data, includeScheme=False) authEndpoints = ninka.indieauth.discoverAuthEndpoints(me) if 'authorization_endpoint' in authEndpoints: authURL = None for url in authEndpoints['authorization_endpoint']: authURL = url break if authURL is not None: url = ParseResult(authURL.scheme, authURL.netloc, authURL.path, authURL.params, urllib.urlencode({ 'me': me, 'redirect_uri': form.redirect_uri.data, 'client_id': form.client_id.data, 'scope': form.scope.data, 'response_type': 'id' }), authURL.fragment).geturl() key = 'access-%s' % me data = current_app.dbRedis.hgetall(key) if data and 'token' in data: # clear any existing auth data current_app.dbRedis.delete('token-%s' % data['token']) current_app.dbRedis.hdel(key, 'token') current_app.dbRedis.hset(key, 'auth_url', ParseResult(authURL.scheme, authURL.netloc, authURL.path, '', '', '').geturl()) current_app.dbRedis.hset(key, 'redirect_uri', form.redirect_uri.data) current_app.dbRedis.hset(key, 'client_id', form.client_id.data) current_app.dbRedis.hset(key, 'scope', form.scope.data) current_app.dbRedis.expire(key, current_app.config['AUTH_TIMEOUT']) # expire in N minutes unless successful current_app.logger.info('redirecting to [%s]' % url) return redirect(url) else: return 'insert fancy no auth endpoint found error message here', 403 else: me = request.args.get('me') code = request.args.get('code') current_app.logger.info('me [%s] code [%s]' % (me, code)) if code is None: templateContext = {} templateContext['form'] = form return render_template('mptoken.jinja', **templateContext) else: current_app.logger.info('getting data to validate auth code') key = 'access-%s' % me data = current_app.dbRedis.hgetall(key) if data: current_app.logger.info('calling [%s] to validate code' % data['auth_url']) r = ninka.indieauth.validateAuthCode(code=code, client_id=data['client_id'], redirect_uri=data['redirect_uri'], validationEndpoint=data['auth_url']) current_app.logger.info('validateAuthCode returned %s' % r['status']) if r['status'] == requests.codes.ok: current_app.logger.info('login code verified') token = str(uuid.uuid4()) current_app.dbRedis.hset(key, 'code', code) current_app.dbRedis.hset(key, 'token', token) current_app.dbRedis.expire(key, current_app.config['AUTH_TIMEOUT']) current_app.dbRedis.set('token-%s' % token, 'app-%s-%s-%s' % (me, data['client_id'], data['scope'])) current_app.dbRedis.expire('token-%s' % token, current_app.config['AUTH_TIMEOUT']) app_key = 'app-%s-%s-%s' % (me, data['client_id'], data['scope']) current_app.dbRedis.hset(app_key, 'auth_url', data['auth_url']) current_app.dbRedis.hset(app_key, 'redirect_uri', data['redirect_uri']) current_app.dbRedis.hset(app_key, 'client_id', data['client_id']) current_app.dbRedis.hset(app_key, 'scope', data['scope']) current_app.dbRedis.expire(app_key, current_app.config['AUTH_TIMEOUT']) # expire in N minutes unless successful return 'Access Token: %s' % token, 200 else: current_app.logger.info('login invalid') clearAuth() return 'Invalid', 401 else: current_app.logger.info('nothing found for [%s]' % me) clearAuth() return 'Invalid', 401
def handleLogout(): current_app.logger.info('handleLogout [%s]' % request.method) clearAuth() return redirect('/')