def put(self, *args, **kwargs):
if 'user' not in kwargs or not args:
self.raise401()
# redirect_uris = self.get_argument('redirect_uris', None)
app_name = self.get_argument('app_name', None)
description = self.get_argument('description', None)
website = self.get_argument('website', None)
update = {}
if app_name:
update['set__app_name'] = app_name
if description:
update['set__description'] = description
if website:
update['set__website'] = website
# if redirect_uris:
# update['set_redirect_uris'] = parse_listed_strs(redirect_uris)
user = kwargs['user']
path = parse_path(args[0])
client = Client.objects(app_name=path[0]).first()
if not client or user != client.user:
self.raise401()
try:
Client.objects(app_name=path[0]).update_one(**update)
client = Client.objects(app_name=app_name or path[0]).first()
client_data = document_to_json(client, filter_set=_FILTER)
self.set_status(201)
self.write(client_data)
except Exception as e:
reason = e.message
self.raise400(reason=reason)
def get(self, *args, **kwargs):
# /clients
# /clients/:app_name
if 'user' not in kwargs:
self.raise401()
user = kwargs['user']
if args:
path = parse_path(args[0])
client = Client.objects(user=user, app_name=path[0]).first()
if not client:
self.raise404()
client_data = document_to_json(client, filter_set=_FILTER)
else:
limit = self.get_argument('limit', None)
start = self.get_argument('start', None)
try:
limit = int(limit)
except:
limit = None
try:
start = int(start)
except:
start = None
clients = Client.objects(user=user)
if limit and start:
clients = clients[start: start+limit]
elif limit:
clients = clients[:limit]
elif start:
clients = clients[start:]
client_data = query_to_json(clients, filter_set=_FILTER)
self.write(client_data)
def delete(self, *args, **kwargs):
if 'user' not in kwargs or not args:
self.raise401()
user = kwargs['user']
path = parse_path(args[0])
client = Client.objects(app_name=path[0]).first()
if not client or user != client.user:
self.raise401()
try:
Client.objects(app_name=path[0]).delete()
self.set_status(204)
self.finish()
except Exception as e:
reason = e.message
self.raise400(reason=reason)
def post(self, *args, **kwargs):
client_id = self.get_argument('client_id', None)
user_id = self.get_argument('user_id', None)
scopes = self.get_argument('scopes', [])
try:
base_uri, uri = self.get_uri()
scopes_list = parse_listed_strs(scopes)
client = Client.objects(client_id=client_id).first()
user = User.objects(id=ObjectId(user_id)).first()
cred = Credential.objects(
client_id=client_id, user_id=user_id).first()
if not client or not user or not cred:
raise Exception('Authorization failed')
credentials = {
'client_id': cred.client_id,
'response_type': cred.response_type,
'request': binary_to_request(cred.request),
'redirect_uri': cred.redirect_uri,
'state': cred.state,
'user': user,
}
content = self.endpoint.create_authorization_response(
uri, 'GET', {}, {}, scopes_list, credentials)
self.redirect(content[0]['Location'])
except Exception as e:
self.write(self.get_response(error=e))
def validate_response_type(self, client_id, response_type, client, request,
*args, **kwargs):
# Clients should only be allowed to use one type of response type, the
# one associated with their one allowed grant type.
# In this case it must be "code".
client = Client.objects(client_id=client_id).first()
return client.response_type == response_type
def validate_response_type(self, client_id, response_type, client, request,
*args, **kwargs):
# Clients should only be allowed to use one type of response type, the
# one associated with their one allowed grant type.
# In this case it must be "code".
client = Client.objects(client_id=client_id).first()
return client.response_type == response_type
def authenticate_client(self, request, *args, **kwargs):
# Whichever authentication method suits you, HTTP Basic might work
client_secret = decode_basic_auth(request.headers['Authorization'])
client_id = request.client_id
client = Client.objects(client_id=client_id,
client_secret=client_secret).first()
request.client = client
return client is not None
def authenticate_client(self, request, *args, **kwargs):
# Whichever authentication method suits you, HTTP Basic might work
client_secret = decode_basic_auth(request.headers['Authorization'])
client_id = request.client_id
client = Client.objects(
client_id=client_id, client_secret=client_secret).first()
request.client = client
return client is not None
def save_authorization_code(self, client_id, code, request,
*args, **kwargs):
# Remember to associate it with request.scopes, request.redirect_uri
# request.client, request.state and request.user (the last is passed in
# post_authorization credentials, i.e. { 'user': request.user}.
client = Client.objects(client_id=client_id).first()
Code(client=client, user=request.user, state=request.state,
code=code['code'], scopes=request.scopes,
redirect_uri=request.redirect_uri,
expires_at=get_utc_time(CODE_EXPIRE_TIME)).save()
def validate_grant_type(self, client_id, grant_type, client, request,
*args, **kwargs):
# Clients should only be allowed to use one type of grant.
# In this case, it must be "authorization_code" or "refresh_token"
client = Client.objects(client_id=client_id).first()
# This might not be the correct implementation
cg_type = client.grant_type
if cg_type == 'authorization_code' or cg_type == 'password':
if grant_type == 'refresh_token':
return True
return cg_type == grant_type
def validate_redirect_uri(self, client_id, redirect_uri, request,
*args, **kwargs):
# Is the client allowed to use the supplied redirect_uri? i.e. has
# the client previously registered this EXACT redirect uri.
client = Client.objects(client_id=client_id).first()
base_uri = get_auth_base_uri()
if client:
for uri in client.redirect_uris:
if redirect_uri == base_uri + uri:
return True
return False
def validate_redirect_uri(self, client_id, redirect_uri, request, *args,
**kwargs):
# Is the client allowed to use the supplied redirect_uri? i.e. has
# the client previously registered this EXACT redirect uri.
client = Client.objects(client_id=client_id).first()
base_uri = get_auth_base_uri()
if client:
for uri in client.redirect_uris:
if redirect_uri == base_uri + uri:
return True
return False
def validate_grant_type(self, client_id, grant_type, client, request,
*args, **kwargs):
# Clients should only be allowed to use one type of grant.
# In this case, it must be "authorization_code" or "refresh_token"
client = Client.objects(client_id=client_id).first()
# This might not be the correct implementation
cg_type = client.grant_type
if cg_type == 'authorization_code' or cg_type == 'password':
if grant_type == 'refresh_token':
return True
return cg_type == grant_type
def validate_code(self, client_id, code, client, request, *args, **kwargs):
# Validate the code belongs to the client. Add associated scopes,
# state and user to request.scopes, request.state and request.user.
client = Client.objects(client_id=client_id).first()
client_code = Code.objects(client=client).first()
valid = client_code.code == code
if valid and client_code.expires_at > get_utc_time():
request.scopes = client_code.scopes
request.user = client_code.user
request.state = client_code.state
return True
return False
def validate_code(self, client_id, code, client, request, *args, **kwargs):
# Validate the code belongs to the client. Add associated scopes,
# state and user to request.scopes, request.state and request.user.
client = Client.objects(client_id=client_id).first()
client_code = Code.objects(client=client).first()
valid = client_code.code == code
if valid and client_code.expires_at > get_utc_time():
request.scopes = client_code.scopes
request.user = client_code.user
request.state = client_code.state
return True
return False
def save_authorization_code(self, client_id, code, request, *args,
**kwargs):
# Remember to associate it with request.scopes, request.redirect_uri
# request.client, request.state and request.user (the last is passed in
# post_authorization credentials, i.e. { 'user': request.user}.
client = Client.objects(client_id=client_id).first()
Code(client=client,
user=request.user,
state=request.state,
code=code['code'],
scopes=request.scopes,
redirect_uri=request.redirect_uri,
expires_at=get_utc_time(CODE_EXPIRE_TIME)).save()
def get_default_redirect_uri(self, client_id, request, *args, **kwargs):
# The redirect used if none has been supplied.
# Prefer your clients to pre register a redirect uri rather than
# supplying one on each authorization request.
client = Client.objects(client_id=client_id).first()
return get_auth_base_uri() + client.default_redirect_uri
def authenticate_client_id(self, client_id, request, *args, **kwargs):
# Don't allow public (non-authenticated) clients
client = Client.objects(client_id=client_id).first()
request.client = client
return client is not None
def authenticate_client_id(self, client_id, request, *args, **kwargs):
# Don't allow public (non-authenticated) clients
client = Client.objects(client_id=client_id).first()
request.client = client
return client is not None
def validate_client_id(self, client_id, request, *args, **kwargs):
print('test!!!!!', request)
client = Client.objects(client_id=client_id).first()
return client is not None
def get_default_scopes(self, client_id, request, *args, **kwargs):
# Scopes a client will authorize for if none are supplied in the
# authorization request.
client = Client.objects(client_id=client_id).first()
return client.default_scopes
def get_default_redirect_uri(self, client_id, request, *args, **kwargs):
# The redirect used if none has been supplied.
# Prefer your clients to pre register a redirect uri rather than
# supplying one on each authorization request.
client = Client.objects(client_id=client_id).first()
return get_auth_base_uri() + client.default_redirect_uri
def get_default_scopes(self, client_id, request, *args, **kwargs):
# Scopes a client will authorize for if none are supplied in the
# authorization request.
client = Client.objects(client_id=client_id).first()
return client.default_scopes
def validate_client_id(self, client_id, request, *args, **kwargs):
print('test!!!!!', request)
client = Client.objects(client_id=client_id).first()
return client is not None
