def create_credentials():
if not app.config["OAUTH_ENABLED"]:
print("Request through non OAUTH")
val = Credentials.query.filter_by(
username=request.form['username']).first()
if val is not None:
db.session.close()
return jsonify({
'username': request.form['username'],
'error': 'Token already generated.'
})
secret = secrets.token_urlsafe()
salt = secrets.token_urlsafe()
user = Credentials(request.form['username'], secret, salt)
db.session.add(user)
db.session.commit()
return jsonify({
'username': request.form['username'],
'secret': secret,
'notes': 'DO NOT LOSE THIS'
})
else:
# Now if the application has OAUTH_ENABLED, then we will actually check if the token returns the correct result back from the server.
user = Credentials.query.filter_by(
username=request.form['username']).first()
result = json.loads(oauth_connect(OAUTH_API,
request.form['oauth']))
if len(request.form['oauth']) == 0:
db.session.close()
return jsonify(
{'error': 'Oauth token is required by the server.'})
if "error" in result.keys():
db.session.close()
return jsonify({
"error":
"Oauth token was not valid: Service response:" +
result['error']
})
try:
if request.form["username"].lower(
) != result['data']['user']['username'].lower():
db.session.close()
return jsonify(
{"error": "Invalid Username token comparison."})
except Exception as e:
db.session.close()
return jsonify({
"error":
"Invalid Username token comparison. Oauth server response was:"
+ str(e)
})
secret = secrets.token_urlsafe()
salt = secrets.token_urlsafe()
if user is None:
new_user = Credentials(request.form['username'].lower(),
secret, salt)
db.session.add(new_user)
else:
user.token_hash = pbdkdf2_hash_base64(secret, salt)
user.salt = salt
db.session.commit()
return jsonify({
'username':
request.form['username'],
'secret':
secret,
'notes':
'You may recreate the token with a valid oauth key later.'
})
return ""
