def post(self):
client = OAuth_Client(
name=self.request.get('name'),
redirect_uri=self.request.get('redirect_uri'),
)
client.put()
self.redirect(self.request.path)
def validate_params(self):
self.user = users.get_current_user()
if self.request.method == 'POST' and not self.user:
self.error(403)
self.response.out.write("Authentication required.")
return False
self.redirect_uri = self.request.get('redirect_uri')
if not self.redirect_uri:
self.error(400)
self.response.out.write("The parameter redirect_uri is required.")
return False
# TODO: validate url?
if not self.request.get('response_type') in self.SUPPORTED_RESPONSE_TYPES:
self.authz_error('unsupported_response_type', "The requested response type is not supported.")
return False
self.client = OAuth_Client.get_by_client_id(self.request.get('client_id'))
if not self.client:
self.authz_error('invalid_client', "The client identifier provided is invalid.")
return False
if self.client.redirect_uri:
if self.client.redirect_uri != self.redirect_uri:
self.authz_error('redirect_uri_mismatch',
"The redirection URI provided does not match a pre-registered value.")
return False
return True
def handle(self):
# TODO: MUST require transport-level security
client_id = self.request.get('client_id')
client_secret = self.request.get('client_secret')
grant_type = self.request.get('grant_type')
scope = self.request.get('scope')
if not grant_type in self.SUPPORTED_GRANT_TYPES:
self.render_error('unsupported_grant_type', "Grant type not supported.")
return
client = OAuth_Client.authenticate(client_id, client_secret)
if not client:
self.render_error('invalid_client', "Inavlid client credentials.")
return
# Dispatch to one of the grant handlers below
getattr(self, 'handle_%s' % grant_type)(client, scope)
def handle(self):
# TODO: MUST require transport-level security
client_id = self.request.get('client_id')
client_secret = self.request.get('client_secret')
grant_type = self.request.get('grant_type')
scope = self.request.get('scope')
if not grant_type in self.SUPPORTED_GRANT_TYPES:
self.render_error('unsupported_grant_type',
"Grant type not supported.")
return
client = OAuth_Client.authenticate(client_id, client_secret)
if not client:
self.render_error('invalid_client', "Inavlid client credentials.")
return
# Dispatch to one of the grant handlers below
getattr(self, 'handle_%s' % grant_type)(client, scope)
def validate_params(self):
self.user = users.get_current_user()
if self.request.method == 'POST' and not self.user:
self.error(403)
self.response.out.write("Authentication required.")
return False
self.redirect_uri = self.request.get('redirect_uri')
if not self.redirect_uri:
self.error(400)
self.response.out.write("The parameter redirect_uri is required.")
return False
# TODO: validate url?
if not self.request.get(
'response_type') in self.SUPPORTED_RESPONSE_TYPES:
self.authz_error('unsupported_response_type',
"The requested response type is not supported.")
return False
self.client = OAuth_Client.get_by_client_id(
self.request.get('client_id'))
if not self.client:
self.authz_error('invalid_client',
"The client identifier provided is invalid.")
return False
if self.client.redirect_uri:
if self.client.redirect_uri != self.redirect_uri:
self.authz_error(
'redirect_uri_mismatch',
"The redirection URI provided does not match a pre-registered value."
)
return False
return True
def get(self):
clients = OAuth_Client.all()
self.response.out.write(
template.render('templates/clients.html', locals()))
from webtest import TestApp
from main import application, ProtectedResourceHandler
from oauth.models import OAuth_Client
from google.appengine.api import apiproxy_stub_map, datastore_file_stub
app = TestApp(application())
# clear datastore
apiproxy_stub_map.apiproxy._APIProxyStubMap__stub_map['datastore_v3'].Clear()
# set up test client
client = OAuth_Client(name='test')
client.put()
def test_protected_resource_fail_naked():
response = app.get('/protected/resource', status=400)
assert not ProtectedResourceHandler.SECRET_PAYLOAD in str(response)
def test_protected_resource_success_flow():
response = app.post(
'/oauth/token',
dict(
grant_type='password',
username='******',
password='******',
client_id=client.client_id,
client_secret=client.client_secret,
scope='read',
))
def post(self):
client = OAuth_Client(
name = self.request.get('name'),
redirect_uri = self.request.get('redirect_uri'), )
client.put()
self.redirect(self.request.path)
def get(self):
clients = OAuth_Client.all()
self.response.out.write(
template.render('templates/clients.html', locals()))
