def process_authentication_request(client_store):
"""
Processes POST /authorize endpoint, verifies posted credentials and other form variables,
issues authorization code if all is correct and user has already given consent, displays
consent page otherwise.
"""
authorize_request = AuthorizeRequest.from_dictionary(
request.form).process(client_store)
session = create_session_token(authorize_request)
logger.info("Added auth request for: " + authorize_request.code)
if authorize_request.consent_given(authorize_request.scope):
if authorize_request.form_post_response:
resp = make_response(
render_template(
'form_post.html',
redirect_uri=authorize_request.redirect_uri,
state=authorize_request.state,
code=authorize_request.code))
else:
resp = redirect(authorize_request.redirection_url())
resp.set_cookie('session', session)
else:
return show_consent_page(authorize_request, session)
return resp
def process_consent_request(client_store):
"""
Processes POST /consent endpoint, verifies posted form variables,
issues authorization code if all is correct
"""
try:
# get id from form vars
id = request.form['id']
# look up auth code by id
auth_code = consent_store.get(id)
# look up auth request by code
authorize_request = AuthorizeRequest.from_dictionary(
authorization_requests.get(auth_code))
# check if consent granted
if request.form.get('approve'):
# store consent in user store
user_store.update_scopes(authorize_request.id,
request.form.get('scopes'))
if authorize_request.form_post_response:
return make_response(
render_template(
'form_post.html',
redirect_uri=authorize_request.redirect_uri,
state=authorize_request.state,
code=authorize_request.code))
# redirect to client with query parameters
return redirect(authorize_request.redirection_url())
else:
# denied
return redirect(authorize_request.redirect_error('access_denied'))
except Exception as ex:
logger.exception("Exception occurred")
return "Error occurred: " + str(ex), 500
def process_authorization_request(client_store):
"""
Processes GET /authorize endpoint, verifies query paramters, returns login page if all
is correct
"""
authorize_request = AuthorizeRequest.from_dictionary(
request.args).validate(client_store)
session = authenticated_session(request.cookies.get('session'))
if session:
authorize_request = AuthorizeRequest.from_dictionary(
request.args).process(client_store, session=session)
if not authorize_request.consent_given(authorize_request.scope):
return show_consent_page(authorize_request,
request.cookies.get('session'))
return redirect(authorize_request.redirection_url())
return make_response(
render_template('login.html', req=authorize_request.__dict__))