Esempio n. 1
0
def delete_client(secret):
    client = OAuthClient.query.filter(OAuthClient.client_secret == secret).first()
    if not client:
        abort(404)
    db.delete(client)
    db.commit()
    return redirect("/oauth/clients")
Esempio n. 2
0
File: manage.py Progetto: p440/sr.ht
def remove_admin(arguments):
    u = User.query.filter(User.username == arguments['<name>']).first()
    if (u):
        u.admin = False  # remove admin
        db.commit()
    else:
        print('Not a valid user')
Esempio n. 3
0
def remove_admin(arguments):
    u = User.query.filter(User.username == arguments['<name>']).first()
    if(u):
        u.admin = False # remove admin
        db.commit()
    else:
        print('Not a valid user')
Esempio n. 4
0
def exchange():
    client_id = request.form.get("client_id")
    client_secret = request.form.get("client_secret")
    code = request.form.get("code")
    if not client_id:
        return { "error": "Missing client_id" }, 400

    client = OAuthClient.query.filter(OAuthClient.client_id == client_id).first()
    if not client:
        return { "error": "Unknown client" }, 404

    if client.client_secret != client_secret:
        return { "error": "Incorrect client secret" }, 401

    r = redis.Redis(unix_socket_path=_cfg("socket"), db=_cfg("database"))
    _client_id = r.get("oauth.exchange.client." + code)
    user_id = r.get("oauth.exchange.user." + code)
    if not client_id or not user_id:
        return { "error": "Unknown or expired exchange code" }, 404

    _client_id = _client_id.decode("utf-8")
    user_id = int(user_id.decode("utf-8"))
    user = User.query.filter(User.id == user_id).first()
    if not user or _client_id != client.client_id:
        return { "error": "Unknown or expired exchange code" }, 404

    token = OAuthToken.query.filter(OAuthToken.client == client, OAuthToken.user == user).first()
    if not token:
        token = OAuthToken(user, client)
        db.add(token)
        db.commit()

    r.delete("oauth.exchange.client." + code)
    r.delete("oauth.exchange.user." + code)
    return { "token": token.token }
Esempio n. 5
0
File: manage.py Progetto: p440/sr.ht
def approve_user(arguments):
    u = User.query.filter(User.username == arguments['<name>']).first()
    if (u):
        u.approved = True  # approve user
        u.approvalDate = datetime.now()
        db.commit()
    else:
        print('Not a valid user')
Esempio n. 6
0
def approve_user(arguments):
    u = User.query.filter(User.username == arguments['<name>']).first()
    if(u):
        u.approved = True # approve user
        u.approvalDate = datetime.now()
        db.commit()
    else:
        print('Not a valid user')
Esempio n. 7
0
def regenerate(secret):
    client = OAuthClient.query.filter(OAuthClient.client_secret == secret).first()
    if not client:
        abort(404)
    salt = os.urandom(40)
    client.client_secret = hashlib.sha256(salt).hexdigest()[:40]
    db.commit()
    return redirect("/oauth/clients")
Esempio n. 8
0
def delete_client(secret):
    client = OAuthClient.query.filter(
        OAuthClient.client_secret == secret).first()
    if not client:
        abort(404)
    db.delete(client)
    db.commit()
    return redirect("/oauth/clients")
Esempio n. 9
0
def revoke_token(token):
    token = OAuthToken.query.filter(OAuthToken.token == token).first()
    if not token:
        abort(404)
    if token.user != current_user:
        abort(404)
    db.delete(token)
    db.commit()
    return redirect("/oauth/tokens")
Esempio n. 10
0
 def go(*args, **kw):
     try:
         ret = f(*args, **kw)
         db.commit()
         return ret
     except:
         db.rollback()
         db.close()
         raise
Esempio n. 11
0
def regenerate(secret):
    client = OAuthClient.query.filter(
        OAuthClient.client_secret == secret).first()
    if not client:
        abort(404)
    salt = os.urandom(40)
    client.client_secret = hashlib.sha256(salt).hexdigest()[:40]
    db.commit()
    return redirect("/oauth/clients")
Esempio n. 12
0
 def go(*args, **kw):
     try:
         ret = f(*args, **kw)
         db.commit()
         return ret
     except:
         db.rollback()
         db.close()
         raise
Esempio n. 13
0
def revoke_token(token):
    token = OAuthToken.query.filter(OAuthToken.token == token).first()
    if not token:
        abort(404)
    if token.user != current_user:
        abort(404)
    db.delete(token)
    db.commit()
    return redirect("/oauth/tokens")
Esempio n. 14
0
File: manage.py Progetto: p440/sr.ht
def reset_password(arguments):
    u = User.query.filter(User.username == arguments['<name>']).first()
    if (u):
        password = arguments['<password>']
        if len(password) < 5 or len(password) > 256:
            print('Password must be between 5 and 256 characters.')
            return
        u.set_password(password)
        db.commit()
    else:
        print('Not a valid user')
Esempio n. 15
0
File: manage.py Progetto: p440/sr.ht
def create_user(arguments):
    u = User(arguments['<name>'], arguments['<email>'],
             arguments['<password>'])
    if (u):
        u.approved = True  # approve user
        u.approvalDate = datetime.now()
        db.add(u)
        db.commit()
        print('User created')
    else:
        print('Couldn\'t create the uer')
Esempio n. 16
0
def clients_POST():
    name = request.form.get("name")
    info_url = request.form.get("info_url")
    redirect_uri = request.form.get("redirect_uri")
    if not name or not info_url or not redirect_uri:
        return render_template("oauth-clients.html", errors="All fields are required.")
    if not info_url.startswith("http://") and not info_url.startswith("https://"):
        return render_template("oauth-clients.html", errors="URL fields must be a URL.")
    if not redirect_uri.startswith("http://") and not redirect_uri.startswith("https://"):
        return render_template("oauth-clients.html", errors="URL fields must be a URL.")
    if len(current_user.clients) > 10:
        return render_template("oauth-clients.html", errors="You can only have 10 clients, chill out dude.")
    client = OAuthClient(current_user, name, info_url, redirect_uri)
    db.add(client)
    db.commit()
    return redirect("/oauth/clients")
Esempio n. 17
0
def clients_POST():
    name = request.form.get("name")
    info_url = request.form.get("info_url")
    redirect_uri = request.form.get("redirect_uri")
    if not name or not info_url or not redirect_uri:
        return render_template("oauth-clients.html",
                               errors="All fields are required.")
    if not info_url.startswith("http://") and not info_url.startswith(
            "https://"):
        return render_template("oauth-clients.html",
                               errors="URL fields must be a URL.")
    if not redirect_uri.startswith("http://") and not redirect_uri.startswith(
            "https://"):
        return render_template("oauth-clients.html",
                               errors="URL fields must be a URL.")
    if len(current_user.clients) > 10:
        return render_template(
            "oauth-clients.html",
            errors="You can only have 10 clients, chill out dude.")
    client = OAuthClient(current_user, name, info_url, redirect_uri)
    db.add(client)
    db.commit()
    return redirect("/oauth/clients")
Esempio n. 18
0
def exchange():
    client_id = request.form.get("client_id")
    client_secret = request.form.get("client_secret")
    code = request.form.get("code")
    if not client_id:
        return {"error": "Missing client_id"}, 400

    client = OAuthClient.query.filter(
        OAuthClient.client_id == client_id).first()
    if not client:
        return {"error": "Unknown client"}, 404

    if client.client_secret != client_secret:
        return {"error": "Incorrect client secret"}, 401

    r = redis.Redis(unix_socket_path=_cfg("socket"), db=_cfg("database"))
    _client_id = r.get("oauth.exchange.client." + code)
    user_id = r.get("oauth.exchange.user." + code)
    if not client_id or not user_id:
        return {"error": "Unknown or expired exchange code"}, 404

    _client_id = _client_id.decode("utf-8")
    user_id = int(user_id.decode("utf-8"))
    user = User.query.filter(User.id == user_id).first()
    if not user or _client_id != client.client_id:
        return {"error": "Unknown or expired exchange code"}, 404

    token = OAuthToken.query.filter(OAuthToken.client == client,
                                    OAuthToken.user == user).first()
    if not token:
        token = OAuthToken(user, client)
        db.add(token)
        db.commit()

    r.delete("oauth.exchange.client." + code)
    r.delete("oauth.exchange.user." + code)
    return {"token": token.token}