Esempio n. 1
0
    def get(self):
        uri, http_method, body, headers = extract_params(self.request)

        try:
            scopes, credentials = self.server.validate_authorization_request(
                uri,
                http_method,
                body,
                headers,
            )

            app = self.validator.get_client(credentials['client_id'])

            try:
                auth_app = Session.query(AuthorizedApplication).filter(
                    AuthorizedApplication.user == self.request.user,
                    AuthorizedApplication.scope == scopes,
                    AuthorizedApplication.redirect_uri ==
                    credentials['redirect_uri'],
                    AuthorizedApplication.response_type ==
                    credentials['response_type'],
                    AuthorizedApplication.application == app,
                ).one()
            except NoResultFound:
                auth_app = None

            if auth_app is not None:
                credentials['user'] = self.request.user
                server_response = self.server.create_authorization_response(
                    uri,
                    http_method,
                    body,
                    headers,
                    scopes,
                    credentials,
                )
                return create_response(*server_response)
            else:
                authorship_information = app.user.email

                pretty_scopes = self.validator.get_pretty_scopes(scopes)
                return {
                    'response_type': credentials['response_type'],
                    'client_id': credentials['client_id'],
                    'redirect_uri': credentials['redirect_uri'],
                    'state': credentials['state'],
                    'scope': ' '.join(scopes),
                    'app': app,
                    'scopes': pretty_scopes,
                    'authorship_information': authorship_information,
                }
        except FatalClientError as e:
            return response_from_error(e)

        except OAuth2Error as e:
            return HTTPFound(e.in_uri(e.redirect_uri))
Esempio n. 2
0
    def post(self):
        uri, http_method, body, headers = extract_params(self.request)

        redirect_uri = self.request.POST.get('redirect_uri')
        if 'submit' in self.request.POST:
            scope = self.request.POST.get('scope', '')
            scopes = scope.split()
            credentials = {
                'client_id': self.request.POST.get('client_id'),
                'redirect_uri': redirect_uri,
                'response_type': self.request.POST.get('response_type'),
                'state': self.request.POST.get('state'),
                'user': self.request.user,
            }
            try:
                server_response = self.server.create_authorization_response(
                    uri,
                    http_method,
                    body,
                    headers,
                    scopes,
                    credentials,
                )

                app = Session.query(Application).filter(
                    Application.id == credentials['client_id'], ).one()

                try:
                    auth_app = Session.query(AuthorizedApplication).filter(
                        AuthorizedApplication.user == self.request.user,
                        AuthorizedApplication.application == app,
                    ).one()
                except NoResultFound:
                    auth_app = AuthorizedApplication(
                        user=self.request.user,
                        application=app,
                    )

                auth_app.redirect_uri = credentials['redirect_uri']
                auth_app.response_type = credentials['response_type']
                auth_app.scope = scopes

                Session.add(auth_app)

                return create_response(*server_response)
            except FatalClientError as e:
                return response_from_error(e)

        elif 'cancel' in self.request.POST:
            e = AccessDeniedError()
            return HTTPFound(e.in_uri(redirect_uri))
Esempio n. 3
0
    def post(self):
        uri, http_method, body, headers = extract_params(self.request)

        redirect_uri = self.request.POST.get('redirect_uri')
        if 'submit' in self.request.POST:
            scope = self.request.POST.get('scope', '')
            scopes = scope.split()
            credentials = {
                'client_id': self.request.POST.get('client_id'),
                'redirect_uri': redirect_uri,
                'response_type': self.request.POST.get('response_type'),
                'state': self.request.POST.get('state'),
                'user': self.request.user,
            }
            try:
                server_response = self.server.create_authorization_response(
                    uri, http_method, body, headers, scopes, credentials,
                )

                app = Session.query(Application).filter(
                    Application.id == credentials['client_id'],
                ).one()

                try:
                    auth_app = Session.query(AuthorizedApplication).filter(
                        AuthorizedApplication.user == self.request.user,
                        AuthorizedApplication.application == app,
                    ).one()
                except NoResultFound:
                    auth_app = AuthorizedApplication(
                        user=self.request.user,
                        application=app,
                    )

                auth_app.redirect_uri = credentials['redirect_uri']
                auth_app.response_type = credentials['response_type']
                auth_app.scope = scopes

                Session.add(auth_app)

                return create_response(*server_response)
            except FatalClientError as e:
                return response_from_error(e)

        elif 'cancel' in self.request.POST:
            e = AccessDeniedError()
            return HTTPFound(e.in_uri(redirect_uri))
Esempio n. 4
0
    def get(self):
        uri, http_method, body, headers = extract_params(self.request)

        try:
            scopes, credentials = self.server.validate_authorization_request(
                uri, http_method, body, headers,
            )

            app = self.validator.get_client(credentials['client_id'])

            try:
                auth_app = Session.query(AuthorizedApplication).filter(
                    AuthorizedApplication.user == self.request.user,
                    AuthorizedApplication.scope == scopes,
                    AuthorizedApplication.redirect_uri == credentials['redirect_uri'],
                    AuthorizedApplication.response_type == credentials['response_type'],
                    AuthorizedApplication.application == app,
                ).one()
            except NoResultFound:
                auth_app = None

            if auth_app is not None:
                credentials['user'] = self.request.user
                server_response = self.server.create_authorization_response(
                    uri, http_method, body, headers, scopes, credentials,
                )
                return create_response(*server_response)
            else:
                authorship_information = app.user.email

                pretty_scopes = self.validator.get_pretty_scopes(scopes)
                return {
                    'response_type': credentials['response_type'],
                    'client_id': credentials['client_id'],
                    'redirect_uri': credentials['redirect_uri'],
                    'state': credentials['state'],
                    'scope': ' '.join(scopes),
                    'app': app,
                    'scopes': pretty_scopes,
                    'authorship_information': authorship_information,
                }
        except FatalClientError as e:
            return response_from_error(e)

        except OAuth2Error as e:
            return HTTPFound(e.in_uri(e.redirect_uri))
Esempio n. 5
0
 def test_response_from_error(self):
     response = response_from_error(Error('testing error'))
     self.assertEqual(response.status, '400 Bad Request')
     expected = 'Evil client is unable to send a proper request. Error is: testing error'
     self.assertEqual(response.body, expected.encode('utf-8'))
Esempio n. 6
0
 def test_response_from_error(self):
     response = response_from_error(Error('testing error'))
     self.assertEqual(response.status, '400 Bad Request')
     expected = 'Evil client is unable to send a proper request. Error is: testing error'
     self.assertEqual(response.body, expected.encode('utf-8'))