def decorated_function():
if request.method == 'GET':
args = request.args
elif request.method in ['POST', 'PUT', 'DELETE']:
args = request.form
else:
abort(405)
if 'Authorization' in request.headers:
token_match = auth_bearer_re.search(
request.headers['Authorization'])
if token_match:
token = token_match.group(1)
else:
# Unrecognized Authorization header
return resource_auth_error(
_("A Bearer token is required in the Authorization header"
))
else:
# No token provided in Authorization header
return resource_auth_error(
_("An access token is required to access this resource"
))
authtoken = AuthToken.get(token=token)
if not authtoken:
return resource_auth_error(_("Unknown access token"))
if not authtoken.is_valid():
return resource_auth_error(_("Access token has expired"))
tokenscope = set(authtoken.effective_scope
) # Read once to avoid reparsing below
wildcardscope = usescope.split('/', 1)[0] + '/*'
if not (authtoken.auth_client.trusted and '*' in tokenscope):
# If a trusted client has '*' in token scope, all good, else check further
if (usescope not in tokenscope) and (wildcardscope
not in tokenscope):
# Client doesn't have access to this scope either directly or via a wildcard
return resource_auth_error(
_("Token does not provide access to this resource")
)
if trusted and not authtoken.auth_client.trusted:
return resource_auth_error(
_("This resource can only be accessed by trusted clients"
))
# All good. Return the result value
try:
result = f(authtoken, args, request.files)
response = jsonify({'status': 'ok', 'result': result})
except Exception as exception:
exception_catchall.send(exception)
response = jsonify({
'status': 'error',
'error': exception.__class__.__name__,
'error_description': str(exception),
})
response.status_code = 500
# XXX: Let resources control how they return?
response.headers[
'Cache-Control'] = 'no-cache, no-store, max-age=0, must-revalidate'
response.headers['Pragma'] = 'no-cache'
return response
def decorated_function():
if request.method == "GET":
args = request.args
elif request.method in ["POST", "PUT", "DELETE"]:
args = request.form
else:
abort(405)
if "Authorization" in request.headers:
token_match = auth_bearer_re.search(request.headers["Authorization"])
if token_match:
token = token_match.group(1)
else:
# Unrecognized Authorization header
return resource_auth_error(_(u"A Bearer token is required in the Authorization header"))
if "access_token" in args:
return resource_auth_error(_(u"Access token specified in both header and body"))
else:
token = args.get("access_token")
if not token:
# No token provided in Authorization header or in request parameters
return resource_auth_error(_(u"An access token is required to access this resource"))
authtoken = AuthToken.get(token=token)
if not authtoken:
return resource_auth_error(_(u"Unknown access token"))
if not authtoken.is_valid():
return resource_auth_error(_(u"Access token has expired"))
tokenscope = set(authtoken.scope) # Read once to avoid reparsing below
wildcardscope = usescope.split("/", 1)[0] + "/*"
if not (authtoken.client.trusted and "*" in tokenscope):
# If a trusted client has '*' in token scope, all good, else check further
if (usescope not in tokenscope) and (wildcardscope not in tokenscope):
# Client doesn't have access to this scope either directly or via a wildcard
return resource_auth_error(_(u"Token does not provide access to this resource"))
if trusted and not authtoken.client.trusted:
return resource_auth_error(_(u"This resource can only be accessed by trusted clients"))
# All good. Return the result value
try:
result = f(authtoken, args, request.files)
response = jsonify({"status": "ok", "result": result})
except Exception as exception:
exception_catchall.send(exception)
response = jsonify(
{
"status": "error",
"error": exception.__class__.__name__,
"error_description": unicode(exception),
}
)
response.status_code = 500
# XXX: Let resources control how they return?
response.headers["Cache-Control"] = "no-cache, no-store, max-age=0, must-revalidate"
response.headers["Pragma"] = "no-cache"
return response
def login_service(service):
"""
Handle login with a registered service.
"""
if service not in login_registry:
abort(404)
provider = login_registry[service]
next_url = get_next_url(referrer=False, default=None)
callback_url = url_for('.login_service_callback', service=service, next=next_url, _external=True)
try:
return provider.do(callback_url=callback_url)
except (LoginInitError, LoginCallbackError) as e:
msg = _(u"{service} login failed: {error}").format(service=provider.title, error=unicode(e))
exception_catchall.send(e, message=msg)
flash(msg, category='danger')
return redirect(next_url or get_next_url(referrer=True))
def login_service_callback(service):
"""
Callback handler for a login service.
"""
if service not in login_registry:
abort(404)
provider = login_registry[service]
try:
userdata = provider.callback()
except (LoginInitError, LoginCallbackError) as e:
msg = _(u"{service} login failed: {error}").format(service=provider.title, error=unicode(e))
exception_catchall.send(e, message=msg)
flash(msg, category='danger')
if current_auth.is_authenticated:
return redirect(get_next_url(referrer=False))
else:
return redirect(url_for('.login'))
return login_service_postcallback(service, userdata)
def login_service_callback(service):
"""
Callback handler for a login service.
"""
if service not in login_registry:
abort(404)
provider = login_registry[service]
try:
userdata = provider.callback()
except (LoginInitError, LoginCallbackError) as e:
msg = _("{service} login failed: {error}").format(
service=provider.title, error=str(e))
exception_catchall.send(e, message=msg)
flash(msg, category='danger')
if current_auth.is_authenticated:
return redirect(get_next_url(referrer=False))
else:
return redirect(url_for('.login'))
return login_service_postcallback(service, userdata)
def login_service(service):
"""
Handle login with a registered service.
"""
if service not in login_registry:
abort(404)
provider = login_registry[service]
next_url = get_next_url(referrer=False, default=None)
callback_url = url_for('.login_service_callback',
service=service,
next=next_url,
_external=True)
try:
return provider.do(callback_url=callback_url)
except (LoginInitError, LoginCallbackError) as e:
msg = _("{service} login failed: {error}").format(
service=provider.title, error=str(e))
exception_catchall.send(e, message=msg)
flash(msg, category='danger')
return redirect(next_url or get_next_url(referrer=True))
