def save_token(token_data, request): requested_scopes = set(scope_to_list(token_data.get('scope', ''))) application = OAuthApplication.query.filter_by( client_id=request.client.client_id).one() link = OAuthApplicationUserLink.query.with_parent(application).with_parent( request.user).first() if link is None: link = OAuthApplicationUserLink(application=application, user=request.user, scopes=requested_scopes) else: if not requested_scopes: # for already-authorized apps not specifying a scope uses all scopes the # user previously granted to the app requested_scopes = set(link.scopes) token_data['scope'] = list_to_scope(requested_scopes) new_scopes = requested_scopes - set(link.scopes) if new_scopes: logger.info('New scopes for %r: %s', link, new_scopes) link.update_scopes(new_scopes) link.tokens.append( OAuthToken(access_token=token_data['access_token'], scopes=requested_scopes)) # get rid of old tokens if there are too many q = (db.session.query(OAuthToken.id).with_parent(link).filter_by( _scopes=db.cast(sorted(requested_scopes), ARRAY(db.String))).order_by( OAuthToken.created_dt.desc()).offset( MAX_TOKENS_PER_SCOPE).scalar_subquery()) OAuthToken.query.filter( OAuthToken.id.in_(q)).delete(synchronize_session='fetch')
def _process(self): self.token.revoke() logger.info('Revoked token %r', self.token) flash( _("The token '{}' has been successfully revoked.").format( self.token.name), 'success') return redirect(url_for('.user_tokens'))
def _process(self): form = PersonalTokenForm(user=self.user) if form.validate_on_submit(): token = PersonalToken(user=self.user) form.populate_obj(token) access_token = token.generate_token() db.session.flush() logger.info('Created token %r', token) session['personal_token_created'] = (token.id, access_token) return jsonify_data(flash=False) return jsonify_form(form)
def _process(self): link = OAuthApplicationUserLink.query.with_parent( self.user).with_parent(self.application).first() if link: logger.info('Deauthorizing app %r for user %r (scopes: %r)', self.application, self.user, link.scopes) db.session.delete(link) flash( _("Access for '{}' has been successfully revoked.").format( self.application.name), 'success') return redirect(url_for('.user_apps'))
def _process(self): form = PersonalTokenForm(user=self.user, token=self.token, obj=self.token) if form.validate_on_submit(): old_name = self.token.name form.populate_obj(self.token) logger.info('Updated token %r', self.token) flash(_("Token '{}' updated").format(old_name), 'success') return jsonify_data(flash=False) return jsonify_form(form)
def _process(self): form = ApplicationForm(obj=FormDefaults(is_enabled=True)) if form.validate_on_submit(): application = OAuthApplication() form.populate_obj(application) db.session.add(application) db.session.flush() logger.info('Application %s created by %s', application, session.user) flash( _('Application {} registered successfully').format( application.name), 'success') return redirect(url_for('.app_details', application)) return WPOAuthAdmin.render_template('app_new.html', form=form)
def _process(self): form = ApplicationForm(obj=self.application, application=self.application) disabled_fields = set(self.application.system_app_type.enforced_data) if form.validate_on_submit(): form.populate_obj(self.application) logger.info('Application %s updated by %s', self.application, session.user) flash( _('Application {} was modified').format(self.application.name), 'success') return redirect(url_for('.apps')) return WPOAuthAdmin.render_template('app_details.html', application=self.application, form=form, disabled_fields=disabled_fields)
def _process_consent(self): try: grant = auth_server.get_consent_grant(end_user=session.user) except OAuth2Error as error: return render_template('oauth/authorize_errors.html', error=error.error) application = grant.client if request.method == 'POST': if 'confirm' not in request.form: return False logger.info('User %s authorized %s', session.user, application) return True elif application.is_trusted: logger.info('User %s automatically authorized %s', session.user, application) return True link = application.user_links.filter_by(user=session.user).first() authorized_scopes = set(link.scopes) if link else set() requested_scopes = set(scope_to_list( grant.request.scope)) if grant.request.scope else authorized_scopes if requested_scopes <= authorized_scopes: return True new_scopes = requested_scopes - authorized_scopes return render_template( 'oauth/authorize.html', application=application, authorized_scopes=[ _f for _f in [SCOPES.get(s) for s in authorized_scopes] if _f ], new_scopes=[ _f for _f in [SCOPES.get(s) for s in new_scopes] if _f ])
def _process(self): access_token = self.token.generate_token() logger.info('Regenerated token %r', self.token) session['personal_token_created'] = (self.token.id, access_token) return redirect(url_for('.user_tokens'))
def _process(self): self.application.user_links.delete() logger.info('Deauthorizing app %r for all users', self.application) flash(_('App authorization revoked for all users.'), 'success') return redirect(url_for('.app_details', self.application))
def _process(self): self.application.reset_client_secret() logger.info('Client secret of %s reset by %s', self.application, session.user) flash(_('New client secret generated for the application'), 'success') return redirect(url_for('.app_details', self.application))
def _process(self): db.session.delete(self.application) logger.info('Application %s deleted by %s', self.application, session.user) flash(_('Application deleted successfully'), 'success') return redirect(url_for('.apps'))
def revoke_token(self, token, request): db.session.delete(token) logger.info('Token %s was revoked', token)
def reset_client_secret(self): self.client_secret = str(uuid4()) logger.info("Client secret for %s has been reset.", self)