def authorize(user, auth_request, redirect_uri): """ handler with validation for the request providing a code that the client can use to authorize user param supplied by login_required auth_request and redirect_uri wrapper objects supplied by validate_auth_request NOTE: upon login the user has implicitly given permission for the neuaer client to obtain an authorization token with the code provided here """ # store the authorization associated with this user # for reconciliation upon token request auth = Authorization(authorizer=user, # generate a code for the client to submit when # requesting an authorization token code=str(uuid1()), # an absence of the client_id should be caught in # the validations above client_id=auth_request.raw_args.get("client_id"), # per the oauth 2 standard the redirect uri must # be matched on the later request for a token redirect_uri=redirect_uri.get_url()) # gae db save auth.put() # add the unique code to the query params, and redirect to the redirect_uri return redirect_with_params(redirect_uri, code=auth.code)
def decorated_view(*args, **kwargs): if not request.referrer: try: referrer=request.json['referrer'] except KeyError: return jsonify(error='referrer missing') else: referrer=request.referrer cache_key='{0}/approved'.format(referrer) auth=cache.get(cache_key) email=db.Email(users.get_current_user().email()) if users.is_current_user_admin(): if auth is None: auth=Authorization.get_by_key_name(referrer) if auth is None: auth=Authorization(key_name=referrer) auth.put() try: i=auth.approved.index(email) except ValueError: i=-1 if i==-1: auth.approved.append(email) auth.put() cache.set(cache_key, auth) return func(*args, **kwargs) if auth is None: auth=Authorization.get_by_key_name(referrer) if auth is not None: cache.set(cache_key, auth) try: i=auth.approved.index(email) except ValueError: i=-1 if i <> -1: return func(*args, **kwargs) return jsonify(error='not authorized')