def authorize(request): authorizer = Authorizer() try: authorizer.validate(request) except MissingRedirectURI: return HttpResponseRedirect("/oauth2/missing_redirect_uri") except AuthorizationException: # The request is malformed or invalid. Automatically # redirects to the provided redirect URL. return authorizer.error_redirect() if request.method == 'GET': # Make sure the authorizer has validated before requesting the client # or access_ranges as otherwise they will be None. template = { "client": authorizer.client, "access_ranges": authorizer.access_ranges} template["form"] = AuthorizeForm() helper = FormHelper() no_submit = Submit('connect', 'No') helper.add_input(no_submit) yes_submit = Submit('connect', 'Yes') helper.add_input(yes_submit) helper.form_action = '/oauth2/authorize?%s' % authorizer.query_string helper.form_method = 'POST' template["helper"] = helper return render_to_response('oauth2/authorize.html', template, RequestContext(request)) elif request.method == 'POST': form = AuthorizeForm(request.POST) if form.is_valid(): if request.POST.get("connect") == "Yes": return authorizer.grant_redirect() else: return authorizer.error_redirect() return HttpResponseRedirect("/")
def authorize(request): authorizer = Authorizer() try: authorizer.validate(request) except MissingRedirectURI: return HttpResponseRedirect("/oauth2/missing_redirect/") # XXX: Fix. except AuthorizationException: # The request is malformed or invalid. Automatically # redirects to the provided redirect URL. return authorizer.error_redirect() if request.method == 'GET': # Make sure the authorizer has validated before requesting the client # or access_ranges as otherwise they will be None. if settings.SHOELACE_QUERY_AUTH_ALWAYS: return authorizer.grant_redirect() if settings.SHOELACE_QUERY_AUTH_FIRST_LOGIN: if authorizer.client.id in [ x.id for x in get_authorized_clients(request.user) ]: return authorizer.grant_redirect() profile = ClientProfile.objects.filter(client=authorizer.client) profile = None if len(profile) <= 0 else profile[0] template = { "client": authorizer.client, "access_ranges": authorizer.access_ranges, "GET": request.GET, "profile": profile } return render_to_response( 'oauth2/authorize.html', template, RequestContext(request) ) elif request.method == 'POST': form = AuthorizeForm(request.POST) if form.is_valid(): if request.POST.get("connect") == "Yes": return authorizer.grant_redirect() else: return authorizer.error_redirect() return HttpResponseRedirect("/")
class AuthorizeView(TemplateResponseMixin, View): template_name = 'oauth2app/authorize.html' missing_redirect_url_view = staticmethod(MissingRedirectURLView.as_view()) @method_decorator(login_required) def dispatch(self, request): self.authorizer = Authorizer() try: self.authorizer.validate(request) except MissingRedirectURI as e: return self.missing_redirect_url_view(request) except AuthorizationException as e: # The request is malformed or invalid. Automatically # redirects to the provided redirect URL. return self.authorizer.error_redirect() return super(AuthorizeView, self).dispatch(request) def get_context_data(self): #import pdb;pdb.set_trace() return {'authorizer': self.authorizer, 'access_ranges': self.authorizer.access_ranges, 'client': self.authorizer.client, 'form': forms.AuthorizeForm(self.request.POST or \ self.request.GET or None)} def get(self, request): context = self.get_context_data() if self.authorizer.client.auto_authorize: return self.authorizer.grant_redirect() return self.render_to_response(context) def post(self, request): context = self.get_context_data() if context['form'].is_valid(): if 'accept' in request.POST: return self.authorizer.grant_redirect() else: return self.authorizer.error_redirect() return HttpResponseBadRequest()
def authorize(request): authorizer = Authorizer() try: authorizer.validate(request) except MissingRedirectURI as e: return HttpResponseRedirect("/oauth2/missing_redirect_uri") except AuthorizationException as e: # The request is malformed or invalid. Automatically # redirects to the provided redirect URL. return authorizer.error_redirect() if request.method == 'GET': # Make sure the authorizer has validated before requesting the client # or access_ranges as otherwise they will be None. template = { "client": authorizer.client, "access_ranges": authorizer.access_ranges } template["form"] = AuthorizeForm() helper = FormHelper() no_submit = Submit('connect', 'No') helper.add_input(no_submit) yes_submit = Submit('connect', 'Yes') helper.add_input(yes_submit) helper.form_action = '/oauth2/authorize?%s' % authorizer.query_string helper.form_method = 'POST' template["helper"] = helper return render_to_response('oauth2/authorize.html', template, RequestContext(request)) elif request.method == 'POST': form = AuthorizeForm(request.POST) if form.is_valid(): if request.POST.get("connect") == "Yes": return authorizer.grant_redirect() else: return authorizer.error_redirect() return HttpResponseRedirect("/")
def authorize(request): # Workaround for OAuth2 issue in 0.6.9 (and earlier) remoteStorage.js versions. # http://www.w3.org/community/unhosted/wiki/RemoteStorage-2011.10#OAuth # Also see "Known Issues / OAuth2" section in README. scope = request.REQUEST.get('scope') if scope and ':' not in scope: query = urllib.urlencode(dict(it.chain( request.REQUEST.items(), [('scope', ' '.join( canonical_path_spec(path) for path in scope.split(',') ))] ))) return HttpResponseRedirect('{}?{}'.format(request.path, iri_to_uri(query))) # Process OAuth2 request from query_string authorizer = Authorizer(response_type=TOKEN) validate_missing, validate_kwz = None, dict(check_scope=False) try: try: authorizer.validate(request, **validate_kwz) except TypeError: # older version validate_kwz.pop('check_scope') authorizer.validate(request) except MissingRedirectURI: return HttpResponseRedirect(reverse('remotestorage:oauth2:missing_redirect_uri')) except (InvalidClient, InvalidScope) as err: if isinstance(err, InvalidClient): validate_missing = 'client' else: validate_missing = 'scope' except AuthorizationException: # The request is malformed or otherwise invalid. # Automatically redirects to the provided redirect URL, # providing error parameters in GET, as per spec. return authorizer.error_redirect() paths = authorizer.scope form = ft.partial(AuthorizeForm, paths=paths, app=authorizer.client_id) if request.method == 'GET': # Display form with a glorified "authorize? yes/no" question. if validate_missing == 'client': # With remoteStorage (0.6.9), client_id is the hostname of a webapp site, # which is requesting storage, so it's a new app, and that fact should be # made clear to the user. messages.add_message( request, messages.WARNING, ( 'This is the first time app from domain "{}"' " tries to access this storage, make sure it's" ' the one you want to grant access to.' )\ .format(smart_unicode(authorizer.client_id)) ) form = form() # Stored to validate that nothing has extended the submitted list client-side request.session['authorizer.paths'] = paths elif request.method == 'POST': if not paths or paths != request.session.get('authorizer.paths'): # These paths can potentially be tampered with in the submitted form client-side, # resulting in granting access to something user didn't see in the displayed form, # hence passing the list server-side as well within the session return HttpResponseRedirect(request.get_full_path()) form = form(request.POST) if form.is_valid(): # Check list of authorized paths, building new scope paths_auth, paths_form = set(), set(form.cleaned_data['path_access']) while paths_form: path_spec = paths_form.pop() # Try to condense :r and :w to :rw path, cap = path_spec.split(':') for a, b in 'rw', 'wr': if cap == a and '{}:{}'.format(path, b) in paths_form: paths_auth.add('{}:rw'.format(path)) paths_form.remove('{}:{}'.format(path, b)) break else: paths_auth.add(path_spec) # Re-validate form, creating missing models if validate_missing: try: with transaction.commit_on_success(): if validate_missing == 'client': Client.objects.create( user=request.user, name=authorizer.client_id, key=authorizer.client_id ) if 'check_scope' not in validate_kwz: # Create all these just to delete them after validation for path_spec in paths: AccessRange.objects.get_or_create(key=path_spec) authorizer.validate(request, **validate_kwz) for path_spec in paths_auth: AccessRange.objects.get_or_create(key=path_spec) if 'check_scope' not in validate_kwz: for path_spec in paths.difference(paths_auth): try: AccessRange.objects.get(key=path_spec).delete() except (IntegrityError, ObjectDoesNotExist): pass except AuthorizationException: return authorizer.error_redirect() authorizer.scope = paths_auth return authorizer.grant_redirect()\ if form.cleaned_data['authorize'] == 'allow'\ else authorizer.error_redirect() if request.method in ['GET', 'POST']: return render_to_response( 'oauth2/authorize.html', dict(form=form, app_host=authorizer.client_id), RequestContext(request) ) # Shouldn't get here unless by mistake return HttpResponse( '<h1>Please issue proper' ' GET request with OAuth2 authorization parameters.</h1>', status=501 )