def decorated(*args, **kwargs):
# raise if server not implemented
server = self.server
uri, http_method, body, headers = extract_params()
if request.method in ('GET', 'HEAD'):
redirect_uri = request.args.get('redirect_uri', self.error_uri)
log.debug('Found redirect_uri %s.', redirect_uri)
try:
ret = server.validate_authorization_request(
uri, http_method, body, headers)
scopes, credentials = ret
kwargs['scopes'] = scopes
kwargs.update(credentials)
except oauth2.FatalClientError as e:
log.debug('Fatal client error %r', e, exc_info=True)
return self._on_exception(e, e.in_uri(self.error_uri))
except oauth2.OAuth2Error as e:
log.debug('OAuth2Error: %r', e, exc_info=True)
return self._on_exception(e, e.in_uri(redirect_uri))
except Exception as e:
log.exception(e)
return self._on_exception(
e, add_params_to_uri(self.error_uri,
{'error': str(e)}))
else:
redirect_uri = request.values.get('redirect_uri',
self.error_uri)
try:
rv = f(*args, **kwargs)
except oauth2.FatalClientError as e:
log.debug('Fatal client error %r', e, exc_info=True)
return self._on_exception(e, e.in_uri(self.error_uri))
except oauth2.OAuth2Error as e:
log.debug('OAuth2Error: %r', e, exc_info=True)
return self._on_exception(e, e.in_uri(redirect_uri))
if not isinstance(rv, bool):
# if is a response or redirect
return rv
if not rv:
# denied by user
e = oauth2.AccessDeniedError()
return self._on_exception(e, e.in_uri(redirect_uri))
return self.confirm_authorization_request()
def decorated(req, resp, *args, **kwargs):
# raise if server not implemented
server = self.server
uri, http_method, body, headers = extract_params(req)
redirect_uri = req.params.get('redirect_uri', self.error_uri)
log.debug('Found redirect_uri %s.', redirect_uri)
if req.method in ('GET', 'HEAD'):
try:
ret = server.validate_authorization_request(
uri, http_method, body, headers)
scopes, credentials = ret
kwargs['scopes'] = scopes
kwargs.update(credentials)
except oauth2.FatalClientError as e:
log.debug('Fatal client error %r', e)
resp.status = falcon.HTTP_SEE_OTHER
resp.headers['Location'] = redirect_uri
except oauth2.OAuth2Error as e:
log.debug('OAuth2Error: %r', e)
resp.status = falcon.HTTP_SEE_OTHER
resp.headers['Location'] = redirect_uri
else:
try:
rv = f(*args, **kwargs)
except oauth2.FatalClientError as e:
log.debug('Fatal client error %r', e)
resp.status = falcon.HTTP_SEE_OTHER
resp.headers['Location'] = redirect_uri
except oauth2.OAuth2Error as e:
log.debug('OAuth2Error: %r', e)
resp.status = falcon.HTTP_SEE_OTHER
resp.headers['Location'] = redirect_uri
else:
if rv:
if not isinstance(rv, bool):
resp.body = rv
else:
self.confirm_authorization_request(req, resp)
else:
# denied by user
e = oauth2.AccessDeniedError()
log.debug('OAuth2Error: %r', e)
resp.status = falcon.HTTP_SEE_OTHER
resp.headers['Location'] = redirect_uri
def create_authorization_response(self, request, scopes, credentials,
allow):
try:
if not allow:
raise oauth2.AccessDeniedError()
credentials['user'] = request.user
headers, body, status = self.server.create_authorization_response(
uri=credentials['redirect_uri'],
scopes=scopes,
credentials=credentials)
uri = headers.get('Location', None)
return uri, headers, body, status
except oauth2.FatalClientError as error:
raise FatalClientError(error=error,
redirect_uri=credentials['redirect_uri'])
except oauth2.OAuth2Error as error:
raise OAuthAPIError(error=error,
redirect_uri=credentials['redirect_uri'])
def create_authorization_response(self, request, scopes, credentials,
allow):
"""
A wrapper method that calls create_authorization_response on `server_class`
instance.
:param request: The current django.http.HttpRequest object
:param scopes: A list of provided scopes
:param credentials: Authorization credentials dictionary containing
`client_id`, `state`, `redirect_uri`, `response_type`
:param allow: True if the user authorize the client, otherwise False
"""
try:
if not allow:
raise oauth2.AccessDeniedError(
state=credentials.get("state", None))
# add current user to credentials. this will be used by OAUTH2_VALIDATOR_CLASS
credentials["user"] = request.user
request_uri, http_method, _, request_headers = self._extract_params(
request)
headers, body, status = self.server.create_authorization_response(
uri=request_uri,
http_method=http_method,
headers=request_headers,
scopes=scopes,
credentials=credentials,
)
uri = headers.get("Location", None)
return uri, headers, body, status
except oauth2.FatalClientError as error:
raise FatalClientError(error=error,
redirect_uri=credentials["redirect_uri"])
except oauth2.OAuth2Error as error:
raise OAuthToolkitError(error=error,
redirect_uri=credentials["redirect_uri"])
def create_authorization_response(self, request, scopes, credentials,
allow):
"""
A wrapper method that calls create_authorization_response on `server_class`
instance.
:param request: The current django.http.HttpRequest object
:param scopes: A list of provided scopes
:param credentials: Authorization credentials dictionary containing
`client_id`, `state`, `redirect_uri`, `response_type`
:param allow: True if the user authorize the client, otherwise False
"""
try:
if not allow:
raise oauth2.AccessDeniedError()
# add current user to credentials. this will be used by OAUTH2_VALIDATOR_CLASS
credentials['user'] = request.user
headers, body, status = self.server.create_authorization_response(
uri=credentials['redirect_uri'],
scopes=scopes,
credentials=credentials)
uri = headers.get("Location", None)
code = re.findall('code=(.[^&]*)', uri)
if code:
grant_code = Grant.objects.get(code=code[0])
grant_code.session_key = request.session.session_key
grant_code.save()
return uri, headers, body, status
except oauth2.FatalClientError as error:
raise FatalClientError(error=error,
redirect_uri=credentials['redirect_uri'])
except oauth2.OAuth2Error as error:
raise OAuthToolkitError(error=error,
redirect_uri=credentials['redirect_uri'])
async def decorated(request, *args, **kwargs):
nonlocal self, plug, reg, context
# raise if server not implemented
server = self.server
uri, http_method, body, headers = extract_params(request)
if request.method in ('GET', 'HEAD'):
redirect_uri = request.args.get('redirect_uri', self.error_uri)
log.debug('Found redirect_uri %s.', redirect_uri)
try:
ret = server.validate_authorization_request(
uri, http_method, body, headers)
scopes, credentials = ret
kwargs['scopes'] = scopes
if 'request' in credentials:
kwargs['orequest'] = credentials.pop("request")
kwargs.update(credentials)
except oauth2.FatalClientError as e:
log.debug('Fatal client error %r', e, exc_info=True)
return plug._on_exception(context, e,
e.in_uri(self.error_uri))
except oauth2.OAuth2Error as e:
log.debug('OAuth2Error: %r', e, exc_info=True)
# on auth error, we should preserve state if it's present according to RFC 6749
state = request.args.get('state')
if state and not e.state:
e.state = state # set e.state so e.in_uri() can add the state query parameter to redirect uri
return plug._on_exception(context, e,
e.in_uri(redirect_uri))
except Exception as e:
log.exception(e)
return plug._on_exception(
context, e,
add_params_to_uri(self.error_uri, {'error': str(e)}))
else:
redirect_uri = request.args.get('redirect_uri', self.error_uri)
try:
rv = f(request, *args, context=context, **kwargs)
if isawaitable(rv):
rv = await rv
except oauth2.FatalClientError as e:
log.debug('Fatal client error %r', e, exc_info=True)
return plug._on_exception(context, e, e.in_uri(self.error_uri))
except oauth2.OAuth2Error as e:
log.debug('OAuth2Error: %r', e, exc_info=True)
# on auth error, we should preserve state if it's present according to RFC 6749
state = request.args.get('state')
if state and not e.state:
e.state = state # set e.state so e.in_uri() can add the state query parameter to redirect uri
return plug._on_exception(context, e, e.in_uri(redirect_uri))
if not isinstance(rv, bool):
# if is a response or redirect
return rv
if not rv:
# denied by user
e = oauth2.AccessDeniedError(state=request.args.get('state'))
return plug._on_exception(context, e, e.in_uri(redirect_uri))
return await plug.confirm_authorization_request(
request, context, self)
def decorated(*args, **kwargs):
# raise if server not implemented
server = self.server
uri, http_method, body, headers = extract_params()
if request.method in ('GET', 'HEAD'):
redirect_uri = request.args.get('redirect_uri', self.error_uri)
log.debug('Found redirect_uri %s.', redirect_uri)
try:
ret = server.validate_authorization_request(
uri, http_method, body, headers)
scopes, credentials = ret
kwargs['scopes'] = scopes
kwargs.update(credentials)
except oauth2.FatalClientError as e:
log.debug('Fatal client error %r', e, exc_info=True)
return redirect(e.in_uri(self.error_uri))
except oauth2.OAuth2Error as e:
log.debug('OAuth2Error: %r', e, exc_info=True)
return redirect(e.in_uri(redirect_uri))
except Exception as e:
log.warning(
'Exception caught while processing request, %s.' % e,
exc_info=True)
return redirect(
add_params_to_uri(self.error_uri, {'error': str(e)}))
else:
redirect_uri = request.values.get('redirect_uri',
self.error_uri)
try:
rv = f(*args, **kwargs)
except oauth2.FatalClientError as e:
log.debug('Fatal client error %r', e, exc_info=True)
return redirect(e.in_uri(self.error_uri))
except oauth2.OAuth2Error as e:
log.debug('OAuth2Error: %r', e, exc_info=True)
return redirect(e.in_uri(redirect_uri))
except Exception as e:
log.warning('Exception caught while processing request, %s.' %
e,
exc_info=True)
return redirect(
add_params_to_uri(self.error_uri, {'error': str(e)}))
if not isinstance(rv, bool):
# if is a response or redirect
return rv
if not rv:
# denied by user
e = oauth2.AccessDeniedError()
return redirect(e.in_uri(redirect_uri))
# Pass the scopes list as a string to match the format of a URL request
default_scopes = "" # default fallback if no scopes provided.
try:
default_scopes = " ".join(scopes)
except UnboundLocalError:
pass #Just use the default of empty scopes, which will likely return an error later
#if 'request' in kwargs and hasattr(kwargs['request'], scopes):
# default_scopes = " ".join(kwargs['request'].scopes)
return self.confirm_authorization_request(default_scopes)
