def oauth2_authorize(): client_id = request.args.get('client_id') redirect_uri = request.args.get('redirect_uri') response_type = request.args.get('response_type') scope = [scope.strip() for scope in request.args.get('scope', '').split(',')] if not (client_id and redirect_uri and response_type): return jsonify({'error': 'invalid_request'}), 400 try: client = ApplicationOAuth2Client.objects(id=client_id).get() except ApplicationOAuth2Client.DoesNotExist: return jsonify({'error': 'unauthorized_client'}), 400 check_redirect_uri = False for accept_redirect_uri in client.redirect_uris: if redirect_uri.startswith(accept_redirect_uri): check_redirect_uri = True if not check_redirect_uri: return 'redirect_uri error', 400 if not session.get_account(): if request.method == 'GET': return render_template('api/oauth2/login.html') else: account_id = request.form.get('account_id') account_pw = request.form.get('account_pw') from opencampus.module.account.models import Account try: Account.login(account_id, account_pw) except: return render_template('api/oauth2/login.html') check_accept = True try: accept = OAuth2AccountAccept.objects(client_id=client_id, account_id=session.get_account().id).get() for s in scope: if accept and s not in accept.scope: check_accept = False except OAuth2AccountAccept.DoesNotExist: check_accept = False accept = None if not check_accept: if request.method == 'GET': return render_template('api/oauth2/permission.html', app=Application.objects(id=client.application_id).get(), scope=scope, scope_name=SCOPE) elif request.method == 'POST': token = session.get('csrf_token') if not token or token != request.form.get('csrf_token'): return abort(403) if not accept: accept = OAuth2AccountAccept() accept.client_id = client_id accept.account_id = session.get_account().id accept.created_at = datetime.utcnow() accept.scope = scope accept.save() if response_type == 'token': token = OAuth2AccessToken.create_token('account', session.get_account().id, client_id=client.id, scope=accept.scope) token.save() return redirect(redirect_uri + '?access_token=' + token.access_token) elif response_type == 'code': code = OAuth2AuthorizationCode.create_code(client.id, session.get_account().id, scope=accept.scope) return redirect(redirect_uri + '?code=' + code.code) else: return jsonify({'error': 'unsupported_response_type'}), 400