def _check() -> Response:
if not any(parameter in request.args
for parameter in ['code', 'error']):
raise BadRequest('Invalid code')
try:
state = json.loads(request.args.get('state'))
except (JSONDecodeError, TypeError) as exception:
raise BadRequest('Invalid state') from exception
try:
client = clients.find(state['client_id'])
except KeyError as exception:
raise BadRequest('Invalid state (client_id)') from exception
if state['redirect_uri'] not in client.redirect_uris:
raise BadRequest('Invalid state (redirect_uri)')
query = remove_none_values(
OrderedDict([
('code', request.args.get('code')),
('error', request.args.get('error')),
('error_description', request.args.get('error_description')),
('state', state.get('original')),
]))
return redirect('{}?{}'.format(state['redirect_uri'],
urlencode(query, True)),
code=302)
def oauth2_error_handler(exception: OAuth2Error) -> Response:
LOGGER.exception(exception)
body = remove_none_values(
OrderedDict([
('error', exception.error),
('error_description', exception.description),
]))
return make_response(jsonify(body), exception.status_code)
def client_error_handler(exception: ClientError) -> Response:
LOGGER.exception(exception)
query = remove_none_values(
OrderedDict([
('error', exception.error),
('error_description', exception.description),
]))
return redirect('{}?{}'.format(exception.uri, urlencode(query, True)),
exception.status_code)
def _authorize() -> Response:
if 'client_id' not in request.args:
raise BadRequest('Invalid client_id')
try:
client = clients.find(request.args.get('client_id'))
except KeyError as exception:
raise BadRequest('Invalid client_id') from exception
redirect_uri = request.args.get('redirect_uri',
client.canonical_redirect_uri)
if redirect_uri not in client.redirect_uris:
raise BadRequest('Invalid redirect_uri')
if not request.args.get('response_type'):
raise ClientInvalidRequest(client, 'Missing response_type')
elif request.args.get('response_type') != 'code':
raise ClientUnsupportedResourceType(client)
if request.args.get('scope'):
raise ClientInvalidScope(client)
state = remove_none_values({
'redirect_uri': redirect_uri,
'client_id': client.client_id,
'original': request.args.get('state')
})
return redirect(orcid['authorize_uri'] + '?' + urlencode(
{
'client_id': orcid['client_id'],
'response_type': request.args.get('response_type'),
'scope': '/read-limited',
'redirect_uri': url_for('oauth._check', _external=True),
'state': dumps(state, sort_keys=True)
}, True),
code=302)
def test_it_removes_none_values():
input = {'foo': 'bar', 'baz': None, 'test': None}
output = remove_none_values(input)
assert output == {'foo': 'bar'}