def process_authentication_request(client_store): """ Processes POST /authorize endpoint, verifies posted credentials and other form variables, issues authorization code if all is correct and user has already given consent, displays consent page otherwise. """ authorize_request = AuthorizeRequest.from_dictionary( request.form).process(client_store) session = create_session_token(authorize_request) logger.info("Added auth request for: " + authorize_request.code) if authorize_request.consent_given(authorize_request.scope): if authorize_request.form_post_response: resp = make_response( render_template( 'form_post.html', redirect_uri=authorize_request.redirect_uri, state=authorize_request.state, code=authorize_request.code)) else: resp = redirect(authorize_request.redirection_url()) resp.set_cookie('session', session) else: return show_consent_page(authorize_request, session) return resp
def process_consent_request(client_store): """ Processes POST /consent endpoint, verifies posted form variables, issues authorization code if all is correct """ try: # get id from form vars id = request.form['id'] # look up auth code by id auth_code = consent_store.get(id) # look up auth request by code authorize_request = AuthorizeRequest.from_dictionary( authorization_requests.get(auth_code)) # check if consent granted if request.form.get('approve'): # store consent in user store user_store.update_scopes(authorize_request.id, request.form.get('scopes')) if authorize_request.form_post_response: return make_response( render_template( 'form_post.html', redirect_uri=authorize_request.redirect_uri, state=authorize_request.state, code=authorize_request.code)) # redirect to client with query parameters return redirect(authorize_request.redirection_url()) else: # denied return redirect(authorize_request.redirect_error('access_denied')) except Exception as ex: logger.exception("Exception occurred") return "Error occurred: " + str(ex), 500
def process_authorization_request(client_store): """ Processes GET /authorize endpoint, verifies query paramters, returns login page if all is correct """ authorize_request = AuthorizeRequest.from_dictionary( request.args).validate(client_store) session = authenticated_session(request.cookies.get('session')) if session: authorize_request = AuthorizeRequest.from_dictionary( request.args).process(client_store, session=session) if not authorize_request.consent_given(authorize_request.scope): return show_consent_page(authorize_request, request.cookies.get('session')) return redirect(authorize_request.redirection_url()) return make_response( render_template('login.html', req=authorize_request.__dict__))