def delete_client(secret): client = OAuthClient.query.filter(OAuthClient.client_secret == secret).first() if not client: abort(404) db.delete(client) db.commit() return redirect("/oauth/clients")
def remove_admin(arguments): u = User.query.filter(User.username == arguments['<name>']).first() if (u): u.admin = False # remove admin db.commit() else: print('Not a valid user')
def remove_admin(arguments): u = User.query.filter(User.username == arguments['<name>']).first() if(u): u.admin = False # remove admin db.commit() else: print('Not a valid user')
def exchange(): client_id = request.form.get("client_id") client_secret = request.form.get("client_secret") code = request.form.get("code") if not client_id: return { "error": "Missing client_id" }, 400 client = OAuthClient.query.filter(OAuthClient.client_id == client_id).first() if not client: return { "error": "Unknown client" }, 404 if client.client_secret != client_secret: return { "error": "Incorrect client secret" }, 401 r = redis.Redis(unix_socket_path=_cfg("socket"), db=_cfg("database")) _client_id = r.get("oauth.exchange.client." + code) user_id = r.get("oauth.exchange.user." + code) if not client_id or not user_id: return { "error": "Unknown or expired exchange code" }, 404 _client_id = _client_id.decode("utf-8") user_id = int(user_id.decode("utf-8")) user = User.query.filter(User.id == user_id).first() if not user or _client_id != client.client_id: return { "error": "Unknown or expired exchange code" }, 404 token = OAuthToken.query.filter(OAuthToken.client == client, OAuthToken.user == user).first() if not token: token = OAuthToken(user, client) db.add(token) db.commit() r.delete("oauth.exchange.client." + code) r.delete("oauth.exchange.user." + code) return { "token": token.token }
def approve_user(arguments): u = User.query.filter(User.username == arguments['<name>']).first() if (u): u.approved = True # approve user u.approvalDate = datetime.now() db.commit() else: print('Not a valid user')
def approve_user(arguments): u = User.query.filter(User.username == arguments['<name>']).first() if(u): u.approved = True # approve user u.approvalDate = datetime.now() db.commit() else: print('Not a valid user')
def regenerate(secret): client = OAuthClient.query.filter(OAuthClient.client_secret == secret).first() if not client: abort(404) salt = os.urandom(40) client.client_secret = hashlib.sha256(salt).hexdigest()[:40] db.commit() return redirect("/oauth/clients")
def delete_client(secret): client = OAuthClient.query.filter( OAuthClient.client_secret == secret).first() if not client: abort(404) db.delete(client) db.commit() return redirect("/oauth/clients")
def revoke_token(token): token = OAuthToken.query.filter(OAuthToken.token == token).first() if not token: abort(404) if token.user != current_user: abort(404) db.delete(token) db.commit() return redirect("/oauth/tokens")
def go(*args, **kw): try: ret = f(*args, **kw) db.commit() return ret except: db.rollback() db.close() raise
def regenerate(secret): client = OAuthClient.query.filter( OAuthClient.client_secret == secret).first() if not client: abort(404) salt = os.urandom(40) client.client_secret = hashlib.sha256(salt).hexdigest()[:40] db.commit() return redirect("/oauth/clients")
def reset_password(arguments): u = User.query.filter(User.username == arguments['<name>']).first() if (u): password = arguments['<password>'] if len(password) < 5 or len(password) > 256: print('Password must be between 5 and 256 characters.') return u.set_password(password) db.commit() else: print('Not a valid user')
def create_user(arguments): u = User(arguments['<name>'], arguments['<email>'], arguments['<password>']) if (u): u.approved = True # approve user u.approvalDate = datetime.now() db.add(u) db.commit() print('User created') else: print('Couldn\'t create the uer')
def clients_POST(): name = request.form.get("name") info_url = request.form.get("info_url") redirect_uri = request.form.get("redirect_uri") if not name or not info_url or not redirect_uri: return render_template("oauth-clients.html", errors="All fields are required.") if not info_url.startswith("http://") and not info_url.startswith("https://"): return render_template("oauth-clients.html", errors="URL fields must be a URL.") if not redirect_uri.startswith("http://") and not redirect_uri.startswith("https://"): return render_template("oauth-clients.html", errors="URL fields must be a URL.") if len(current_user.clients) > 10: return render_template("oauth-clients.html", errors="You can only have 10 clients, chill out dude.") client = OAuthClient(current_user, name, info_url, redirect_uri) db.add(client) db.commit() return redirect("/oauth/clients")
def clients_POST(): name = request.form.get("name") info_url = request.form.get("info_url") redirect_uri = request.form.get("redirect_uri") if not name or not info_url or not redirect_uri: return render_template("oauth-clients.html", errors="All fields are required.") if not info_url.startswith("http://") and not info_url.startswith( "https://"): return render_template("oauth-clients.html", errors="URL fields must be a URL.") if not redirect_uri.startswith("http://") and not redirect_uri.startswith( "https://"): return render_template("oauth-clients.html", errors="URL fields must be a URL.") if len(current_user.clients) > 10: return render_template( "oauth-clients.html", errors="You can only have 10 clients, chill out dude.") client = OAuthClient(current_user, name, info_url, redirect_uri) db.add(client) db.commit() return redirect("/oauth/clients")
def exchange(): client_id = request.form.get("client_id") client_secret = request.form.get("client_secret") code = request.form.get("code") if not client_id: return {"error": "Missing client_id"}, 400 client = OAuthClient.query.filter( OAuthClient.client_id == client_id).first() if not client: return {"error": "Unknown client"}, 404 if client.client_secret != client_secret: return {"error": "Incorrect client secret"}, 401 r = redis.Redis(unix_socket_path=_cfg("socket"), db=_cfg("database")) _client_id = r.get("oauth.exchange.client." + code) user_id = r.get("oauth.exchange.user." + code) if not client_id or not user_id: return {"error": "Unknown or expired exchange code"}, 404 _client_id = _client_id.decode("utf-8") user_id = int(user_id.decode("utf-8")) user = User.query.filter(User.id == user_id).first() if not user or _client_id != client.client_id: return {"error": "Unknown or expired exchange code"}, 404 token = OAuthToken.query.filter(OAuthToken.client == client, OAuthToken.user == user).first() if not token: token = OAuthToken(user, client) db.add(token) db.commit() r.delete("oauth.exchange.client." + code) r.delete("oauth.exchange.user." + code) return {"token": token.token}