def rpt_endpoint_(self, entity, client_id, **kwargs): """ Registers an Authorization Description :param entity: Who's on the other side :param client_id: The UMA client :return: A Response instance """ adb = self.get_adb(client_id) adr = AuthorizationDataRequest().from_json(kwargs["request"]) rpt = adb.issue_rpt(adr['ticket'], {'sub': entity}) rsp = AuthorizationDataResponse(rpt=rpt) return Response(rsp.to_json())
def rpt_endpoint_(self, entity, client_id, **kwargs): """ Registers an Authorization Description :param entity: Who's on the other side :param client_id: The UMA client :return: A Response instance """ adr = AuthorizationDataRequest().from_json(kwargs["request"]) # Get request permission that the resource server has registered try: prr_list = self.permission_requests.get_request(adr["ticket"]) except KeyError: errmsg = ErrorResponse(error="invalid_ticket") return BadRequest(errmsg.to_json(), content="application/json") self.permission_requests.del_request(adr["ticket"]) try: _rpt = adr["rpt"] except KeyError: _rpt = rndstr(32) for prr in prr_list: _rsid = prr["resource_set_id"] # Verify that the scopes are defined for the resource set owner = self.resource_set.rsid2oid[_rsid] rsd = self.resource_set.read(owner, _rsid) for scope in prr["scopes"]: try: assert scope in rsd["scopes"] except AssertionError: errmsg = ErrorResponse(error="not_authorized", error_description="Undefined scopes") return BadRequest(errmsg.to_json(), content="application/json") # Is there any permissions registered by the owner, if so verify # that it allows what is requested. Return what is allowed ! try: allow_scopes, timestamp = self.permit.get_permit(owner, entity, _rsid) except KeyError: # errmsg = ErrorResponse(error="not_authorized", error_description="No permission given") return BadRequest(errmsg.to_json(), content="application/json") else: _scopes = [] for scope in prr["scopes"]: try: assert scope in allow_scopes except AssertionError: pass else: _scopes.append(scope) # bind _requester to specific RPT for this user try: self.eid2rpt[owner][entity] = _rpt except KeyError: self.eid2rpt[owner] = {entity: _rpt} self.register_permission(owner, _rpt, _rsid, _scopes) rsp = AuthorizationDataResponse(rpt=_rpt) return Response(rsp.to_json())
def rpt_endpoint_(self, entity, client_id, **kwargs): """ Registers an Authorization Description :param entity: Who's on the other side :param client_id: The UMA client :return: A Response instance """ adr = AuthorizationDataRequest().from_json(kwargs["request"]) # Get request permission that the resource server has registered try: prr_list = self.permission_requests.get_request(adr["ticket"]) except KeyError: errmsg = ErrorResponse(error="invalid_ticket") return BadRequest(errmsg.to_json(), content="application/json") self.permission_requests.del_request(adr["ticket"]) try: _rpt = adr["rpt"] except KeyError: _rpt = rndstr(32) for prr in prr_list: _rsid = prr["resource_set_id"] # Verify that the scopes are defined for the resource set owner = self.resource_set.rsid2oid[_rsid] rsd = self.resource_set.read(owner, _rsid) for scope in prr["scopes"]: try: assert scope in rsd["scopes"] except AssertionError: errmsg = ErrorResponse( error="not_authorized", error_description="Undefined scopes") return BadRequest(errmsg.to_json(), content="application/json") # Is there any permissions registered by the owner, if so verify # that it allows what is requested. Return what is allowed ! try: allow_scopes, timestamp = self.permit.get_permit( owner, entity, _rsid) except KeyError: # errmsg = ErrorResponse(error="not_authorized", error_description="No permission given") return BadRequest(errmsg.to_json(), content="application/json") else: _scopes = [] for scope in prr["scopes"]: try: assert scope in allow_scopes except AssertionError: pass else: _scopes.append(scope) # bind _requester to specific RPT for this user try: self.eid2rpt[owner][entity] = _rpt except KeyError: self.eid2rpt[owner] = {entity: _rpt} self.register_permission(owner, _rpt, _rsid, _scopes) rsp = AuthorizationDataResponse(rpt=_rpt) return Response(rsp.to_json())