async def identify(self, request: web.Request) -> typing.Optional[db.User]: session = await aiohttp_session.get_session(request) try: user_id = int(session.get(self._session_key)) except (TypeError, ValueError): return None if user_id is not None: return db.Session().query(db.User).get(user_id) else: return None
async def oauthorize_post(request: web.Request): # login = await authorized_userid(request) # if login is None: # url = URL(request.app.router["app"].url_for()) # raise web.HTTPFound(location=url.update_query({'redirect': request.rel_url})) user_id = await check_authorized(request) user = db.Session().query(db.User).get(user_id) form = await request.post() grant_user = user if form.get('confirm') else None return await request.app['oauth_server'].create_authorization_response( request, grant_user)
async def auth_post(request: web.Request) -> web.Response: form = await request.post() username = form.get('username') password = form.get('password') user = db.Session().query(db.User).filter_by(username=username, password=password).first() if user: response = web.HTTPFound(location=request.url) await remember(request, response, str(user.id)) return response raise web.HTTPForbidden(body=b'Who are you? Go away!')
async def create_client_post(request: web.Request): user_id = await aiohttp_security.check_authorized(request) form = await request.post() app = db.App(**form) app.user_id = user_id app.client_id = generate_token(24) # type: ignore app.client_secret = generate_token(48) # type: ignore app.token_endpoint_auth_method = 'client_secret_post' # type: ignore db_session = db.Session() db_session.add(app) db_session.commit() raise web.HTTPFound(location=request.app.router['auth'].url_for())
async def oauthorize_get(request: web.Request): user_id = await authorized_userid(request) user = None if not user_id: raise web.HTTPFound(location=request.app.router['auth'].url_for()) user = db.Session().query(db.User).get(user_id) try: grant = await request.app['oauth_server'].validate_consent_request( request, user) except oauth.OAuth2Error as error: status, body, headers = error() exc = web.HTTPBadRequest(text=json.dumps(body), headers=headers) raise exc return { 'user': user, 'grant': grant, }
async def register_user_post(request: web.Request) -> typing.NoReturn: form = await request.post() username = form['username'] password = form['password'] assert isinstance(username, str) assert isinstance(password, str) db_session = db.Session() user = db_session.query(db.User).filter_by(username=username).first() if user: raise web.HTTPBadRequest(text="User already exists") user = db.User(username=username, password=password) db_session.add(user) db_session.commit() response = web.HTTPFound(location=request.app.router['auth'].url_for()) await aiohttp_security.remember(request, response, str(user.id)) raise response
async def index(request: web.Request): user_id = await authorized_userid(request) user = None clients: typing.List[db.App] = [] tokens: typing.List[db.Token] = [] codes: typing.List[db.AuthorizationCode] = [] if user_id: db_session = db.Session() user = db_session.query(db.User).get(user_id) clients = db_session.query(db.App).all() codes = db_session.query( db.AuthorizationCode).filter_by(user_id=user_id).all() tokens = db_session.query(db.Token).filter_by(user_id=user_id).all() return { 'user': user, 'clients': clients, 'post_query': request.url.raw_query_string, 'tokens': tokens, 'codes': codes, }