def _process(self, **kwargs):
if request.method == 'POST':
if 'confirm' not in request.form:
return False
logger.info('User %s authorized %s', session.user,
self.application)
return True
if self.application.is_trusted:
logger.info('User %s automatically authorized %s', session.user,
self.application)
return True
requested_scopes = set(kwargs['scopes'])
token = self.application.tokens.filter_by(user=session.user).first()
authorized_scopes = token.scopes if token else set()
if requested_scopes <= authorized_scopes:
return True
new_scopes = requested_scopes - authorized_scopes
return render_template(
'oauth/authorize.html',
application=self.application,
authorized_scopes=[
_f for _f in [SCOPES.get(s) for s in authorized_scopes] if _f
],
new_scopes=[
_f for _f in [SCOPES.get(s) for s in new_scopes] if _f
])
class ApplicationForm(IndicoForm):
name = StringField(_("Name"), [DataRequired()])
description = TextAreaField(_("Description"))
redirect_uris = RedirectURIField(_("Allowed authorization callback URLs"), [DataRequired()],
description=_("More than one URL can be specified adding new lines. The "
"redirect_uri sent by the OAuth client must use the same protocol "
"and host/port. If an entry contains a path, the redirect_uri's "
"path must start with this path."))
default_scopes = IndicoSelectMultipleCheckboxField('Allowed scopes', [DataRequired()],
choices=sorted(list(SCOPES.items()), key=itemgetter(1)))
is_enabled = BooleanField(_("Enabled"), widget=SwitchWidget(),
description=_("If an application is not enabled, its OAuth tokens cannot be used and "
"user cannot be prompted to authorize the application."))
is_trusted = BooleanField(_("Trusted"), widget=SwitchWidget(),
description=_("Trusted applications will be granted authorization automatically and "
"no intermediate page will be displayed during the authorization process."))
def __init__(self, *args, **kwargs):
self.application = kwargs.pop('application', None)
super().__init__(*args, **kwargs)
if self.application is not None:
for field in self.application.system_app_type.enforced_data:
# preserve existing value for disabled fields
self[field].data = self[field].object_data
def validate_name(self, field):
query = OAuthApplication.find(name=field.data)
if self.application:
query = query.filter(db.func.lower(OAuthApplication.name) != self.application.name.lower())
if query.count():
raise ValidationError(_("There is already an application with this name"))
def _process(self, **kwargs):
if request.method == 'POST':
if 'confirm' not in request.form:
return False
logger.info('User %s authorized %s', session.user, self.application)
return True
if self.application.is_trusted:
logger.info('User %s automatically authorized %s', session.user, self.application)
return True
requested_scopes = set(kwargs['scopes'])
token = self.application.tokens.filter_by(user=session.user).first()
authorized_scopes = token.scopes if token else set()
if requested_scopes <= authorized_scopes:
return True
new_scopes = requested_scopes - authorized_scopes
return render_template('oauth/authorize.html', application=self.application,
authorized_scopes=filter(None, [SCOPES.get(s) for s in authorized_scopes]),
new_scopes=filter(None, [SCOPES.get(s) for s in new_scopes]))
