예제 #1
0
def authorize(user, auth_request, redirect_uri):
    """
    handler with validation for the request providing a code that the client
    can use to authorize

    user param supplied by login_required
    auth_request and redirect_uri wrapper objects supplied by validate_auth_request

    NOTE: upon login the user has implicitly given permission for the neuaer
          client to obtain an authorization token with the code provided here
    """
    # store the authorization associated with this user
    # for reconciliation upon token request
    auth = Authorization(authorizer=user,

                         # generate a code for the client to submit when
                         # requesting an authorization token
                         code=str(uuid1()),

                         # an absence of the client_id should be caught in
                         # the validations above
                         client_id=auth_request.raw_args.get("client_id"),

                         # per the oauth 2 standard the redirect uri must
                         # be matched on the later request for a token
                         redirect_uri=redirect_uri.get_url())

    # gae db save
    auth.put()

    # add the unique code to the query params, and redirect to the redirect_uri
    return redirect_with_params(redirect_uri, code=auth.code)
예제 #2
0
 def decorated_view(*args, **kwargs):
     if not request.referrer:
         try:
             referrer=request.json['referrer']
         except KeyError:
             return jsonify(error='referrer missing')
     else:
         referrer=request.referrer
     cache_key='{0}/approved'.format(referrer)
     auth=cache.get(cache_key)
     email=db.Email(users.get_current_user().email())
     if users.is_current_user_admin():
         if auth is None:
             auth=Authorization.get_by_key_name(referrer)
             if auth is None:
                 auth=Authorization(key_name=referrer)
                 auth.put()
         try:
             i=auth.approved.index(email)
         except ValueError:
             i=-1
         if i==-1:
             auth.approved.append(email)
             auth.put()
         cache.set(cache_key, auth)
         return func(*args, **kwargs)
     if auth is None:
         auth=Authorization.get_by_key_name(referrer)
         if auth is not None:
             cache.set(cache_key, auth)
     try:
         i=auth.approved.index(email)
     except ValueError:
         i=-1
     if i <> -1:
         return func(*args, **kwargs)
     return jsonify(error='not authorized')