def authorize(user, auth_request, redirect_uri):
"""
handler with validation for the request providing a code that the client
can use to authorize
user param supplied by login_required
auth_request and redirect_uri wrapper objects supplied by validate_auth_request
NOTE: upon login the user has implicitly given permission for the neuaer
client to obtain an authorization token with the code provided here
"""
# store the authorization associated with this user
# for reconciliation upon token request
auth = Authorization(authorizer=user,
# generate a code for the client to submit when
# requesting an authorization token
code=str(uuid1()),
# an absence of the client_id should be caught in
# the validations above
client_id=auth_request.raw_args.get("client_id"),
# per the oauth 2 standard the redirect uri must
# be matched on the later request for a token
redirect_uri=redirect_uri.get_url())
# gae db save
auth.put()
# add the unique code to the query params, and redirect to the redirect_uri
return redirect_with_params(redirect_uri, code=auth.code)
def decorated_view(*args, **kwargs):
if not request.referrer:
try:
referrer=request.json['referrer']
except KeyError:
return jsonify(error='referrer missing')
else:
referrer=request.referrer
cache_key='{0}/approved'.format(referrer)
auth=cache.get(cache_key)
email=db.Email(users.get_current_user().email())
if users.is_current_user_admin():
if auth is None:
auth=Authorization.get_by_key_name(referrer)
if auth is None:
auth=Authorization(key_name=referrer)
auth.put()
try:
i=auth.approved.index(email)
except ValueError:
i=-1
if i==-1:
auth.approved.append(email)
auth.put()
cache.set(cache_key, auth)
return func(*args, **kwargs)
if auth is None:
auth=Authorization.get_by_key_name(referrer)
if auth is not None:
cache.set(cache_key, auth)
try:
i=auth.approved.index(email)
except ValueError:
i=-1
if i <> -1:
return func(*args, **kwargs)
return jsonify(error='not authorized')
