def authorize(request):
"""Client authorize page (protocol ignored since there are no clients). For more information see oauth2app docs. http://oauth2app.readthedocs.org/en/latest/ """
authorizer = Authorizer()
try:
authorizer.validate(request)
except MissingRedirectURI, e:
return HttpResponseRedirect("/oauth2/missing_redirect_uri")
def authorize(request):
authorizer = Authorizer()
try:
authorizer.validate(request)
except MissingRedirectURI, e:
return HttpResponseRedirect(reverse('oauth_missing_redirect_uri'))
def authorize(request):
authorizer = Authorizer()
try:
authorizer.validate(request)
except MissingRedirectURI, e:
return HttpResponseRedirect(reverse('oauth_missing_redirect_uri'))
def authorize(request):
"""Client authorize page (protocol ignored since there are no clients). For more information see oauth2app docs. http://oauth2app.readthedocs.org/en/latest/ """
authorizer = Authorizer()
try:
authorizer.validate(request)
except MissingRedirectURI, e:
return HttpResponseRedirect("/oauth2/missing_redirect_uri")
def authorize(request):
CODE_AND_TOKEN = 3
authorizer = Authorizer(response_type=CODE_AND_TOKEN)
try:
authorizer.validate(request)
except MissingRedirectURI, e:
return HttpResponseRedirect("/oauth2/missing_redirect_uri")
def authorize(request):
# pdb.set_trace()
CODE_AND_TOKEN = 3
authorizer = Authorizer(response_type=CODE_AND_TOKEN)
try:
authorizer.validate(request)
except MissingRedirectURI, e:
return HttpResponseRedirect("/oauth2/missing_redirect_uri")
def authorize_refreshed(request):
authorizer = Authorizer(response_type=CODE_AND_TOKEN)
try:
authorizer.validate(request)
except MissingRedirectURI, e:
return HttpResponseRedirect(
settings.ROOT_URL +
"authorization_manager/oauth2/missing_redirect_uri")
def authorize(request):
"""
Normal or non-aadhaar authorization of requests. Note that this
request is coming from the client (thirdparty site).
"""
print "Came here - authorizer"
authorizer = Authorizer()
try:
# Check if all the parameters have been specified in the
# call
authorizer.validate(request)
except MissingRedirectURI, e:
return HttpResponseRedirect("/oauth2/missing_redirect_uri")
def authorize(request):
"""
Normal or non-aadhaar authorization of requests. Note that this
request is coming from the client (thirdparty site).
"""
print "Came here - authorizer"
authorizer = Authorizer()
try:
# Check if all the parameters have been specified in the
# call
authorizer.validate(request)
except MissingRedirectURI, e:
return HttpResponseRedirect("/oauth2/missing_redirect_uri")
def authorize_first_and_last_name(request):
scope = AccessRange.objects.filter(key__in=["first_name", "last_name"])
authorizer = Authorizer(scope=scope)
try:
return authorizer(request)
except MissingRedirectURI as e:
return HttpResponseRedirect("/oauth2/missing_redirect_uri")
def authorize_last_name(request):
scope = AccessRange.objects.get(key="last_name")
authorizer = Authorizer(scope=scope)
try:
return authorizer(request)
except MissingRedirectURI as e:
return HttpResponseRedirect("/oauth2/missing_redirect_uri")
def dispatch(self, request):
self.authorizer = Authorizer()
try:
self.authorizer.validate(request)
except MissingRedirectURI as e:
return self.missing_redirect_url_view(request)
except AuthorizationException as e:
# The request is malformed or invalid. Automatically
# redirects to the provided redirect URL.
return self.authorizer.error_redirect()
return super(AuthorizeView, self).dispatch(request)
def authorize(request):
authorizer = Authorizer()
try:
authorizer.validate(request)
except MissingRedirectURI:
return HttpResponseRedirect("/oauth2/missing_redirect_uri")
except AuthorizationException:
# The request is malformed or invalid. Automatically
# redirects to the provided redirect URL.
return authorizer.error_redirect()
if request.method == 'GET':
# Make sure the authorizer has validated before requesting the client
# or access_ranges as otherwise they will be None.
template = {
"client": authorizer.client,
"access_ranges": authorizer.access_ranges}
template["form"] = AuthorizeForm()
helper = FormHelper()
no_submit = Submit('connect', 'No')
helper.add_input(no_submit)
yes_submit = Submit('connect', 'Yes')
helper.add_input(yes_submit)
helper.form_action = '/oauth2/authorize?%s' % authorizer.query_string
helper.form_method = 'POST'
template["helper"] = helper
return render_to_response('oauth2/authorize.html', template, RequestContext(request))
elif request.method == 'POST':
form = AuthorizeForm(request.POST)
if form.is_valid():
if request.POST.get("connect") == "Yes":
return authorizer.grant_redirect()
else:
return authorizer.error_redirect()
return HttpResponseRedirect("/")
def authorize(request):
authorizer = Authorizer()
try:
authorizer.validate(request)
except MissingRedirectURI:
return HttpResponseRedirect("/oauth2/missing_redirect/") # XXX: Fix.
except AuthorizationException:
# The request is malformed or invalid. Automatically
# redirects to the provided redirect URL.
return authorizer.error_redirect()
if request.method == 'GET':
# Make sure the authorizer has validated before requesting the client
# or access_ranges as otherwise they will be None.
if settings.SHOELACE_QUERY_AUTH_ALWAYS:
return authorizer.grant_redirect()
if settings.SHOELACE_QUERY_AUTH_FIRST_LOGIN:
if authorizer.client.id in [
x.id for x in get_authorized_clients(request.user)
]:
return authorizer.grant_redirect()
profile = ClientProfile.objects.filter(client=authorizer.client)
profile = None if len(profile) <= 0 else profile[0]
template = {
"client": authorizer.client,
"access_ranges": authorizer.access_ranges,
"GET": request.GET,
"profile": profile
}
return render_to_response(
'oauth2/authorize.html',
template,
RequestContext(request)
)
elif request.method == 'POST':
form = AuthorizeForm(request.POST)
if form.is_valid():
if request.POST.get("connect") == "Yes":
return authorizer.grant_redirect()
else:
return authorizer.error_redirect()
return HttpResponseRedirect("/")
def authorize_aadhaar(request):
"""
Authorize using aadhaar. Unnecessarily duplicates the normal
authorize and To be DRY'd out. Note that this request is coming
from the client (thirdparty site).
"""
# XXX DRY out this code. 80% is repeated from normal authorize.
print "Came here - authorizer "
authorizer = Authorizer()
try:
loggedin_user = request.user
client_id = request.REQUEST.get('client_id')
client = Client.objects.get(key=client_id)
if client == None:
raise AuthorizationException("Unknown client")
print "Authorizing the request"
authorizer.validate(request)
except MissingRedirectURI, e:
return HttpResponseRedirect("/oauth2/missing_redirect_uri")
def authorize_aadhaar(request):
"""
Authorize using aadhaar. Unnecessarily duplicates the normal
authorize and To be DRY'd out. Note that this request is coming
from the client (thirdparty site).
"""
# XXX DRY out this code. 80% is repeated from normal authorize.
print "Came here - authorizer "
authorizer = Authorizer()
try:
loggedin_user = request.user
client_id = request.REQUEST.get('client_id')
client = Client.objects.get(key=client_id)
if client == None:
raise AuthorizationException("Unknown client")
print "Authorizing the request"
authorizer.validate(request)
except MissingRedirectURI, e:
return HttpResponseRedirect("/oauth2/missing_redirect_uri")
def authorize(request, aadhaar=False):
raise Exception("Client authorize. Should not come here")
print "Came here - authorizer aadhaar = ", aadhaar
authorizer = Authorizer()
try:
# Check if the correct user is logged in. Else redirect to login
# page
loggedin_user = request.user
print "logged in user = "******"Unknown client")
# This is necessary if the logged in user is different from
# the client identified. This is possibly a legacy issue. The
# check is useful anyway.
resource_owner = client.user
print "resource owner = ", resource_owner
if (loggedin_user != resource_owner):
auth.logout(request)
next=django_urlquote(request.get_full_path())
if aadhaar:
nexturl = ("/account/aadhaar/authenticate/?next=%s" % next)
else:
nexturl = ("/account/login/?next=%s" % next)
print "sending the user to ", nexturl
return HttpResponseRedirect(nexturl)
# Now authorize
authorizer.validate(request)
except MissingRedirectURI, e:
return HttpResponseRedirect("/oauth2/missing_redirect_uri")
def authorize(request, aadhaar=False):
raise Exception("Client authorize. Should not come here")
print "Came here - authorizer aadhaar = ", aadhaar
authorizer = Authorizer()
try:
# Check if the correct user is logged in. Else redirect to login
# page
loggedin_user = request.user
print "logged in user = "******"Unknown client")
# This is necessary if the logged in user is different from
# the client identified. This is possibly a legacy issue. The
# check is useful anyway.
resource_owner = client.user
print "resource owner = ", resource_owner
if (loggedin_user != resource_owner):
auth.logout(request)
next = django_urlquote(request.get_full_path())
if aadhaar:
nexturl = ("/account/aadhaar/authenticate/?next=%s" % next)
else:
nexturl = ("/account/login/?next=%s" % next)
print "sending the user to ", nexturl
return HttpResponseRedirect(nexturl)
# Now authorize
authorizer.validate(request)
except MissingRedirectURI, e:
return HttpResponseRedirect("/oauth2/missing_redirect_uri")
def authorize(request):
authorizer = Authorizer()
try:
authorizer.validate(request)
except MissingRedirectURI as e:
return HttpResponseRedirect("/oauth2/missing_redirect_uri")
except AuthorizationException as e:
# The request is malformed or invalid. Automatically
# redirects to the provided redirect URL.
return authorizer.error_redirect()
if request.method == 'GET':
# Make sure the authorizer has validated before requesting the client
# or access_ranges as otherwise they will be None.
template = {
"client": authorizer.client,
"access_ranges": authorizer.access_ranges
}
template["form"] = AuthorizeForm()
helper = FormHelper()
no_submit = Submit('connect', 'No')
helper.add_input(no_submit)
yes_submit = Submit('connect', 'Yes')
helper.add_input(yes_submit)
helper.form_action = '/oauth2/authorize?%s' % authorizer.query_string
helper.form_method = 'POST'
template["helper"] = helper
return render_to_response('oauth2/authorize.html', template,
RequestContext(request))
elif request.method == 'POST':
form = AuthorizeForm(request.POST)
if form.is_valid():
if request.POST.get("connect") == "Yes":
return authorizer.grant_redirect()
else:
return authorizer.error_redirect()
return HttpResponseRedirect("/")
class AuthorizeView(TemplateResponseMixin, View):
template_name = 'oauth2app/authorize.html'
missing_redirect_url_view = staticmethod(MissingRedirectURLView.as_view())
@method_decorator(login_required)
def dispatch(self, request):
self.authorizer = Authorizer()
try:
self.authorizer.validate(request)
except MissingRedirectURI as e:
return self.missing_redirect_url_view(request)
except AuthorizationException as e:
# The request is malformed or invalid. Automatically
# redirects to the provided redirect URL.
return self.authorizer.error_redirect()
return super(AuthorizeView, self).dispatch(request)
def get_context_data(self):
#import pdb;pdb.set_trace()
return {'authorizer': self.authorizer,
'access_ranges': self.authorizer.access_ranges,
'client': self.authorizer.client,
'form': forms.AuthorizeForm(self.request.POST or \
self.request.GET or None)}
def get(self, request):
context = self.get_context_data()
if self.authorizer.client.auto_authorize:
return self.authorizer.grant_redirect()
return self.render_to_response(context)
def post(self, request):
context = self.get_context_data()
if context['form'].is_valid():
if 'accept' in request.POST:
return self.authorizer.grant_redirect()
else:
return self.authorizer.error_redirect()
return HttpResponseBadRequest()
def authorize(request):
authorizer = Authorizer()
try:
authorizer.validate(request)
except MissingRedirectURI, e:
return HttpResponseRedirect("/oauth2/missing_redirect_uri")
def authorize_code(request):
authorizer = Authorizer(response_type=CODE)
try:
return authorizer(request)
except MissingRedirectURI, e:
return HttpResponseRedirect("/oauth2/missing_redirect_uri")
def authorize(request):
authorizer = Authorizer()
try:
authorizer.validate(request)
except MissingRedirectURI, e:
return HttpResponseRedirect("/oauth2/missing_redirect_uri")
def authorize_token(request):
authorizer = Authorizer(response_type=TOKEN)
try:
return authorizer(request)
except MissingRedirectURI as e:
return HttpResponseRedirect("/oauth2/missing_redirect_uri")
def authorize(request):
# Workaround for OAuth2 issue in 0.6.9 (and earlier) remoteStorage.js versions.
# http://www.w3.org/community/unhosted/wiki/RemoteStorage-2011.10#OAuth
# Also see "Known Issues / OAuth2" section in README.
scope = request.REQUEST.get('scope')
if scope and ':' not in scope:
query = urllib.urlencode(dict(it.chain(
request.REQUEST.items(),
[('scope', ' '.join(
canonical_path_spec(path) for path in scope.split(',') ))] )))
return HttpResponseRedirect('{}?{}'.format(request.path, iri_to_uri(query)))
# Process OAuth2 request from query_string
authorizer = Authorizer(response_type=TOKEN)
validate_missing, validate_kwz = None, dict(check_scope=False)
try:
try: authorizer.validate(request, **validate_kwz)
except TypeError: # older version
validate_kwz.pop('check_scope')
authorizer.validate(request)
except MissingRedirectURI:
return HttpResponseRedirect(reverse('remotestorage:oauth2:missing_redirect_uri'))
except (InvalidClient, InvalidScope) as err:
if isinstance(err, InvalidClient): validate_missing = 'client'
else: validate_missing = 'scope'
except AuthorizationException:
# The request is malformed or otherwise invalid.
# Automatically redirects to the provided redirect URL,
# providing error parameters in GET, as per spec.
return authorizer.error_redirect()
paths = authorizer.scope
form = ft.partial(AuthorizeForm, paths=paths, app=authorizer.client_id)
if request.method == 'GET':
# Display form with a glorified "authorize? yes/no" question.
if validate_missing == 'client':
# With remoteStorage (0.6.9), client_id is the hostname of a webapp site,
# which is requesting storage, so it's a new app, and that fact should be
# made clear to the user.
messages.add_message(
request, messages.WARNING,
( 'This is the first time app from domain "{}"'
" tries to access this storage, make sure it's"
' the one you want to grant access to.' )\
.format(smart_unicode(authorizer.client_id)) )
form = form()
# Stored to validate that nothing has extended the submitted list client-side
request.session['authorizer.paths'] = paths
elif request.method == 'POST':
if not paths or paths != request.session.get('authorizer.paths'):
# These paths can potentially be tampered with in the submitted form client-side,
# resulting in granting access to something user didn't see in the displayed form,
# hence passing the list server-side as well within the session
return HttpResponseRedirect(request.get_full_path())
form = form(request.POST)
if form.is_valid():
# Check list of authorized paths, building new scope
paths_auth, paths_form = set(), set(form.cleaned_data['path_access'])
while paths_form:
path_spec = paths_form.pop()
# Try to condense :r and :w to :rw
path, cap = path_spec.split(':')
for a, b in 'rw', 'wr':
if cap == a and '{}:{}'.format(path, b) in paths_form:
paths_auth.add('{}:rw'.format(path))
paths_form.remove('{}:{}'.format(path, b))
break
else: paths_auth.add(path_spec)
# Re-validate form, creating missing models
if validate_missing:
try:
with transaction.commit_on_success():
if validate_missing == 'client':
Client.objects.create( user=request.user,
name=authorizer.client_id, key=authorizer.client_id )
if 'check_scope' not in validate_kwz:
# Create all these just to delete them after validation
for path_spec in paths:
AccessRange.objects.get_or_create(key=path_spec)
authorizer.validate(request, **validate_kwz)
for path_spec in paths_auth:
AccessRange.objects.get_or_create(key=path_spec)
if 'check_scope' not in validate_kwz:
for path_spec in paths.difference(paths_auth):
try: AccessRange.objects.get(key=path_spec).delete()
except (IntegrityError, ObjectDoesNotExist): pass
except AuthorizationException:
return authorizer.error_redirect()
authorizer.scope = paths_auth
return authorizer.grant_redirect()\
if form.cleaned_data['authorize'] == 'allow'\
else authorizer.error_redirect()
if request.method in ['GET', 'POST']:
return render_to_response( 'oauth2/authorize.html',
dict(form=form, app_host=authorizer.client_id), RequestContext(request) )
# Shouldn't get here unless by mistake
return HttpResponse( '<h1>Please issue proper'
' GET request with OAuth2 authorization parameters.</h1>', status=501 )
def authorize_no_scope(request):
authorizer = Authorizer()
try:
return authorizer(request)
except MissingRedirectURI as e:
return HttpResponseRedirect("/oauth2/missing_redirect_uri")
def authorize_token_mac(request):
authorizer = Authorizer(response_type=TOKEN, authentication_method=MAC)
try:
return authorizer(request)
except MissingRedirectURI as e:
return HttpResponseRedirect("/oauth2/missing_redirect_uri")
def authorize_not_refreshable(request):
authorizer = Authorizer(refreshable=False)
try:
return authorizer(request)
except MissingRedirectURI as e:
return HttpResponseRedirect("/oauth2/missing_redirect_uri")
def authorize_refreshed(request): authorizer = Authorizer(response_type=CODE_AND_TOKEN) try: authorizer.validate(request) except MissingRedirectURI, e: return HttpResponseRedirect(settings.ROOT_URL+"authorization_manager/oauth2/missing_redirect_uri")
