def decorated(*args, **kwargs): # raise if server not implemented server = self.server uri, http_method, body, headers = extract_params() if request.method in ('GET', 'HEAD'): redirect_uri = request.args.get('redirect_uri', self.error_uri) log.debug('Found redirect_uri %s.', redirect_uri) try: ret = server.validate_authorization_request( uri, http_method, body, headers) scopes, credentials = ret kwargs['scopes'] = scopes kwargs.update(credentials) except oauth2.FatalClientError as e: log.debug('Fatal client error %r', e, exc_info=True) return self._on_exception(e, e.in_uri(self.error_uri)) except oauth2.OAuth2Error as e: log.debug('OAuth2Error: %r', e, exc_info=True) return self._on_exception(e, e.in_uri(redirect_uri)) except Exception as e: log.exception(e) return self._on_exception( e, add_params_to_uri(self.error_uri, {'error': str(e)})) else: redirect_uri = request.values.get('redirect_uri', self.error_uri) try: rv = f(*args, **kwargs) except oauth2.FatalClientError as e: log.debug('Fatal client error %r', e, exc_info=True) return self._on_exception(e, e.in_uri(self.error_uri)) except oauth2.OAuth2Error as e: log.debug('OAuth2Error: %r', e, exc_info=True) return self._on_exception(e, e.in_uri(redirect_uri)) if not isinstance(rv, bool): # if is a response or redirect return rv if not rv: # denied by user e = oauth2.AccessDeniedError() return self._on_exception(e, e.in_uri(redirect_uri)) return self.confirm_authorization_request()
def decorated(req, resp, *args, **kwargs): # raise if server not implemented server = self.server uri, http_method, body, headers = extract_params(req) redirect_uri = req.params.get('redirect_uri', self.error_uri) log.debug('Found redirect_uri %s.', redirect_uri) if req.method in ('GET', 'HEAD'): try: ret = server.validate_authorization_request( uri, http_method, body, headers) scopes, credentials = ret kwargs['scopes'] = scopes kwargs.update(credentials) except oauth2.FatalClientError as e: log.debug('Fatal client error %r', e) resp.status = falcon.HTTP_SEE_OTHER resp.headers['Location'] = redirect_uri except oauth2.OAuth2Error as e: log.debug('OAuth2Error: %r', e) resp.status = falcon.HTTP_SEE_OTHER resp.headers['Location'] = redirect_uri else: try: rv = f(*args, **kwargs) except oauth2.FatalClientError as e: log.debug('Fatal client error %r', e) resp.status = falcon.HTTP_SEE_OTHER resp.headers['Location'] = redirect_uri except oauth2.OAuth2Error as e: log.debug('OAuth2Error: %r', e) resp.status = falcon.HTTP_SEE_OTHER resp.headers['Location'] = redirect_uri else: if rv: if not isinstance(rv, bool): resp.body = rv else: self.confirm_authorization_request(req, resp) else: # denied by user e = oauth2.AccessDeniedError() log.debug('OAuth2Error: %r', e) resp.status = falcon.HTTP_SEE_OTHER resp.headers['Location'] = redirect_uri
def create_authorization_response(self, request, scopes, credentials, allow): try: if not allow: raise oauth2.AccessDeniedError() credentials['user'] = request.user headers, body, status = self.server.create_authorization_response( uri=credentials['redirect_uri'], scopes=scopes, credentials=credentials) uri = headers.get('Location', None) return uri, headers, body, status except oauth2.FatalClientError as error: raise FatalClientError(error=error, redirect_uri=credentials['redirect_uri']) except oauth2.OAuth2Error as error: raise OAuthAPIError(error=error, redirect_uri=credentials['redirect_uri'])
def create_authorization_response(self, request, scopes, credentials, allow): """ A wrapper method that calls create_authorization_response on `server_class` instance. :param request: The current django.http.HttpRequest object :param scopes: A list of provided scopes :param credentials: Authorization credentials dictionary containing `client_id`, `state`, `redirect_uri`, `response_type` :param allow: True if the user authorize the client, otherwise False """ try: if not allow: raise oauth2.AccessDeniedError( state=credentials.get("state", None)) # add current user to credentials. this will be used by OAUTH2_VALIDATOR_CLASS credentials["user"] = request.user request_uri, http_method, _, request_headers = self._extract_params( request) headers, body, status = self.server.create_authorization_response( uri=request_uri, http_method=http_method, headers=request_headers, scopes=scopes, credentials=credentials, ) uri = headers.get("Location", None) return uri, headers, body, status except oauth2.FatalClientError as error: raise FatalClientError(error=error, redirect_uri=credentials["redirect_uri"]) except oauth2.OAuth2Error as error: raise OAuthToolkitError(error=error, redirect_uri=credentials["redirect_uri"])
def create_authorization_response(self, request, scopes, credentials, allow): """ A wrapper method that calls create_authorization_response on `server_class` instance. :param request: The current django.http.HttpRequest object :param scopes: A list of provided scopes :param credentials: Authorization credentials dictionary containing `client_id`, `state`, `redirect_uri`, `response_type` :param allow: True if the user authorize the client, otherwise False """ try: if not allow: raise oauth2.AccessDeniedError() # add current user to credentials. this will be used by OAUTH2_VALIDATOR_CLASS credentials['user'] = request.user headers, body, status = self.server.create_authorization_response( uri=credentials['redirect_uri'], scopes=scopes, credentials=credentials) uri = headers.get("Location", None) code = re.findall('code=(.[^&]*)', uri) if code: grant_code = Grant.objects.get(code=code[0]) grant_code.session_key = request.session.session_key grant_code.save() return uri, headers, body, status except oauth2.FatalClientError as error: raise FatalClientError(error=error, redirect_uri=credentials['redirect_uri']) except oauth2.OAuth2Error as error: raise OAuthToolkitError(error=error, redirect_uri=credentials['redirect_uri'])
async def decorated(request, *args, **kwargs): nonlocal self, plug, reg, context # raise if server not implemented server = self.server uri, http_method, body, headers = extract_params(request) if request.method in ('GET', 'HEAD'): redirect_uri = request.args.get('redirect_uri', self.error_uri) log.debug('Found redirect_uri %s.', redirect_uri) try: ret = server.validate_authorization_request( uri, http_method, body, headers) scopes, credentials = ret kwargs['scopes'] = scopes if 'request' in credentials: kwargs['orequest'] = credentials.pop("request") kwargs.update(credentials) except oauth2.FatalClientError as e: log.debug('Fatal client error %r', e, exc_info=True) return plug._on_exception(context, e, e.in_uri(self.error_uri)) except oauth2.OAuth2Error as e: log.debug('OAuth2Error: %r', e, exc_info=True) # on auth error, we should preserve state if it's present according to RFC 6749 state = request.args.get('state') if state and not e.state: e.state = state # set e.state so e.in_uri() can add the state query parameter to redirect uri return plug._on_exception(context, e, e.in_uri(redirect_uri)) except Exception as e: log.exception(e) return plug._on_exception( context, e, add_params_to_uri(self.error_uri, {'error': str(e)})) else: redirect_uri = request.args.get('redirect_uri', self.error_uri) try: rv = f(request, *args, context=context, **kwargs) if isawaitable(rv): rv = await rv except oauth2.FatalClientError as e: log.debug('Fatal client error %r', e, exc_info=True) return plug._on_exception(context, e, e.in_uri(self.error_uri)) except oauth2.OAuth2Error as e: log.debug('OAuth2Error: %r', e, exc_info=True) # on auth error, we should preserve state if it's present according to RFC 6749 state = request.args.get('state') if state and not e.state: e.state = state # set e.state so e.in_uri() can add the state query parameter to redirect uri return plug._on_exception(context, e, e.in_uri(redirect_uri)) if not isinstance(rv, bool): # if is a response or redirect return rv if not rv: # denied by user e = oauth2.AccessDeniedError(state=request.args.get('state')) return plug._on_exception(context, e, e.in_uri(redirect_uri)) return await plug.confirm_authorization_request( request, context, self)
def decorated(*args, **kwargs): # raise if server not implemented server = self.server uri, http_method, body, headers = extract_params() if request.method in ('GET', 'HEAD'): redirect_uri = request.args.get('redirect_uri', self.error_uri) log.debug('Found redirect_uri %s.', redirect_uri) try: ret = server.validate_authorization_request( uri, http_method, body, headers) scopes, credentials = ret kwargs['scopes'] = scopes kwargs.update(credentials) except oauth2.FatalClientError as e: log.debug('Fatal client error %r', e, exc_info=True) return redirect(e.in_uri(self.error_uri)) except oauth2.OAuth2Error as e: log.debug('OAuth2Error: %r', e, exc_info=True) return redirect(e.in_uri(redirect_uri)) except Exception as e: log.warning( 'Exception caught while processing request, %s.' % e, exc_info=True) return redirect( add_params_to_uri(self.error_uri, {'error': str(e)})) else: redirect_uri = request.values.get('redirect_uri', self.error_uri) try: rv = f(*args, **kwargs) except oauth2.FatalClientError as e: log.debug('Fatal client error %r', e, exc_info=True) return redirect(e.in_uri(self.error_uri)) except oauth2.OAuth2Error as e: log.debug('OAuth2Error: %r', e, exc_info=True) return redirect(e.in_uri(redirect_uri)) except Exception as e: log.warning('Exception caught while processing request, %s.' % e, exc_info=True) return redirect( add_params_to_uri(self.error_uri, {'error': str(e)})) if not isinstance(rv, bool): # if is a response or redirect return rv if not rv: # denied by user e = oauth2.AccessDeniedError() return redirect(e.in_uri(redirect_uri)) # Pass the scopes list as a string to match the format of a URL request default_scopes = "" # default fallback if no scopes provided. try: default_scopes = " ".join(scopes) except UnboundLocalError: pass #Just use the default of empty scopes, which will likely return an error later #if 'request' in kwargs and hasattr(kwargs['request'], scopes): # default_scopes = " ".join(kwargs['request'].scopes) return self.confirm_authorization_request(default_scopes)