def developer_application_delete(request): app_id = request.matchdict['app'] try: uuid.UUID(app_id) except ValueError: return HTTPBadRequest() try: app = Session.query(Application).filter(Application.id == app_id).one() except NoResultFound: return HTTPNotFound() assert_authenticated_user_is_registered(request) if app.user != request.user: return HTTPUnauthorized() if 'submit' in request.POST: Session.delete(app) request.session.flash( _('The application ${app} was deleted successfully', mapping={'app': app.name}), 'success', ) return HTTPFound( location=request.route_path('oauth2_developer_applications')) return {'app': app}
def revoke_application(request): app_id = request.matchdict['app'] try: uuid.UUID(app_id) except ValueError: return HTTPBadRequest() try: app = Session.query(Application).filter(Application.id == app_id).one() except NoResultFound: return HTTPNotFound() assert_authenticated_user_is_registered(request) if 'submit' in request.POST: authorized_apps = Session.query(AuthorizedApplication).filter( AuthorizedApplication.application == app, AuthorizedApplication.user == request.user ).all() for authorized_app in authorized_apps: Session.delete(authorized_app) request.session.flash( _('The access to application ${app} has been revoked', mapping={'app': app.name}), 'success', ) return HTTPFound( location=request.route_path('oauth2_authorized_applications')) return {'app': app}
def revoke_application(request): app_id = request.matchdict['app'] try: uuid.UUID(app_id) except ValueError: return HTTPBadRequest() try: app = Session.query(Application).filter(Application.id == app_id).one() except NoResultFound: return HTTPNotFound() assert_authenticated_user_is_registered(request) if 'submit' in request.POST: authorized_apps = Session.query(AuthorizedApplication).filter( AuthorizedApplication.application == app, AuthorizedApplication.user == request.user).all() for authorized_app in authorized_apps: Session.delete(authorized_app) request.session.flash( _('The access to application ${app} has been revoked', mapping={'app': app.name}), 'success', ) return HTTPFound( location=request.route_path('oauth2_authorized_applications')) return {'app': app}
def developer_application_delete(request): try: app_id = bson.ObjectId(request.matchdict['app']) except bson.errors.InvalidId: return HTTPBadRequest(body='Invalid application id') app = request.db.applications.find_one(app_id) if app is None: return HTTPNotFound() assert_authenticated_user_is_registered(request) if app['owner'] != request.user['_id']: return HTTPUnauthorized() if 'submit' in request.POST: request.db.applications.remove(app_id, safe=True) request.session.flash( _('The application ${app} was deleted successfully', mapping={'app': app['name']}), 'success', ) return HTTPFound( location=request.route_path('oauth2_developer_applications')) return {'app': app}
def revoke_application(request): assert_authenticated_user_is_registered(request) try: app_id = bson.ObjectId(request.matchdict['app']) except bson.errors.InvalidId: return HTTPBadRequest(body='Invalid application id') app = request.db.applications.find_one(app_id) if app is None: return HTTPNotFound() authorizator = Authorizator(request.db, app) if not authorizator.is_app_authorized(request.user): return HTTPUnauthorized() if 'submit' in request.POST: authorizator.remove_user_authorization(request.user) request.session.flash( _('The access to application ${app} has been revoked', mapping={'app': app['name']}), 'success', ) return HTTPFound( location=request.route_path('oauth2_authorized_applications')) return {'app': app}
def test_assert_authenticated_user_is_registered_no_user(self): user_id = "00000000-0000-0000-0000-000000000000" self.config.testing_securitypolicy(userid=user_id) request = testing.DummyRequest() self.assertRaises(HTTPFound, assert_authenticated_user_is_registered, request) try: assert_authenticated_user_is_registered(request) except HTTPFound as exp: self.assertEqual(exp.location, "/register")
def test_assert_authenticated_user_is_registered_no_user(self): user_id = '00000000-0000-0000-0000-000000000000' self.config.testing_securitypolicy(userid=user_id) request = testing.DummyRequest() self.assertRaises(HTTPFound, assert_authenticated_user_is_registered, request) try: assert_authenticated_user_is_registered(request) except HTTPFound as exp: self.assertEqual(exp.location, '/register')
def test_assert_authenticated_user_is_registered(self): self.config.testing_securitypolicy(userid='john') request = testing.DummyRequest() request.db = self.db self.assertRaises(HTTPFound, assert_authenticated_user_is_registered, request) try: assert_authenticated_user_is_registered(request) except HTTPFound as exp: self.assertEqual(exp.location, '/register') user_id = self.db.users.insert({'screen_name': 'John Doe'}) self.config.testing_securitypolicy(userid=str(user_id)) res = assert_authenticated_user_is_registered(request) self.assertEqual(res['_id'], user_id) self.assertEqual(res['screen_name'], 'John Doe')
def test_assert_authenticated_user_is_registered(self): self.config.testing_securitypolicy(userid="john") request = testing.DummyRequest() request.db = self.db self.assertRaises(HTTPFound, assert_authenticated_user_is_registered, request) try: assert_authenticated_user_is_registered(request) except HTTPFound as exp: self.assertEqual(exp.location, "/register") user_id = self.db.users.insert({"screen_name": "John Doe"}, safe=True) self.config.testing_securitypolicy(userid=str(user_id)) res = assert_authenticated_user_is_registered(request) self.assertEqual(res["_id"], user_id) self.assertEqual(res["screen_name"], "John Doe")
def developer_application_new(request): assert_authenticated_user_is_registered(request) schema = ApplicationSchema() button1 = Button('submit', _('Save application')) button1.css_class = 'btn-primary' button2 = Button('cancel', _('Cancel')) button2.css_class = '' form = Form(schema, buttons=(button1, button2)) if 'submit' in request.POST: controls = request.POST.items() try: appstruct = form.validate(controls) except ValidationFailure as e: return {'form': e.render()} # the data is fine, save into the db application = { 'owner': request.user['_id'], 'name': appstruct['name'], 'main_url': appstruct['main_url'], 'callback_url': appstruct['callback_url'], 'authorized_origins': appstruct['authorized_origins'], 'production_ready': appstruct['production_ready'], 'image_url': appstruct['image_url'], 'description': appstruct['description'], } create_client_id_and_secret(application) request.session.flash( _('The application ${app} was created successfully', mapping={'app': appstruct['name']}), 'success') request.db.applications.insert(application, safe=True) return HTTPFound( location=request.route_path('oauth2_developer_applications')) elif 'cancel' in request.POST: return HTTPFound( location=request.route_path('oauth2_developer_applications')) # this is a GET return {'form': form.render()}
def developer_application_new(request): assert_authenticated_user_is_registered(request) schema = ApplicationSchema() button1 = Button('submit', _('Save application')) button1.css_class = 'btn-primary' button2 = Button('cancel', _('Cancel')) button2.css_class = 'btn-default' form = Form(schema, buttons=(button1, button2)) if 'submit' in request.POST: controls = request.POST.items() try: appstruct = form.validate(controls) except ValidationFailure as e: return {'form': e.render()} # the data is fine, save into the db application = Application( name=appstruct['name'], main_url=appstruct['main_url'], callback_url=appstruct['callback_url'], authorized_origins=appstruct['authorized_origins'], production_ready=appstruct['production_ready'], image_url=appstruct['image_url'], description=appstruct['description'], ) request.user.applications.append(application) request.session.flash( _('The application ${app} was created successfully', mapping={'app': appstruct['name']}), 'success') Session.add(request.user) return HTTPFound( location=request.route_path('oauth2_developer_applications')) elif 'cancel' in request.POST: return HTTPFound( location=request.route_path('oauth2_developer_applications')) # this is a GET return {'form': form.render()}
def test_assert_authenticated_user_is_registered_existing_user(self): user = User(screen_name="John Doe") Session.add(user) Session.flush() user_id = user.id self.config.testing_securitypolicy(userid=user_id) request = testing.DummyRequest() res = assert_authenticated_user_is_registered(request) self.assertEqual(res.id, user_id) self.assertEqual(res.screen_name, "John Doe")
def test_assert_authenticated_user_is_registered_existing_user(self): user = User(screen_name='John Doe') Session.add(user) Session.flush() user_id = user.id self.config.testing_securitypolicy(userid=user_id) request = testing.DummyRequest() res = assert_authenticated_user_is_registered(request) self.assertEqual(res.id, user_id) self.assertEqual(res.screen_name, 'John Doe')
def developer_application_edit(request): app_id = request.matchdict['app'] try: uuid.UUID(app_id) except ValueError: return HTTPBadRequest() try: app = Session.query(Application).filter(Application.id == app_id).one() except NoResultFound: return HTTPNotFound() assert_authenticated_user_is_registered(request) if app.user != request.user: return HTTPUnauthorized() schema = FullApplicationSchema() button1 = Button('submit', _('Save application')) button1.css_class = 'btn-primary' button2 = Button('delete', _('Delete application')) button2.css_class = 'btn-danger' button3 = Button('cancel', _('Cancel')) button3.css_class = 'btn-default' form = Form(schema, buttons=(button1, button2, button3)) if 'submit' in request.POST: controls = request.POST.items() try: appstruct = form.validate(controls) except ValidationFailure as e: return {'form': e.render(), 'app': app} # the data is fine, save into the db app.name = appstruct['name'] app.main_url = appstruct['main_url'] app.callback_url = appstruct['callback_url'] app.authorized_origins = appstruct['authorized_origins'] app.production_ready = appstruct['production_ready'] app.image_url = appstruct['image_url'] app.description = appstruct['description'] Session.add(app) request.session.flash(_('The changes were saved successfully'), 'success') return HTTPFound( location=request.route_path('oauth2_developer_applications')) elif 'delete' in request.POST: return HTTPFound( location=request.route_path('oauth2_developer_application_delete', app=app.id)) elif 'cancel' in request.POST: return HTTPFound( location=request.route_path('oauth2_developer_applications')) # this is a GET return { 'form': form.render({ 'name': app.name, 'main_url': app.main_url, 'callback_url': app.callback_url, 'authorized_origins': app.authorized_origins, 'production_ready': app.production_ready, 'image_url': app.image_url, 'description': app.description, 'client_id': app.id, 'client_secret': app.secret, }), 'app': app, }
def developer_applications(request): assert_authenticated_user_is_registered(request) owned_apps_filter = {'owner': request.user['_id']} return { 'applications': request.db.applications.find(owned_apps_filter) }
def authorized_applications(request): assert_authenticated_user_is_registered(request) authorized_apps_filter = {'_id': {'$in': request.user['authorized_apps']}} authorized_apps = request.db.applications.find(authorized_apps_filter) return {'authorized_apps': authorized_apps}
def authorization_endpoint(request): response_type = request.params.get('response_type') if response_type is None: return HTTPBadRequest('Missing required response_type') if response_type != 'code': return HTTPNotImplemented('Only code is supported') client_id = request.params.get('client_id') if client_id is None: return HTTPBadRequest('Missing required client_type') app = request.db.applications.find_one({'client_id': client_id}) if app is None: return HTTPNotFound() redirect_uri = request.params.get('redirect_uri') if redirect_uri is None: redirect_uri = app['callback_url'] else: if redirect_uri != app['callback_url']: return HTTPBadRequest( 'Redirect URI does not match registered callback URL') scope = request.params.get('scope', DEFAULT_SCOPE) state = request.params.get('state') user = assert_authenticated_user_is_registered(request) authorizator = Authorizator(request.db, app) if 'submit' in request.POST: if not authorizator.is_app_authorized(request.user): authorizator.store_user_authorization(request.user) code = authorizator.auth_codes.create( request.user['_id'], app['client_id'], scope) url = authorizator.auth_codes.get_redirect_url( code, redirect_uri, state) return HTTPFound(location=url) elif 'cancel' in request.POST: return HTTPFound(app['main_url']) else: if authorizator.is_app_authorized(user): code = authorizator.auth_codes.create( user['_id'], app['client_id'], scope) url = authorizator.auth_codes.get_redirect_url( code, redirect_uri, state) return HTTPFound(location=url) else: authorship_information = '' owner_id = app.get('owner', None) if owner_id is not None: owner = request.db.users.find_one({'_id': owner_id}) if owner: email = owner.get('email', None) if email: authorship_information = _('By ${owner}', mapping={'owner': email}) scopes = [SCOPE_NAMES.get(scope, scope) for scope in scope.split(' ')] return { 'response_type': response_type, 'client_id': client_id, 'redirect_uri': redirect_uri, 'scope': scope, 'state': state, 'app': app, 'scopes': scopes, 'authorship_information': authorship_information, }
def developer_application_edit(request): app_id = request.matchdict['app'] try: uuid.UUID(app_id) except ValueError: return HTTPBadRequest() try: app = Session.query(Application).filter(Application.id == app_id).one() except NoResultFound: return HTTPNotFound() assert_authenticated_user_is_registered(request) if app.user != request.user: return HTTPUnauthorized() schema = FullApplicationSchema() button1 = Button('submit', _('Save application')) button1.css_class = 'btn-primary' button2 = Button('delete', _('Delete application')) button2.css_class = 'btn-danger' button3 = Button('cancel', _('Cancel')) button3.css_class = 'btn-default' form = Form(schema, buttons=(button1, button2, button3)) if 'submit' in request.POST: controls = request.POST.items() try: appstruct = form.validate(controls) except ValidationFailure as e: return {'form': e.render(), 'app': app} # the data is fine, save into the db app.name = appstruct['name'] app.main_url = appstruct['main_url'] app.callback_url = appstruct['callback_url'] app.authorized_origins = appstruct['authorized_origins'] app.production_ready = appstruct['production_ready'] app.image_url = appstruct['image_url'] app.description = appstruct['description'] Session.add(app) request.session.flash(_('The changes were saved successfully'), 'success') return HTTPFound( location=request.route_path('oauth2_developer_applications')) elif 'delete' in request.POST: return HTTPFound(location=request.route_path( 'oauth2_developer_application_delete', app=app.id)) elif 'cancel' in request.POST: return HTTPFound( location=request.route_path('oauth2_developer_applications')) # this is a GET return { 'form': form.render({ 'name': app.name, 'main_url': app.main_url, 'callback_url': app.callback_url, 'authorized_origins': app.authorized_origins, 'production_ready': app.production_ready, 'image_url': app.image_url, 'description': app.description, 'client_id': app.id, 'client_secret': app.secret, }), 'app': app, }
def developer_application_edit(request): try: app_id = bson.ObjectId(request.matchdict['app']) except bson.errors.InvalidId: return HTTPBadRequest(body='Invalid application id') assert_authenticated_user_is_registered(request) app = request.db.applications.find_one(app_id) if app is None: return HTTPNotFound() if app['owner'] != request.user['_id']: return HTTPUnauthorized() schema = FullApplicationSchema() button1 = Button('submit', _('Save application')) button1.css_class = 'btn-primary' button2 = Button('delete', _('Delete application')) button2.css_class = 'btn-danger' button3 = Button('cancel', _('Cancel')) button3.css_class = '' form = Form(schema, buttons=(button1, button2, button3)) if 'submit' in request.POST: controls = request.POST.items() try: appstruct = form.validate(controls) except ValidationFailure as e: return {'form': e.render(), 'app': app} # the data is fine, save into the db application = { 'owner': request.user['_id'], 'name': appstruct['name'], 'main_url': appstruct['main_url'], 'callback_url': appstruct['callback_url'], 'authorized_origins': appstruct['authorized_origins'], 'production_ready': appstruct['production_ready'], 'image_url': appstruct['image_url'], 'description': appstruct['description'], 'client_id': app['client_id'], 'client_secret': app['client_secret'], } request.db.applications.update({'_id': app['_id']}, application, safe=True) request.session.flash(_('The changes were saved successfully'), 'success') return HTTPFound( location=request.route_path('oauth2_developer_applications')) elif 'delete' in request.POST: return HTTPFound( location=request.route_path('oauth2_developer_application_delete', app=app['_id'])) elif 'cancel' in request.POST: return HTTPFound( location=request.route_path('oauth2_developer_applications')) # this is a GET return {'form': form.render(app), 'app': app}
def developer_applications(request): assert_authenticated_user_is_registered(request) return { 'applications': request.user.applications, }
def authorized_applications(request): assert_authenticated_user_is_registered(request) return {'authorized_apps': request.user.authorized_applications}