def save_token(token_data, request):
requested_scopes = set(scope_to_list(token_data.get('scope', '')))
application = OAuthApplication.query.filter_by(
client_id=request.client.client_id).one()
link = OAuthApplicationUserLink.query.with_parent(application).with_parent(
request.user).first()
if link is None:
link = OAuthApplicationUserLink(application=application,
user=request.user,
scopes=requested_scopes)
else:
if not requested_scopes:
# for already-authorized apps not specifying a scope uses all scopes the
# user previously granted to the app
requested_scopes = set(link.scopes)
token_data['scope'] = list_to_scope(requested_scopes)
new_scopes = requested_scopes - set(link.scopes)
if new_scopes:
logger.info('New scopes for %r: %s', link, new_scopes)
link.update_scopes(new_scopes)
link.tokens.append(
OAuthToken(access_token=token_data['access_token'],
scopes=requested_scopes))
# get rid of old tokens if there are too many
q = (db.session.query(OAuthToken.id).with_parent(link).filter_by(
_scopes=db.cast(sorted(requested_scopes), ARRAY(db.String))).order_by(
OAuthToken.created_dt.desc()).offset(
MAX_TOKENS_PER_SCOPE).scalar_subquery())
OAuthToken.query.filter(
OAuthToken.id.in_(q)).delete(synchronize_session='fetch')
def _process(self):
self.token.revoke()
logger.info('Revoked token %r', self.token)
flash(
_("The token '{}' has been successfully revoked.").format(
self.token.name), 'success')
return redirect(url_for('.user_tokens'))
def _process(self):
form = PersonalTokenForm(user=self.user)
if form.validate_on_submit():
token = PersonalToken(user=self.user)
form.populate_obj(token)
access_token = token.generate_token()
db.session.flush()
logger.info('Created token %r', token)
session['personal_token_created'] = (token.id, access_token)
return jsonify_data(flash=False)
return jsonify_form(form)
def _process(self):
link = OAuthApplicationUserLink.query.with_parent(
self.user).with_parent(self.application).first()
if link:
logger.info('Deauthorizing app %r for user %r (scopes: %r)',
self.application, self.user, link.scopes)
db.session.delete(link)
flash(
_("Access for '{}' has been successfully revoked.").format(
self.application.name), 'success')
return redirect(url_for('.user_apps'))
def _process(self):
form = PersonalTokenForm(user=self.user,
token=self.token,
obj=self.token)
if form.validate_on_submit():
old_name = self.token.name
form.populate_obj(self.token)
logger.info('Updated token %r', self.token)
flash(_("Token '{}' updated").format(old_name), 'success')
return jsonify_data(flash=False)
return jsonify_form(form)
def _process(self):
form = ApplicationForm(obj=FormDefaults(is_enabled=True))
if form.validate_on_submit():
application = OAuthApplication()
form.populate_obj(application)
db.session.add(application)
db.session.flush()
logger.info('Application %s created by %s', application,
session.user)
flash(
_('Application {} registered successfully').format(
application.name), 'success')
return redirect(url_for('.app_details', application))
return WPOAuthAdmin.render_template('app_new.html', form=form)
def _process(self):
form = ApplicationForm(obj=self.application,
application=self.application)
disabled_fields = set(self.application.system_app_type.enforced_data)
if form.validate_on_submit():
form.populate_obj(self.application)
logger.info('Application %s updated by %s', self.application,
session.user)
flash(
_('Application {} was modified').format(self.application.name),
'success')
return redirect(url_for('.apps'))
return WPOAuthAdmin.render_template('app_details.html',
application=self.application,
form=form,
disabled_fields=disabled_fields)
def _process_consent(self):
try:
grant = auth_server.get_consent_grant(end_user=session.user)
except OAuth2Error as error:
return render_template('oauth/authorize_errors.html',
error=error.error)
application = grant.client
if request.method == 'POST':
if 'confirm' not in request.form:
return False
logger.info('User %s authorized %s', session.user, application)
return True
elif application.is_trusted:
logger.info('User %s automatically authorized %s', session.user,
application)
return True
link = application.user_links.filter_by(user=session.user).first()
authorized_scopes = set(link.scopes) if link else set()
requested_scopes = set(scope_to_list(
grant.request.scope)) if grant.request.scope else authorized_scopes
if requested_scopes <= authorized_scopes:
return True
new_scopes = requested_scopes - authorized_scopes
return render_template(
'oauth/authorize.html',
application=application,
authorized_scopes=[
_f for _f in [SCOPES.get(s) for s in authorized_scopes] if _f
],
new_scopes=[
_f for _f in [SCOPES.get(s) for s in new_scopes] if _f
])
def _process(self):
access_token = self.token.generate_token()
logger.info('Regenerated token %r', self.token)
session['personal_token_created'] = (self.token.id, access_token)
return redirect(url_for('.user_tokens'))
def _process(self):
self.application.user_links.delete()
logger.info('Deauthorizing app %r for all users', self.application)
flash(_('App authorization revoked for all users.'), 'success')
return redirect(url_for('.app_details', self.application))
def _process(self):
self.application.reset_client_secret()
logger.info('Client secret of %s reset by %s', self.application,
session.user)
flash(_('New client secret generated for the application'), 'success')
return redirect(url_for('.app_details', self.application))
def _process(self):
db.session.delete(self.application)
logger.info('Application %s deleted by %s', self.application,
session.user)
flash(_('Application deleted successfully'), 'success')
return redirect(url_for('.apps'))
def revoke_token(self, token, request):
db.session.delete(token)
logger.info('Token %s was revoked', token)
def reset_client_secret(self):
self.client_secret = str(uuid4())
logger.info("Client secret for %s has been reset.", self)
