Exemplo n.º 1
0
def save_token(token_data, request, *args, **kwargs):
    # For the implicit flow
    # Check issue: https://github.com/lepture/flask-oauthlib/issues/209
    if request.grant_type == 'authorization_code':
        user = request.user
    elif request.grant_type is None:  # implicit flow
        user = session.user
    else:
        raise ValueError('Invalid grant_type')
    requested_scopes = set(token_data['scope'].split())
    token = (OAuthToken.query.filter(
        OAuthApplication.client_id == request.client.client_id,
        OAuthToken.user == user).join(OAuthApplication).first())
    if token is None:
        application = OAuthApplication.query.filter_by(
            client_id=request.client.client_id).one()
        token = OAuthToken(application=application, user=user)
        db.session.add(token)
        token.access_token = token_data['access_token']
        token.scopes = requested_scopes
    elif requested_scopes - token.scopes:
        logger.info('Added scopes to %s: %s', token,
                    requested_scopes - token.scopes)
        # use the new access_token when extending scopes
        token.access_token = token_data['access_token']
        token.scopes |= requested_scopes
    else:
        token_data['access_token'] = token.access_token
    token_data.pop('refresh_token',
                   None)  # we don't support refresh tokens so far
    token_data.pop('expires_in', None)  # our tokens currently do not expire
    return token
Exemplo n.º 2
0
def save_token(token_data, request, *args, **kwargs):
    # For the implicit flow
    # Check issue: https://github.com/lepture/flask-oauthlib/issues/209
    if request.grant_type == 'authorization_code':
        user = request.user
    elif request.grant_type is None:  # implicit flow
        user = session.user
    else:
        raise ValueError('Invalid grant_type')
    requested_scopes = set(token_data['scope'].split())
    token = OAuthToken.find_first(OAuthApplication.client_id == request.client.client_id,
                                  OAuthToken.user == user,
                                  _join=OAuthApplication)
    if token is None:
        application = OAuthApplication.find_one(client_id=request.client.client_id)
        token = OAuthToken(application=application, user=user)
        db.session.add(token)
        token.access_token = token_data['access_token']
        token.scopes = requested_scopes
    elif requested_scopes - token.scopes:
        logger.info('Added scopes to {}: {}'.format(token, requested_scopes - token.scopes))
        # use the new access_token when extending scopes
        token.access_token = token_data['access_token']
        token.scopes |= requested_scopes
    else:
        token_data['access_token'] = token.access_token
    token_data.pop('refresh_token', None)  # we don't support refresh tokens so far
    token_data.pop('expires_in', None)  # our tokens currently do not expire
    return token
Exemplo n.º 3
0
def load_token(access_token, refresh_token=None):
    if not access_token:
        return None
    # ugly hack so we can know in other places that we received a token
    # e.g. to show an error if there was an invalid token specified but
    # not if there was no token at all
    g.received_oauth_token = True
    try:
        UUID(hex=access_token)
    except ValueError:
        # malformed oauth token
        return None
    token = OAuthToken.find(access_token=access_token).options(db.joinedload(OAuthToken.application)).first()
    if not token or not token.application.is_enabled:
        return None

    token_id = token.id  # avoid DetachedInstanceError in the callback

    @after_this_request
    def _update_last_use(response):
        with db.tmp_session() as sess:
            # do not modify `token` directly, it's attached to a different session!
            sess.query(OAuthToken).filter_by(id=token_id).update({OAuthToken.last_used_dt: now_utc()})
            sess.commit()
        return response

    return token
Exemplo n.º 4
0
def load_token(access_token, refresh_token=None):
    if not access_token:
        return None
    # ugly hack so we can know in other places that we received a token
    # e.g. to show an error if there was an invalid token specified but
    # not if there was no token at all
    g.received_oauth_token = True
    try:
        UUID(hex=access_token)
    except ValueError:
        # malformed oauth token
        return None
    token = OAuthToken.find(access_token=access_token).options(
        db.joinedload(OAuthToken.application)).first()
    if not token or not token.application.is_enabled:
        return None

    token_id = token.id  # avoid DetachedInstanceError in the callback

    @after_this_request
    def _update_last_use(response):
        with db.tmp_session() as sess:
            # do not modify `token` directly, it's attached to a different session!
            sess.query(OAuthToken).filter_by(id=token_id).update(
                {OAuthToken.last_used_dt: now_utc()})
            sess.commit()
        return response

    return token
Exemplo n.º 5
0
 def _create_tokens(**params):
     params.setdefault('access_token', unicode(uuid4()))
     params.setdefault('user', dummy_user)
     params.setdefault('application', dummy_application)
     params.setdefault('scopes', ['read:api', 'write:api'])
     token = OAuthToken(**params)
     db.session.add(token)
     db.session.flush()
     return token
Exemplo n.º 6
0
 def _process_args(self):
     RHUserBase._process_args(self)
     self.token = OAuthToken.get(request.view_args['id'])
     if self.user != self.token.user:
         raise Forbidden(
             "You can only revoke tokens associated with your user")
Exemplo n.º 7
0
 def _checkParams(self):
     RHUserBase._checkParams(self)
     self.token = OAuthToken.get(request.view_args['id'])
     if self.user != self.token.user:
         raise Forbidden("You can only revoke tokens associated with your user")