def post(self):
app = App.by_key(self.get_argument('client_id', '-'))
current_user = self.get_current_user_object()
redirect_url = self.get_argument('redirect_uri', app.redirect_url)
agree_flag = self.get_argument('agree', None)
if agree_flag == None or agree_flag == '0':
return self.redirect_with_params(redirect_url,
error='access_denied')
else:
auth_code = Authorizationcode.generate(app.id, redirect_url,
current_user.id)
return self.redirect_with_params(redirect_url, code=auth_code.code)
def get(self):
response_type = self.get_argument('response_type', None)
client_id = self.get_argument('client_id', None)
app = App.by_key(client_id)
if app:
redirect_url = self.get_argument('redirect_uri', None)
if redirect_url and app.redirect_url:
# The specified redirect must match the app's existing redirect.
redirect_parts = urlparse(redirect_url)
app_parts = urlparse(app.redirect_url)
if (redirect_parts.scheme != app_parts.scheme
or redirect_parts.netloc != app_parts.netloc
or not redirect_parts.path.startswith(app_parts.path)):
raise tornado.web.HTTPError(400)
elif not redirect_url and not app.redirect_url:
# One or the other is required.
raise tornado.web.HTTPError(400)
elif not redirect_url:
redirect_url = app.redirect_url
if response_type == 'code': # VALID REQUEST
return self.render('api/authorize.html',
app=app,
client_id=client_id,
redirect_url=redirect_url)
elif response_type == None or response_type == '': #INVALID REQUEST (Response type is blank)
if redirect_url:
return self.redirect_with_params(redirect_url,
error='invalid_request')
else: # UNSUPPORTED RESPONSE TYPE (Not known)
if redirect_url:
return self.redirect_with_params(
redirect_url, error='unsupported_response_type')
else: # APP DOES NOT EXIST
redirect_url = self.get_argument('redirect_uri', None)
if redirect_url:
return self.redirect_with_params(redirect_url,
error='invalid_client')
#all else fails
raise tornado.web.HTTPError(404)
def post(self):
grant_type = self.get_argument('grant_type', None)
code = self.get_argument('code', None)
redirect_url = self.get_argument('redirect_uri', None)
client_secret = self.get_argument('client_secret', None)
client_id = self.get_argument('client_id', None)
username = self.get_argument('username', None)
password = self.get_argument('password', None)
if not grant_type or not client_id or not client_secret:
self.set_status(400)
return self.write({
'error':
'invalid_request',
'error_description':
"The grant_type, client_id, and client_secret parameters are required."
})
if grant_type == 'password':
pass
elif grant_type == 'authorization_code':
if not code or not redirect_url:
self.set_status(400)
return self.write({
'error':
'invalid_request',
'error_description':
"The code and redirect_url parameters are required."
})
else:
self.set_status(401)
return self.write({'error': 'invalid_grant'})
app = App.by_key(client_id)
if not app:
self.set_status(401)
return self.write({'error': 'invalid_client'})
if app.secret != client_secret:
self.set_status(401)
return self.write({'error': 'access_denied'})
auth_code = None
if grant_type == 'password':
#generating one in one fell swoop.
#if user password match then make an auth_code
check_user = User.authenticate(username, password)
if check_user:
auth_code = Authorizationcode.generate(
app_id=app.id,
redirect_url=app.redirect_url,
user_id=check_user.id)
else:
self.set_status(401)
return self.write({'error': 'invalid_request'})
else:
auth_code = Authorizationcode.get(
"code = %s and redirect_url = %s and expires_at > %s", code,
redirect_url, datetime.utcnow())
if auth_code:
self.set_header("Cache-Control", "no-store")
access_token = Accesstoken.generate(auth_code.id)
if access_token:
response = {
"access_token": access_token.consumer_key,
"secret": access_token.consumer_secret,
"token_type": "mac",
"algorithm": "hmac-sha-1"
}
return self.write(response)
else:
self.set_status(401)
return self.write({'error': 'invalid_grant'})
else:
self.set_status(401)
return self.write({'error': 'invalid_grant'})