Exemplo n.º 1
0
    def post(self):
        app = App.by_key(self.get_argument('client_id', '-'))
        current_user = self.get_current_user_object()

        redirect_url = self.get_argument('redirect_uri', app.redirect_url)
        agree_flag = self.get_argument('agree', None)
        if agree_flag == None or agree_flag == '0':
            return self.redirect_with_params(redirect_url,
                                             error='access_denied')
        else:
            auth_code = Authorizationcode.generate(app.id, redirect_url,
                                                   current_user.id)
            return self.redirect_with_params(redirect_url, code=auth_code.code)
Exemplo n.º 2
0
    def get(self):
        response_type = self.get_argument('response_type', None)

        client_id = self.get_argument('client_id', None)
        app = App.by_key(client_id)

        if app:
            redirect_url = self.get_argument('redirect_uri', None)
            if redirect_url and app.redirect_url:
                # The specified redirect must match the app's existing redirect.
                redirect_parts = urlparse(redirect_url)
                app_parts = urlparse(app.redirect_url)
                if (redirect_parts.scheme != app_parts.scheme
                        or redirect_parts.netloc != app_parts.netloc
                        or not redirect_parts.path.startswith(app_parts.path)):
                    raise tornado.web.HTTPError(400)
            elif not redirect_url and not app.redirect_url:
                # One or the other is required.
                raise tornado.web.HTTPError(400)
            elif not redirect_url:
                redirect_url = app.redirect_url

            if response_type == 'code':  # VALID REQUEST
                return self.render('api/authorize.html',
                                   app=app,
                                   client_id=client_id,
                                   redirect_url=redirect_url)
            elif response_type == None or response_type == '':  #INVALID REQUEST (Response type is blank)
                if redirect_url:
                    return self.redirect_with_params(redirect_url,
                                                     error='invalid_request')
            else:  # UNSUPPORTED RESPONSE TYPE (Not known)
                if redirect_url:
                    return self.redirect_with_params(
                        redirect_url, error='unsupported_response_type')
        else:  # APP DOES NOT EXIST
            redirect_url = self.get_argument('redirect_uri', None)
            if redirect_url:
                return self.redirect_with_params(redirect_url,
                                                 error='invalid_client')

        #all else fails
        raise tornado.web.HTTPError(404)
Exemplo n.º 3
0
    def post(self):
        grant_type = self.get_argument('grant_type', None)
        code = self.get_argument('code', None)
        redirect_url = self.get_argument('redirect_uri', None)
        client_secret = self.get_argument('client_secret', None)
        client_id = self.get_argument('client_id', None)
        username = self.get_argument('username', None)
        password = self.get_argument('password', None)

        if not grant_type or not client_id or not client_secret:
            self.set_status(400)
            return self.write({
                'error':
                'invalid_request',
                'error_description':
                "The grant_type, client_id, and client_secret parameters are required."
            })

        if grant_type == 'password':
            pass
        elif grant_type == 'authorization_code':
            if not code or not redirect_url:
                self.set_status(400)
                return self.write({
                    'error':
                    'invalid_request',
                    'error_description':
                    "The code and redirect_url parameters are required."
                })
        else:
            self.set_status(401)
            return self.write({'error': 'invalid_grant'})

        app = App.by_key(client_id)
        if not app:
            self.set_status(401)
            return self.write({'error': 'invalid_client'})

        if app.secret != client_secret:
            self.set_status(401)
            return self.write({'error': 'access_denied'})

        auth_code = None
        if grant_type == 'password':
            #generating one in one fell swoop.
            #if user password match then make an auth_code
            check_user = User.authenticate(username, password)
            if check_user:
                auth_code = Authorizationcode.generate(
                    app_id=app.id,
                    redirect_url=app.redirect_url,
                    user_id=check_user.id)
            else:
                self.set_status(401)
                return self.write({'error': 'invalid_request'})
        else:
            auth_code = Authorizationcode.get(
                "code = %s and redirect_url = %s  and expires_at > %s", code,
                redirect_url, datetime.utcnow())

        if auth_code:
            self.set_header("Cache-Control", "no-store")
            access_token = Accesstoken.generate(auth_code.id)
            if access_token:
                response = {
                    "access_token": access_token.consumer_key,
                    "secret": access_token.consumer_secret,
                    "token_type": "mac",
                    "algorithm": "hmac-sha-1"
                }
                return self.write(response)
            else:
                self.set_status(401)
                return self.write({'error': 'invalid_grant'})
        else:
            self.set_status(401)
            return self.write({'error': 'invalid_grant'})