def authorize():
if request.method == "GET":
print "123445566"
context_id = None
# scopes requesting resource accesses
resource_scopes = []
for scope in request.args["scope"].split(" "):
if scope.startswith("launch:"):
_, context_id = scope.rsplit(":", 1)
elif scope.startswith("patient/") or scope.startswith("user/"):
resource_scopes.append(scope)
if context_id is None:
# create launch context for app launched outside of EHR env
# TODO clean this up
return redirect(
"%s?%s" % (url_for("auth.create_context"), urlencode({"auth_req": json.dumps(request.args)}))
)
assert request.args["response_type"] == "code"
# find app requested this authorization
app = App.query.filter_by(
client_id=request.args["client_id"], redirect_uri=request.args["redirect_uri"]
).first()
assert app is not None
client = Client(
authorizer=request.session.user,
app=app,
state=request.args.get("state"),
scope=request.args["scope"],
context_id=context_id,
)
db.session.add(client)
ctx = Context.query.get(context_id)
# id of patient selected in launch time, could be none
pid = json.loads(ctx.context).get("Patient")
# parse requested scopes
scopes = [OAuthScope(scp_str, pid) for scp_str in resource_scopes]
readable_accesses = map(OAuthScope.to_readable, scopes)
# we grant access despite user's reaction so that we don't have to keep tract of requested scope
# security is being taken care of by marking the authorized client as un authorized
for scope in scopes:
scope.get_access_from_user(request.session.user, client)
db.session.commit()
return render_template(
"authorization.html", appname=app.name, accesses=readable_accesses, auth_code=client.code
)
else:
client = Client.query.filter_by(code=request.form["auth_code"]).first()
assert client is not None
app = App.query.filter_by(client_id=client.client_id).first()
redirect_uri = app.redirect_uri
if request.form["authorize"] == "yes":
# authorize the client and redirect
client.authorized = True
db.session.commit()
redirect_args = {"code": request.form["auth_code"]}
if client.state is not None:
redirect_args["state"] = client.state
else:
redirect_args = {"error": "Authorization declined"}
return redirect("%s?%s" % (redirect_uri, urlencode(redirect_args)))
def authorize():
if request.method == 'GET':
print '123445566'
context_id = None
# scopes requesting resource accesses
resource_scopes = []
for scope in request.args['scope'].split(' '):
if scope.startswith('launch:'):
_, context_id = scope.rsplit(':', 1)
elif scope.startswith('patient/') or scope.startswith('user/'):
resource_scopes.append(scope)
if context_id is None:
# create launch context for app launched outside of EHR env
# TODO clean this up
return redirect(
'%s?%s' % (url_for('auth.create_context'),
urlencode({'auth_req': json.dumps(request.args)})))
assert request.args['response_type'] == 'code'
# find app requested this authorization
app = App.query.filter_by(
client_id=request.args['client_id'],
redirect_uri=request.args['redirect_uri']).first()
assert app is not None
client = Client(authorizer=request.session.user,
app=app,
state=request.args.get('state'),
scope=request.args['scope'],
context_id=context_id)
db.session.add(client)
ctx = Context.query.get(context_id)
# id of patient selected in launch time, could be none
pid = json.loads(ctx.context).get('Patient')
# parse requested scopes
scopes = [OAuthScope(scp_str, pid) for scp_str in resource_scopes]
readable_accesses = map(OAuthScope.to_readable, scopes)
# we grant access despite user's reaction so that we don't have to keep tract of requested scope
# security is being taken care of by marking the authorized client as un authorized
for scope in scopes:
scope.get_access_from_user(request.session.user, client)
db.session.commit()
return render_template('authorization.html',
appname=app.name,
accesses=readable_accesses,
auth_code=client.code)
else:
client = Client.query.filter_by(code=request.form['auth_code']).first()
assert client is not None
app = App.query.filter_by(client_id=client.client_id).first()
redirect_uri = app.redirect_uri
if request.form['authorize'] == 'yes':
# authorize the client and redirect
client.authorized = True
db.session.commit()
redirect_args = {'code': request.form['auth_code']}
if client.state is not None:
redirect_args['state'] = client.state
else:
redirect_args = {'error': 'Authorization declined'}
return redirect('%s?%s' % (redirect_uri, urlencode(redirect_args)))
def authorize():
if request.method == 'GET':
context_id = None
# scopes requesting resource accesses
resource_scopes = []
for scope in request.args['scope'].split(' '):
if scope.startswith('launch:'):
_, context_id = scope.rsplit(':', 1)
elif scope.startswith('patient/') or scope.startswith('user/'):
resource_scopes.append(scope)
if context_id is None:
# create launch context for app launched outside of EHR env
# TODO clean this up
return redirect('%s?%s'% (url_for('auth.create_context'), urlencode({'auth_req': json.dumps(request.args)})))
assert request.args['response_type'] == 'code'
# find app requested this authorization
app = App.query.filter_by(
client_id=request.args['client_id'],
redirect_uri=request.args['redirect_uri']).first()
assert app is not None
client = Client(authorizer=request.session.user,
app=app,
state=request.args.get('state'),
scope=request.args['scope'],
context_id=context_id)
db.session.add(client)
ctx = Context.query.get(context_id)
# id of patient selected in launch time, could be none
pid = json.loads(ctx.context).get('Patient')
# parse requested scopes
scopes = [OAuthScope(scp_str, pid) for scp_str in resource_scopes]
readable_accesses = map(OAuthScope.to_readable, scopes)
# we grant access despite user's reaction so that we don't have to keep tract of requested scope
# security is being taken care of by marking the authorized client as un authorized
for scope in scopes:
scope.get_access_from_user(request.session.user, client)
db.session.commit()
return render_template('authorization.html',
appname=app.name,
accesses=readable_accesses,
auth_code=client.code)
else:
client = Client.query.filter_by(code=request.form['auth_code']).first()
assert client is not None
app = App.query.filter_by(client_id=client.client_id).first()
redirect_uri = app.redirect_uri
if request.form['authorize'] == 'yes':
# authorize the client and redirect
client.authorized = True
db.session.commit()
redirect_args = {'code': request.form['auth_code']}
if client.state is not None:
redirect_args['state'] = client.state
else:
redirect_args = {'error': 'Authorization declined'}
return redirect('%s?%s'% (redirect_uri, urlencode(redirect_args)))
