def password_authorization(request, username, password, scope, expires_in):
policy = request.registry.queryUtility(IAuthenticationPolicy)
authapi = policy._getAPI(request)
credentials = {'login': username, 'password': password}
identity, headers = authapi.login(credentials)
if not identity:
return OAuth2ErrorHandler.error_unauthorized_client()
else:
# Create and store token
storage = request.registry.osiris_store
token = generate_token()
stored = storage.store(token, username, scope, expires_in)
# Issue token
if stored:
return dict(access_token=token,
token_type='bearer',
scope=scope,
expires_in=expires_in)
else:
# If operation error, return a generic server error
return HTTPInternalServerError()
def password_authorization(request, username, password, scope, expires_in):
policy = request.registry.queryUtility(IAuthenticationPolicy)
authapi = policy._getAPI(request)
credentials = {'login': username, 'password': password}
identity, headers = authapi.login(credentials)
if not identity:
return OAuth2ErrorHandler.error_unauthorized_client()
else:
# Create and store token
storage = request.registry.osiris_store
token = generate_token()
stored = storage.store(token, username, scope, expires_in)
# Issue token
if stored:
return dict(
access_token=token,
token_type='bearer',
scope=scope,
expires_in=expires_in
)
else:
# If operation error, return a generic server error
return HTTPInternalServerError()
def password_authorization(request, username, password, scope, expires_in):
ldap_enabled = asbool(request.registry.settings.get('osiris.ldap_enabled'))
ldap_scope_as_group = asbool(
request.registry.settings.get('osiris.ldap_scope_as_group'))
if ldap_enabled:
from osiris import get_ldap_connector
connector = get_ldap_connector(request)
identity = connector.authenticate(username, password)
scopes = scope.split(' ')
if ldap_scope_as_group and scope:
user_groups = connector.user_groups(username)
user_groups = [group[0] for group in user_groups]
user_groups = [
group.split(",")[0].split("=")[1] for group in user_groups
]
for req_scope in scopes:
if req_scope not in user_groups:
return OAuth2ErrorHandler.error_invalid_scope(req_scope)
else:
policy = request.registry.queryUtility(IAuthenticationPolicy)
authapi = policy._getAPI(request)
credentials = {'login': username, 'password': password}
identity, headers = authapi.login(credentials)
user_groups = []
if not identity:
return OAuth2ErrorHandler.error_invalid_grant()
else:
storage = request.registry.osiris_store
# Check if an existing token for the username and scope is already issued
issued = storage.retrieve(username=username, scope=scope)
if issued:
# Return the already issued one
return dict(
access_token=issued.get('token'),
token_type='bearer',
scope=issued.get('scope'),
expires_in=issued.get('expire_time'),
)
else:
# Create and store token
token = generate_token()
stored = storage.store(token, username, scope, expires_in)
# Issue token
if stored:
return dict(access_token=token,
token_type='bearer',
scope=scope,
expires_in=int(expires_in))
else:
# If operation error, return a generic server error
return HTTPInternalServerError()
def password_authorization(request, username, password, scope, expires_in):
ldap_enabled = asbool(request.registry.settings.get('osiris.ldap_enabled'))
ldap_scope_as_group = asbool(
request.registry.settings.get('osiris.ldap_scope_as_group'))
if ldap_enabled:
from osiris import get_ldap_connector
connector = get_ldap_connector(request)
identity = connector.authenticate(username, password)
scopes = scope.split(' ')
if ldap_scope_as_group and scope:
user_groups = connector.user_groups(username)
user_groups = [group[0] for group in user_groups]
user_groups = [group.split(",")[0].split("=")[1]
for group in user_groups]
for req_scope in scopes:
if req_scope not in user_groups:
return OAuth2ErrorHandler.error_invalid_scope(req_scope)
else:
policy = request.registry.queryUtility(IAuthenticationPolicy)
authapi = policy._getAPI(request)
credentials = {'login': username, 'password': password}
identity, headers = authapi.login(credentials)
user_groups = []
if not identity:
return OAuth2ErrorHandler.error_invalid_grant()
else:
storage = request.registry.osiris_store
# Check if an existing token for the username and scope is already issued
issued = storage.retrieve(username=username, scope=scope)
if issued:
# Return the already issued one
return dict(access_token=issued.get('token'),
token_type='bearer',
scope=issued.get('scope'),
expires_in=issued.get('expire_time'),
)
else:
# Create and store token
token = generate_token()
stored = storage.store(token, username, scope, expires_in)
# Issue token
if stored:
return dict(access_token=token,
token_type='bearer',
scope=scope,
expires_in=int(expires_in)
)
else:
# If operation error, return a generic server error
return HTTPInternalServerError()
