def POST_authorize(self, authorize, client, redirect_uri, scope, state,
duration, response_type):
"""Endpoint for OAuth2 authorization."""
self._check_employee_grants(client, scope)
self._check_redirect_uri(client, redirect_uri)
self._check_response_type_and_scope(response_type, scope)
self._check_client_type_and_duration(response_type, client, duration)
if c.errors:
return self._error_response(state, redirect_uri,
as_fragment=(response_type == "token"))
if response_type == "code":
code = OAuth2AuthorizationCode._new(client._id, redirect_uri,
c.user._id36, scope,
duration == "permanent")
resp = {"code": code._id, "state": state}
final_redirect = _update_redirect_uri(redirect_uri, resp)
g.stats.simple_event('oauth2.POST_authorize.authorization_code_create')
elif response_type == "token":
token = OAuth2AccessToken._new(client._id, c.user._id36, scope)
token_data = OAuth2AccessController._make_token_dict(token)
token_data["state"] = state
final_redirect = _update_redirect_uri(redirect_uri, token_data, as_fragment=True)
g.stats.simple_event('oauth2.POST_authorize.access_token_create')
# If this is the first time the user is logging in with an official
# mobile app, gild them
if (g.live_config.get('mobile_gild_first_login') and
not c.user.has_used_mobile_app and
client._id in g.mobile_auth_gild_clients):
buyer = Account.system_user()
admintools.adjust_gold_expiration(
c.user, days=g.mobile_auth_gild_time)
create_gift_gold(
buyer._id, c.user._id, g.mobile_auth_gild_time,
datetime.now(g.tz), signed=True, note='first_mobile_auth')
subject = 'Let there be gold! Reddit just sent you Reddit gold!'
message = (
"Thank you for using the Reddit mobile app! As a thank you "
"for logging in during launch week, you've been gifted %s of "
"Reddit Gold.\n\n"
"Reddit Gold is Reddit's premium membership program, which "
"grants you: \n"
"An ads-free experience in Reddit's mobile apps, and\n"
"Extra site features on desktop\n\n"
"Discuss and get help on the features and perks at "
"r/goldbenefits."
) % g.mobile_auth_gild_message
message += '\n\n' + strings.gold_benefits_msg
send_system_message(c.user, subject, message, add_to_sent=False)
c.user.has_used_mobile_app = True
c.user._commit()
return self.redirect(final_redirect, code=302)
def POST_authorize(self, authorize, client, redirect_uri, scope, state,
duration, response_type):
"""Endpoint for OAuth2 authorization."""
self._check_employee_grants(client, scope)
if response_type == "token" and client.is_confidential():
# Prevent "confidential" clients from distributing tokens
# in a non-confidential manner
c.errors.add((errors.OAUTH2_INVALID_CLIENT, "client_id"))
if response_type == "token" and duration != "temporary":
# implicit grant -> No refresh tokens allowed
c.errors.add((errors.INVALID_OPTION, "duration"))
self._check_redirect_uri(client, redirect_uri)
if c.errors:
return self._error_response(state, redirect_uri,
as_fragment=(response_type == "token"))
if response_type == "code":
code = OAuth2AuthorizationCode._new(client._id, redirect_uri,
c.user._id36, scope,
duration == "permanent")
resp = {"code": code._id, "state": state}
final_redirect = _update_redirect_uri(redirect_uri, resp)
elif response_type == "token":
token = OAuth2AccessToken._new(client._id, c.user._id36, scope)
token_data = OAuth2AccessController._make_token_dict(token)
token_data["state"] = state
final_redirect = _update_redirect_uri(redirect_uri, token_data, as_fragment=True)
# If this is the first time the user is logging in with an official
# mobile app, gild them
if (g.live_config.get('mobile_gild_first_login') and
not c.user.has_used_mobile_app and
client._id in g.mobile_auth_gild_clients):
buyer = Account.system_user()
admintools.adjust_gold_expiration(
c.user, days=g.mobile_auth_gild_time)
create_gift_gold(
buyer._id, c.user._id, g.mobile_auth_gild_time,
datetime.now(g.tz), signed=True, note='first_mobile_auth')
subject = 'Let there be gold! %s just sent you reddit gold!' % (
buyer.name)
message = "Thank you for using the reddit mobile app! For your "\
"participation, you've been gifted %s of reddit gold." % (
g.mobile_auth_gild_message)
message += '\n\n' + strings.gold_benefits_msg
send_system_message(c.user, subject, message, add_to_sent=False)
c.user.has_used_mobile_app = True
c.user._commit()
return self.redirect(final_redirect, code=302)
def POST_authorize(self, authorize, client, redirect_uri, scope, state,
duration, response_type):
"""Endpoint for OAuth2 authorization."""
self._check_employee_grants(client, scope)
self._check_redirect_uri(client, redirect_uri)
self._check_response_type_and_scope(response_type, scope)
self._check_client_type_and_duration(response_type, client, duration)
if c.errors:
return self._error_response(state, redirect_uri,
as_fragment=(response_type == "token"))
if response_type == "code":
code = OAuth2AuthorizationCode._new(client._id, redirect_uri,
c.user._id36, scope,
duration == "permanent")
resp = {"code": code._id, "state": state}
final_redirect = _update_redirect_uri(redirect_uri, resp)
g.stats.simple_event('oauth2.POST_authorize.authorization_code_create')
elif response_type == "token":
device_id = get_device_id(client)
token = OAuth2AccessToken._new(
client_id=client._id,
user_id=c.user._id36,
scope=scope,
device_id=device_id,
)
resp = OAuth2AccessController._make_new_token_response(token)
resp["state"] = state
final_redirect = _update_redirect_uri(redirect_uri, resp, as_fragment=True)
g.stats.simple_event('oauth2.POST_authorize.access_token_create')
# If this is the first time the user is logging in with an official
# mobile app, gild them
if (g.live_config.get('mobile_gild_first_login') and
not c.user.has_used_mobile_app and
client._id in g.mobile_auth_gild_clients):
buyer = Account.system_user()
admintools.adjust_gold_expiration(
c.user, days=g.mobile_auth_gild_time)
create_gift_gold(
buyer._id, c.user._id, g.mobile_auth_gild_time,
datetime.now(g.tz), signed=True, note='first_mobile_auth')
subject = 'Let there be gold! Reddit just sent you Reddit gold!'
message = (
"Thank you for using the Reddit mobile app! As a thank you "
"for logging in during launch week, you've been gifted %s of "
"Reddit Gold.\n\n"
"Reddit Gold is Reddit's premium membership program, which "
"grants you: \n"
"An ads-free experience in Reddit's mobile apps, and\n"
"Extra site features on desktop\n\n"
"Discuss and get help on the features and perks at "
"r/goldbenefits."
) % g.mobile_auth_gild_message
message += '\n\n' + strings.gold_benefits_msg
send_system_message(c.user, subject, message, add_to_sent=False)
c.user.has_used_mobile_app = True
c.user._commit()
return self.redirect(final_redirect, code=302)