def authorize(user, auth_request, redirect_uri): """ handler with validation for the request providing a code that the client can use to authorize user param supplied by login_required auth_request and redirect_uri wrapper objects supplied by validate_auth_request NOTE: upon login the user has implicitly given permission for the neuaer client to obtain an authorization token with the code provided here """ # store the authorization associated with this user # for reconciliation upon token request auth = Authorization(authorizer=user, # generate a code for the client to submit when # requesting an authorization token code=str(uuid1()), # an absence of the client_id should be caught in # the validations above client_id=auth_request.raw_args.get("client_id"), # per the oauth 2 standard the redirect uri must # be matched on the later request for a token redirect_uri=redirect_uri.get_url()) # gae db save auth.put() # add the unique code to the query params, and redirect to the redirect_uri return redirect_with_params(redirect_uri, code=auth.code)
def token(token_req): """ handler to convert a code into an authorization token token_req provided by validate_token_request decorator once neuaer recieves the code provided in the authorize method it will contact the app here where the code can be 'redeemed' for an authorization token """ # get the stored authorization using the code and request uri auth = Authorization.get_with_auth(code=token_req.raw_args.get('code'), uri=token_req.raw_args.get('redirect_uri')) # if there were no matches report if not auth: return jsonify(**token_error_responses('no_match')) # if the access token has already been granted for this uri and code if auth.access_token: return jsonify(**token_error_responses('already_granted')) # return the access token to the requester return jsonify(access_token=auth.generate_token())
def home(): if 'email' not in session: return redirect(url_for('login')) useremail = session['email'] authorizationindb = Authorization.query.with_entities( Authorization.project_key, Authorization.api_key).filter_by(email=useremail).first() if authorizationindb != None: return redirect(url_for('verify')) authoform = AuthorizationForm() if request.method == 'POST': if authoform.validate() == False: flash('Not valid form') return render_template('home.html', form=authoform) else: # get the project and API key email = session['email'] # save the keys into database newautho = Authorization(email, authoform.client_ID.data, authoform.client_secret.data) db.session.add(newautho) db.session.commit() return redirect(url_for('verify')) elif request.method == 'GET': return render_template("home.html", form=authoform)
def authorize(referrer): if not users.get_current_user(): return login(referrer) else: cache_key='{0}/authorizations'.format(request.referrer) auth=cache.get(cache_key) email=db.Email(users.get_current_user().email()) if auth is None: auth=Authorization.get_by_key_name(request.referrer) if auth is not None: cache.set(cache_key, auth) try: a=auth.approved.index(email) except ValueError: a=-1 if a <> -1: return logout(referrer) else: try: p=auth.pending.index(email) except ValueError: p=-1 if p <> -1: return pending_logout(referrer) else: try: r=auth.rejected.index(email) except ValueError: r=-1 if r <> -1: return rejected_logout(referrer) return authorize_logout(referrer)
def reject_ticket(referrer, email): auth=Authorization.get_by_key_name(referrer) auth.pending.remove(email) auth.rejected.append(email) auth.put() cache_key='{0}/authorizations'.format(referrer) cache.set(cache_key, auth)
def read_tickets(): pending=[] i=0 q=Authorization.gql("WHERE pending != Null") for a in q: i += 1 for p in a.pending: pending.append({'id' : i, 'referrer' : a.key().name(), 'email' : p}) return current_app.response_class(json.dumps(pending, indent=None if request.is_xhr else 2), mimetype='application/json')
def authorization_request(referrer): if not users.get_current_user(): return login(referrer) else: email=db.Email(users.get_current_user().email()) ar=AuthRequest(referrer=referrer, email=email) ar.put() auth=Authorization.get_by_key_name(request.referrer) auth.pending.append(email) auth.put() return pending_logout(referrer)
def get(self): ip = self.request.remote_addr auth = Authorization.all().filter('ip = ', ip).get() if not auth: data = dict(client_id=CLIENT_ID, response_type='code') url = "https://banters.com/oauth/authorize?%s" % urlencode(data) self.redirect(url) return # Retrieve data about the current user data = dict(oauth_token=auth.token) url = "https://banters.com/oauth/me.json?%s" % urlencode(data) resp, content = Http().request(url, "GET") data = json.loads(content) path = os.path.join(os.path.dirname(__file__), '../html/index.html') self.response.out.write(template.render(path, { 'username': data["username"], 'avatar': data["profile_photo"]["small"] }))
def populate_auths(): auth_map = { 'Woodshop': 416232, 'Metalshop': 416231, 'Forge': 420386, 'LaserCutter': 416230, 'Mig welding': 420387, 'Tig welding': 420388, 'Stick welding': 420389, 'Manual mill': 420390, 'Plasma': 420391, 'Metal lathes': 420392, 'CNC Plasma': 420393, 'Intro Tormach': 420394, 'Full Tormach': 420395 } for auth in auth_map: if not Authorization.query.filter_by(name=auth).first(): print(f"Adding new authorization: {auth}") a = Authorization(name=auth, wa_group_id=auth_map[auth]) db.session.add(a) db.session.commit()
def decorated_view(*args, **kwargs): # validate that the json exists and is valid try: if not request.json: return jsonify(**error_responses_all('json_invalid')) except JSONDecodeError: return jsonify(**error_responses_all('json_invalid')) # validate that token exists token = request.json.get('access_token', None) if not token: return jsonify(**error_responses_all('access_token_missing')) # validate that an authorization exists matching the provided token # the token should have been obtained from the /authorize endpoint # per the oauth 2 draft spec auth = Authorization.get_with_token(token) # obviosly if there's no matching authorization break and notify if not auth: return jsonify(**error_responses_all('access_token_invalid')) return route(auth.authorizer, *args, **kwargs)
def decorated_view(*args, **kwargs): if not request.referrer: try: referrer=request.json['referrer'] except KeyError: return jsonify(error='referrer missing') else: referrer=request.referrer cache_key='{0}/approved'.format(referrer) auth=cache.get(cache_key) email=db.Email(users.get_current_user().email()) if users.is_current_user_admin(): if auth is None: auth=Authorization.get_by_key_name(referrer) if auth is None: auth=Authorization(key_name=referrer) auth.put() try: i=auth.approved.index(email) except ValueError: i=-1 if i==-1: auth.approved.append(email) auth.put() cache.set(cache_key, auth) return func(*args, **kwargs) if auth is None: auth=Authorization.get_by_key_name(referrer) if auth is not None: cache.set(cache_key, auth) try: i=auth.approved.index(email) except ValueError: i=-1 if i <> -1: return func(*args, **kwargs) return jsonify(error='not authorized')
def auth(request): from models import Authorization verifier = request.GET['oauth_verifier'] req_token = request.session['req_token'] oauth = create_oauth() acc_token = oauth.access_token(req_token, verifier) try: auth = Authorization.objects.get(user_id = acc_token['user_id']) except Authorization.DoesNotExist: auth = Authorization(user_id = acc_token['user_id']) auth.screen_name = acc_token['screen_name'] auth.token = acc_token['oauth_token'] auth.token_secret = acc_token['oauth_token_secret'] auth.save() del request.session['req_token'] request.session['user_id'] = auth.user_id return HttpResponseRedirect('/')