def post(self): client = OAuth_Client( name=self.request.get('name'), redirect_uri=self.request.get('redirect_uri'), ) client.put() self.redirect(self.request.path)
def validate_params(self): self.user = users.get_current_user() if self.request.method == 'POST' and not self.user: self.error(403) self.response.out.write("Authentication required.") return False self.redirect_uri = self.request.get('redirect_uri') if not self.redirect_uri: self.error(400) self.response.out.write("The parameter redirect_uri is required.") return False # TODO: validate url? if not self.request.get('response_type') in self.SUPPORTED_RESPONSE_TYPES: self.authz_error('unsupported_response_type', "The requested response type is not supported.") return False self.client = OAuth_Client.get_by_client_id(self.request.get('client_id')) if not self.client: self.authz_error('invalid_client', "The client identifier provided is invalid.") return False if self.client.redirect_uri: if self.client.redirect_uri != self.redirect_uri: self.authz_error('redirect_uri_mismatch', "The redirection URI provided does not match a pre-registered value.") return False return True
def handle(self): # TODO: MUST require transport-level security client_id = self.request.get('client_id') client_secret = self.request.get('client_secret') grant_type = self.request.get('grant_type') scope = self.request.get('scope') if not grant_type in self.SUPPORTED_GRANT_TYPES: self.render_error('unsupported_grant_type', "Grant type not supported.") return client = OAuth_Client.authenticate(client_id, client_secret) if not client: self.render_error('invalid_client', "Inavlid client credentials.") return # Dispatch to one of the grant handlers below getattr(self, 'handle_%s' % grant_type)(client, scope)
def validate_params(self): self.user = users.get_current_user() if self.request.method == 'POST' and not self.user: self.error(403) self.response.out.write("Authentication required.") return False self.redirect_uri = self.request.get('redirect_uri') if not self.redirect_uri: self.error(400) self.response.out.write("The parameter redirect_uri is required.") return False # TODO: validate url? if not self.request.get( 'response_type') in self.SUPPORTED_RESPONSE_TYPES: self.authz_error('unsupported_response_type', "The requested response type is not supported.") return False self.client = OAuth_Client.get_by_client_id( self.request.get('client_id')) if not self.client: self.authz_error('invalid_client', "The client identifier provided is invalid.") return False if self.client.redirect_uri: if self.client.redirect_uri != self.redirect_uri: self.authz_error( 'redirect_uri_mismatch', "The redirection URI provided does not match a pre-registered value." ) return False return True
def get(self): clients = OAuth_Client.all() self.response.out.write( template.render('templates/clients.html', locals()))
from webtest import TestApp from main import application, ProtectedResourceHandler from oauth.models import OAuth_Client from google.appengine.api import apiproxy_stub_map, datastore_file_stub app = TestApp(application()) # clear datastore apiproxy_stub_map.apiproxy._APIProxyStubMap__stub_map['datastore_v3'].Clear() # set up test client client = OAuth_Client(name='test') client.put() def test_protected_resource_fail_naked(): response = app.get('/protected/resource', status=400) assert not ProtectedResourceHandler.SECRET_PAYLOAD in str(response) def test_protected_resource_success_flow(): response = app.post( '/oauth/token', dict( grant_type='password', username='******', password='******', client_id=client.client_id, client_secret=client.client_secret, scope='read', ))
def post(self): client = OAuth_Client( name = self.request.get('name'), redirect_uri = self.request.get('redirect_uri'), ) client.put() self.redirect(self.request.path)