def vetting_result():
data = flask.request.get_json()
qrcode = data.get('qrcode')
try:
qrdata = parse_opaque_data(qrcode)
except InvalidOpaqueDataError as e:
return make_response(str(e), 400)
auth_req_data = current_app.authn_requests.pop(qrdata['nonce'])
if not auth_req_data:
# XXX: Short circuit vetting process for special nonce during development
if qrdata['nonce'] in current_app.config.get('TEST_NONCE', []):
current_app.logger.debug('Found test nonce {}'.format(qrdata['nonce']))
return development_license_check(data)
# XXX: End remove later
current_app.logger.debug('Received unknown nonce \'{}\''.format(qrdata['nonce']))
return make_response('Unknown nonce', 400)
auth_req = AuthorizationRequest(**auth_req_data)
user_id = auth_req['user_id']
try:
current_app.logger.debug('Vetting data received: {}'.format(data))
# Check vetting data received
parsed_data = parse_vetting_data(data)
current_app.logger.debug('Vetting data parsed: {!r}'.format(parsed_data))
except ValueError as e:
current_app.logger.error('Received malformed vetting data \'{}\''.format(data))
current_app.logger.error(e)
return make_response('Malformed vetting data', 400)
except KeyError as e:
current_app.logger.error('Missing vetting data: \'{}\''.format(e))
return make_response('Missing vetting data: {}'.format(e), 400)
# Save information needed for the next vetting step that uses the api
try:
yubico_state = current_app.yubico_states[auth_req['state']]
except KeyError:
yubico_state = {
'created': time(),
'state': auth_req['state'],
'client_id': auth_req['client_id'],
'user_id': user_id
}
else:
# Yubico state already created via the api
yubico_state.update({'client_id': auth_req['client_id'], 'user_id': user_id})
current_app.yubico_states[auth_req['state']] = yubico_state
# Add soap license check to queue
current_app.mobile_verify_service_queue.enqueue(verify_license, auth_req.to_dict(), parsed_data['front_image_data'],
parsed_data['barcode_data'], parsed_data['mibi_data'])
return make_response('OK', 200)
# verify the redirect_uri
try:
self.get_redirect_uri(areq)
except (RedirectURIError, ParameterError), err:
return self._error("invalid_request", "%s" % err)
except Exception, err:
message = traceback.format_exception(*sys.exc_info())
logger.error(message)
logger.debug("Bad request: %s (%s)" % (err, err.__class__.__name__))
return BadRequest("%s" % err)
if not areq:
logger.debug("No AuthzRequest")
return self._error("invalid_request", "No parsable AuthzRequest")
logger.debug("AuthzRequest: %s" % (areq.to_dict(),))
try:
redirect_uri = self.get_redirect_uri(areq)
except (RedirectURIError, ParameterError, UnknownClient), err:
return self._error("invalid_request", "%s" % err)
try:
# verify that the request message is correct
areq.verify()
except (MissingRequiredAttribute, ValueError), err:
return self._redirect_authz_error("invalid_request", redirect_uri,
"%s" % err)
areq = self.handle_oidc_request(areq, redirect_uri)
logger.debug("AuthzRequest+oidc_request: %s" % (areq.to_dict(),))
