def _get_bearer_token(self):
auth = request.headers.get("Authorization")
try:
auth_scheme, bearer_token = require_split(auth, 2)
require(auth_scheme.lower() == "bearer")
return OAuth2AccessToken.get_token(bearer_token)
except RequirementException:
self._auth_error(400, "invalid_request")
def _get_bearer_token(self):
auth = request.headers.get("Authorization")
try:
auth_scheme, bearer_token = require_split(auth, 2)
require(auth_scheme.lower() == "bearer")
return OAuth2AccessToken.get_token(bearer_token)
except RequirementException:
self._auth_error(400, "invalid_request")
def _get_bearer_token(self, strict=True):
auth = request.headers.get("Authorization")
try:
auth_scheme, bearer_token = require_split(auth, 2)
require(auth_scheme.lower() == "bearer")
return bearer_token
except RequirementException:
if strict:
self._auth_error(400, "invalid_request")
def _get_bearer_token(self, strict=True):
auth = request.headers.get("Authorization")
try:
auth_scheme, bearer_token = require_split(auth, 2)
require(auth_scheme.lower() == "bearer")
return bearer_token
except RequirementException:
if strict:
self._auth_error(400, "invalid_request")
def _get_client_auth(self):
auth = request.headers.get("Authorization")
try:
client_id, client_secret = parse_http_basic(auth)
client = OAuth2Client.get_token(client_id)
require(client)
require(constant_time_compare(client.secret, client_secret))
return client
except RequirementException:
abort(401, headers=[("WWW-Authenticate", 'Basic realm="reddit"')])
def _get_client_auth(self):
auth = request.headers.get("Authorization")
try:
client_id, client_secret = parse_http_basic(auth)
client = OAuth2Client.get_token(client_id)
require(client)
require(constant_time_compare(client.secret, client_secret))
return client
except RequirementException:
abort(401, headers=[("WWW-Authenticate", 'Basic realm="reddit"')])
def parse_http_basic(authorization_header):
"""Parse the username/credentials out of an HTTP Basic Auth header.
Raises RequirementException if anything is uncool.
"""
auth_scheme, auth_token = require_split(authorization_header, 2)
require(auth_scheme.lower() == "basic")
try:
auth_data = base64.b64decode(auth_token)
except TypeError:
raise RequirementException
return require_split(auth_data, 2, ":")
def parse_http_basic(authorization_header):
"""Parse the username/credentials out of an HTTP Basic Auth header.
Raises RequirementException if anything is uncool.
"""
auth_scheme, auth_token = require_split(authorization_header, 2)
require(auth_scheme.lower() == "basic")
try:
auth_data = base64.b64decode(auth_token)
except TypeError:
raise RequirementException
return require_split(auth_data, 2, ":")
def authenticate_with_token(self):
set_extension(request.environ, "json")
set_content_type()
require_https()
require_domain(g.oauth_domain)
try:
access_token = OAuth2AccessToken.get_token(
self._get_bearer_token())
require(access_token)
require(access_token.check_valid())
c.oauth2_access_token = access_token
account = Account._byID36(access_token.user_id, data=True)
require(account)
require(not account._deleted)
c.oauth_user = account
except RequirementException:
self._auth_error(401, "invalid_token")
handler = self._get_action_handler()
if handler:
oauth2_perms = getattr(handler, "oauth2_perms", None)
if oauth2_perms:
grant = OAuth2Scope(access_token.scope)
required = set(oauth2_perms['allowed_scopes'])
if not grant.has_access(c.site.name, required):
self._auth_error(403, "insufficient_scope")
c.oauth_scope = grant
else:
self._auth_error(400, "invalid_request")
def POST_snoovatar(self, form, jquery, public, snoo_color,
unvalidated_components):
if not feature.is_enabled('snoovatars'):
return
if form.has_errors(
"components",
errors.NO_TEXT,
errors.TOO_LONG,
errors.BAD_STRING,
):
return
if form.has_errors("snoo_color", errors.BAD_CSS_COLOR):
return
try:
tailors = g.plugins["gold"].tailors_data
validated = {}
for tailor in tailors:
tailor_name = tailor["name"]
component = unvalidated_components.get(tailor_name)
# if the tailor requires a selection, ensure there is one
if not tailor["allow_clear"]:
require(component)
# ensure this dressing exists
dressing = component.get("dressingName")
if dressing:
for d in tailor["dressings"]:
if dressing == d["name"]:
break
else:
raise RequirementException
validated[tailor_name] = component
except RequirementException:
c.errors.add(errors.INVALID_SNOOVATAR, field="components")
form.has_errors("components", errors.INVALID_SNOOVATAR)
return
SnoovatarsByAccount.save(
user=c.user,
name="snoo",
public=public,
snoo_color=snoo_color,
components=validated,
)
def authenticate_with_token(self):
set_extension(request.environ, "json")
set_content_type()
require_https()
require_domain(g.oauth_domain)
try:
access_token = OAuth2AccessToken.get_token(self._get_bearer_token())
require(access_token)
require(access_token.check_valid())
c.oauth2_access_token = access_token
account = Account._byID36(access_token.user_id, data=True)
require(account)
require(not account._deleted)
c.oauth_user = account
except RequirementException:
self._auth_error(401, "invalid_token")
handler = self._get_action_handler()
if handler:
oauth2_perms = getattr(handler, "oauth2_perms", None)
if oauth2_perms or True:
grant = OAuth2Scope(access_token.scope)
required = set(oauth2_perms['allowed_scopes'])
if not grant.has_access(c.site.name, required):
self._auth_error(403, "insufficient_scope")
c.oauth_scope = grant
else:
self._auth_error(400, "invalid_request")
def pre(self):
set_extension(request.environ, "json")
MinimalController.pre(self)
require_https()
try:
access_token = OAuth2AccessToken.get_token(
self._get_bearer_token())
require(access_token)
require(access_token.check_valid())
c.oauth2_access_token = access_token
account = Account._byID36(access_token.user_id, data=True)
require(account)
require(not account._deleted)
c.oauth_user = account
except RequirementException:
self._auth_error(401, "invalid_token")
handler = self._get_action_handler()
if handler:
oauth2_perms = getattr(handler, "oauth2_perms", None)
if oauth2_perms:
grant = OAuth2Scope(access_token.scope)
if grant.subreddit_only and c.site.name not in grant.subreddits:
self._auth_error(403, "insufficient_scope")
required_scopes = set(oauth2_perms['allowed_scopes'])
if not (grant.scopes >= required_scopes):
self._auth_error(403, "insufficient_scope")
else:
self._auth_error(400, "invalid_request")
def pre(self):
set_extension(request.environ, "json")
MinimalController.pre(self)
require_https()
try:
access_token = OAuth2AccessToken.get_token(self._get_bearer_token())
require(access_token)
require(access_token.check_valid())
c.oauth2_access_token = access_token
account = Account._byID36(access_token.user_id, data=True)
require(account)
require(not account._deleted)
c.oauth_user = account
except RequirementException:
self._auth_error(401, "invalid_token")
handler = self._get_action_handler()
if handler:
oauth2_perms = getattr(handler, "oauth2_perms", None)
if oauth2_perms:
grant = OAuth2Scope(access_token.scope)
if grant.subreddit_only and c.site.name not in grant.subreddits:
self._auth_error(403, "insufficient_scope")
required_scopes = set(oauth2_perms['allowed_scopes'])
if not (grant.scopes >= required_scopes):
self._auth_error(403, "insufficient_scope")
else:
self._auth_error(400, "invalid_request")
def POST_snoovatar(self, form, jquery, public, snoo_color, unvalidated_components):
if not feature.is_enabled('snoovatars'):
return
if form.has_errors("components",
errors.NO_TEXT,
errors.TOO_LONG,
errors.BAD_STRING,
):
return
if form.has_errors("snoo_color", errors.BAD_CSS_COLOR):
return
try:
tailors = g.plugins["gold"].tailors_data
validated = {}
for tailor in tailors:
tailor_name = tailor["name"]
component = unvalidated_components.get(tailor_name)
# if the tailor requires a selection, ensure there is one
if not tailor["allow_clear"]:
require(component)
# ensure this dressing exists
dressing = component.get("dressingName")
if dressing:
for d in tailor["dressings"]:
if dressing == d["name"]:
break
else:
raise RequirementException
validated[tailor_name] = component
except RequirementException:
c.errors.add(errors.INVALID_SNOOVATAR, field="components")
form.has_errors("components", errors.INVALID_SNOOVATAR)
return
SnoovatarsByAccount.save(
user=c.user,
name="snoo",
public=public,
snoo_color=snoo_color,
components=validated,
)
def _get_client_auth(self):
auth = request.headers.get("Authorization")
try:
auth_scheme, auth_token = require_split(auth, 2)
require(auth_scheme.lower() == "basic")
try:
auth_data = base64.b64decode(auth_token)
except TypeError:
raise RequirementException
client_id, client_secret = require_split(auth_data, 2, ":")
client = OAuth2Client.get_token(client_id)
require(client)
require(client.secret == client_secret)
return client
except RequirementException:
abort(401, headers=[("WWW-Authenticate", 'Basic realm="reddit"')])
def _get_client_auth(self):
auth = request.headers.get("Authorization")
try:
auth_scheme, auth_token = require_split(auth, 2)
require(auth_scheme.lower() == "basic")
try:
auth_data = base64.b64decode(auth_token)
except TypeError:
raise RequirementException
client_id, client_secret = require_split(auth_data, 2, ":")
client = OAuth2Client.get_token(client_id)
require(client)
require(client.secret == client_secret)
return client
except RequirementException:
abort(401, headers=[("WWW-Authenticate", 'Basic realm="reddit"')])
def pre(self):
set_extension(request.environ, "json")
MinimalController.pre(self)
require_https()
try:
access_token = self._get_bearer_token()
require(access_token)
c.oauth2_access_token = access_token
account = Account._byID(access_token.user_id, data=True)
require(account)
require(not account._deleted)
c.oauth_user = account
except RequirementException:
self._auth_error(401, "invalid_token")
handler = self._get_action_handler()
if handler:
oauth2_perms = getattr(handler, "oauth2_perms", None)
if oauth2_perms:
if access_token.scope not in oauth2_perms["allowed_scopes"]:
self._auth_error(403, "insufficient_scope")
else:
self._auth_error(400, "invalid_request")
def pre(self):
set_extension(request.environ, "json")
MinimalController.pre(self)
require_https()
try:
access_token = self._get_bearer_token()
require(access_token)
c.oauth2_access_token = access_token
account = Account._byID(access_token.user_id, data=True)
require(account)
require(not account._deleted)
c.oauth_user = account
except RequirementException:
self._auth_error(401, "invalid_token")
handler = self._get_action_handler()
if handler:
oauth2_perms = getattr(handler, "oauth2_perms", None)
if oauth2_perms:
if access_token.scope not in oauth2_perms["allowed_scopes"]:
self._auth_error(403, "insufficient_scope")
else:
self._auth_error(400, "invalid_request")
