def token(cls, user_id, service, scope=''):
client_infos = ClientsBusiness.get_by_name(service)
if not client_infos:
raise Forbidden('Client not found!')
user = UsersBusiness.get_by_id(user_id)
client = list(
filter(lambda c: c['id'] == client_infos['_id'], user['clients_authorized']))
if len(client) <= 0:
raise Forbidden('Not authorized!')
authorized = False if scope else True
typ = ''
name = ''
actions = []
''' filter and valid scope '''
if scope:
params = scope.lower().split(':')
if len(params) != 3:
raise BadRequest('Invalid scope!')
typ = params[0]
name = params[1]
actions = params[2].split(',')
for user_scope in client[0]['scope']:
if not user_scope:
raise Forbidden('Not authorized!')
typ_scope, name_scope, actions_scope = user_scope.lower().split(':')
if typ_scope == typ:
if name_scope == name or name_scope == '*':
has_actions = True
for action in actions:
if action not in actions_scope.split(',') and '*' not in actions_scope:
has_actions = False
if has_actions:
authorized = True
break
if not authorized:
raise Forbidden('Not authorized!')
''' generate client token '''
token_client = cls.encode_client_token(
service, typ, name, actions, user, client_infos)
expired_date = time.mktime(time.localtime(
int(time.time()) + int(Config.EXPIRES_IN_CLIENT)))
return {
"user_id": user_id,
"callback": client_infos['redirect_uri'],
"token": token_client.decode('utf8'),
"access_token": token_client.decode('utf8'),
"expired_date": time.strftime("%Y-%m-%d %H:%M:%S",
time.localtime(expired_date))
}
def token(cls, user_id, service, scope=''):
client_infos = ClientsBusiness.get_by_name(service)
user = UsersBusiness.get_by_id(user_id)
client = list(
filter(lambda c: c['id'] == client_infos['_id'],
user['clients_authorized']))
if len(client) <= 0:
raise Forbidden('Not authorized!')
authorized = False if scope else True
typ = ''
name = ''
actions = []
''' filter and valid scope '''
if scope:
params = scope.split(':')
if len(params) != 3:
return BadRequest('Invalid scope!')
typ = params[0]
name = params[1]
actions = params[2].split(',')
for user_scope in client[0]['scope']:
if not user_scope:
raise Forbidden('Not authorized!')
typ_scope, name_scope, actions_scope = user_scope.split(':')
if typ_scope == typ:
if name_scope == name or name_scope == '*':
has_actions = True
for action in actions:
if action not in actions_scope.split(
',') and '*' not in actions_scope:
has_actions = False
if has_actions:
authorized = True
break
if not authorized:
raise Forbidden('Not authorized!')
''' generate client token '''
token_client = cls.encode_client_token(service, typ, name, actions,
user, client_infos)
return {
"user_id": user_id,
"callback": client_infos['redirect_uri'],
"token": token_client.decode('utf8'),
"access_token": token_client.decode('utf8')
}
