def token(cls, user_id, service, scope=''): client_infos = ClientsBusiness.get_by_name(service) if not client_infos: raise Forbidden('Client not found!') user = UsersBusiness.get_by_id(user_id) client = list( filter(lambda c: c['id'] == client_infos['_id'], user['clients_authorized'])) if len(client) <= 0: raise Forbidden('Not authorized!') authorized = False if scope else True typ = '' name = '' actions = [] ''' filter and valid scope ''' if scope: params = scope.lower().split(':') if len(params) != 3: raise BadRequest('Invalid scope!') typ = params[0] name = params[1] actions = params[2].split(',') for user_scope in client[0]['scope']: if not user_scope: raise Forbidden('Not authorized!') typ_scope, name_scope, actions_scope = user_scope.lower().split(':') if typ_scope == typ: if name_scope == name or name_scope == '*': has_actions = True for action in actions: if action not in actions_scope.split(',') and '*' not in actions_scope: has_actions = False if has_actions: authorized = True break if not authorized: raise Forbidden('Not authorized!') ''' generate client token ''' token_client = cls.encode_client_token( service, typ, name, actions, user, client_infos) expired_date = time.mktime(time.localtime( int(time.time()) + int(Config.EXPIRES_IN_CLIENT))) return { "user_id": user_id, "callback": client_infos['redirect_uri'], "token": token_client.decode('utf8'), "access_token": token_client.decode('utf8'), "expired_date": time.strftime("%Y-%m-%d %H:%M:%S", time.localtime(expired_date)) }
def token(cls, user_id, service, scope=''): client_infos = ClientsBusiness.get_by_name(service) user = UsersBusiness.get_by_id(user_id) client = list( filter(lambda c: c['id'] == client_infos['_id'], user['clients_authorized'])) if len(client) <= 0: raise Forbidden('Not authorized!') authorized = False if scope else True typ = '' name = '' actions = [] ''' filter and valid scope ''' if scope: params = scope.split(':') if len(params) != 3: return BadRequest('Invalid scope!') typ = params[0] name = params[1] actions = params[2].split(',') for user_scope in client[0]['scope']: if not user_scope: raise Forbidden('Not authorized!') typ_scope, name_scope, actions_scope = user_scope.split(':') if typ_scope == typ: if name_scope == name or name_scope == '*': has_actions = True for action in actions: if action not in actions_scope.split( ',') and '*' not in actions_scope: has_actions = False if has_actions: authorized = True break if not authorized: raise Forbidden('Not authorized!') ''' generate client token ''' token_client = cls.encode_client_token(service, typ, name, actions, user, client_infos) return { "user_id": user_id, "callback": client_infos['redirect_uri'], "token": token_client.decode('utf8'), "access_token": token_client.decode('utf8') }