def save_token(token_data, request, *args, **kwargs):
# For the implicit flow
# Check issue: https://github.com/lepture/flask-oauthlib/issues/209
if request.grant_type == 'authorization_code':
user = request.user
elif request.grant_type is None: # implicit flow
user = session.user
else:
raise ValueError('Invalid grant_type')
requested_scopes = set(token_data['scope'].split())
token = (OAuthToken.query.filter(
OAuthApplication.client_id == request.client.client_id,
OAuthToken.user == user).join(OAuthApplication).first())
if token is None:
application = OAuthApplication.query.filter_by(
client_id=request.client.client_id).one()
token = OAuthToken(application=application, user=user)
db.session.add(token)
token.access_token = token_data['access_token']
token.scopes = requested_scopes
elif requested_scopes - token.scopes:
logger.info('Added scopes to %s: %s', token,
requested_scopes - token.scopes)
# use the new access_token when extending scopes
token.access_token = token_data['access_token']
token.scopes |= requested_scopes
else:
token_data['access_token'] = token.access_token
token_data.pop('refresh_token',
None) # we don't support refresh tokens so far
token_data.pop('expires_in', None) # our tokens currently do not expire
return token
def save_token(token_data, request, *args, **kwargs):
# For the implicit flow
# Check issue: https://github.com/lepture/flask-oauthlib/issues/209
if request.grant_type == 'authorization_code':
user = request.user
elif request.grant_type is None: # implicit flow
user = session.user
else:
raise ValueError('Invalid grant_type')
requested_scopes = set(token_data['scope'].split())
token = OAuthToken.find_first(OAuthApplication.client_id == request.client.client_id,
OAuthToken.user == user,
_join=OAuthApplication)
if token is None:
application = OAuthApplication.find_one(client_id=request.client.client_id)
token = OAuthToken(application=application, user=user)
db.session.add(token)
token.access_token = token_data['access_token']
token.scopes = requested_scopes
elif requested_scopes - token.scopes:
logger.info('Added scopes to {}: {}'.format(token, requested_scopes - token.scopes))
# use the new access_token when extending scopes
token.access_token = token_data['access_token']
token.scopes |= requested_scopes
else:
token_data['access_token'] = token.access_token
token_data.pop('refresh_token', None) # we don't support refresh tokens so far
token_data.pop('expires_in', None) # our tokens currently do not expire
return token
def load_token(access_token, refresh_token=None):
if not access_token:
return None
# ugly hack so we can know in other places that we received a token
# e.g. to show an error if there was an invalid token specified but
# not if there was no token at all
g.received_oauth_token = True
try:
UUID(hex=access_token)
except ValueError:
# malformed oauth token
return None
token = OAuthToken.find(access_token=access_token).options(db.joinedload(OAuthToken.application)).first()
if not token or not token.application.is_enabled:
return None
token_id = token.id # avoid DetachedInstanceError in the callback
@after_this_request
def _update_last_use(response):
with db.tmp_session() as sess:
# do not modify `token` directly, it's attached to a different session!
sess.query(OAuthToken).filter_by(id=token_id).update({OAuthToken.last_used_dt: now_utc()})
sess.commit()
return response
return token
def load_token(access_token, refresh_token=None):
if not access_token:
return None
# ugly hack so we can know in other places that we received a token
# e.g. to show an error if there was an invalid token specified but
# not if there was no token at all
g.received_oauth_token = True
try:
UUID(hex=access_token)
except ValueError:
# malformed oauth token
return None
token = OAuthToken.find(access_token=access_token).options(
db.joinedload(OAuthToken.application)).first()
if not token or not token.application.is_enabled:
return None
token_id = token.id # avoid DetachedInstanceError in the callback
@after_this_request
def _update_last_use(response):
with db.tmp_session() as sess:
# do not modify `token` directly, it's attached to a different session!
sess.query(OAuthToken).filter_by(id=token_id).update(
{OAuthToken.last_used_dt: now_utc()})
sess.commit()
return response
return token
def _create_tokens(**params):
params.setdefault('access_token', unicode(uuid4()))
params.setdefault('user', dummy_user)
params.setdefault('application', dummy_application)
params.setdefault('scopes', ['read:api', 'write:api'])
token = OAuthToken(**params)
db.session.add(token)
db.session.flush()
return token
def _process_args(self):
RHUserBase._process_args(self)
self.token = OAuthToken.get(request.view_args['id'])
if self.user != self.token.user:
raise Forbidden(
"You can only revoke tokens associated with your user")
def _checkParams(self):
RHUserBase._checkParams(self)
self.token = OAuthToken.get(request.view_args['id'])
if self.user != self.token.user:
raise Forbidden("You can only revoke tokens associated with your user")
