def user_get(): """ Returns user with the given username, email address or Twitter id """ name = request.form.get('name') if not name: return api_result('error', error='no_name_provided') user = getuser(name) if user: return api_result('ok', type='user', userid=user.userid, name=user.username, title=user.fullname) else: return api_result('error', error='not_found')
def validate_username(self, field): user = getuser(field.data) if user is None: raise wtf.ValidationError("Could not find a user with that id") self.user = user
def validate_password(self, field): user = getuser(self.username.data) if user is None or not user.password_is(field.data): raise wtf.ValidationError("Incorrect password") self.user = user
def validate_username(self, field): existing = getuser(field.data) if existing is None: raise wtf.ValidationError("User does not exist")
def validate_username(self, field): existing = getuser(field.data) if existing is None: raise wtf.ValidationError("User does not exist") self.user = existing
def oauth_token(): """ OAuth2 server -- token endpoint """ # Always required parameters grant_type = request.form.get('grant_type') client = g.client # Provided by @requires_client_login scope = request.form.get('scope', u'').split(u' ') # if grant_type == 'authorization_code' (POST) code = request.form.get('code') redirect_uri = request.form.get('redirect_uri') # if grant_type == 'password' (GET) username = request.form.get('username') password = request.form.get('password') # Validations 1: Required parameters if not grant_type: return oauth_token_error('invalid_request', "Missing grant_type") # grant_type == 'refresh_token' is not supported. All tokens are permanent unless revoked if grant_type not in ['authorization_code', 'client_credentials', 'password']: return oauth_token_error('unsupported_grant_type') # Validations 2: client scope if grant_type == 'client_credentials': # Client data. User isn't part of it try: verifyscope(scope, client) except ScopeException as scopeex: return oauth_token_error('invalid_scope', unicode(scopeex)) token = oauth_make_token(user=None, client=client, scope=scope) return oauth_token_success(token) # Validations 3: auth code elif grant_type == 'authorization_code': authcode = AuthCode.query.filter_by(code=code, client=client).first() if not authcode: return oauth_token_error('invalid_grant', "Unknown auth code") if authcode.created_at < (datetime.utcnow() - timedelta(minutes=1)): # XXX: Time limit: 1 minute db.session.delete(authcode) db.session.commit() return oauth_token_error('invalid_grant', "Expired auth code") # Validations 3.1: scope in authcode if not scope or scope[0] == '': return oauth_token_error('invalid_scope', "Scope is blank") if not set(scope).issubset(set(authcode.scope)): return oauth_token_error('invalid_scope', "Scope expanded") else: # Scope not provided. Use whatever the authcode allows scope = authcode.scope if redirect_uri != authcode.redirect_uri: return oauth_token_error('invalid_client', "redirect_uri does not match") token = oauth_make_token(user=authcode.user, client=client, scope=scope) db.session.delete(authcode) return oauth_token_success(token, userinfo=get_userinfo(user=authcode.user, client=client, scope=scope)) elif grant_type == 'password': # Validations 4.1: password grant_type is only for trusted clients if not client.trusted: # Refuse to untrusted clients return oauth_token_error('unauthorized_client', "Client is not trusted for password grant_type") # Validations 4.2: Are username and password provided and correct? if not username or not password: return oauth_token_error('invalid_request', "Username or password not provided") user = getuser(username) if not user: return oauth_token_error('invalid_client', "No such user") # XXX: invalid_client doesn't seem right if not user.password_is(password): return oauth_token_error('invalid_client', "Password mismatch") # Validations 4.3: verify scope try: verifyscope(scope, client) except ScopeException as scopeex: return oauth_token_error('invalid_scope', unicode(scopeex)) # All good. Grant access token = oauth_make_token(user=user, client=client, scope=scope) return oauth_token_success(token, userinfo=get_userinfo(user=user, client=client, scope=scope))
def validate_password(self, field): user = getuser(self.username.data) if user is None or not user.password_is(field.data): raise wtf.ValidationError, "Incorrect password" self.user = user