def put(self, *args, **kwargs): if 'user' not in kwargs or not args: self.raise401() # redirect_uris = self.get_argument('redirect_uris', None) app_name = self.get_argument('app_name', None) description = self.get_argument('description', None) website = self.get_argument('website', None) update = {} if app_name: update['set__app_name'] = app_name if description: update['set__description'] = description if website: update['set__website'] = website # if redirect_uris: # update['set_redirect_uris'] = parse_listed_strs(redirect_uris) user = kwargs['user'] path = parse_path(args[0]) client = Client.objects(app_name=path[0]).first() if not client or user != client.user: self.raise401() try: Client.objects(app_name=path[0]).update_one(**update) client = Client.objects(app_name=app_name or path[0]).first() client_data = document_to_json(client, filter_set=_FILTER) self.set_status(201) self.write(client_data) except Exception as e: reason = e.message self.raise400(reason=reason)
def get(self, *args, **kwargs): # /clients # /clients/:app_name if 'user' not in kwargs: self.raise401() user = kwargs['user'] if args: path = parse_path(args[0]) client = Client.objects(user=user, app_name=path[0]).first() if not client: self.raise404() client_data = document_to_json(client, filter_set=_FILTER) else: limit = self.get_argument('limit', None) start = self.get_argument('start', None) try: limit = int(limit) except: limit = None try: start = int(start) except: start = None clients = Client.objects(user=user) if limit and start: clients = clients[start: start+limit] elif limit: clients = clients[:limit] elif start: clients = clients[start:] client_data = query_to_json(clients, filter_set=_FILTER) self.write(client_data)
def delete(self, *args, **kwargs): if 'user' not in kwargs or not args: self.raise401() user = kwargs['user'] path = parse_path(args[0]) client = Client.objects(app_name=path[0]).first() if not client or user != client.user: self.raise401() try: Client.objects(app_name=path[0]).delete() self.set_status(204) self.finish() except Exception as e: reason = e.message self.raise400(reason=reason)
def post(self, *args, **kwargs): client_id = self.get_argument('client_id', None) user_id = self.get_argument('user_id', None) scopes = self.get_argument('scopes', []) try: base_uri, uri = self.get_uri() scopes_list = parse_listed_strs(scopes) client = Client.objects(client_id=client_id).first() user = User.objects(id=ObjectId(user_id)).first() cred = Credential.objects( client_id=client_id, user_id=user_id).first() if not client or not user or not cred: raise Exception('Authorization failed') credentials = { 'client_id': cred.client_id, 'response_type': cred.response_type, 'request': binary_to_request(cred.request), 'redirect_uri': cred.redirect_uri, 'state': cred.state, 'user': user, } content = self.endpoint.create_authorization_response( uri, 'GET', {}, {}, scopes_list, credentials) self.redirect(content[0]['Location']) except Exception as e: self.write(self.get_response(error=e))
def validate_response_type(self, client_id, response_type, client, request, *args, **kwargs): # Clients should only be allowed to use one type of response type, the # one associated with their one allowed grant type. # In this case it must be "code". client = Client.objects(client_id=client_id).first() return client.response_type == response_type
def authenticate_client(self, request, *args, **kwargs): # Whichever authentication method suits you, HTTP Basic might work client_secret = decode_basic_auth(request.headers['Authorization']) client_id = request.client_id client = Client.objects(client_id=client_id, client_secret=client_secret).first() request.client = client return client is not None
def authenticate_client(self, request, *args, **kwargs): # Whichever authentication method suits you, HTTP Basic might work client_secret = decode_basic_auth(request.headers['Authorization']) client_id = request.client_id client = Client.objects( client_id=client_id, client_secret=client_secret).first() request.client = client return client is not None
def save_authorization_code(self, client_id, code, request, *args, **kwargs): # Remember to associate it with request.scopes, request.redirect_uri # request.client, request.state and request.user (the last is passed in # post_authorization credentials, i.e. { 'user': request.user}. client = Client.objects(client_id=client_id).first() Code(client=client, user=request.user, state=request.state, code=code['code'], scopes=request.scopes, redirect_uri=request.redirect_uri, expires_at=get_utc_time(CODE_EXPIRE_TIME)).save()
def validate_grant_type(self, client_id, grant_type, client, request, *args, **kwargs): # Clients should only be allowed to use one type of grant. # In this case, it must be "authorization_code" or "refresh_token" client = Client.objects(client_id=client_id).first() # This might not be the correct implementation cg_type = client.grant_type if cg_type == 'authorization_code' or cg_type == 'password': if grant_type == 'refresh_token': return True return cg_type == grant_type
def validate_redirect_uri(self, client_id, redirect_uri, request, *args, **kwargs): # Is the client allowed to use the supplied redirect_uri? i.e. has # the client previously registered this EXACT redirect uri. client = Client.objects(client_id=client_id).first() base_uri = get_auth_base_uri() if client: for uri in client.redirect_uris: if redirect_uri == base_uri + uri: return True return False
def validate_code(self, client_id, code, client, request, *args, **kwargs): # Validate the code belongs to the client. Add associated scopes, # state and user to request.scopes, request.state and request.user. client = Client.objects(client_id=client_id).first() client_code = Code.objects(client=client).first() valid = client_code.code == code if valid and client_code.expires_at > get_utc_time(): request.scopes = client_code.scopes request.user = client_code.user request.state = client_code.state return True return False
def get_default_redirect_uri(self, client_id, request, *args, **kwargs): # The redirect used if none has been supplied. # Prefer your clients to pre register a redirect uri rather than # supplying one on each authorization request. client = Client.objects(client_id=client_id).first() return get_auth_base_uri() + client.default_redirect_uri
def authenticate_client_id(self, client_id, request, *args, **kwargs): # Don't allow public (non-authenticated) clients client = Client.objects(client_id=client_id).first() request.client = client return client is not None
def validate_client_id(self, client_id, request, *args, **kwargs): print('test!!!!!', request) client = Client.objects(client_id=client_id).first() return client is not None
def get_default_scopes(self, client_id, request, *args, **kwargs): # Scopes a client will authorize for if none are supplied in the # authorization request. client = Client.objects(client_id=client_id).first() return client.default_scopes