def application(self): """ Get requesting application for custom login-or-signup. """ if self.request.method == 'GET': return get_oauth2_application_model().objects.get( client_id=self.request.GET.get('client_id')) elif self.request.method == 'POST': return get_oauth2_application_model().objects.get( client_id=self.request.POST.get('client_id'))
def application(self): """ Get requesting application for custom login-or-signup. """ if self.request.method == "GET": ret = get_oauth2_application_model().objects.filter( client_id=self.request.GET.get("client_id")) if ret.exists(): return ret.get() raise Http404 elif self.request.method == "POST": return get_oauth2_application_model().objects.get( client_id=self.request.POST.get("client_id"))
def application(self): """ Get requesting application for custom login-or-signup. """ if self.request.method == "GET": ret = get_oauth2_application_model().objects.filter( client_id=self.request.GET.get("client_id") ) if ret.exists(): return ret.get() raise Http404 elif self.request.method == "POST": return get_oauth2_application_model().objects.get( client_id=self.request.POST.get("client_id") )
def get(self, request, *args, **kwargs): """ Copied blatantly from super method. Had to change few stuff, but didn't find better way than copying and editing the whole stuff. Sin Count += 1 """ try: scopes, credentials = self.validate_authorization_request(request) try: del credentials['request'] # Removing oauthlib.Request from credentials. This is not required in future except KeyError: # pylint: disable=pointless-except pass kwargs['scopes_descriptions'] = [oauth2_settings.SCOPES[scope] for scope in scopes] kwargs['scopes'] = scopes # at this point we know an Application instance with such client_id exists in the database application = get_oauth2_application_model().objects.get( client_id=credentials['client_id']) # TODO: cache it! kwargs['application'] = application kwargs.update(credentials) self.oauth2_data = kwargs # following two loc are here only because of https://code.djangoproject.com/ticket/17795 form = self.get_form(self.get_form_class()) kwargs['form'] = form # Check to see if the user has already granted access and return # a successful response depending on 'approval_prompt' url parameter require_approval = request.GET.get('approval_prompt', oauth2_settings.REQUEST_APPROVAL_PROMPT) # If skip_authorization field is True, skip the authorization screen even # if this is the first use of the application and there was no previous authorization. # This is useful for in-house applications-> assume an in-house applications # are already approved. if application.skip_authorization: uri, headers, body, status = self.create_authorization_response( request=self.request, scopes=" ".join(scopes), credentials=credentials, allow=True) return HttpResponseUriRedirect(uri) elif require_approval == 'auto': tokens = request.user.accesstoken_set.filter(application=kwargs['application']).all().order_by('-id') if len(tokens) > 0: token = tokens[0] if len(tokens) > 1: # Enforce one token pair per user policy. Remove all older tokens request.user.accesstoken_set.exclude(pk=token.id).all().delete() # check past authorizations regarded the same scopes as the current one if token.allow_scopes(scopes): uri, headers, body, status = self.create_authorization_response( request=self.request, scopes=" ".join(scopes), credentials=credentials, allow=True) return HttpResponseUriRedirect(uri) return self.render_to_response(self.get_context_data(**kwargs)) except OAuthToolkitError as error: return self.error_response(error)
def get(self, request, pk): application = get_object_or_404(get_oauth2_application_model(), pk=pk) if not application.is_anonymous: user = request.user Grant.objects.filter(user=user, application_id=pk).delete() RefreshToken.objects.filter(user=user, application_id=pk).delete() AccessToken.objects.filter(user=user, application_id=pk).delete() return redirect('user:settings')
def form_valid(self, form): client_id = form.cleaned_data.get('client_id', '') application = get_oauth2_application_model().objects.get(client_id=client_id) scopes = form.cleaned_data.get('scope', '') scopes = set(scopes.split(' ')) scopes.update(set(get_default_scopes(application))) private_scopes = application.private_scopes if private_scopes: private_scopes = set(private_scopes.split(' ')) scopes.update(private_scopes) scopes = ' '.join(list(scopes)) form.cleaned_data['scope'] = scopes return super(CustomAuthorizationView, self).form_valid(form)
def form_valid(self, form): client_id = form.cleaned_data.get('client_id', '') application = get_oauth2_application_model().objects.get( client_id=client_id) scopes = form.cleaned_data.get('scope', '') scopes = set(scopes.split(' ')) scopes.update(set(get_default_scopes(application))) private_scopes = application.private_scopes if private_scopes: private_scopes = set(private_scopes.split(' ')) scopes.update(private_scopes) scopes = ' '.join(list(scopes)) form.cleaned_data['scope'] = scopes return super(CustomAuthorizationView, self).form_valid(form)
def form_valid(self, form, *args, **kwargs): application = get_oauth2_application_model().objects.get( id=self.kwargs['pk']) if application is not None and application.is_verified: if form.cleaned_data.get('client_id', '') != application.client_id: form.add_error( 'client_id', 'Client ID of a verified application cannot be changed') if form.cleaned_data.get('name', '') != application.name: form.add_error( 'name', 'Name of a verified application cannot be changed') if form.cleaned_data.get('redirect_uris', '') != application.redirect_uris: form.add_error( 'redirect_uris', 'Contact [email protected] to change redirect URIs of a verified application' ) if len(form.errors) > 0: return super(ApplicationUpdateView, self).form_invalid(form) return super(ApplicationUpdateView, self).form_valid(form)
def get_default_scopes(self, client_id, request, *args, **kwargs): application = get_object_or_404(get_oauth2_application_model(), client_id=client_id) return get_default_scopes(application)
def get(self, request, pk): application = get_object_or_404(get_oauth2_application_model(), pk=pk) if not application.is_anonymous: user = request.user AccessToken.objects.filter(user=user, application_id=pk).delete() return redirect('user:settings')
def application(self): """ Get requesting application for custom login-or-signup. """ return get_oauth2_application_model().objects.get( client_id=self.request.GET.get('client_id'))
def get_queryset(self): return get_oauth2_application_model().objects.filter(user=self.request.user)
def get_queryset(self): return get_oauth2_application_model().objects.filter( user=self.request.user)
def get(self, request, *args, **kwargs): """ Copied blantly from super method. Had to change few stuff, but didn't find better way than copying and editing the whole stuff. Sin Count += 1 """ try: scopes, credentials = self.validate_authorization_request(request) try: del credentials['request'] # Removing oauthlib.Request from credentials. This is not required in future except KeyError: pass kwargs['scopes_descriptions'] = [ oauth2_settings.SCOPES[scope] for scope in scopes ] kwargs['scopes'] = scopes # at this point we know an Application instance with such client_id exists in the database application = get_oauth2_application_model().objects.get( client_id=credentials['client_id']) # TODO: cache it! kwargs['application'] = application kwargs.update(credentials) self.oauth2_data = kwargs # following two loc are here only because of https://code.djangoproject.com/ticket/17795 form = self.get_form(self.get_form_class()) kwargs['form'] = form # Check to see if the user has already granted access and return # a successful response depending on 'approval_prompt' url parameter require_approval = request.GET.get( 'approval_prompt', oauth2_settings.REQUEST_APPROVAL_PROMPT) # If skip_authorization field is True, skip the authorization screen even # if this is the first use of the application and there was no previous authorization. # This is useful for in-house applications-> assume an in-house applications # are already approved. if application.skip_authorization: uri, headers, body, status = self.create_authorization_response( request=self.request, scopes=" ".join(scopes), credentials=credentials, allow=True) return HttpResponseUriRedirect(uri) elif require_approval == 'auto': tokens = request.user.accesstoken_set.filter( application=kwargs['application']).all().order_by('-id') if len(tokens) > 0: token = tokens[0] if len(tokens) > 1: # Enforce one token pair per user policy. Remove all older tokens request.user.accesstoken_set.exclude( pk=token.id).all().delete() # check past authorizations regarded the same scopes as the current one if token.allow_scopes(scopes): uri, headers, body, status = self.create_authorization_response( request=self.request, scopes=" ".join(scopes), credentials=credentials, allow=True) return HttpResponseUriRedirect(uri) return self.render_to_response(self.get_context_data(**kwargs)) except OAuthToolkitError as error: return self.error_response(error)