def vetting_result(): data = flask.request.get_json() qrcode = data.get('qrcode') try: qrdata = parse_opaque_data(qrcode) except InvalidOpaqueDataError as e: return make_response(str(e), 400) auth_req_data = current_app.authn_requests.pop(qrdata['nonce']) if not auth_req_data: # XXX: Short circuit vetting process for special nonce during development if qrdata['nonce'] in current_app.config.get('TEST_NONCE', []): current_app.logger.debug('Found test nonce {}'.format(qrdata['nonce'])) return development_license_check(data) # XXX: End remove later current_app.logger.debug('Received unknown nonce \'{}\''.format(qrdata['nonce'])) return make_response('Unknown nonce', 400) auth_req = AuthorizationRequest(**auth_req_data) user_id = auth_req['user_id'] try: current_app.logger.debug('Vetting data received: {}'.format(data)) # Check vetting data received parsed_data = parse_vetting_data(data) current_app.logger.debug('Vetting data parsed: {!r}'.format(parsed_data)) except ValueError as e: current_app.logger.error('Received malformed vetting data \'{}\''.format(data)) current_app.logger.error(e) return make_response('Malformed vetting data', 400) except KeyError as e: current_app.logger.error('Missing vetting data: \'{}\''.format(e)) return make_response('Missing vetting data: {}'.format(e), 400) # Save information needed for the next vetting step that uses the api try: yubico_state = current_app.yubico_states[auth_req['state']] except KeyError: yubico_state = { 'created': time(), 'state': auth_req['state'], 'client_id': auth_req['client_id'], 'user_id': user_id } else: # Yubico state already created via the api yubico_state.update({'client_id': auth_req['client_id'], 'user_id': user_id}) current_app.yubico_states[auth_req['state']] = yubico_state # Add soap license check to queue current_app.mobile_verify_service_queue.enqueue(verify_license, auth_req.to_dict(), parsed_data['front_image_data'], parsed_data['barcode_data'], parsed_data['mibi_data']) return make_response('OK', 200)
# verify the redirect_uri try: self.get_redirect_uri(areq) except (RedirectURIError, ParameterError), err: return self._error("invalid_request", "%s" % err) except Exception, err: message = traceback.format_exception(*sys.exc_info()) logger.error(message) logger.debug("Bad request: %s (%s)" % (err, err.__class__.__name__)) return BadRequest("%s" % err) if not areq: logger.debug("No AuthzRequest") return self._error("invalid_request", "No parsable AuthzRequest") logger.debug("AuthzRequest: %s" % (areq.to_dict(),)) try: redirect_uri = self.get_redirect_uri(areq) except (RedirectURIError, ParameterError, UnknownClient), err: return self._error("invalid_request", "%s" % err) try: # verify that the request message is correct areq.verify() except (MissingRequiredAttribute, ValueError), err: return self._redirect_authz_error("invalid_request", redirect_uri, "%s" % err) areq = self.handle_oidc_request(areq, redirect_uri) logger.debug("AuthzRequest+oidc_request: %s" % (areq.to_dict(),))