def exchange():
client_id = request.form.get("client_id")
client_secret = request.form.get("client_secret")
code = request.form.get("code")
if not client_id:
return { "error": "Missing client_id" }, 400
client = OAuthClient.query.filter(OAuthClient.client_id == client_id).first()
if not client:
return { "error": "Unknown client" }, 404
if client.client_secret != client_secret:
return { "error": "Incorrect client secret" }, 401
r = redis.Redis(unix_socket_path=_cfg("socket"), db=_cfg("database"))
_client_id = r.get("oauth.exchange.client." + code)
user_id = r.get("oauth.exchange.user." + code)
if not client_id or not user_id:
return { "error": "Unknown or expired exchange code" }, 404
_client_id = _client_id.decode("utf-8")
user_id = int(user_id.decode("utf-8"))
user = User.query.filter(User.id == user_id).first()
if not user or _client_id != client.client_id:
return { "error": "Unknown or expired exchange code" }, 404
token = OAuthToken.query.filter(OAuthToken.client == client, OAuthToken.user == user).first()
if not token:
token = OAuthToken(user, client)
db.add(token)
db.commit()
r.delete("oauth.exchange.client." + code)
r.delete("oauth.exchange.user." + code)
return { "token": token.token }
def create_user(arguments):
u = User(arguments['<name>'], arguments['<email>'],
arguments['<password>'])
if (u):
u.approved = True # approve user
u.approvalDate = datetime.now()
db.add(u)
db.commit()
print('User created')
else:
print('Couldn\'t create the uer')
def clients_POST():
name = request.form.get("name")
info_url = request.form.get("info_url")
redirect_uri = request.form.get("redirect_uri")
if not name or not info_url or not redirect_uri:
return render_template("oauth-clients.html", errors="All fields are required.")
if not info_url.startswith("http://") and not info_url.startswith("https://"):
return render_template("oauth-clients.html", errors="URL fields must be a URL.")
if not redirect_uri.startswith("http://") and not redirect_uri.startswith("https://"):
return render_template("oauth-clients.html", errors="URL fields must be a URL.")
if len(current_user.clients) > 10:
return render_template("oauth-clients.html", errors="You can only have 10 clients, chill out dude.")
client = OAuthClient(current_user, name, info_url, redirect_uri)
db.add(client)
db.commit()
return redirect("/oauth/clients")
def clients_POST():
name = request.form.get("name")
info_url = request.form.get("info_url")
redirect_uri = request.form.get("redirect_uri")
if not name or not info_url or not redirect_uri:
return render_template("oauth-clients.html",
errors="All fields are required.")
if not info_url.startswith("http://") and not info_url.startswith(
"https://"):
return render_template("oauth-clients.html",
errors="URL fields must be a URL.")
if not redirect_uri.startswith("http://") and not redirect_uri.startswith(
"https://"):
return render_template("oauth-clients.html",
errors="URL fields must be a URL.")
if len(current_user.clients) > 10:
return render_template(
"oauth-clients.html",
errors="You can only have 10 clients, chill out dude.")
client = OAuthClient(current_user, name, info_url, redirect_uri)
db.add(client)
db.commit()
return redirect("/oauth/clients")
def exchange():
client_id = request.form.get("client_id")
client_secret = request.form.get("client_secret")
code = request.form.get("code")
if not client_id:
return {"error": "Missing client_id"}, 400
client = OAuthClient.query.filter(
OAuthClient.client_id == client_id).first()
if not client:
return {"error": "Unknown client"}, 404
if client.client_secret != client_secret:
return {"error": "Incorrect client secret"}, 401
r = redis.Redis(unix_socket_path=_cfg("socket"), db=_cfg("database"))
_client_id = r.get("oauth.exchange.client." + code)
user_id = r.get("oauth.exchange.user." + code)
if not client_id or not user_id:
return {"error": "Unknown or expired exchange code"}, 404
_client_id = _client_id.decode("utf-8")
user_id = int(user_id.decode("utf-8"))
user = User.query.filter(User.id == user_id).first()
if not user or _client_id != client.client_id:
return {"error": "Unknown or expired exchange code"}, 404
token = OAuthToken.query.filter(OAuthToken.client == client,
OAuthToken.user == user).first()
if not token:
token = OAuthToken(user, client)
db.add(token)
db.commit()
r.delete("oauth.exchange.client." + code)
r.delete("oauth.exchange.user." + code)
return {"token": token.token}
