def token_endpoint(request):
validator = RequestValidator()
server = Server(validator)
uri, http_method, body, headers = extract_params(request)
server_response = server.create_token_response(
uri,
http_method,
body,
headers,
{},
)
return create_response(*server_response)
def verify_request(request, scopes):
validator = RequestValidator()
server = Server(validator)
uri, http_method, body, headers = extract_params(request)
valid, r = server.verify_request(
uri, http_method, body, headers, scopes,
)
if not valid:
raise HTTPUnauthorized()
return r.user
def _create_request_validator(self, scopes=None):
rv = RequestValidator(default_scopes=scopes)
request = Request('https://server.example.com/')
return rv, request
def __init__(self, request):
self.request = request
self.validator = RequestValidator()
self.server = Server(self.validator)
class AuthorizationEndpoint(object):
def __init__(self, request):
self.request = request
self.validator = RequestValidator()
self.server = Server(self.validator)
@view_config(route_name='oauth2_authorization_endpoint',
renderer='templates/application_authorization.pt',
permission='add-authorized-app',
request_method='GET')
def get(self):
uri, http_method, body, headers = extract_params(self.request)
try:
scopes, credentials = self.server.validate_authorization_request(
uri, http_method, body, headers,
)
app = self.validator.get_client(credentials['client_id'])
try:
auth_app = Session.query(AuthorizedApplication).filter(
AuthorizedApplication.user == self.request.user,
AuthorizedApplication.scope == scopes,
AuthorizedApplication.redirect_uri == credentials['redirect_uri'],
AuthorizedApplication.response_type == credentials['response_type'],
AuthorizedApplication.application == app,
).one()
except NoResultFound:
auth_app = None
if auth_app is not None:
credentials['user'] = self.request.user
server_response = self.server.create_authorization_response(
uri, http_method, body, headers, scopes, credentials,
)
return create_response(*server_response)
else:
authorship_information = app.user.email
pretty_scopes = self.validator.get_pretty_scopes(scopes)
return {
'response_type': credentials['response_type'],
'client_id': credentials['client_id'],
'redirect_uri': credentials['redirect_uri'],
'state': credentials['state'],
'scope': ' '.join(scopes),
'app': app,
'scopes': pretty_scopes,
'authorship_information': authorship_information,
}
except FatalClientError as e:
return response_from_error(e)
except OAuth2Error as e:
return HTTPFound(e.in_uri(e.redirect_uri))
@view_config(route_name='oauth2_authorization_endpoint',
permission='add-authorized-app',
request_method='POST')
def post(self):
uri, http_method, body, headers = extract_params(self.request)
redirect_uri = self.request.POST.get('redirect_uri')
if 'submit' in self.request.POST:
scope = self.request.POST.get('scope', '')
scopes = scope.split()
credentials = {
'client_id': self.request.POST.get('client_id'),
'redirect_uri': redirect_uri,
'response_type': self.request.POST.get('response_type'),
'state': self.request.POST.get('state'),
'user': self.request.user,
}
try:
server_response = self.server.create_authorization_response(
uri, http_method, body, headers, scopes, credentials,
)
app = Session.query(Application).filter(
Application.id == credentials['client_id'],
).one()
try:
auth_app = Session.query(AuthorizedApplication).filter(
AuthorizedApplication.user == self.request.user,
AuthorizedApplication.application == app,
).one()
except NoResultFound:
auth_app = AuthorizedApplication(
user=self.request.user,
application=app,
)
auth_app.redirect_uri = credentials['redirect_uri']
auth_app.response_type = credentials['response_type']
auth_app.scope = scopes
Session.add(auth_app)
return create_response(*server_response)
except FatalClientError as e:
return response_from_error(e)
elif 'cancel' in self.request.POST:
e = AccessDeniedError()
return HTTPFound(e.in_uri(redirect_uri))
def __init__(self, request):
self.request = request
self.validator = RequestValidator()
self.server = Server(self.validator)
class AuthorizationEndpoint(object):
def __init__(self, request):
self.request = request
self.validator = RequestValidator()
self.server = Server(self.validator)
@view_config(route_name='oauth2_authorization_endpoint',
renderer='templates/application_authorization.pt',
permission='add-authorized-app',
request_method='GET')
def get(self):
uri, http_method, body, headers = extract_params(self.request)
try:
scopes, credentials = self.server.validate_authorization_request(
uri,
http_method,
body,
headers,
)
app = self.validator.get_client(credentials['client_id'])
try:
auth_app = Session.query(AuthorizedApplication).filter(
AuthorizedApplication.user == self.request.user,
AuthorizedApplication.scope == scopes,
AuthorizedApplication.redirect_uri ==
credentials['redirect_uri'],
AuthorizedApplication.response_type ==
credentials['response_type'],
AuthorizedApplication.application == app,
).one()
except NoResultFound:
auth_app = None
if auth_app is not None:
credentials['user'] = self.request.user
server_response = self.server.create_authorization_response(
uri,
http_method,
body,
headers,
scopes,
credentials,
)
return create_response(*server_response)
else:
authorship_information = app.user.email
pretty_scopes = self.validator.get_pretty_scopes(scopes)
return {
'response_type': credentials['response_type'],
'client_id': credentials['client_id'],
'redirect_uri': credentials['redirect_uri'],
'state': credentials['state'],
'scope': ' '.join(scopes),
'app': app,
'scopes': pretty_scopes,
'authorship_information': authorship_information,
}
except FatalClientError as e:
return response_from_error(e)
except OAuth2Error as e:
return HTTPFound(e.in_uri(e.redirect_uri))
@view_config(route_name='oauth2_authorization_endpoint',
permission='add-authorized-app',
request_method='POST')
def post(self):
uri, http_method, body, headers = extract_params(self.request)
redirect_uri = self.request.POST.get('redirect_uri')
if 'submit' in self.request.POST:
scope = self.request.POST.get('scope', '')
scopes = scope.split()
credentials = {
'client_id': self.request.POST.get('client_id'),
'redirect_uri': redirect_uri,
'response_type': self.request.POST.get('response_type'),
'state': self.request.POST.get('state'),
'user': self.request.user,
}
try:
server_response = self.server.create_authorization_response(
uri,
http_method,
body,
headers,
scopes,
credentials,
)
app = Session.query(Application).filter(
Application.id == credentials['client_id'], ).one()
try:
auth_app = Session.query(AuthorizedApplication).filter(
AuthorizedApplication.user == self.request.user,
AuthorizedApplication.application == app,
).one()
except NoResultFound:
auth_app = AuthorizedApplication(
user=self.request.user,
application=app,
)
auth_app.redirect_uri = credentials['redirect_uri']
auth_app.response_type = credentials['response_type']
auth_app.scope = scopes
Session.add(auth_app)
return create_response(*server_response)
except FatalClientError as e:
return response_from_error(e)
elif 'cancel' in self.request.POST:
e = AccessDeniedError()
return HTTPFound(e.in_uri(redirect_uri))
