Merge pull request #1457 from coreos-inc/xauth
Add support for direct granting of OAuth tokens and add tests
This commit is contained in:
josephschorr
commit
a85c3ebff7
5 changed files with 216 additions and 18 deletions
|
|
@ -12,10 +12,11 @@ import features
|
|||
|
||||
from app import app, billing as stripe, build_logs, avatar, signer, log_archive, config_provider
|
||||
from auth import scopes
|
||||
from auth.auth import require_session_login, process_oauth
|
||||
from auth.auth import require_session_login, process_oauth, has_basic_auth, process_auth_or_cookie
|
||||
from auth.permissions import (AdministerOrganizationPermission, ReadRepositoryPermission,
|
||||
SuperUserPermission, AdministerRepositoryPermission,
|
||||
ModifyRepositoryPermission)
|
||||
from auth.auth_context import get_authenticated_user
|
||||
from buildtrigger.basehandler import BuildTriggerHandler
|
||||
from buildtrigger.bitbuckethandler import BitbucketBuildTrigger
|
||||
from buildtrigger.customhandler import CustomBuildTrigger
|
||||
|
|
@ -452,21 +453,27 @@ def build_status_badge(namespace_name, repo_name):
|
|||
|
||||
class FlaskAuthorizationProvider(model.oauth.DatabaseAuthorizationProvider):
|
||||
def get_authorized_user(self):
|
||||
return current_user.db_user()
|
||||
return get_authenticated_user()
|
||||
|
||||
def _make_response(self, body='', headers=None, status_code=200):
|
||||
return make_response(body, status_code, headers)
|
||||
|
||||
|
||||
@web.route('/oauth/authorizeapp', methods=['POST'])
|
||||
@csrf_protect
|
||||
@process_auth_or_cookie
|
||||
def authorize_application():
|
||||
if not current_user.is_authenticated:
|
||||
# Check for an authenticated user.
|
||||
if not get_authenticated_user():
|
||||
abort(401)
|
||||
return
|
||||
|
||||
provider = FlaskAuthorizationProvider()
|
||||
# If direct OAuth is not enabled or the user is not directly authed, verify CSRF.
|
||||
client_id = request.form.get('client_id', None)
|
||||
whitelist = app.config.get('DIRECT_OAUTH_CLIENTID_WHITELIST', [])
|
||||
if client_id not in whitelist or not has_basic_auth(get_authenticated_user().username):
|
||||
verify_csrf()
|
||||
|
||||
provider = FlaskAuthorizationProvider()
|
||||
redirect_uri = request.form.get('redirect_uri', None)
|
||||
scope = request.form.get('scope', None)
|
||||
|
||||
|
|
@ -474,7 +481,6 @@ def authorize_application():
|
|||
return provider.get_token_response('token', client_id, redirect_uri, scope=scope)
|
||||
|
||||
|
||||
|
||||
@web.route(app.config['LOCAL_OAUTH_HANDLER'], methods=['GET'])
|
||||
def oauth_local_handler():
|
||||
if not current_user.is_authenticated:
|
||||
|
|
|
|||
Reference in a new issue