Add ability for users to see their authorized applications and revoke the access

2014-03-24 20:57:02 -04:00 · 2014-03-24 20:57:02 -04:00 · c82d1ffe98
commit c82d1ffe98
parent e92cf37583
10 changed files with 262 additions and 3 deletions
--- a/endpoints/api/user.py
+++ b/endpoints/api/user.py
@ -385,4 +385,57 @@ class UserNotificationList(ApiResource):
    notifications = model.list_notifications(get_authenticated_user())
    return {
      'notifications': [notification_view(notification) for notification in notifications]
-    }
+    }
+
+
+def authorization_view(access_token):
+  oauth_app = access_token.application
+  return {
+    'application': {
+      'name': oauth_app.name,
+      'description': oauth_app.description,
+      'url': oauth_app.application_uri,
+      'gravatar': compute_hash(oauth_app.gravatar_email or oauth_app.organization.email),
+      'organization': {
+        'name': oauth_app.organization.username,
+        'gravatar': compute_hash(oauth_app.organization.email)
+      }
+    },
+    'scopes': scopes.get_scope_information(access_token.scope),
+    'uuid': access_token.uuid
+  }
+
+@resource('/v1/user/authorizations')
+@internal_only
+class UserAuthorizationList(ApiResource):
+  @require_user_admin
+  @nickname('listUserAuthorizations')
+  def get(self):
+    access_tokens = model.oauth.list_access_tokens_for_user(get_authenticated_user())
+
+    return {
+      'authorizations': [authorization_view(token) for token in access_tokens]
+    }
+
+
+@resource('/v1/user/authorizations/<access_token_uuid>')
+@internal_only
+class UserAuthorization(ApiResource):
+  @require_user_admin
+  @nickname('getUserAuthorization')
+  def get(self, access_token_uuid):
+    access_token = model.oauth.lookup_access_token_for_user(get_authenticated_user(), access_token_uuid)
+    if not access_token:
+      raise NotFound()
+
+    return authorization_view(access_token)
+
+  @require_user_admin
+  @nickname('deleteUserAuthorization')
+  def delete(self, access_token_uuid):
+    access_token = model.oauth.lookup_access_token_for_user(get_authenticated_user(), access_token_uuid)
+    if not access_token:
+      raise NotFound()
+
+    access_token.delete_instance(recursive=True, delete_nullable=True)
+    return 'Deleted', 204