Add an oauth authorization page
This commit is contained in:
parent
ab60a10a93
commit
d469b41899
10 changed files with 287 additions and 41 deletions
|
@ -102,7 +102,7 @@ def swagger_route_data():
|
|||
swagger_data = {
|
||||
'apiVersion': 'v1',
|
||||
'swaggerVersion': '1.2',
|
||||
'basePath': 'http://ci.devtable.com:5000',
|
||||
'basePath': 'http://localhost:5000',
|
||||
'resourcePath': '/',
|
||||
'info': {
|
||||
'title': 'Quay.io API',
|
||||
|
@ -119,7 +119,7 @@ def swagger_route_data():
|
|||
"implicit": {
|
||||
"tokenName": "access_token",
|
||||
"loginEndpoint": {
|
||||
"url": "http://ci.devtable.com:5000/oauth/authorize",
|
||||
"url": "http://localhost:5000/oauth/authorize",
|
||||
},
|
||||
},
|
||||
},
|
||||
|
|
|
@ -14,8 +14,10 @@ from auth.permissions import AdministerOrganizationPermission
|
|||
from util.invoice import renderInvoiceToPdf
|
||||
from util.seo import render_snapshot
|
||||
from util.cache import no_cache
|
||||
from endpoints.common import common_login, render_page_template
|
||||
from endpoints.common import common_login, render_page_template, generate_csrf_token
|
||||
from util.names import parse_repository_name
|
||||
from util.gravatar import compute_hash
|
||||
from auth import scopes
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
@ -239,6 +241,27 @@ class FlaskAuthorizationProvider(DatabaseAuthorizationProvider):
|
|||
return make_response(body, status_code, headers)
|
||||
|
||||
|
||||
@web.route('/oauth/authorizeapp', methods=['POST'])
|
||||
def authorize_application():
|
||||
if not current_user.is_authenticated():
|
||||
abort(401)
|
||||
return
|
||||
|
||||
provider = FlaskAuthorizationProvider()
|
||||
client_id = request.form.get('client_id', None)
|
||||
redirect_uri = request.form.get('redirect_uri', None)
|
||||
scope = request.form.get('scope', None)
|
||||
csrf = request.form.get('csrf', None)
|
||||
|
||||
# Verify the csrf token.
|
||||
if csrf != generate_csrf_token():
|
||||
abort(404)
|
||||
return
|
||||
|
||||
# Add the access token.
|
||||
return provider.get_token_response('token', client_id, redirect_uri, scope=scope)
|
||||
|
||||
|
||||
@web.route('/oauth/authorize', methods=['GET'])
|
||||
@no_cache
|
||||
def request_authorization_code():
|
||||
|
@ -248,6 +271,31 @@ def request_authorization_code():
|
|||
redirect_uri = request.args.get('redirect_uri', None)
|
||||
scope = request.args.get('scope', None)
|
||||
|
||||
if not provider.validate_has_scopes(client_id, scope):
|
||||
if not provider.validate_redirect_uri(client_id, redirect_uri):
|
||||
abort(404)
|
||||
return
|
||||
|
||||
# Load the scope information.
|
||||
scope_info = scopes.get_scope_information(scope)
|
||||
|
||||
# Load the application information.
|
||||
oauth_app = provider.get_application_for_client_id(client_id)
|
||||
oauth_app_view = {
|
||||
'name': oauth_app.name,
|
||||
'description': oauth_app.description,
|
||||
'url': oauth_app.application_uri,
|
||||
'organization': {
|
||||
'name': oauth_app.organization.username,
|
||||
'gravatar': compute_hash(oauth_app.organization.email)
|
||||
}
|
||||
}
|
||||
|
||||
# Show the authorization page.
|
||||
return render_page_template('oauthorize.html', scopes=scope_info, application=oauth_app_view,
|
||||
enumerate=enumerate, client_id=client_id, redirect_uri=redirect_uri,
|
||||
scope=scope, csrf_token_val=generate_csrf_token())
|
||||
|
||||
if response_type == 'token':
|
||||
return provider.get_token_response(response_type, client_id, redirect_uri, scope=scope)
|
||||
else:
|
||||
|
|
Reference in a new issue