Add an oauth authorization page

2014-03-14 18:57:28 -04:00 · 2014-03-14 18:57:28 -04:00 · d469b41899
commit d469b41899
parent ab60a10a93
10 changed files with 287 additions and 41 deletions
--- a/endpoints/api/discovery.py
+++ b/endpoints/api/discovery.py
@ -102,7 +102,7 @@ def swagger_route_data():
  swagger_data = {
    'apiVersion': 'v1',
    'swaggerVersion': '1.2',
-    'basePath': 'http://ci.devtable.com:5000',
+    'basePath': 'http://localhost:5000',
    'resourcePath': '/',
    'info': {
      'title': 'Quay.io API',
@ -119,7 +119,7 @@ def swagger_route_data():
          "implicit": {
            "tokenName": "access_token",
            "loginEndpoint": {
-              "url": "http://ci.devtable.com:5000/oauth/authorize",
+              "url": "http://localhost:5000/oauth/authorize",
            },
          },
        },
--- a/endpoints/web.py
+++ b/endpoints/web.py
@ -14,8 +14,10 @@ from auth.permissions import AdministerOrganizationPermission
 from util.invoice import renderInvoiceToPdf
 from util.seo import render_snapshot
 from util.cache import no_cache
-from endpoints.common import common_login, render_page_template
+from endpoints.common import common_login, render_page_template, generate_csrf_token
 from util.names import parse_repository_name
+from util.gravatar import compute_hash
+from auth import scopes

 logger = logging.getLogger(__name__)

@ -239,6 +241,27 @@ class FlaskAuthorizationProvider(DatabaseAuthorizationProvider):
    return make_response(body, status_code, headers)


+@web.route('/oauth/authorizeapp', methods=['POST'])
+def authorize_application():
+  if not current_user.is_authenticated():
+    abort(401)
+    return
+
+  provider = FlaskAuthorizationProvider()
+  client_id = request.form.get('client_id', None)
+  redirect_uri = request.form.get('redirect_uri', None)
+  scope = request.form.get('scope', None)
+  csrf = request.form.get('csrf', None)
+
+  # Verify the csrf token.
+  if csrf != generate_csrf_token():
+    abort(404)
+    return
+
+  # Add the access token.
+  return provider.get_token_response('token', client_id, redirect_uri, scope=scope)
+
+
@web.route('/oauth/authorize', methods=['GET'])
@no_cache
 def request_authorization_code():
@ -248,6 +271,31 @@ def request_authorization_code():
  redirect_uri = request.args.get('redirect_uri', None)
  scope = request.args.get('scope', None)

+  if not provider.validate_has_scopes(client_id, scope):
+    if not provider.validate_redirect_uri(client_id, redirect_uri):
+      abort(404)
+      return
+
+    # Load the scope information.
+    scope_info = scopes.get_scope_information(scope)
+
+    # Load the application information.
+    oauth_app = provider.get_application_for_client_id(client_id)
+    oauth_app_view = {
+      'name': oauth_app.name,
+      'description': oauth_app.description,
+      'url': oauth_app.application_uri,
+      'organization': {
+        'name': oauth_app.organization.username,
+        'gravatar': compute_hash(oauth_app.organization.email)
+      }
+    }
+
+    # Show the authorization page.
+    return render_page_template('oauthorize.html', scopes=scope_info, application=oauth_app_view,
+                                enumerate=enumerate, client_id=client_id, redirect_uri=redirect_uri,
+                                scope=scope, csrf_token_val=generate_csrf_token())
+
  if response_type == 'token':
    return provider.get_token_response(response_type, client_id, redirect_uri, scope=scope)
  else: