Add an oauth authorization page
This commit is contained in:
Joseph Schorr
parent
ab60a10a93
commit
d469b41899
10 changed files with 287 additions and 41 deletions
|
|
@ -14,8 +14,10 @@ from auth.permissions import AdministerOrganizationPermission
|
|||
from util.invoice import renderInvoiceToPdf
|
||||
from util.seo import render_snapshot
|
||||
from util.cache import no_cache
|
||||
from endpoints.common import common_login, render_page_template
|
||||
from endpoints.common import common_login, render_page_template, generate_csrf_token
|
||||
from util.names import parse_repository_name
|
||||
from util.gravatar import compute_hash
|
||||
from auth import scopes
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
|
@ -239,6 +241,27 @@ class FlaskAuthorizationProvider(DatabaseAuthorizationProvider):
|
|||
return make_response(body, status_code, headers)
|
||||
|
||||
|
||||
@web.route('/oauth/authorizeapp', methods=['POST'])
|
||||
def authorize_application():
|
||||
if not current_user.is_authenticated():
|
||||
abort(401)
|
||||
return
|
||||
|
||||
provider = FlaskAuthorizationProvider()
|
||||
client_id = request.form.get('client_id', None)
|
||||
redirect_uri = request.form.get('redirect_uri', None)
|
||||
scope = request.form.get('scope', None)
|
||||
csrf = request.form.get('csrf', None)
|
||||
|
||||
# Verify the csrf token.
|
||||
if csrf != generate_csrf_token():
|
||||
abort(404)
|
||||
return
|
||||
|
||||
# Add the access token.
|
||||
return provider.get_token_response('token', client_id, redirect_uri, scope=scope)
|
||||
|
||||
|
||||
@web.route('/oauth/authorize', methods=['GET'])
|
||||
@no_cache
|
||||
def request_authorization_code():
|
||||
|
|
@ -248,6 +271,31 @@ def request_authorization_code():
|
|||
redirect_uri = request.args.get('redirect_uri', None)
|
||||
scope = request.args.get('scope', None)
|
||||
|
||||
if not provider.validate_has_scopes(client_id, scope):
|
||||
if not provider.validate_redirect_uri(client_id, redirect_uri):
|
||||
abort(404)
|
||||
return
|
||||
|
||||
# Load the scope information.
|
||||
scope_info = scopes.get_scope_information(scope)
|
||||
|
||||
# Load the application information.
|
||||
oauth_app = provider.get_application_for_client_id(client_id)
|
||||
oauth_app_view = {
|
||||
'name': oauth_app.name,
|
||||
'description': oauth_app.description,
|
||||
'url': oauth_app.application_uri,
|
||||
'organization': {
|
||||
'name': oauth_app.organization.username,
|
||||
'gravatar': compute_hash(oauth_app.organization.email)
|
||||
}
|
||||
}
|
||||
|
||||
# Show the authorization page.
|
||||
return render_page_template('oauthorize.html', scopes=scope_info, application=oauth_app_view,
|
||||
enumerate=enumerate, client_id=client_id, redirect_uri=redirect_uri,
|
||||
scope=scope, csrf_token_val=generate_csrf_token())
|
||||
|
||||
if response_type == 'token':
|
||||
return provider.get_token_response(response_type, client_id, redirect_uri, scope=scope)
|
||||
else:
|
||||
|
|
|
|||
Reference in a new issue