Fix #549 - Deauthorize OAuth applications

author: Jessica Tallon <jessica@megworld.co.uk> 2014-10-01 19:45:53 +0100
committer: Jessica Tallon <jessica@megworld.co.uk> 2014-10-01 19:45:53 +0100
commit: 7e15632b5aeec5c532d8ed026b69dba62f21b21a (patch)
tree: dd116242ff9b20f06bb49721e3ad5391ce1290a8 /mediagoblin/edit
parent: 36e27c4b76b762c46039fec2b4cfdd4d1955ebef (diff)
download: mediagoblin-7e15632b5aeec5c532d8ed026b69dba62f21b21a.tar.lz
mediagoblin-7e15632b5aeec5c532d8ed026b69dba62f21b21a.tar.xz
mediagoblin-7e15632b5aeec5c532d8ed026b69dba62f21b21a.zip
2 files changed, 31 insertions, 1 deletions
diff --git a/mediagoblin/edit/routing.py b/mediagoblin/edit/routing.py
index a2d03d26..b349975d 100644
--- a/mediagoblin/edit/routing.py
+++ b/mediagoblin/edit/routing.py
@@ -28,3 +28,5 @@ add_route('mediagoblin.edit.verify_email', '/edit/verify_email/',
     'mediagoblin.edit.views:verify_email')
 add_route('mediagoblin.edit.email', '/edit/email/',
     'mediagoblin.edit.views:change_email')
+add_route('mediagoblin.edit.deauthorize_applications', '/edit/deauthorize/',
+    'mediagoblin.edit.views:deauthorize_applications')
diff --git a/mediagoblin/edit/views.py b/mediagoblin/edit/views.py
index 7359f520..2ccf11ae 100644
--- a/mediagoblin/edit/views.py
+++ b/mediagoblin/edit/views.py
@@ -47,7 +47,7 @@ from mediagoblin.tools.text import (
     convert_to_tag_list_of_dicts, media_tags_as_string)
 from mediagoblin.tools.url import slugify
 from mediagoblin.db.util import check_media_slug_used, check_collection_slug_used
-from mediagoblin.db.models import User
+from mediagoblin.db.models import User, Client, AccessToken
 
 import mimetypes
 
@@ -258,6 +258,34 @@ def edit_account(request):
         {'user': user,
          'form': form})
 
+@require_active_login
+def deauthorize_applications(request):
+    """ Deauthroize OAuth applications """
+    if request.method == 'POST' and "application" in request.form:
+        token = request.form["application"]
+        access_token = AccessToken.query.filter_by(token=token).first()
+        if access_token is None:
+            messages.add_message(
+                request,
+                messages.ERROR,
+                _("Unknown application, not able to deauthorize")
+            )
+        else:
+            access_token.delete()
+            messages.add_message(
+                request,
+                messages.SUCCESS,
+                _("Application has been deauthorized")
+            )
+
+    access_tokens = AccessToken.query.filter_by(user=request.user.id)
+    applications = [(a.get_requesttoken, a) for a in access_tokens]
+
+    return render_to_response(
+        request,
+        'mediagoblin/edit/deauthorize_applications.html',
+        {'applications': applications}
+    )
 
 @require_active_login
 def delete_account(request):
author	Jessica Tallon <jessica@megworld.co.uk>	2014-10-01 19:45:53 +0100
committer	Jessica Tallon <jessica@megworld.co.uk>	2014-10-01 19:45:53 +0100
commit	7e15632b5aeec5c532d8ed026b69dba62f21b21a (patch)
tree	dd116242ff9b20f06bb49721e3ad5391ce1290a8 /mediagoblin/edit
parent	36e27c4b76b762c46039fec2b4cfdd4d1955ebef (diff)
download	mediagoblin-7e15632b5aeec5c532d8ed026b69dba62f21b21a.tar.lz mediagoblin-7e15632b5aeec5c532d8ed026b69dba62f21b21a.tar.xz mediagoblin-7e15632b5aeec5c532d8ed026b69dba62f21b21a.zip