diff options
| author | Joar Wandborg <git@wandborg.com> | 2012-09-21 13:02:35 +0200 |
|---|---|---|
| committer | Joar Wandborg <git@wandborg.com> | 2012-09-21 13:09:42 +0200 |
| commit | 88a9662be4f97da5b04a3842c8d0caa2652be355 (patch) | |
| tree | 1924afd6d94f4aa6932bb88feed150e9eae9fbe3 /mediagoblin/plugins/oauth/__init__.py | |
| parent | d4c066abf017bc7af8fa30a25248dbae9e40355d (diff) | |
| download | mediagoblin-88a9662be4f97da5b04a3842c8d0caa2652be355.tar.lz mediagoblin-88a9662be4f97da5b04a3842c8d0caa2652be355.tar.xz mediagoblin-88a9662be4f97da5b04a3842c8d0caa2652be355.zip | |
Added client registration caps to OAuth plugin
THE MIGRATIONS SUPPLIED WITH THIS COMMIT WILL DROP AND RE-CREATE YOUR
oauth__tokens AND oauth__codes TABLES. ALL YOUR OAUTH CODES AND TOKENS
WILL BE LOST.
- Fixed pylint issues in db/sql/migrations.
- Added __repr__ to the User model.
- Added _disable_cors option to json_response.
- Added crude error handling to the api.tools.api_auth decorator
- Updated the OAuth README.
- Added client registration, client overview, connection overview,
client authorization views and templates.
- Added error handling to the OAuthAuth Auth object.
- Added AuthorizationForm, ClientRegistrationForm in oauth/forms.
- Added migrations for OAuth, added client registration migration.
- Added OAuthClient, OAuthUserClient models.
- Added oauth/tools with require_client_auth decorator method.
Diffstat (limited to 'mediagoblin/plugins/oauth/__init__.py')
| -rw-r--r-- | mediagoblin/plugins/oauth/__init__.py | 43 |
1 files changed, 39 insertions, 4 deletions
diff --git a/mediagoblin/plugins/oauth/__init__.py b/mediagoblin/plugins/oauth/__init__.py index 33dcaf16..63bf49a8 100644 --- a/mediagoblin/plugins/oauth/__init__.py +++ b/mediagoblin/plugins/oauth/__init__.py @@ -18,11 +18,10 @@ import os import logging from routes.route import Route -from webob import exc from mediagoblin.tools import pluginapi -from mediagoblin.tools.response import render_to_response -from mediagoblin.plugins.oauth.models import OAuthToken +from mediagoblin.plugins.oauth.models import OAuthToken, OAuthClient, \ + OAuthUserClient from mediagoblin.plugins.api.tools import Auth _log = logging.getLogger(__name__) @@ -39,8 +38,19 @@ def setup_plugin(): routes = [ Route('mediagoblin.plugins.oauth.authorize', '/oauth/authorize', controller='mediagoblin.plugins.oauth.views:authorize'), + Route('mediagoblin.plugins.oauth.authorize_client', '/oauth/client/authorize', + controller='mediagoblin.plugins.oauth.views:authorize_client'), Route('mediagoblin.plugins.oauth.access_token', '/oauth/access_token', - controller='mediagoblin.plugins.oauth.views:access_token')] + controller='mediagoblin.plugins.oauth.views:access_token'), + Route('mediagoblin.plugins.oauth.access_token', + '/oauth/client/connections', + controller='mediagoblin.plugins.oauth.views:list_connections'), + Route('mediagoblin.plugins.oauth.register_client', + '/oauth/client/register', + controller='mediagoblin.plugins.oauth.views:register_client'), + Route('mediagoblin.plugins.oauth.list_clients', + '/oauth/client/list', + controller='mediagoblin.plugins.oauth.views:list_clients')] pluginapi.register_routes(routes) pluginapi.register_template_path(os.path.join(PLUGIN_DIR, 'templates')) @@ -54,17 +64,42 @@ class OAuthAuth(Auth): return False def __call__(self, request, *args, **kw): + self.errors = [] + # TODO: Add suport for client credentials authorization + client_id = request.GET.get('client_id') # TODO: Not used + client_secret = request.GET.get('client_secret') # TODO: Not used access_token = request.GET.get('access_token') + + _log.debug('Authorizing request {0}'.format(request.url)) + if access_token: token = OAuthToken.query.filter(OAuthToken.token == access_token)\ .first() if not token: + self.errors.append('Invalid access token') + return False + + _log.debug('Access token: {0}'.format(token)) + _log.debug('Client: {0}'.format(token.client)) + + relation = OAuthUserClient.query.filter( + (OAuthUserClient.user == token.user) + & (OAuthUserClient.client == token.client) + & (OAuthUserClient.state == u'approved')).first() + + _log.debug('Relation: {0}'.format(relation)) + + if not relation: + self.errors.append( + u'Client has not been approved by the resource owner') return False request.user = token.user return True + self.errors.append(u'No access_token specified') + return False hooks = { |