Some authorization_code work

2020-08-17 18:02:38 +02:00 · 2020-08-17 18:02:38 +02:00 · 1a145cb59e
commit 1a145cb59e
parent ea98ca6702
3 changed files with 17 additions and 12 deletions
--- a/web/ldaputils.py
+++ b/web/ldaputils.py
@ -41,6 +41,9 @@ class LDAPObjectHelper:
        for k, v in kwargs.items():
            self.__setattr__(k, v)

+    def delete(self):
+        raise NotImplementedError()
+
    @property
    def dn(self):
        if not self.id in self.attrs:
--- a/web/models.py
+++ b/web/models.py
@ -100,13 +100,10 @@ class AuthorizationCode(LDAPObjectHelper, AuthorizationCodeMixin):
        return self.oauthRedirectURI

    def get_scope(self):
-        return self.oauth2ScopeValue
+        return self.oauthScope

-    def is_refresh_token_active(self):
-        if self.revoked:
-            return False
-        expires_at = self.issued_at + self.expires_in * 2
-        return expires_at >= time.time()
+    def get_nonce(self):
+        return self.oauthNonce

    def get_client_id(self):
        return self.oauthClientID
@ -117,6 +114,10 @@ class AuthorizationCode(LDAPObjectHelper, AuthorizationCodeMixin):
    def get_expires_at(self):
        return datetime.datetime.strptime(self.oauthAuthorizationDate, "%Y%m%d%H%M%SZ") + datetime.timedelta(seconds=int(self.oauthAuthorizationLifetime))

+    def get_auth_time(self):
+        auth_time = datetime.datetime.strptime(self.oauthAuthorizationDate, "%Y%m%d%H%M%SZ")
+        return (auth_time - datetime.datetime(1970, 1, 1)).total_seconds()
+

 class Token(LDAPObjectHelper, TokenMixin):
    objectClass = ["oauthToken"]
--- a/web/oauth2utils.py
+++ b/web/oauth2utils.py
@ -31,7 +31,7 @@ def exists_nonce(nonce, req):


 def generate_user_info(user, scope):
-    return UserInfo(sub=str(user.id), name=user.username)
+    return UserInfo(sub=str(user.dn), name=user.sn)


 def create_authorization_code(client, grant_user, request):
@ -63,10 +63,10 @@ class AuthorizationCodeGrant(_AuthorizationCodeGrant):
            return item[0]

    def delete_authorization_code(self, authorization_code):
-        raise NotImplementedError()
+        authorization_code.delete()

    def authenticate_user(self, authorization_code):
-        return User.query.get(authorization_code.user_id)
+        return User.get(authorization_code.oauthSubject)


 class OpenIDCode(_OpenIDCode):
@ -134,16 +134,17 @@ def query_client(client_id):

 def save_token(token, request):
    now = datetime.datetime.now()
-    token = Token(
+    t = Token(
        oauthTokenType=token["token_type"],
        oauthAccessToken=token["access_token"],
-        oauthRefreshToken=token["refresh_token"],
        oauthIssueDate=now.strftime("%Y%m%d%H%M%SZ"),
        oauthTokenLifetime=str(token["expires_in"]),
        oauthScope=token["scope"],
        oauthClientID=request.client.oauthClientID[0],
    )
-    token.save()
+    if "refresh_token" in token:
+        t.oauthRefreshToken=token["refresh_token"],
+    t.save()


 class BearerTokenValidator(_BearerTokenValidator):