LDAPHelper shortcut

oauth2-openldap.ldif

@@ -25,7 +25,6 @@ olcAttributeTypes: ( 1.3.6.1.4.1.56207.1.1.3 NAME 'oauthRedirectURI'
         ORDERING caseIgnoreOrderingMatch
         SUBSTR caseIgnoreSubstringsMatch
         SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-        SINGLE-VALUE
         USAGE userApplications
         X-ORIGIN 'OAuth 2.0' )
 olcAttributeTypes: ( 1.3.6.1.4.1.56207.1.1.4 NAME 'oauthResponseType'

website/models.py

@@ -12,6 +12,7 @@ from authlib.oauth2.rfc6749 import (
 
 class LDAPObjectHelper:
     _object_class_by_name = None
+    _attribute_type_by_name = None
     may = None
     must = None
     base = None
@@ -127,7 +128,7 @@ class LDAPObjectHelper:
         if (not self.may or name not in self.may) and (not self.must or name not in self.must):
             return super().__getattribute__(name)
 
-        if not self._attribute_type_by_name[name].single_value:
+        if not self.attr_type_by_name() or not self.attr_type_by_name()[name].single_value:
             return self.attrs.get(name, [])
 
         return self.attrs.get(name, [None])[0]
@@ -137,7 +138,7 @@ class LDAPObjectHelper:
         if not isinstance(value, list):
             value = [value]
         if (self.may and name in self.may) or (self.must and name in self.must):
-            if self._attribute_type_by_name[name].single_value:
+            if self.attr_type_by_name()[name].single_value:
                 self.attrs[name] = [value]
             else:
                 self.attrs[name] = value
@@ -149,7 +150,7 @@ class User(LDAPObjectHelper):
     id = "cn"
 
     def __repr__(self):
-        return self.cn
+        return self.cn[0]
 
     def check_password(self, password):
         return password == "valid"
@@ -173,7 +174,7 @@ class Client(LDAPObjectHelper, ClientMixin):
         return redirect_uri in self.oauthRedirectURI
 
     def has_client_secret(self):
-        return self.oauthClientSecret and self.oauthClientSecret
+        return bool(self.oauthClientSecret)
 
     def check_client_secret(self, client_secret):
         return client_secret == self.oauthClientSecret

website/oauth2.py

@@ -138,7 +138,7 @@ def save_token(token, request):
         oauthRefreshToken=token["refresh_token"],
         oauthIssueDate=now.strftime("%Y%m%d%H%M%SZ"),
         oauthTokenLifetime=str(token["expires_in"]),
-        oauthScope=token["scope"].split(" "),
+        oauthScope=token["scope"],
         oauthClientID=request.client.oauthClientID[0],
     )
     token.save()

website/routes.py

@@ -25,13 +25,16 @@ def home():
         if not user:
             user = User(cn=username, sn=username)
             user.save()
+
         session["user_dn"] = user.dn
         return redirect("/")
+
     user = current_user()
     if user:
         clients = Client.filter()
     else:
         clients = []
+
     return render_template("home.html", user=user, clients=clients)
 
 
@@ -44,8 +47,10 @@ def create_client():
     user = current_user()
     if not user:
         return redirect("/")
+
     if request.method == "GET":
         return render_template("create_client.html")
+
     form = request.form
     client_id = gen_salt(24)
     client_id_issued_at = datetime.datetime.now().strftime("%Y%m%d%H%M%SZ")
@@ -76,13 +81,16 @@ def authorize():
         except OAuth2Error as error:
             return jsonify(dict(error.get_body()))
         return render_template("authorize.html", user=user, grant=grant)
+
     if not user and "username" in request.form:
         username = request.form.get("username")
         user = User.get(username)
+
     if request.form["confirm"]:
         grant_user = user
     else:
         grant_user = None
+
     return authorization.create_authorization_response(grant_user=grant_user)