globuzma/canaille-globuzma
1
0
Fork 0
forked from Github-Mirrors/canaille
Code Pull requests Activity

Full authorization_code flow

Browse source
This commit is contained in:
Éloi Rivard 2020-08-17 18:49:05 +02:00
parent 1a145cb59e
commit 912f9db935
4 changed files with 16 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
config.sample.toml
View file

@ -1,5 +1,5 @@
SECRET_KEY = "change me before you go in production" SECRET_KEY = "change me before you go in production"
NAME = MyDomain NAME = "MyDomain"
# LOGO = "https://path/to/your/organization/logo.png" # LOGO = "https://path/to/your/organization/logo.png"
# If unset, language is detected # If unset, language is detected

6
web/ldaputils.py
View file

@ -26,9 +26,7 @@ class LDAPObjectHelper:
def __repr__(self): def __repr__(self):
return "<{} {}={}>".format( return "<{} {}={}>".format(
self.__class__.__name__, self.__class__.__name__, self.id, getattr(self, self.id)
self.id,
getattr(self, self.id)
) )
def keys(self): def keys(self):
@ -42,7 +40,7 @@ class LDAPObjectHelper:
self.__setattr__(k, v) self.__setattr__(k, v)
def delete(self): def delete(self):
raise NotImplementedError() g.ldap.delete_s(self.dn)
@property @property
def dn(self): def dn(self):

18
web/models.py
View file

@ -105,17 +105,17 @@ class AuthorizationCode(LDAPObjectHelper, AuthorizationCodeMixin):
def get_nonce(self): def get_nonce(self):
return self.oauthNonce return self.oauthNonce
def get_client_id(self): def is_expired(self):
return self.oauthClientID return (
datetime.datetime.strptime(self.oauthAuthorizationDate, "%Y%m%d%H%M%SZ")
def get_expires_in(self): + datetime.timedelta(seconds=int(self.oauthAuthorizationLifetime))
return self.oauthAuthorizationLifetime < datetime.datetime.now()
)
def get_expires_at(self):
return datetime.datetime.strptime(self.oauthAuthorizationDate, "%Y%m%d%H%M%SZ") + datetime.timedelta(seconds=int(self.oauthAuthorizationLifetime))
def get_auth_time(self): def get_auth_time(self):
auth_time = datetime.datetime.strptime(self.oauthAuthorizationDate, "%Y%m%d%H%M%SZ") auth_time = datetime.datetime.strptime(
self.oauthAuthorizationDate, "%Y%m%d%H%M%SZ"
)
return (auth_time - datetime.datetime(1970, 1, 1)).total_seconds() return (auth_time - datetime.datetime(1970, 1, 1)).total_seconds()

10
web/oauth2utils.py
View file

@ -24,9 +24,7 @@ DUMMY_JWT_CONFIG = {
def exists_nonce(nonce, req): def exists_nonce(nonce, req):
exists = AuthorizationCode.query.filter_by( exists = AuthorizationCode.filter(oauthClientID=req.client_id, oauthNonce=nonce)
client_id=req.client_id, nonce=nonce
).first()
return bool(exists) return bool(exists)
@ -43,7 +41,7 @@ def create_authorization_code(client, grant_user, request):
oauthClientID=client.oauthClientID, oauthClientID=client.oauthClientID,
oauthRedirectURI=request.redirect_uri or client.oauthRedirectURIs[0], oauthRedirectURI=request.redirect_uri or client.oauthRedirectURIs[0],
oauthScope=request.scope, oauthScope=request.scope,
oauthNonce=nonce or "nonce", #TODO oauthNonce=nonce,
oauthAuthorizationDate=now.strftime("%Y%m%d%H%M%SZ"), oauthAuthorizationDate=now.strftime("%Y%m%d%H%M%SZ"),
oauthAuthorizationLifetime=str(84000), oauthAuthorizationLifetime=str(84000),
) )
@ -59,7 +57,7 @@ class AuthorizationCodeGrant(_AuthorizationCodeGrant):
item = AuthorizationCode.filter( item = AuthorizationCode.filter(
oauthCode=code, oauthClientID=client.oauthClientID oauthCode=code, oauthClientID=client.oauthClientID
) )
if item and not item[0].get_expires_at() < datetime.datetime.now(): if item and not item[0].is_expired():
return item[0] return item[0]
def delete_authorization_code(self, authorization_code): def delete_authorization_code(self, authorization_code):
@ -143,7 +141,7 @@ def save_token(token, request):
oauthClientID=request.client.oauthClientID[0], oauthClientID=request.client.oauthClientID[0],
) )
if "refresh_token" in token: if "refresh_token" in token:
t.oauthRefreshToken=token["refresh_token"], t.oauthRefreshToken = (token["refresh_token"],)
t.save() t.save()