Full authorization_code flow

2020-08-17 18:49:05 +02:00 · 2020-08-17 18:49:05 +02:00 · 912f9db935
commit 912f9db935
parent 1a145cb59e
4 changed files with 16 additions and 20 deletions
--- a/config.sample.toml
+++ b/config.sample.toml
@ -1,5 +1,5 @@
 SECRET_KEY = "change me before you go in production"
-NAME = MyDomain
+NAME = "MyDomain"
 # LOGO = "https://path/to/your/organization/logo.png"

 # If unset, language is detected
--- a/web/ldaputils.py
+++ b/web/ldaputils.py
@ -26,9 +26,7 @@ class LDAPObjectHelper:

    def __repr__(self):
        return "<{} {}={}>".format(
-            self.__class__.__name__,
-            self.id,
-            getattr(self, self.id)
+            self.__class__.__name__, self.id, getattr(self, self.id)
        )

    def keys(self):
@ -42,7 +40,7 @@ class LDAPObjectHelper:
            self.__setattr__(k, v)

    def delete(self):
-        raise NotImplementedError()
+        g.ldap.delete_s(self.dn)

    @property
    def dn(self):
--- a/web/models.py
+++ b/web/models.py
@ -105,17 +105,17 @@ class AuthorizationCode(LDAPObjectHelper, AuthorizationCodeMixin):
    def get_nonce(self):
        return self.oauthNonce

-    def get_client_id(self):
-        return self.oauthClientID
-
-    def get_expires_in(self):
-        return self.oauthAuthorizationLifetime
-
-    def get_expires_at(self):
-        return datetime.datetime.strptime(self.oauthAuthorizationDate, "%Y%m%d%H%M%SZ") + datetime.timedelta(seconds=int(self.oauthAuthorizationLifetime))
+    def is_expired(self):
+        return (
+            datetime.datetime.strptime(self.oauthAuthorizationDate, "%Y%m%d%H%M%SZ")
+            + datetime.timedelta(seconds=int(self.oauthAuthorizationLifetime))
+            < datetime.datetime.now()
+        )

    def get_auth_time(self):
-        auth_time = datetime.datetime.strptime(self.oauthAuthorizationDate, "%Y%m%d%H%M%SZ")
+        auth_time = datetime.datetime.strptime(
+            self.oauthAuthorizationDate, "%Y%m%d%H%M%SZ"
+        )
        return (auth_time - datetime.datetime(1970, 1, 1)).total_seconds()


--- a/web/oauth2utils.py
+++ b/web/oauth2utils.py
@ -24,9 +24,7 @@ DUMMY_JWT_CONFIG = {


 def exists_nonce(nonce, req):
-    exists = AuthorizationCode.query.filter_by(
-        client_id=req.client_id, nonce=nonce
-    ).first()
+    exists = AuthorizationCode.filter(oauthClientID=req.client_id, oauthNonce=nonce)
    return bool(exists)


@ -43,7 +41,7 @@ def create_authorization_code(client, grant_user, request):
        oauthClientID=client.oauthClientID,
        oauthRedirectURI=request.redirect_uri or client.oauthRedirectURIs[0],
        oauthScope=request.scope,
-        oauthNonce=nonce or "nonce", #TODO
+        oauthNonce=nonce,
        oauthAuthorizationDate=now.strftime("%Y%m%d%H%M%SZ"),
        oauthAuthorizationLifetime=str(84000),
    )
@ -59,7 +57,7 @@ class AuthorizationCodeGrant(_AuthorizationCodeGrant):
        item = AuthorizationCode.filter(
            oauthCode=code, oauthClientID=client.oauthClientID
        )
-        if item and not item[0].get_expires_at() < datetime.datetime.now():
+        if item and not item[0].is_expired():
            return item[0]

    def delete_authorization_code(self, authorization_code):
@ -143,7 +141,7 @@ def save_token(token, request):
        oauthClientID=request.client.oauthClientID[0],
    )
    if "refresh_token" in token:
-        t.oauthRefreshToken=token["refresh_token"],
+        t.oauthRefreshToken = (token["refresh_token"],)
    t.save()