import datetime from flask import Blueprint, request, session from flask import render_template, redirect, jsonify from werkzeug.security import gen_salt from authlib.oauth2 import OAuth2Error from .models import User, Client from .oauth2 import authorization, require_oauth bp = Blueprint(__name__, "home") def current_user(): if "user_dn" in session: return User.get(session["user_dn"]) return None @bp.route("/", methods=("GET", "POST")) def home(): if request.method == "POST": username = request.form.get("username") user = User.get(username) if not user: user = User(cn=username, sn=username) user.save() session["user_dn"] = user.dn return redirect("/") user = current_user() if user: clients = Client.filter() else: clients = [] return render_template("home.html", user=user, clients=clients) def split_by_crlf(s): return [v for v in s.splitlines() if v] @bp.route("/create_client", methods=("GET", "POST")) def create_client(): user = current_user() if not user: return redirect("/") if request.method == "GET": return render_template("create_client.html") form = request.form client_id = gen_salt(24) client_id_issued_at = datetime.datetime.now().strftime("%Y%m%d%H%M%SZ") client = Client( oauthClientID=client_id, oauthIssueDate=client_id_issued_at, oauthClientName=form["client_name"], oauthClientURI=form["client_uri"], oauthGrantType=split_by_crlf(form["grant_type"]), oauthRedirectURI=split_by_crlf(form["redirect_uri"]), oauthResponseType=split_by_crlf(form["response_type"]), oauthScope=form["scope"], oauthTokenEndpointAuthMethod=form["token_endpoint_auth_method"], oauthClientSecret="" if form["token_endpoint_auth_method"] == "none" else gen_salt(48), ) client.save() return redirect("/") @bp.route("/oauth/authorize", methods=["GET", "POST"]) def authorize(): user = current_user() if request.method == "GET": try: grant = authorization.validate_consent_request(end_user=user) except OAuth2Error as error: return jsonify(dict(error.get_body())) return render_template("authorize.html", user=user, grant=grant) if not user and "username" in request.form: username = request.form.get("username") user = User.get(username) if request.form["confirm"]: grant_user = user else: grant_user = None return authorization.create_authorization_response(grant_user=grant_user) @bp.route("/logout") def logout(): del session["user_dn"] return redirect("/") @bp.route("/oauth/token", methods=["POST"]) def issue_token(): return authorization.create_token_response() @bp.route("/api/me") @require_oauth("profile") def api_me(): return jsonify(foo="bar")