2017-11-03 02:42:57 -04:00
|
|
|
from jose import jwt
|
2017-11-02 01:36:16 -04:00
|
|
|
|
|
|
|
from datetime import datetime, timedelta
|
2017-12-17 17:51:06 -05:00
|
|
|
from django.contrib.auth import get_user_model
|
2017-11-02 01:36:16 -04:00
|
|
|
from django.conf import settings
|
2018-01-28 18:28:46 -05:00
|
|
|
|
|
|
|
from micropub.views import error
|
2017-12-17 17:51:06 -05:00
|
|
|
|
|
|
|
|
|
|
|
def auth(request):
|
|
|
|
if 'HTTP_AUTHORIZATION' in request.META:
|
|
|
|
auth = request.META.get('HTTP_AUTHORIZATION').split(' ')
|
|
|
|
if auth[0] != 'Bearer':
|
2018-01-28 18:28:46 -05:00
|
|
|
return error.bad_req('auth type {0} not supported'.format(auth[0]))
|
2017-12-17 17:51:06 -05:00
|
|
|
if len(auth) != 2:
|
2018-01-28 18:28:46 -05:00
|
|
|
return error.bad_req(
|
|
|
|
'invalid Bearer auth format, must be Bearer <token>'
|
2017-12-17 17:51:06 -05:00
|
|
|
)
|
|
|
|
token = auth[1]
|
|
|
|
elif 'access_token' in request.POST:
|
|
|
|
token = request.POST.get('access_token')
|
|
|
|
elif 'access_token' in request.GET:
|
|
|
|
token = request.GET.get('access_token')
|
|
|
|
else:
|
2018-01-28 18:28:46 -05:00
|
|
|
return error.unauthorized()
|
2017-12-17 17:51:06 -05:00
|
|
|
|
|
|
|
try:
|
|
|
|
token = decode(token)
|
|
|
|
except Exception as e:
|
2018-01-28 18:28:46 -05:00
|
|
|
return error.forbidden()
|
2017-12-17 17:51:06 -05:00
|
|
|
|
|
|
|
return MicropubToken(token)
|
|
|
|
|
|
|
|
|
|
|
|
class MicropubToken:
|
|
|
|
def __init__(self, tok):
|
|
|
|
self.user = get_user_model().objects.get(pk=tok['uid'])
|
|
|
|
self.client = tok['cid']
|
|
|
|
self.scope = tok['sco']
|
|
|
|
|
|
|
|
self.me = self.user.full_url
|
|
|
|
self.scopes = self.scope.split(' ')
|
|
|
|
|
|
|
|
def __contains__(self, scope):
|
|
|
|
return scope in self.scopes
|
2017-11-02 01:36:16 -04:00
|
|
|
|
|
|
|
|
2017-11-02 23:37:39 -04:00
|
|
|
def encode(payload):
|
|
|
|
return jwt.encode(payload, settings.SECRET_KEY, algorithm='HS256')
|
|
|
|
|
|
|
|
|
|
|
|
def decode(token):
|
|
|
|
return jwt.decode(token, settings.SECRET_KEY, algorithms=('HS256',))
|
|
|
|
|
|
|
|
|
2017-11-03 00:51:27 -04:00
|
|
|
def gen_auth_code(req):
|
2017-11-02 01:36:16 -04:00
|
|
|
code = {
|
2017-11-03 00:51:27 -04:00
|
|
|
'uid': req.user.id,
|
2017-11-03 01:14:30 -04:00
|
|
|
'cid': req.POST['client_id'],
|
|
|
|
'uri': req.POST['redirect_uri'],
|
|
|
|
'typ': req.POST.get('response_type', 'id'),
|
2017-11-02 23:33:27 -04:00
|
|
|
'iat': datetime.utcnow(),
|
|
|
|
'exp': datetime.utcnow() + timedelta(seconds=30),
|
2017-11-02 01:36:16 -04:00
|
|
|
}
|
2017-11-03 01:14:30 -04:00
|
|
|
if 'scope' in req.POST:
|
|
|
|
code['sco'] = ' '.join(req.POST.getlist('scope'))
|
2017-11-02 01:36:16 -04:00
|
|
|
|
2017-11-03 01:14:30 -04:00
|
|
|
return encode(code)
|
2017-11-03 02:18:00 -04:00
|
|
|
|
|
|
|
|
|
|
|
def gen_token(code):
|
|
|
|
tok = {
|
|
|
|
'uid': code['uid'],
|
|
|
|
'cid': code['cid'],
|
|
|
|
'sco': code['sco'],
|
|
|
|
'iat': datetime.utcnow(),
|
|
|
|
}
|
2017-11-03 02:42:57 -04:00
|
|
|
return encode(tok)
|