Revision 8c7e1398 snf-pithos-app/pithos/api/util.py
| b/snf-pithos-app/pithos/api/util.py | ||
|---|---|---|
| 34 | 34 |
from functools import wraps |
| 35 | 35 |
from datetime import datetime |
| 36 | 36 |
from urllib import quote, unquote, urlencode |
| 37 |
from urlparse import urlunsplit, urlsplit, parse_qsl |
|
| 37 | 38 |
|
| 38 | 39 |
from django.http import (HttpResponse, Http404, HttpResponseRedirect, |
| 39 | 40 |
HttpResponseNotAllowed) |
| ... | ... | |
| 1196 | 1197 |
client_id, client_secret = OAUTH2_CLIENT_CREDENTIALS |
| 1197 | 1198 |
# TODO: check if client credentials are not set |
| 1198 | 1199 |
authorization_code = request.GET.get('code')
|
| 1200 |
redirect_uri = unquote(request.build_absolute_uri( |
|
| 1201 |
request.get_full_path())) |
|
| 1199 | 1202 |
if authorization_code is None: |
| 1200 | 1203 |
# request authorization code |
| 1201 | 1204 |
params = {'response_type': 'code',
|
| 1202 | 1205 |
'client_id': client_id, |
| 1203 |
'redirect_uri': |
|
| 1204 |
request.build_absolute_uri(request.path), |
|
| 1206 |
'redirect_uri': redirect_uri, |
|
| 1205 | 1207 |
'state': '', # TODO include state for security |
| 1206 | 1208 |
'scope': requested_resource} |
| 1207 | 1209 |
return HttpResponseRedirect('%s?%s' %
|
| ... | ... | |
| 1210 | 1212 |
urlencode(params))) |
| 1211 | 1213 |
else: |
| 1212 | 1214 |
# request short-term access token |
| 1213 |
redirect_uri = request.build_absolute_uri(request.path) |
|
| 1215 |
parts = list(urlsplit(redirect_uri)) |
|
| 1216 |
params = dict(parse_qsl(parts[3], keep_blank_values=True)) |
|
| 1217 |
if 'code' in params: # always True |
|
| 1218 |
del params['code'] |
|
| 1219 |
if 'state' in params: |
|
| 1220 |
del params['state'] |
|
| 1221 |
parts[3] = urlencode(params) |
|
| 1222 |
redirect_uri = urlunsplit(parts) |
|
| 1214 | 1223 |
data = astakos.get_token('authorization_code',
|
| 1215 | 1224 |
*OAUTH2_CLIENT_CREDENTIALS, |
| 1216 | 1225 |
redirect_uri=redirect_uri, |
| 1217 | 1226 |
scope=requested_resource, |
| 1218 | 1227 |
code=authorization_code) |
| 1219 |
params = {'access_token': data.get('access_token', '')}
|
|
| 1220 |
return HttpResponseRedirect('%s?%s' % (redirect_uri,
|
|
| 1221 |
urlencode(params))) |
|
| 1228 |
params['access_token'] = data.get('access_token', '')
|
|
| 1229 |
parts[3] = urlencode(params) |
|
| 1230 |
redirect_uri = urlunsplit(parts) |
|
| 1231 |
return HttpResponseRedirect(redirect_uri) |
|
| 1222 | 1232 |
except AstakosClientException, err: |
| 1223 | 1233 |
logger.exception(err) |
| 1224 | 1234 |
raise PermissionDenied |
Also available in: Unified diff