Store authorization codes in database

0da8888b · kaiyou · 098f3828 · 0da8888b · 0da8888b
Commit 0da8888b authored 5 years ago by kaiyou
--- a/hiboo/sso/oidc.py
+++ b/hiboo/sso/oidc.py
@@ -10,10 +10,6 @@ from hiboo import models, utils, identity
 import flask


-AUTHORIZATION_CODES = {}
-NONCES = {}
-
-
 class Config(object):
    """ Handles service configuration and forms.
    """
@@ -90,27 +86,26 @@ class AuthorizationCodeGrant(grants_oauth2.AuthorizationCodeGrant):

    def create_authorization_code(self, client, grant_user, request):
        code = gen_salt(48)  # TODO
-        nonce = request.data.get('nonce')
-        item = AuthorizationCode(
-            code=code,
+        authorization_code = AuthorizationCode(
+            code=code, nonce=request.data.get('nonce'),
            client_id=client.client_id,
            redirect_uri=request.redirect_uri,
            scope=request.scope,
-            user_id=grant_user.uuid,
-            nonce=nonce
+            user_id=grant_user.uuid
        )
-        AUTHORIZATION_CODES[code] = item
-        NONCES[nonce] = item
+        models.db.session.add(authorization_code)
+        models.db.session.commit()
        return code

    def parse_authorization_code(self, code, client):
-        code = AUTHORIZATION_CODES.get(code)
-        if code and code.client_id == client.client_id:
-            return code
+        return AuthorizationCode.query.filter_by(
+            client_id=client.client_id,
+            code=code
+        ).first()

    def delete_authorization_code(self, authorization_code):
-        del AUTHORIZATION_CODES[authorization_code.code]
-        del NONCES[authorization_code.nonce]
+        models.db.session.delete(authorization_code)
+        models.db.session.commit()

    def authenticate_user(self, authorization_code):
        profile = models.Identity.query.get(authorization_code.user_id)
@@ -120,6 +115,7 @@ class AuthorizationCodeGrant(grants_oauth2.AuthorizationCodeGrant):
 class AuthorizationCode(models.db.Model, models_oauth2.OIDCAuthorizationCodeMixin):
    """ Authorization code object for storage
    """
+    __tablename__ = "oidc_authorization_code"

    user_id = models.db.Column(models.db.Text())

@@ -129,8 +125,9 @@ class OpenIDCode(oidc.grants.OpenIDCode):
    """

    def exists_nonce(self, nonce, request):
-        nonce = NONCES.get(nonce)
-        return nonce and nonce["client_id"] == request.client_id
+        return bool(AuthorizationCode.query.filter_by(
+            nonce=nonce, client_id=request.client_id).first()
+        )

    def get_jwt_config(self, grant):
        return {  # TODO

--- a/migrations/versions/5271f611b98b_.py
+++ b/migrations/versions/5271f611b98b_.py
+""" Add authorization codes in the database
+
+Revision ID: 5271f611b98b
+Revises: cfb466a78348
+Create Date: 2019-11-03 17:57:55.989647
+"""
+from alembic import op
+import sqlalchemy as sa
+
+
+revision = '5271f611b98b'
+down_revision = 'cfb466a78348'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    op.create_table('oidc_authorization_code',
+    sa.Column('code', sa.String(length=120), nullable=False),
+    sa.Column('client_id', sa.String(length=48), nullable=True),
+    sa.Column('redirect_uri', sa.Text(), nullable=True),
+    sa.Column('response_type', sa.Text(), nullable=True),
+    sa.Column('scope', sa.Text(), nullable=True),
+    sa.Column('auth_time', sa.Integer(), nullable=False),
+    sa.Column('nonce', sa.Text(), nullable=True),
+    sa.Column('user_id', sa.Text(), nullable=True),
+    sa.Column('uuid', sa.String(length=36), nullable=False),
+    sa.Column('created_at', sa.DateTime(), nullable=False),
+    sa.Column('updated_at', sa.DateTime(), nullable=True),
+    sa.Column('comment', sa.String(length=255), nullable=True),
+    sa.PrimaryKeyConstraint('uuid'),
+    sa.UniqueConstraint('code')
+    )
+
+def downgrade():
+    op.drop_table('oidc_authorization_code')