Skip to content
Snippets Groups Projects
Commit 0da8888b authored by kaiyou's avatar kaiyou
Browse files

Store authorization codes in database

parent 098f3828
No related branches found
No related tags found
No related merge requests found
Pipeline #287 failed
......@@ -10,10 +10,6 @@ from hiboo import models, utils, identity
import flask
AUTHORIZATION_CODES = {}
NONCES = {}
class Config(object):
""" Handles service configuration and forms.
"""
......@@ -90,27 +86,26 @@ class AuthorizationCodeGrant(grants_oauth2.AuthorizationCodeGrant):
def create_authorization_code(self, client, grant_user, request):
code = gen_salt(48) # TODO
nonce = request.data.get('nonce')
item = AuthorizationCode(
code=code,
authorization_code = AuthorizationCode(
code=code, nonce=request.data.get('nonce'),
client_id=client.client_id,
redirect_uri=request.redirect_uri,
scope=request.scope,
user_id=grant_user.uuid,
nonce=nonce
user_id=grant_user.uuid
)
AUTHORIZATION_CODES[code] = item
NONCES[nonce] = item
models.db.session.add(authorization_code)
models.db.session.commit()
return code
def parse_authorization_code(self, code, client):
code = AUTHORIZATION_CODES.get(code)
if code and code.client_id == client.client_id:
return code
return AuthorizationCode.query.filter_by(
client_id=client.client_id,
code=code
).first()
def delete_authorization_code(self, authorization_code):
del AUTHORIZATION_CODES[authorization_code.code]
del NONCES[authorization_code.nonce]
models.db.session.delete(authorization_code)
models.db.session.commit()
def authenticate_user(self, authorization_code):
profile = models.Identity.query.get(authorization_code.user_id)
......@@ -120,6 +115,7 @@ class AuthorizationCodeGrant(grants_oauth2.AuthorizationCodeGrant):
class AuthorizationCode(models.db.Model, models_oauth2.OIDCAuthorizationCodeMixin):
""" Authorization code object for storage
"""
__tablename__ = "oidc_authorization_code"
user_id = models.db.Column(models.db.Text())
......@@ -129,8 +125,9 @@ class OpenIDCode(oidc.grants.OpenIDCode):
"""
def exists_nonce(self, nonce, request):
nonce = NONCES.get(nonce)
return nonce and nonce["client_id"] == request.client_id
return bool(AuthorizationCode.query.filter_by(
nonce=nonce, client_id=request.client_id).first()
)
def get_jwt_config(self, grant):
return { # TODO
......
""" Add authorization codes in the database
Revision ID: 5271f611b98b
Revises: cfb466a78348
Create Date: 2019-11-03 17:57:55.989647
"""
from alembic import op
import sqlalchemy as sa
revision = '5271f611b98b'
down_revision = 'cfb466a78348'
branch_labels = None
depends_on = None
def upgrade():
op.create_table('oidc_authorization_code',
sa.Column('code', sa.String(length=120), nullable=False),
sa.Column('client_id', sa.String(length=48), nullable=True),
sa.Column('redirect_uri', sa.Text(), nullable=True),
sa.Column('response_type', sa.Text(), nullable=True),
sa.Column('scope', sa.Text(), nullable=True),
sa.Column('auth_time', sa.Integer(), nullable=False),
sa.Column('nonce', sa.Text(), nullable=True),
sa.Column('user_id', sa.Text(), nullable=True),
sa.Column('uuid', sa.String(length=36), nullable=False),
sa.Column('created_at', sa.DateTime(), nullable=False),
sa.Column('updated_at', sa.DateTime(), nullable=True),
sa.Column('comment', sa.String(length=255), nullable=True),
sa.PrimaryKeyConstraint('uuid'),
sa.UniqueConstraint('code')
)
def downgrade():
op.drop_table('oidc_authorization_code')
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment