Projet

Général

Profil

0001-automatically-granted-scopes-defined-as-client-attri.patch

Serghei Mihai (congés, retour 15/05), 01 août 2014 11:16

Télécharger (10,7 ko)

Voir les différences: 

Subject: [PATCH] automatically granted scopes defined as client attribute
 instead of settings

Closes #5231

 authentic2_idp_oauth2/admin.py                     |  3 +-
 ...4_auto__add_field_a2client_authorized_scopes.py | 99 ++++++++++++++++++++++
 authentic2_idp_oauth2/models.py                    |  4 +
 authentic2_idp_oauth2/views.py                     | 11 ++-
 4 files changed, 110 insertions(+), 7 deletions(-)
 create mode 100644 authentic2_idp_oauth2/migrations/0004_auto__add_field_a2client_authorized_scopes.py
authentic2_idp_oauth2/admin.py
32 32 
            (None, {'fields': (
33 33 
                'name',
34 34 
                'user',
35 
                'authorized_scopes',
35 36 
                ) }),
36 37 
            (_('Location'), {'fields': (
37 38 
                'url',
......
42 43 
                'client_type',
43 44 
                'client_secret',
44 45 
                ) }),
45 
            (_('Logout'),
46 
        (_('Logout'),
46 47 
                {'fields': ('logout_url', 'logout_use_iframe', 'logout_use_iframe_timeout'),}),)
47 48 

  		




  48
  49
  
    
admin.site.register(models.WebService, WebServiceAdmin)

  		












  

    
      authentic2_idp_oauth2/migrations/0004_auto__add_field_a2client_authorized_scopes.py
    
  





  
  1
  
    
# -*- coding: utf-8 -*-

  		




  
  2
  
    
from south.utils import datetime_utils as datetime

  		




  
  3
  
    
from south.db import db

  		




  
  4
  
    
from south.v2 import SchemaMigration

  		




  
  5
  
    
from django.db import models

  		




  
  6
  
    

  		




  
  7
  
    

  		




  
  8
  
    
class Migration(SchemaMigration):

  		




  
  9
  
    

  		




  
  10
  
    
    def forwards(self, orm):

  		




  
  11
  
    
        # Adding field 'A2Client.authorized_scopes'

  		




  
  12
  
    
        db.add_column(u'authentic2_idp_oauth2_a2client', 'authorized_scopes',

  		




  
  13
  
    
                      self.gf('django.db.models.fields.CharField')(max_length=256, null=True, blank=True),

  		




  
  14
  
    
                      keep_default=False)

  		




  
  15
  
    

  		




  
  16
  
    

  		




  
  17
  
    
    def backwards(self, orm):

  		




  
  18
  
    
        # Deleting field 'A2Client.authorized_scopes'

  		




  
  19
  
    
        db.delete_column(u'authentic2_idp_oauth2_a2client', 'authorized_scopes')

  		




  
  20
  
    

  		




  
  21
  
    

  		




  
  22
  
    
    models = {

  		




  
  23
  
    
        u'auth.group': {

  		




  
  24
  
    
            'Meta': {'object_name': 'Group'},

  		




  
  25
  
    
            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),

  		




  
  26
  
    
            'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '80'}),

  		




  
  27
  
    
            'permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'})

  		




  
  28
  
    
        },

  		




  
  29
  
    
        u'auth.permission': {

  		




  
  30
  
    
            'Meta': {'ordering': "(u'content_type__app_label', u'content_type__model', u'codename')", 'unique_together': "((u'content_type', u'codename'),)", 'object_name': 'Permission'},

  		




  
  31
  
    
            'codename': ('django.db.models.fields.CharField', [], {'max_length': '100'}),

  		




  
  32
  
    
            'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['contenttypes.ContentType']"}),

  		




  
  33
  
    
            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),

  		




  
  34
  
    
            'name': ('django.db.models.fields.CharField', [], {'max_length': '50'})

  		




  
  35
  
    
        },

  		




  
  36
  
    
        u'auth.user': {

  		




  
  37
  
    
            'Meta': {'object_name': 'User'},

  		




  
  38
  
    
            'date_joined': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),

  		




  
  39
  
    
            'email': ('django.db.models.fields.EmailField', [], {'max_length': '75', 'blank': 'True'}),

  		




  
  40
  
    
            'first_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),

  		




  
  41
  
    
            'groups': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['auth.Group']", 'symmetrical': 'False', 'blank': 'True'}),

  		




  
  42
  
    
            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),

  		




  
  43
  
    
            'is_active': ('django.db.models.fields.BooleanField', [], {'default': 'True'}),

  		




  
  44
  
    
            'is_staff': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),

  		




  
  45
  
    
            'is_superuser': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),

  		




  
  46
  
    
            'last_login': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),

  		




  
  47
  
    
            'last_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),

  		




  
  48
  
    
            'password': ('django.db.models.fields.CharField', [], {'max_length': '128'}),

  		




  
  49
  
    
            'user_permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'}),

  		




  
  50
  
    
            'username': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '255'})

  		




  
  51
  
    
        },

  		




  
  52
  
    
        u'authentic2_idp_oauth2.a2client': {

  		




  
  53
  
    
            'Meta': {'object_name': 'A2Client', '_ormbases': [u'oauth2.Client']},

  		




  
  54
  
    
            'authorized_scopes': ('django.db.models.fields.CharField', [], {'max_length': '256', 'null': 'True', 'blank': 'True'}),

  		




  
  55
  
    
            u'client_ptr': ('django.db.models.fields.related.OneToOneField', [], {'to': u"orm['oauth2.Client']", 'unique': 'True', 'primary_key': 'True'}),

  		




  
  56
  
    
            'logout_url': ('django.db.models.fields.URLField', [], {'max_length': '255', 'null': 'True', 'blank': 'True'}),

  		




  
  57
  
    
            'logout_use_iframe': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),

  		




  
  58
  
    
            'logout_use_iframe_timeout': ('django.db.models.fields.PositiveIntegerField', [], {'default': '300'})

  		




  
  59
  
    
        },

  		




  
  60
  
    
        u'authentic2_idp_oauth2.attributerelease': {

  		




  
  61
  
    
            'Meta': {'object_name': 'AttributeRelease'},

  		




  
  62
  
    
            'attribute_name': ('django.db.models.fields.CharField', [], {'max_length': '64'}),

  		




  
  63
  
    
            'client': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['authentic2_idp_oauth2.A2Client']"}),

  		




  
  64
  
    
            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),

  		




  
  65
  
    
            'name': ('django.db.models.fields.CharField', [], {'max_length': '64'})

  		




  
  66
  
    
        },

  		




  
  67
  
    
        u'authentic2_idp_oauth2.webservice': {

  		




  
  68
  
    
            'Meta': {'object_name': 'WebService'},

  		




  
  69
  
    
            'allow_redirects': ('django.db.models.fields.BooleanField', [], {'default': 'True'}),

  		




  
  70
  
    
            'auth_mech': ('django.db.models.fields.CharField', [], {'default': "''", 'max_length': '16', 'blank': 'True'}),

  		




  
  71
  
    
            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),

  		




  
  72
  
    
            'name': ('django.db.models.fields.CharField', [], {'max_length': '32'}),

  		




  
  73
  
    
            'signature_key': ('django.db.models.fields.CharField', [], {'default': "''", 'max_length': '128', 'blank': 'True'}),

  		




  
  74
  
    
            'slug': ('django.db.models.fields.SlugField', [], {'max_length': '32'}),

  		




  
  75
  
    
            'timeout': ('django.db.models.fields.IntegerField', [], {'default': '10'}),

  		




  
  76
  
    
            'url': ('django.db.models.fields.CharField', [], {'max_length': '1024'}),

  		




  
  77
  
    
            'verify_certificate': ('django.db.models.fields.BooleanField', [], {'default': 'True'})

  		




  
  78
  
    
        },

  		




  
  79
  
    
        u'contenttypes.contenttype': {

  		




  
  80
  
    
            'Meta': {'ordering': "('name',)", 'unique_together': "(('app_label', 'model'),)", 'object_name': 'ContentType', 'db_table': "'django_content_type'"},

  		




  
  81
  
    
            'app_label': ('django.db.models.fields.CharField', [], {'max_length': '100'}),

  		




  
  82
  
    
            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),

  		




  
  83
  
    
            'model': ('django.db.models.fields.CharField', [], {'max_length': '100'}),

  		




  
  84
  
    
            'name': ('django.db.models.fields.CharField', [], {'max_length': '100'})

  		




  
  85
  
    
        },

  		




  
  86
  
    
        u'oauth2.client': {

  		




  
  87
  
    
            'Meta': {'object_name': 'Client'},

  		




  
  88
  
    
            'client_id': ('django.db.models.fields.CharField', [], {'default': "'cf075b80aceb0c66e850'", 'max_length': '255'}),

  		




  
  89
  
    
            'client_secret': ('django.db.models.fields.CharField', [], {'default': "'abcfb70705da942c4ab431697857e073f605bf5f'", 'max_length': '255'}),

  		




  
  90
  
    
            'client_type': ('django.db.models.fields.IntegerField', [], {}),

  		




  
  91
  
    
            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),

  		




  
  92
  
    
            'name': ('django.db.models.fields.CharField', [], {'max_length': '255', 'blank': 'True'}),

  		




  
  93
  
    
            'redirect_uri': ('django.db.models.fields.URLField', [], {'max_length': '200'}),

  		




  
  94
  
    
            'url': ('django.db.models.fields.URLField', [], {'max_length': '200'}),

  		




  
  95
  
    
            'user': ('django.db.models.fields.related.ForeignKey', [], {'blank': 'True', 'related_name': "'oauth2_client'", 'null': 'True', 'to': u"orm['auth.User']"})

  		




  
  96
  
    
        }

  		




  
  97
  
    
    }

  		




  
  98
  
    

  		




  
  99
  
    
    complete_apps = ['authentic2_idp_oauth2']

  		












  

    
      authentic2_idp_oauth2/models.py
    
  





  9
  9
  
    
from authentic2.managers import GetBySlugManager

  		




  10
  10
  
    

  		




  11
  11
  
    
class A2Client(LogoutUrlAbstract, Client):

  		




  
  12
  
    

  		




  
  13
  
    
    authorized_scopes = models.CharField('automatically granted scopes',

  		




  
  14
  
    
                                         max_length=256, blank=True, null=True,

  		




  
  15
  
    
                                         help_text=_('space separated scopes'))

  		




  12
  16
  
    
    class Meta:

  		




  13
  17
  
    
        verbose_name = _('client')

  		




  14
  18
  
    
        verbose_name_plural = _('clients')

  		












  

    
      authentic2_idp_oauth2/views.py
    
  





  88
  88
  
    
       automatic grant for some scopes and some clients

  		




  89
  89
  
    
    '''

  		




  90
  90
  
    
    def get_authorization_form(self, request, client, data, client_data):

  		




  91
  
  
    
        for url_prefix, scopes in app_settings.AUTOMATIC_GRANT:

  		




  92
  
  
    
            if client.url.startswith(url_prefix) and \

  		




  93
  
  
    
                scope.check(client_data['scope'], scope.to_int(*scopes)):

  		




  94
  
  
    
                # return an always valid form

  		




  95
  
  
    
                return forms.EmptyForm({}, scope=client_data['scope'])

  		




  
  91
  
    
        client_scopes = client.a2client.authorized_scopes.split(' ')

  		




  
  92
  
    
        if client_data['redirect_uri'].startswith(client.url) and \

  		




  
  93
  
    
           scope.check(client_data['scope'], scope.to_int(*client_scopes)):

  		




  
  94
  
    
            return forms.EmptyForm({}, scope=client_data['scope'])

  		




  96
  95
  
    
        return super(Authorize, self).get_authorization_form(

  		




  97
  
  
    
                request, client, data, client_data)

  		




  
  96
  
    
            request, client, data, client_data)

  		




  98
  97
  
    

  		




  99
  98
  
    
@api_view(['GET', 'POST', 'PUT', 'DELETE'])

  		




  100
  99
  
    
@authentication_classes([OAuth2Authentication, SessionAuthentication])

  		




  101
  
  
    
-