django-oidc-provider/oidc_provider/lib/endpoints/token.py

import urllib

from django.http import JsonResponse

from oidc_provider.lib.errors import *
from oidc_provider.lib.utils.params import *
from oidc_provider.lib.utils.token import *
from oidc_provider.models import *
from oidc_provider import settings


class TokenEndpoint(object):

    def __init__(self, request):
        self.request = request
        self.params = Params()
        self._extract_params()

    def _extract_params(self):
        query_dict = self.request.POST

        self.params.client_id = query_dict.get('client_id', '')
        self.params.client_secret = query_dict.get('client_secret', '')
        self.params.redirect_uri = urllib.unquote(
            query_dict.get('redirect_uri', ''))
        self.params.grant_type = query_dict.get('grant_type', '')
        self.params.code = query_dict.get('code', '')
        self.params.state = query_dict.get('state', '')

    def validate_params(self):
        if not (self.params.grant_type == 'authorization_code'):
            raise TokenError('unsupported_grant_type')

        try:
            self.client = Client.objects.get(client_id=self.params.client_id)

            if not (self.client.client_secret == self.params.client_secret):
                raise TokenError('invalid_client')

            if not (self.params.redirect_uri in self.client.redirect_uris):
                raise TokenError('invalid_client')

            self.code = Code.objects.get(code=self.params.code)

            if not (self.code.client == self.client) \
               or self.code.has_expired():
                raise TokenError('invalid_grant')

        except Client.DoesNotExist:
            raise TokenError('invalid_client')

        except Code.DoesNotExist:
            raise TokenError('invalid_grant')

    def create_response_dic(self):
        id_token_dic = create_id_token(
            user=self.code.user,
            aud=self.client.client_id)

        token = create_token(
            user=self.code.user,
            client=self.code.client,
            id_token_dic=id_token_dic,
            scope=self.code.scope)

        # Store the token.
        token.save()

        # We don't need to store the code anymore.
        self.code.delete()

        id_token = encode_id_token(id_token_dic, self.client.client_secret)

        dic = {
            'access_token': token.access_token,
            'token_type': 'bearer',
            'expires_in': settings.get('OIDC_TOKEN_EXPIRE'),
            'id_token': id_token,
        }

        return dic

    @classmethod
    def response(cls, dic, status=200):
        """
        Create and return a response object.
        """
        response = JsonResponse(dic, status=status)
        response['Cache-Control'] = 'no-store'
        response['Pragma'] = 'no-cache'

        return response
Add custom SUB generator for ID TOKEN. 2015-03-02 20:37:54 +00:00			`import urllib`

Add Implicit flow support. 2015-01-08 20:55:24 +00:00			`from django.http import JsonResponse`
Add custom SUB generator for ID TOKEN. 2015-03-02 20:37:54 +00:00
Change name of the package. 2015-02-18 18:07:22 +00:00			`from oidc_provider.lib.errors import *`
			`from oidc_provider.lib.utils.params import *`
			`from oidc_provider.lib.utils.token import *`
			`from oidc_provider.models import *`
			`from oidc_provider import settings`
Add Implicit flow support. 2015-01-08 20:55:24 +00:00

			`class TokenEndpoint(object):`

			`def __init__(self, request):`
			`self.request = request`
Add custom template errors. (ClientID and RedirectURI) 2015-01-09 17:59:23 +00:00			`self.params = Params()`
Add Implicit flow support. 2015-01-08 20:55:24 +00:00			`self._extract_params()`

			`def _extract_params(self):`
			`query_dict = self.request.POST`

			`self.params.client_id = query_dict.get('client_id', '')`
			`self.params.client_secret = query_dict.get('client_secret', '')`
A few changes in settings. Add more variables to it. 2015-01-28 20:00:04 +00:00			`self.params.redirect_uri = urllib.unquote(`
			`query_dict.get('redirect_uri', ''))`
Add Implicit flow support. 2015-01-08 20:55:24 +00:00			`self.params.grant_type = query_dict.get('grant_type', '')`
			`self.params.code = query_dict.get('code', '')`
			`self.params.state = query_dict.get('state', '')`

			`def validate_params(self):`
			`if not (self.params.grant_type == 'authorization_code'):`
			`raise TokenError('unsupported_grant_type')`

			`try:`
			`self.client = Client.objects.get(client_id=self.params.client_id)`

			`if not (self.client.client_secret == self.params.client_secret):`
			`raise TokenError('invalid_client')`

			`if not (self.params.redirect_uri in self.client.redirect_uris):`
			`raise TokenError('invalid_client')`

			`self.code = Code.objects.get(code=self.params.code)`

Fix conditional for code expiration. 2015-04-21 17:28:59 +00:00			`if not (self.code.client == self.client) \`
			`or self.code.has_expired():`
Add Implicit flow support. 2015-01-08 20:55:24 +00:00			`raise TokenError('invalid_grant')`

			`except Client.DoesNotExist:`
			`raise TokenError('invalid_client')`

			`except Code.DoesNotExist:`
			`raise TokenError('invalid_grant')`

			`def create_response_dic(self):`
Add custom SUB generator for ID TOKEN. 2015-03-02 20:37:54 +00:00			`id_token_dic = create_id_token(`
Refactoring for create_id_token function. 2015-04-29 21:55:48 +00:00			`user=self.code.user,`
			`aud=self.client.client_id)`
Add Implicit flow support. 2015-01-08 20:55:24 +00:00
			`token = create_token(`
Pull request PEP8 compliant from nicchub:master. 2015-01-28 18:19:36 +00:00			`user=self.code.user,`
			`client=self.code.client,`
			`id_token_dic=id_token_dic,`
			`scope=self.code.scope)`
Add Implicit flow support. 2015-01-08 20:55:24 +00:00
			`# Store the token.`
			`token.save()`

			`# We don't need to store the code anymore.`
			`self.code.delete()`

			`id_token = encode_id_token(id_token_dic, self.client.client_secret)`

			`dic = {`
			`'access_token': token.access_token,`
			`'token_type': 'bearer',`
Change "DOP" with "OIDC" in settings. 2015-02-26 19:14:36 +00:00			`'expires_in': settings.get('OIDC_TOKEN_EXPIRE'),`
Add Implicit flow support. 2015-01-08 20:55:24 +00:00			`'id_token': id_token,`
			`}`

			`return dic`

			`@classmethod`
Wrong naming in classmethods. Sorry. 2015-01-29 15:54:13 +00:00			`def response(cls, dic, status=200):`
Pull request PEP8 compliant from nicchub:master. 2015-01-28 18:19:36 +00:00			`"""`
Add Implicit flow support. 2015-01-08 20:55:24 +00:00			`Create and return a response object.`
Pull request PEP8 compliant from nicchub:master. 2015-01-28 18:19:36 +00:00			`"""`
Add Implicit flow support. 2015-01-08 20:55:24 +00:00			`response = JsonResponse(dic, status=status)`
			`response['Cache-Control'] = 'no-store'`
			`response['Pragma'] = 'no-cache'`

Pull request PEP8 compliant from nicchub:master. 2015-01-28 18:19:36 +00:00			`return response`