django-oidc-provider/oidc_provider/lib/endpoints/token.py

108 lines
3.5 KiB
Python
Raw Normal View History

2015-06-08 19:36:49 +00:00
import logging
try:
from urllib.parse import unquote
except ImportError:
from urllib import unquote
2015-03-02 20:37:54 +00:00
2015-01-08 20:55:24 +00:00
from django.http import JsonResponse
2015-03-02 20:37:54 +00:00
2015-02-18 18:07:22 +00:00
from oidc_provider.lib.errors import *
from oidc_provider.lib.utils.params import *
from oidc_provider.lib.utils.token import *
from oidc_provider.models import *
from oidc_provider import settings
2015-01-08 20:55:24 +00:00
2015-06-19 20:46:00 +00:00
2015-06-08 19:36:49 +00:00
logger = logging.getLogger(__name__)
2015-01-08 20:55:24 +00:00
2015-06-19 20:46:00 +00:00
2015-01-08 20:55:24 +00:00
class TokenEndpoint(object):
def __init__(self, request):
self.request = request
self.params = Params()
2015-01-08 20:55:24 +00:00
self._extract_params()
def _extract_params(self):
query_dict = self.request.POST
self.params.client_id = query_dict.get('client_id', '')
self.params.client_secret = query_dict.get('client_secret', '')
self.params.redirect_uri = unquote(
query_dict.get('redirect_uri', ''))
2015-01-08 20:55:24 +00:00
self.params.grant_type = query_dict.get('grant_type', '')
self.params.code = query_dict.get('code', '')
self.params.state = query_dict.get('state', '')
def validate_params(self):
if not (self.params.grant_type == 'authorization_code'):
2015-06-19 20:46:00 +00:00
logger.error('[Token] Invalid grant type: %s', self.params.grant_type)
2015-01-08 20:55:24 +00:00
raise TokenError('unsupported_grant_type')
try:
self.client = Client.objects.get(client_id=self.params.client_id)
if not (self.client.client_secret == self.params.client_secret):
2015-06-19 20:46:00 +00:00
logger.error('[Token] Invalid client secret: client %s do not have secret %s',
self.client.client_id, self.client.client_secret)
2015-01-08 20:55:24 +00:00
raise TokenError('invalid_client')
if not (self.params.redirect_uri in self.client.redirect_uris):
2015-06-19 20:46:00 +00:00
logger.error('[Token] Invalid redirect uri: %s', self.params.redirect_uri)
2015-01-08 20:55:24 +00:00
raise TokenError('invalid_client')
self.code = Code.objects.get(code=self.params.code)
2015-04-21 17:28:59 +00:00
if not (self.code.client == self.client) \
or self.code.has_expired():
2015-06-19 20:46:00 +00:00
logger.error('[Token] Invalid code: invalid client or code has expired',
self.params.redirect_uri)
2015-01-08 20:55:24 +00:00
raise TokenError('invalid_grant')
except Client.DoesNotExist:
2015-06-19 20:46:00 +00:00
logger.error('[Token] Client does not exist: %s', self.params.client_id)
2015-01-08 20:55:24 +00:00
raise TokenError('invalid_client')
except Code.DoesNotExist:
2015-06-19 20:46:00 +00:00
logger.error('[Token] Code does not exist: %s', self.params.code)
2015-01-08 20:55:24 +00:00
raise TokenError('invalid_grant')
def create_response_dic(self):
2015-03-02 20:37:54 +00:00
id_token_dic = create_id_token(
user=self.code.user,
aud=self.client.client_id)
2015-01-08 20:55:24 +00:00
token = create_token(
user=self.code.user,
client=self.code.client,
id_token_dic=id_token_dic,
scope=self.code.scope)
2015-01-08 20:55:24 +00:00
# Store the token.
token.save()
# We don't need to store the code anymore.
self.code.delete()
id_token = encode_id_token(id_token_dic, self.client.client_secret)
dic = {
'access_token': token.access_token,
'token_type': 'bearer',
2015-02-26 19:14:36 +00:00
'expires_in': settings.get('OIDC_TOKEN_EXPIRE'),
2015-01-08 20:55:24 +00:00
'id_token': id_token,
}
2015-06-19 20:46:00 +00:00
2015-01-08 20:55:24 +00:00
return dic
@classmethod
2015-01-29 15:54:13 +00:00
def response(cls, dic, status=200):
"""
2015-01-08 20:55:24 +00:00
Create and return a response object.
"""
2015-01-08 20:55:24 +00:00
response = JsonResponse(dic, status=status)
response['Cache-Control'] = 'no-store'
response['Pragma'] = 'no-cache'
return response