Small refactoring in grants. Add more doc.
This commit is contained in:
parent
453902f5df
commit
6469466546
|
@ -59,7 +59,7 @@ Then let's create a Client. Start django shell: ``python manage.py shell``.
|
||||||
.. code:: python
|
.. code:: python
|
||||||
|
|
||||||
>>> from openid_provider.models import Client
|
>>> from openid_provider.models import Client
|
||||||
>>> c = Client(name='Some Client', client_id='123', client_secret='456', client_type='public', grant_type='authorization_code', response_type='code', _redirect_uris='http://example.com/')
|
>>> c = Client(name='Some Client', client_id='123', client_secret='456', client_type='public', grant_type='authorization_code', response_type='code', redirect_uris=['http://example.com/'])
|
||||||
>>> from django.contrib.auth.models import User
|
>>> from django.contrib.auth.models import User
|
||||||
>>> c.user = User.objects.all()[0]
|
>>> c.user = User.objects.all()[0]
|
||||||
>>> c.save()
|
>>> c.save()
|
||||||
|
|
|
@ -183,7 +183,9 @@ class TokenEndpoint(object):
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def response(self, dic, status=200):
|
def response(self, dic, status=200):
|
||||||
|
'''
|
||||||
|
Create and return a response object.
|
||||||
|
'''
|
||||||
response = JsonResponse(dic, status=status)
|
response = JsonResponse(dic, status=status)
|
||||||
response['Cache-Control'] = 'no-store'
|
response['Cache-Control'] = 'no-store'
|
||||||
response['Pragma'] = 'no-cache'
|
response['Pragma'] = 'no-cache'
|
||||||
|
@ -217,10 +219,12 @@ class UserInfoEndpoint(object):
|
||||||
raise UserInfoError('invalid_token')
|
raise UserInfoError('invalid_token')
|
||||||
|
|
||||||
def _get_access_token(self):
|
def _get_access_token(self):
|
||||||
|
'''
|
||||||
|
Get the access token using Authorization Request Header Field method.
|
||||||
|
See: http://tools.ietf.org/html/rfc6750#section-2.1
|
||||||
|
|
||||||
# Using Authorization Request Header Field
|
Return a string.
|
||||||
# http://tools.ietf.org/html/rfc6750#section-2.1
|
'''
|
||||||
|
|
||||||
auth_header = self.request.META.get('HTTP_AUTHORIZATION', '')
|
auth_header = self.request.META.get('HTTP_AUTHORIZATION', '')
|
||||||
|
|
||||||
if re.compile('^Bearer\s{1}.+$').match(auth_header):
|
if re.compile('^Bearer\s{1}.+$').match(auth_header):
|
||||||
|
@ -231,14 +235,19 @@ class UserInfoEndpoint(object):
|
||||||
return access_token
|
return access_token
|
||||||
|
|
||||||
def create_response_dic(self):
|
def create_response_dic(self):
|
||||||
|
'''
|
||||||
|
Create a diccionary with all the requested claims about the End-User.
|
||||||
|
See: http://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse
|
||||||
|
|
||||||
|
Return a diccionary.
|
||||||
|
'''
|
||||||
dic = {
|
dic = {
|
||||||
'sub': self.token.id_token.get('sub'),
|
'sub': self.token.id_token.get('sub'),
|
||||||
}
|
}
|
||||||
|
|
||||||
standard_claims = StandardClaims(self.token.user, self.token.scope.split())
|
standard_claims = StandardClaims(self.token.user, self.token.scope.split())
|
||||||
|
|
||||||
dic.update(standard_claims.response_dic)
|
dic.update(standard_claims.create_response_dic())
|
||||||
|
|
||||||
return dic
|
return dic
|
||||||
|
|
||||||
|
|
|
@ -18,8 +18,7 @@ class StandardClaims(object):
|
||||||
except self.__model__.DoesNotExist:
|
except self.__model__.DoesNotExist:
|
||||||
self.model = self.__model__()
|
self.model = self.__model__()
|
||||||
|
|
||||||
@property
|
def create_response_dic(self):
|
||||||
def response_dic(self):
|
|
||||||
|
|
||||||
dic = {}
|
dic = {}
|
||||||
|
|
||||||
|
|
|
@ -29,25 +29,31 @@ class Client(models.Model):
|
||||||
client_type = models.CharField(max_length=20, choices=CLIENT_TYPE_CHOICES)
|
client_type = models.CharField(max_length=20, choices=CLIENT_TYPE_CHOICES)
|
||||||
grant_type = models.CharField(max_length=30, choices=GRANT_TYPE_CHOICES)
|
grant_type = models.CharField(max_length=30, choices=GRANT_TYPE_CHOICES)
|
||||||
response_type = models.CharField(max_length=30, choices=RESPONSE_TYPE_CHOICES)
|
response_type = models.CharField(max_length=30, choices=RESPONSE_TYPE_CHOICES)
|
||||||
_redirect_uris = models.TextField()
|
|
||||||
_scope = models.TextField() # TODO: add getter and setter for this.
|
# TODO: Need to be implemented.
|
||||||
|
# The list of scopes the client may request access to.
|
||||||
|
_scope = models.TextField(default='')
|
||||||
|
def scope():
|
||||||
|
def fget(self):
|
||||||
|
return self._scope.split()
|
||||||
|
def fset(self, value):
|
||||||
|
self._scope = ' '.join(value)
|
||||||
|
return locals()
|
||||||
|
scope = property(**scope())
|
||||||
|
|
||||||
@property
|
_redirect_uris = models.TextField(default='')
|
||||||
def redirect_uris(self):
|
def redirect_uris():
|
||||||
if self._redirect_uris:
|
def fget(self):
|
||||||
return self._redirect_uris.split()
|
return self._redirect_uris.splitlines()
|
||||||
return []
|
def fset(self, value):
|
||||||
|
self._redirect_uris = '\n'.join(value)
|
||||||
|
return locals()
|
||||||
|
redirect_uris = property(**redirect_uris())
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def default_redirect_uri(self):
|
def default_redirect_uri(self):
|
||||||
return self.redirect_uris[0]
|
return self.redirect_uris[0]
|
||||||
|
|
||||||
@property
|
|
||||||
def scope(self):
|
|
||||||
if self._scopes:
|
|
||||||
return self._scopes.split()
|
|
||||||
return []
|
|
||||||
|
|
||||||
class Code(models.Model):
|
class Code(models.Model):
|
||||||
|
|
||||||
user = models.ForeignKey(User)
|
user = models.ForeignKey(User)
|
||||||
|
@ -64,11 +70,11 @@ class Token(models.Model):
|
||||||
user = models.ForeignKey(User)
|
user = models.ForeignKey(User)
|
||||||
client = models.ForeignKey(Client)
|
client = models.ForeignKey(Client)
|
||||||
access_token = models.CharField(max_length=255, unique=True)
|
access_token = models.CharField(max_length=255, unique=True)
|
||||||
_id_token = models.TextField()
|
|
||||||
refresh_token = models.CharField(max_length=255, unique=True)
|
refresh_token = models.CharField(max_length=255, unique=True)
|
||||||
expires_at = models.DateTimeField()
|
expires_at = models.DateTimeField()
|
||||||
scope = models.TextField() # TODO: add getter and setter for this.
|
scope = models.TextField() # TODO: add getter and setter for this.
|
||||||
|
|
||||||
|
_id_token = models.TextField()
|
||||||
def id_token():
|
def id_token():
|
||||||
def fget(self):
|
def fget(self):
|
||||||
return json.loads(self._id_token)
|
return json.loads(self._id_token)
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
<meta charset="utf-8">
|
<meta charset="utf-8">
|
||||||
<title>OpenID Provider</title>
|
<title>OpenID Provider</title>
|
||||||
|
|
||||||
<link href="//maxcdn.bootstrapcdn.com/bootswatch/3.3.1/flatly/bootstrap.min.css" rel="stylesheet">
|
<link href="//maxcdn.bootstrapcdn.com/bootswatch/3.3.1/spacelab/bootstrap.min.css" rel="stylesheet">
|
||||||
<style type="text/css">
|
<style type="text/css">
|
||||||
body {
|
body {
|
||||||
padding-top: 90px;
|
padding-top: 90px;
|
||||||
|
|
|
@ -5,8 +5,8 @@ from django.shortcuts import render
|
||||||
from django.views.decorators.http import require_http_methods
|
from django.views.decorators.http import require_http_methods
|
||||||
from django.views.generic import View
|
from django.views.generic import View
|
||||||
import urllib
|
import urllib
|
||||||
from .lib.errors import *
|
from openid_provider.lib.errors import *
|
||||||
from .lib.grants.authorization_code import *
|
from openid_provider.lib.grants.authorization_code import *
|
||||||
|
|
||||||
|
|
||||||
class AuthorizeView(View):
|
class AuthorizeView(View):
|
||||||
|
|
Loading…
Reference in a new issue