From 97eef517b0309a6531fff4525c5ca3b6d3821869 Mon Sep 17 00:00:00 2001 From: juanifioren Date: Wed, 28 Jan 2015 17:00:04 -0300 Subject: [PATCH] A few changes in settings. Add more variables to it. --- README.rst | 13 ++++++++-- openid_provider/lib/endpoints/authorize.py | 29 ++++++++++++---------- openid_provider/lib/endpoints/token.py | 12 ++++----- openid_provider/lib/utils/token.py | 16 ++++++------ openid_provider/settings.py | 17 +++++++------ openid_provider/views.py | 1 - 6 files changed, 50 insertions(+), 38 deletions(-) diff --git a/README.rst b/README.rst index 170d286..2f9167a 100644 --- a/README.rst +++ b/README.rst @@ -54,13 +54,22 @@ Add required variables to your project settings. .. code:: python - # REQUIRED. Your server provider url. + # REQUIRED. + + # Your server provider url. SITE_URL = 'http://localhost:8000' - # REQUIRED. + # Used to log the user in. # See: https://docs.djangoproject.com/en/1.7/ref/settings/#login-url LOGIN_URL = '/accounts/login/' + # OPTIONAL. + + DOP_CODE_EXPIRE = 60*10 # 10 min. + DOP_IDTOKEN_EXPIRE = 60*10, # 10 min. + DOP_TOKEN_EXPIRE = 60*60 # 1 hour. + + ******************** Create User & Client ******************** diff --git a/openid_provider/lib/endpoints/authorize.py b/openid_provider/lib/endpoints/authorize.py index 2a9dbd5..ebfbbb9 100644 --- a/openid_provider/lib/endpoints/authorize.py +++ b/openid_provider/lib/endpoints/authorize.py @@ -1,13 +1,11 @@ -import uuid - from datetime import timedelta - from django.utils import timezone - from openid_provider.lib.errors import * from openid_provider.lib.utils.params import * from openid_provider.lib.utils.token import * from openid_provider.models import * +from openid_provider import settings +import uuid class AuthorizeEndpoint(object): @@ -20,7 +18,8 @@ class AuthorizeEndpoint(object): # Because in this endpoint we handle both GET # and POST request. - self.query_dict = (self.request.POST if self.request.method == 'POST' else self.request.GET) + self.query_dict = (self.request.POST if self.request.method == 'POST' + else self.request.GET) self._extract_params() @@ -91,14 +90,15 @@ class AuthorizeEndpoint(object): try: self.validate_params() - + if self.grant_type == 'authorization_code': code = Code() code.user = self.request.user code.client = self.client code.code = uuid.uuid4().hex - code.expires_at = timezone.now() + timedelta(seconds=60*10) # TODO: Add this into settings. + code.expires_at = timezone.now() + timedelta( + seconds=settings.get('DOP_CODE_EXPIRE')) code.scope = self.params.scope code.save() @@ -108,7 +108,7 @@ class AuthorizeEndpoint(object): id_token_dic = create_id_token_dic( self.request.user, - 'http://localhost:8000', # TODO: Add this into settings. + settings.get('SITE_URL'), self.client.client_id) token = create_token( @@ -120,14 +120,15 @@ class AuthorizeEndpoint(object): # Store the token. token.save() - id_token = encode_id_token(id_token_dic, self.client.client_secret) - + id_token = encode_id_token( + id_token_dic, self.client.client_secret) + # TODO: Check if response_type is 'id_token token' then # add access_token to the fragment. uri = self.params.redirect_uri + '#token_type={0}&id_token={1}&expires_in={2}'.format( 'bearer', id_token, - 60*10 + 60 * 10 ) except: raise AuthorizeError( @@ -136,6 +137,8 @@ class AuthorizeEndpoint(object): self.grant_type) # Add state if present. - uri = uri + ('&state={0}'.format(self.params.state) if self.params.state else '') + uri = uri + \ + ('&state={0}'.format(self.params.state) + if self.params.state else '') - return uri \ No newline at end of file + return uri diff --git a/openid_provider/lib/endpoints/token.py b/openid_provider/lib/endpoints/token.py index f64d325..4718514 100644 --- a/openid_provider/lib/endpoints/token.py +++ b/openid_provider/lib/endpoints/token.py @@ -1,12 +1,10 @@ -import urllib - from django.http import JsonResponse - from openid_provider.lib.errors import * from openid_provider.lib.utils.params import * from openid_provider.lib.utils.token import * from openid_provider.models import * from openid_provider import settings +import urllib class TokenEndpoint(object): @@ -23,7 +21,8 @@ class TokenEndpoint(object): self.params.client_id = query_dict.get('client_id', '') self.params.client_secret = query_dict.get('client_secret', '') - self.params.redirect_uri = urllib.unquote(query_dict.get('redirect_uri', '')) + self.params.redirect_uri = urllib.unquote( + query_dict.get('redirect_uri', '')) self.params.grant_type = query_dict.get('grant_type', '') self.params.code = query_dict.get('code', '') self.params.state = query_dict.get('state', '') @@ -44,7 +43,8 @@ class TokenEndpoint(object): self.code = Code.objects.get(code=self.params.code) - if not (self.code.client == self.client) and not self.code.has_expired(): + if not (self.code.client == self.client) and \ + not self.code.has_expired(): raise TokenError('invalid_grant') except Client.DoesNotExist: @@ -77,7 +77,7 @@ class TokenEndpoint(object): dic = { 'access_token': token.access_token, 'token_type': 'bearer', - 'expires_in': 60*60, # TODO: Add this into settings. + 'expires_in': settings.get('DOP_TOKEN_EXPIRE'), 'id_token': id_token, } diff --git a/openid_provider/lib/utils/token.py b/openid_provider/lib/utils/token.py index 6adf7ed..dc2c859 100644 --- a/openid_provider/lib/utils/token.py +++ b/openid_provider/lib/utils/token.py @@ -1,11 +1,10 @@ -import time -import jwt -import uuid - from datetime import timedelta - from django.utils import timezone from openid_provider.models import * +from openid_provider import settings +import jwt +import time +import uuid def create_id_token_dic(user, iss, aud): @@ -16,7 +15,7 @@ def create_id_token_dic(user, iss, aud): Return a dic. """ - expires_in = 60*10 + expires_in = settings.get('DOP_IDTOKEN_EXPIRE') now = timezone.now() @@ -62,7 +61,8 @@ def create_token(user, client, id_token_dic, scope): token.id_token = id_token_dic token.refresh_token = uuid.uuid4().hex - token.expires_at = timezone.now() + timedelta(seconds=60*60) # TODO: Add this into settings. + token.expires_at = timezone.now() + timedelta( + seconds=settings.get('DOP_TOKEN_EXPIRE')) token.scope = scope - return token \ No newline at end of file + return token diff --git a/openid_provider/settings.py b/openid_provider/settings.py index caa7a4d..6accd8c 100644 --- a/openid_provider/settings.py +++ b/openid_provider/settings.py @@ -1,20 +1,21 @@ from django.conf import settings -class default_settings(object): - - # Here goes all the package default settings. - - LOGIN_URL = None - - SITE_URL = None +# Here goes all the package default settings. +default_settings = { + 'DOP_CODE_EXPIRE': 60*10, # 10 min. + 'DOP_IDTOKEN_EXPIRE': 60*10, # 10 min. + 'DOP_TOKEN_EXPIRE': 60*60, # 1 hour. + 'LOGIN_URL': None, + 'SITE_URL': None, +} def get(name): ''' Helper function to use inside the package. ''' try: - value = getattr(default_settings, name) + value = default_settings[name] value = getattr(settings, name) except AttributeError: if value == None: diff --git a/openid_provider/views.py b/openid_provider/views.py index 0db4eed..dfa3cbd 100644 --- a/openid_provider/views.py +++ b/openid_provider/views.py @@ -5,7 +5,6 @@ from django.http import HttpResponse, HttpResponseRedirect, JsonResponse from django.shortcuts import render from django.views.decorators.http import require_http_methods from django.views.generic import View - from openid_provider.lib.errors import * from openid_provider.lib.endpoints.authorize import * from openid_provider.lib.endpoints.token import *