Context Navigation

← Previous Change
Next Change →

ndg_oauth_server

Timestamp:

02/03/12 10:33:02 (9 years ago)

Author:

rwilkinson

Message:

Improved handling of requests for unregistered clients.

Location:

trunk/ndg_oauth/ndg_oauth_server/ndg/oauth/server

Files:

: 4 edited

lib/authorization_server.py (modified) (1 diff)
lib/register/client.py (modified) (1 diff)
wsgi/authorization_filter.py (modified) (2 diffs)
wsgi/oauth2_server.py (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/ndg_oauth/ndg_oauth_server/ndg/oauth/server/lib/authorization_server.py

-                      r8030
+                      r8033
         content = json.dumps(content_dict)
         return (content, None, None)
+    def is_registered_client(self, request):
+        """Determines whether the client ID in the request is registered.
+        @type request: WebOb.request
+        @param request: request
+        @rtype: tuple (basestring, basestring) or (NoneType, NoneType)
+        @return: (error, error description) or None if client ID is found and
+        registered
+        """
+        client_id = request.params.get('client_id', None)
+        if not client_id:
+            return ('invalid_request', 'Missing request parameter: client_id')
+        else:
+            error_description = self.client_register.is_registered_client(
+                                                                    client_id)
+            if error_description:
+                return ('unauthorized_client', error_description)
+        return (None, None)

trunk/ndg_oauth/ndg_oauth_server/ndg/oauth/server/lib/register/client.py

-                      r7952
+                      r8033
         self.register[client_id] = client_registration
+    def is_registered_client(self, client_id):
+        """Determines if a client ID is in the client register.
+        """
+        if client_id not in self.register:
+            return ('Client of id "%s" is not registered.' % client_id)
+        return None
     def is_valid_client(self, client_id, redirect_uri):
+        """Determines if a client ID is in the client register and the
+        redirect_uri is registered for that client.
+        """
         # Check if client ID is registered.
         if client_id not in self.register:

trunk/ndg_oauth/ndg_oauth_server/ndg/oauth/server/wsgi/authorization_filter.py

-                      r8030
+                      r8033
 import logging
-from genshi.template import MarkupTemplate
 from webob import Request
 …
         """
         client = self.client_register.register.get(client_id)
+#        tmpl_file = open(self.client_authorization_form)
+#        tmpl = MarkupTemplate(tmpl_file)
+#        tmpl_file.close()
+        submit_url = req.application_url + self.base_path + '/client_auth'
+        c = {'client_name': client.name,
+             'client_id': client_id,
+             'scope': scope,
+             'submit_url': submit_url}
+#        response = tmpl.generate(c=c).render('html')
+        response = self.renderer.render(self.client_authorization_form, c)
+        if client is None:
+            # Client ID is not registered.
+            log.error("OAuth client of ID %s is not registered with the server",
+                      client_id)
+            response = (
+                "OAuth client of ID %s is not registered with the server" %
+                client_id)
+        else:
+            submit_url = req.application_url + self.base_path + '/client_auth'
+            c = {'client_name': client.name,
+                 'client_id': client_id,
+                 'scope': scope,
+                 'submit_url': submit_url}
+            response = self.renderer.render(self.client_authorization_form, c)
         start_response(self._get_http_status_string(httplib.OK),
            [('Content-type', 'text/html'),

trunk/ndg_oauth/ndg_oauth_server/ndg/oauth/server/wsgi/oauth2_server.py

-                      r8030
+                      r8033
             return []
+        # Stop immediately if the client is not registered.
+        (error, error_description
+                        ) = self._authorizationServer.is_registered_client(req)
+        if error:
+            return self._error_response(error, error_description,
+                                        start_response)
         # User authorization for the client is also required.
 …
         (redirect_uri, error, error_description) = self._authorizationServer.authorize(req, client_authorized)
         if error:
+            response = ("%s: %s" %(error, error_description))
+            log.error("Returning error: %s - %s", error, error_description)
+            start_response(self._get_http_status_string(httplib.BAD_REQUEST),
+                           [('Content-type', 'text/plain'),
+                            ('Content-length', str(len(response)))
+                            ])
+            return[response]
+            self._error_response(error, error_description, start_response)
         else:
             return self._redirect(redirect_uri, start_response)
+    def _error_response(self, error, error_description, start_response):
+        """Returns and error response.
+        """
+        response = ("%s: %s" %(error, error_description)).encode('ascii',
+                                                                 'ignore')
+        log.error("Returning error: %s - %s", error, error_description)
+        start_response(self._get_http_status_string(httplib.BAD_REQUEST),
+                       [('Content-type', 'text/plain'),
+                        ('Content-length', str(len(response)))
+                        ])
+        return[response]
     def _check_client_authorization(self, user, req):

Note: See TracChangeset for help on using the changeset viewer.