Changeset 8195 for trunk/ndg_oauth/ndg_oauth_server

Timestamp:

19/10/12 10:52:53 (8 years ago)

Author:

pjkersha

Message:

Reformatting of code

Location:

trunk/ndg_oauth/ndg_oauth_server/ndg/oauth/server

Files:

• examples/bearer_tok/bearer_tok_server_app_serve.py (modified) (1 diff)
• lib/authorization_server.py (modified) (12 diffs)
• lib/register/access_token.py (modified) (1 diff)
• lib/register/client.py (modified) (4 diffs)
• lib/register/client_authorization.py (modified) (4 diffs)
• lib/register/register_base.py (modified) (1 diff)
• wsgi/oauth2_server.py (modified) (3 diffs)

trunk/ndg_oauth/ndg_oauth_server/ndg/oauth/server/examples/bearer_tok/bearer_tok_server_app_serve.py

@@ -180 +180 @@
     if opt.withSSL.lower() == 'true':
         ssl_context = SSL.Context(SSL.SSLv23_METHOD)
-#        ssl_context.set_options(SSL.OP_NO_SSLv2)
-    
+    
+        ssl_context.set_session_id('oauthserver')
         ssl_context.use_privatekey_file(opt.priKeyFilePath)
         ssl_context.use_certificate_file(opt.certFilePath)

trunk/ndg_oauth/ndg_oauth_server/ndg/oauth/server/lib/authorization_server.py

@@ -16 +16 @@
 import urllib
 
-from ndg.oauth.server.lib.access_token.make_access_token import make_access_token
+from ndg.oauth.server.lib.access_token.make_access_token import \
+                                                    make_access_token
 from ndg.oauth.server.lib.oauth.access_token import AccessTokenRequest
-from ndg.oauth.server.lib.oauth.authorize import AuthorizeRequest, AuthorizeResponse
+from ndg.oauth.server.lib.oauth.authorize import (AuthorizeRequest, 
+                                                  AuthorizeResponse)
 from ndg.oauth.server.lib.oauth.oauth_exception import OauthException
 from ndg.oauth.server.lib.register.access_token import AccessTokenRegister
 from ndg.oauth.server.lib.register.client import ClientRegister
-from ndg.oauth.server.lib.register.authorization_grant import AuthorizationGrantRegister
+from ndg.oauth.server.lib.register.authorization_grant import \
+                                                    AuthorizationGrantRegister
 
 log = logging.getLogger(__name__)
@@ -46 +49 @@
         authenticated and that the user has authorised the client and scope.
 
-        Request query parameters (from http://tools.ietf.org/html/draft-ietf-oauth-v2-22):
+        Request query parameters (from 
+        http://tools.ietf.org/html/draft-ietf-oauth-v2-22):
 
         response_type
@@ -128 +132 @@
 
             client_error = self.client_register.is_valid_client(
-                                                        auth_request.client_id, 
-                                                        auth_request.redirect_uri)
+                                                    auth_request.client_id, 
+                                                    auth_request.redirect_uri)
             if client_error:
                 log.error("Invalid client: %s", client_error)
                 return (None, httplib.BAD_REQUEST, client_error)
 
-            # redirect_uri must be included in the request if the client has more
-            # than one registered.
+            # redirect_uri must be included in the request if the client has
+            # more than one registered.
             client = self.client_register.register[auth_request.client_id]
             if len(client.redirect_uris) != 1 and not auth_request.redirect_uri:
@@ -197 +201 @@
         )
         if not redirect_uri:
-            return(None, httplib.BAD_REQUEST,
-                   'An authorization request has been made without a return URI.')
+            return (
+                None, 
+                httplib.BAD_REQUEST,
+                'An authorization request has been made without a return URI.')
 
         # Redirect back to client with authorization code or error.
@@ -251 +257 @@
         Handles a request for an access token.
 
-        Request parameters in post data (from http://tools.ietf.org/html/draft-ietf-oauth-v2-22):
+        Request parameters in post data (from 
+        http://tools.ietf.org/html/draft-ietf-oauth-v2-22):
 
         The client makes a request to the token endpoint by adding the
@@ -302 +309 @@
                 log.debug("Client id: %s", client_id)
 
-            # redirect_uri is only required if it was included in the authorization request.
+            # redirect_uri is only required if it was included in the 
+            # authorization request.
             required_parameters = ['grant_type', 'code']
             for param in required_parameters:
@@ -308 +316 @@
                     log.error("Missing request parameter %s from inputs: %s",
                               param, params)
-                    raise OauthException('invalid_request', 
-                                    ("Missing request parameter: %s" % param))
+                    raise OauthException(
+                                    'invalid_request', 
+                                    "Missing request parameter: %s" % param)
 
         except OauthException, exc:
@@ -331 +340 @@
 
         if response:
-            return(self._access_token_response(response), None, None)
+            return self._access_token_response(response), None, None
         else:
-            return(None, httplib.INTERNAL_SERVER_ERROR, 
-                   'Access token generation failed.')
+            return (None, httplib.INTERNAL_SERVER_ERROR, 
+                    'Access token generation failed.')
 
     def _access_token_response(self, resp):
@@ -453 +462 @@
             else:
                 required_scope = params.get('scope', None)
-            (token, error) = self.access_token_register.get_token(access_token,
-                                                                required_scope)
+            error = self.access_token_register.get_token(access_token,
+                                                         required_scope)[-1]
 
         status = {'invalid_request': httplib.BAD_REQUEST,
@@ -510 +519 @@
             else:
                 required_scope = params.get('scope', None)
-            (token, error) = self.access_token_register.get_token(access_token,
+                
+            token, error = self.access_token_register.get_token(access_token,
                                                                 required_scope)
 
@@ -518 +528 @@
                   None: httplib.OK}.get(error, httplib.BAD_REQUEST)
 
-        return (token, status, error)
+        return token, status, error
 
     def is_registered_client(self, request):
@@ -530 +540 @@
         client_id = request.params.get('client_id', None)
         if not client_id:
-            return ('invalid_request', 'Missing request parameter: client_id')
+            return 'invalid_request', 'Missing request parameter: client_id'
         else:
             error_description = self.client_register.is_registered_client(
                                                                     client_id)
             if error_description:
-                return ('unauthorized_client', error_description)
+                return 'unauthorized_client', error_description
             
-        return (None, None)
+        return None, None

trunk/ndg_oauth/ndg_oauth_server/ndg/oauth/server/lib/register/access_token.py

@@ -67 +67 @@
             log.debug("Request for token of ID that is not registered: %s",
                       token_id)
-            return (None, 'invalid_token')
+            return None, 'invalid_token'
 
         if not token.valid:
             log.debug("Request for invalid token of ID: %s", token_id)
-            return (None, 'invalid_token')
+            return None, 'invalid_token'
+        
         if token.expires <= datetime.utcnow():
             log.debug("Request for expired token of ID: %s", token_id)
-            return (None, 'invalid_token')
+            return None, 'invalid_token'
+                    
         # Check scope
         if not scopeutil.isScopeGranted(token.scope,
                                         scopeutil.scopeStringToList(scope)):
-            log.debug("Request for token of ID: %s - token was not granted scope %s",
-                      token_id, scope)
-            return (None, 'insufficient_scope')
-        return (token, None)
+            log.debug("Request for token of ID: %s - token was not granted "
+                      "scope %s", token_id, scope)
+            return None, 'insufficient_scope'
+        
+        return token, None

trunk/ndg_oauth/ndg_oauth_server/ndg/oauth/server/lib/register/client.py

@@ -7 +7 @@
 __contact__ = "Philip.Kershaw@stfc.ac.uk"
 __revision__ = "$Id$"
-
 import logging
 from ConfigParser import SafeConfigParser
 log = logging.getLogger(__name__)
+
 
 class ClientRegistration(object):
@@ -16 +16 @@
     An entry in the client register.
     """
-    def __init__(self, name, client_id, client_type, redirect_uris, authentication_data):
+    def __init__(self, name, client_id, client_type, redirect_uris, 
+                 authentication_data):
         self.name = name
         self.client_id = client_id
@@ -25 +26 @@
             self.redirect_uris = []
         self.authentication_data = authentication_data
+
 
 class ClientRegister(object):
@@ -68 +70 @@
         if redirect_uri is None:
             if len(client.redirect_uris) != 1:
-                return 'No redirect URI is registered for the client or specified in the request.'
+                return ('No redirect URI is registered for the client or '
+                        'specified in the request.')
         if redirect_uri is not None and redirect_uri not in client.redirect_uris:
             return 'Redirect URI is not registered.'

trunk/ndg_oauth/ndg_oauth_server/ndg/oauth/server/lib/register/client_authorization.py

@@ -7 +7 @@
 __contact__ = "Philip.Kershaw@stfc.ac.uk"
 __revision__ = "$Id$"
+import ndg.oauth.server.lib.register.scopeutil as scopeutil
 
-import ndg.oauth.server.lib.register.scopeutil as scopeutil
 
 class ClientAuthorization(object):
@@ -29 +29 @@
         requested scopes that are not granted, otherwise False
         """
-        return ((self.user == other.user)
-                and (self.client_id == other.client_id)
+        return (self.user == other.user
+                and self.client_id == other.client_id
                 and scopeutil.isScopeGranted(self.scope, other.scope))
 
     def __repr__(self):
-        return ("user: %s  client_id: %s  scope: %s  granted: %s" % (self.user, self.client_id, self.scope, self.is_authorized))
+        return "user: %s  client_id: %s  scope: %s  granted: %s" % (
+                                                            self.user, 
+                                                            self.client_id, 
+                                                            self.scope, 
+                                                            self.is_authorized)
 
 class ClientAuthorizationRegister(object):
@@ -44 +48 @@
 
     def add_client_authorization(self, client_authorization):
-        user_authorizations = self.register.setdefault(client_authorization.user, {})
-        client_authorizations = user_authorizations.setdefault(client_authorization.client_id, [])
+        user_authorizations = self.register.setdefault(
+                                            client_authorization.user, {})
+        client_authorizations = user_authorizations.setdefault(
+                                            client_authorization.client_id, [])
         for auth in client_authorizations:
             if auth.eq_authz_basis(client_authorization):
                 auth.is_authorized = client_authorization.is_authorized
 
-        user_authorizations[client_authorization.client_id].append(client_authorization)
+        user_authorizations[client_authorization.client_id].append(
+                                            client_authorization)
 
 
@@ -58 +65 @@
         if user_authorizations:
             client_authorizations = user_authorizations.get(client_id, [])
-            # Assume small number of authorization types per user/client (probably typically one).
+            # Assume small number of authorization types per user/client 
+            # (probably typically one).
             for auth in client_authorizations:
                 if auth.eq_authz_basis(client_authorization):

trunk/ndg_oauth/ndg_oauth_server/ndg/oauth/server/lib/register/register_base.py

@@ -33 +33 @@
             'cache.expire': config.get(base + 'expire', None),
             'cache.type': config.get(base + 'type', 'file'),
-            'cache.data_dir': config.get(base + 'data_dir', '/tmp/ndgoauth/cache/' + name),
+            'cache.data_dir': config.get(base + 'data_dir', 
+                                         '/tmp/ndgoauth/cache/' + name),
             'cache.lock_dir': config.get(base + 'lock_dir', None)
             }

trunk/ndg_oauth/ndg_oauth_server/ndg/oauth/server/wsgi/oauth2_server.py

@@ -223 +223 @@
             log.debug("%s not in environ - authentication required",
                       self.user_identifier_env_key)
-            start_response(self._get_http_status_string(httplib.UNAUTHORIZED), [])
+            start_response(self._get_http_status_string(httplib.UNAUTHORIZED), 
+                           [])
             return []
 
         # User authorization for the client is also required.
-        (client_authorized, authz_uri) = self._check_client_authorization(user, req)
+        (client_authorized, authz_uri) = self._check_client_authorization(user, 
+                                                                          req)
         if authz_uri:
             log.debug("Redirecting to %s", authz_uri)
@@ -238 +240 @@
         (redirect_uri, 
          error, 
-         error_description) = self._authorizationServer.authorize(req, 
+         error_description) = self._authorizationServer.authorize(
+                                                            req, 
                                                             client_authorized)
         if error:
@@ -392 +395 @@
 
         if status == httplib.OK:
-            (token, status,
-                error) = self._authorizationServer.get_registered_token(req, dn)
+            (token, 
+             status,
+             error) = self._authorizationServer.get_registered_token(req, dn)
 
         if status == httplib.OK: