about summary refs log tree commit diff
path: root/gn2/wqflask/oauth2/toplevel.py
diff options
context:
space:
mode:
Diffstat (limited to 'gn2/wqflask/oauth2/toplevel.py')
-rw-r--r--gn2/wqflask/oauth2/toplevel.py57
1 files changed, 57 insertions, 0 deletions
diff --git a/gn2/wqflask/oauth2/toplevel.py b/gn2/wqflask/oauth2/toplevel.py
new file mode 100644
index 00000000..65f60067
--- /dev/null
+++ b/gn2/wqflask/oauth2/toplevel.py
@@ -0,0 +1,57 @@
+"""Authentication endpoints."""
+from uuid import UUID
+from urllib.parse import urljoin, urlparse, urlunparse
+from flask import (
+    flash, request, Blueprint, url_for, redirect, render_template,
+    current_app as app)
+
+from . import session
+from .client import SCOPE, no_token_post
+from .checks import require_oauth2, user_logged_in
+from .request_utils import user_details, process_error
+
+toplevel = Blueprint("toplevel", __name__)
+
+@toplevel.route("/register-client", methods=["GET", "POST"])
+@require_oauth2
+def register_client():
+    """Register an OAuth2 client."""
+    return "USER IS LOGGED IN AND SUCCESSFULLY ACCESSED THIS ENDPOINT!"
+
+@toplevel.route("/code", methods=["GET"])
+def authorisation_code():
+    """Use authorisation code to get token."""
+    def __error__(error):
+        flash(f"{error['error']}: {error['error_description']}",
+              "alert-danger")
+        return redirect("/")
+
+    def __success__(token):
+        session.set_user_token(token)
+        udets = user_details()
+        session.set_user_details({
+            "user_id": UUID(udets["user_id"]),
+            "name": udets["name"],
+            "email": udets["email"],
+            "token": session.user_token(),
+            "logged_in": True
+        })
+        return redirect("/")
+
+    code = request.args.get("code", "")
+    if bool(code):
+        base_url = urlparse(request.base_url, scheme=request.scheme)
+        request_data = {
+            "grant_type": "authorization_code",
+            "code": code,
+            "scope": SCOPE,
+            "redirect_uri": urljoin(
+                urlunparse(base_url),
+                url_for("oauth2.toplevel.authorisation_code")),
+            "client_id": app.config["OAUTH2_CLIENT_ID"]
+        }
+        return no_token_post(
+            "auth/token", data=request_data).either(
+                lambda err: __error__(process_error(err)), __success__)
+    flash("AuthorisationError: No code was provided.", "alert-danger")
+    return redirect("/")
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-11-20 09:52:54 +0000