aboutsummaryrefslogtreecommitdiff
path: root/gn3/auth/authentication/oauth2/grants
diff options
context:
space:
mode:
authorFrederick Muriuki Muriithi2023-05-08 16:31:38 +0300
committerFrederick Muriuki Muriithi2023-05-09 13:15:47 +0300
commit5526f0316c2714d30e47a90f81e0ff686a29042f (patch)
tree64b6422984a6e3ce8bee3850b47a16c822677073 /gn3/auth/authentication/oauth2/grants
parentf2c09dc2dc2528c75fcf5b80aa4b530a0b5eef08 (diff)
downloadgenenetwork3-5526f0316c2714d30e47a90f81e0ff686a29042f.tar.gz
auth: Implement "Authorization Code Flow"auth/implement-authorization-code-flow
Implement the "Authorization Code Flow" for the authentication of users. * gn3/auth/authentication/oauth2/grants/authorisation_code_grant.py: query and save the authorisation code. * gn3/auth/authentication/oauth2/models/authorization_code.py: Implement the `AuthorisationCode` model * gn3/auth/authentication/oauth2/models/oauth2client.py: Fix typo * gn3/auth/authentication/oauth2/server.py: Register the `AuthorisationCodeGrant` grant with the server. * gn3/auth/authentication/oauth2/views.py: Implement `/authorise` endpoint * gn3/templates/base.html: New HTML Templates of authorisation UI * gn3/templates/common-macros.html: New HTML Templates of authorisation UI * gn3/templates/oauth2/authorise-user.html: New HTML Templates of authorisation UI * main.py: Allow both "code" and "token" response types.
Diffstat (limited to 'gn3/auth/authentication/oauth2/grants')
-rw-r--r--gn3/auth/authentication/oauth2/grants/authorisation_code_grant.py48
1 files changed, 44 insertions, 4 deletions
diff --git a/gn3/auth/authentication/oauth2/grants/authorisation_code_grant.py b/gn3/auth/authentication/oauth2/grants/authorisation_code_grant.py
index d398192..f80d02e 100644
--- a/gn3/auth/authentication/oauth2/grants/authorisation_code_grant.py
+++ b/gn3/auth/authentication/oauth2/grants/authorisation_code_grant.py
@@ -1,24 +1,45 @@
"""Classes and function for Authorisation Code flow."""
import uuid
+import string
+import random
from typing import Optional
+from datetime import datetime
from flask import current_app as app
from authlib.oauth2.rfc6749 import grants
+from authlib.oauth2.rfc7636 import create_s256_code_challenge
from gn3.auth import db
+from gn3.auth.db_utils import with_db_connection
from gn3.auth.authentication.users import User
+from ..models.oauth2client import OAuth2Client
+from ..models.authorization_code import (
+ AuthorisationCode, authorisation_code, save_authorisation_code)
+
class AuthorisationCodeGrant(grants.AuthorizationCodeGrant):
"""Implement the 'Authorisation Code' grant."""
- TOKEN_ENDPOINT_AUTH_METHODS = ["client_secret_basic", "client_secret_post"]
+ TOKEN_ENDPOINT_AUTH_METHODS: list[str] = [
+ "client_secret_basic", "client_secret_post"]
+ AUTHORIZATION_CODE_LENGTH: int = 48
+ TOKEN_ENDPOINT_HTTP_METHODS = ['POST']
+ GRANT_TYPE = "authorization_code"
+ RESPONSE_TYPES = {'code'}
def save_authorization_code(self, code, request):
"""Persist the authorisation code to database."""
- raise Exception("NOT IMPLEMENTED!", self, code, request)
+ client = request.client
+ nonce = "".join(random.sample(string.ascii_letters + string.digits,
+ k=self.AUTHORIZATION_CODE_LENGTH))
+ return __save_authorization_code__(AuthorisationCode(
+ uuid.uuid4(), code, client, request.redirect_uri, request.scope,
+ nonce, int(datetime.now().timestamp()),
+ create_s256_code_challenge(app.config["SECRET_KEY"]),
+ "S256", request.user))
def query_authorization_code(self, code, client):
"""Retrieve the code from the database."""
- raise Exception("NOT IMPLEMENTED!", self, code, client)
+ return __query_authorization_code__(code, client)
def delete_authorization_code(self, authorization_code):# pylint: disable=[no-self-use]
"""Delete the authorisation code."""
@@ -36,10 +57,29 @@ class AuthorisationCodeGrant(grants.AuthorizationCodeGrant):
"WHERE authorisation_code.code=?")
with db.connection(app.config["AUTH_DB"]) as conn:
with db.cursor(conn) as cursor:
- cursor.execute(query, (str(authorization_code.user_id),))
+ cursor.execute(query, (str(authorization_code.code),))
res = cursor.fetchone()
if res:
return User(
uuid.UUID(res["user_id"]), res["email"], res["name"])
return None
+
+def __query_authorization_code__(
+ code: str, client: OAuth2Client) -> AuthorisationCode:
+ """A helper function that creates a new database connection.
+
+ This is found to be necessary since the `AuthorizationCodeGrant` class(es)
+ do not have a way to pass the database connection."""
+ def __auth_code__(conn) -> str:
+ the_code = authorisation_code(conn, code, client)
+ return the_code.maybe(None, lambda cde: cde) # type: ignore[misc, arg-type, return-value]
+
+ return with_db_connection(__auth_code__)
+
+def __save_authorization_code__(code: AuthorisationCode) -> AuthorisationCode:
+ """A helper function that creates a new database connection.
+
+ This is found to be necessary since the `AuthorizationCodeGrant` class(es)
+ do not have a way to pass the database connection."""
+ return with_db_connection(lambda conn: save_authorisation_code(conn, code))