swtstore/classes/models/client.py - sweet-web-engine in Sweet web

# -*- coding utf-8 -*-
# classes/models/client.py
# class:: Client

from datetime import datetime, timedelta
from flask import current_app

from swtstore.classes.database import db
from swtstore.classes.models import User
from swtstore.classes import oauth


class Client(db.Model):
    """
    The third-party application registering with the platform
    """

    __tablename__ = 'clients'

    id = db.Column(db.String(40), primary_key=True)

    client_secret = db.Column(db.String(55), nullable=False)

    name = db.Column(db.String(60), nullable=False)

    description = db.Column(db.String(400))

    # creator of the client application
    user_id = db.Column(db.ForeignKey('users.id'))
    creator = db.relationship('User')

    _is_private = db.Column(db.Boolean)

    _host_url = db.Column(db.String(60))

    _redirect_uris = db.Column(db.Text)
    _default_scopes = db.Column(db.Text)


    @property
    def client_id(self):
        return self.id

    @property
    def client_type(self):
        if self._is_private:
            return 'private'
        return 'public'

    @property
    def host_url(self):
        return self._host_url

    @property
    def redirect_uris(self):
        if self._redirect_uris:
            return self._redirect_uris.split()
        return []

    @property
    def default_redirect_uri(self):
        return self.redirect_uris[0]

    @property
    def default_scopes(self):
        if self._default_scopes:
            return self._default_scopes.split()
        return []

    def __repr__(self):
        return '<Client: %s :: ID: %s>' % (self.name, self.id)

    def __str__(self):
        return '<Client: %s :: ID: %s>' % (self.name, self.id)


    # create and persist the client to the database
    def persist(self):
        db.session.add(self)
        db.session.commit()

    @staticmethod
    def getClientsByCreator(user_id):
        clients = Client.query.filter_by(user_id=user_id)
        return [each for each in clients]


class Grant(db.Model):
    """
    A grant token is created in the authorization flow, and will be
    destroyed when the authorization finished. In this case, it would be better
    to store the data in a cache, which would benefit a better performance.
    """
    #TODO: this would perform better if its only in the cache. and not in a db.

    __tablename__ = 'grants'

    id = db.Column(db.Integer, primary_key=True)
    user_id = db.Column(db.Integer, db.ForeignKey('users.id',
                                                  ondelete='CASCADE'))
    user = db.relationship('User')

    client_id = db.Column(db.String(40), db.ForeignKey('clients.id'),
                          nullable=False)
    client = db.relationship('Client')

    code = db.Column(db.String(255), index=True, nullable=False)

    redirect_uri = db.Column(db.String(255))
    expires = db.Column(db.DateTime)

    _scopes = db.Column(db.Text)

    @property
    def scopes(self):
        if self._scopes:
            return self._scopes.split()
        return []

    def delete(self):
        db.session.delete(self)
        db.session.commit()


class Token(db.Model):
    """
    The final token to be used by a client
    """

    __tablename__ = 'tokens'

    id = db.Column(db.Integer, primary_key=True)

    client_id = db.Column(db.String(40), db.ForeignKey('clients.id'),
                          nullable=False)
    client = db.relationship('Client')
    user_id = db.Column(db.Integer, db.ForeignKey('users.id'))
    user = db.relationship('User')

    token_type = db.Column(db.String(40))

    access_token = db.Column(db.String(255), unique=True)
    refresh_token = db.Column(db.String(255), unique=True)
    expires = db.Column(db.DateTime)
    _scopes = db.Column(db.Text)

    @property
    def scopes(self):
        if self._scopes:
            return self._scopes.split()
        return []



#TODO: find out how to better structure the following code

# OAuthLib decorators used by OAuthLib in the OAuth flow

@oauth.clientgetter
def loadClient(client_id):
    current_app.logger.debug('@oauth.clientgetter')
    #return Client.query.filter_by(id=client_id).first()
    return Client.query.get(client_id)

@oauth.grantgetter
def loadGrant(client_id, code):
    current_app.logger.debug('@oauth.grantgetter')
    return Grant.query.filter_by(client_id=client_id, code=code).first()

@oauth.grantsetter
def saveGrant(client_id, code, request, *args, **kwargs):
    current_app.logger.debug('@oauth.grantsetter')
    expires = datetime.utcnow() + timedelta(seconds=100)
    grant = Grant(
        client_id = client_id,
        code = code['code'],
        redirect_uri = request.redirect_uri,
        _scopes = ' '.join(request.scopes),
        user = User.getCurrentUser(),
        expires = expires
    )
    db.session.add(grant)
    db.session.commit()
    return grant

@oauth.tokengetter
def loadToken(access_token=None, refresh_token=None):
    current_app.logger.debug('@oauth.tokengetter')
    if access_token:
        return Token.query.filter_by(access_token=access_token).first()
    elif refresh_token:
        return Token.query.filter_by(refresh_token=refresh_token).first()

@oauth.tokensetter
def saveToken(token, request, *args, **kwargs):
    current_app.logger.debug('@oauth.tokensetter')

    toks = Token.query.filter_by(client_id=request.client.id,
                                 user_id=request.user.id)
    # make sure that every client has only one token connected to a user
    for t in toks:
        db.session.delete(t)

    expires_in = token.pop('expires_in')
    expires = datetime.utcnow() + timedelta(seconds=expires_in)

    tok = Token(
        access_token = token['access_token'],
        refresh_token = token['refresh_token'],
        token_type = token['token_type'],
        _scopes = token['scope'],
        expires = expires,
        client_id = request.client.id,
        user = request.user
    )
    db.session.add(tok)
    db.session.commit()
    return tok

@oauth.usergetter
def getUser():
    return User.getCurrentUser()



# Authorized Clients
class AuthorizedClients(db.Model):
    """
     The clients authorized by users
    """

    __tablename__ = 'authorized_clients'

    id = db.Column(db.Integer, primary_key=True)

    client_id = db.Column(db.String(40), db.ForeignKey('clients.id'),
                          nullable=False)
    client = db.relationship('Client')

    user_id = db.Column(db.Integer, db.ForeignKey('users.id'))
    user = db.relationship('User')

    def persist(self):
        db.session.add(self)
        db.session.commit()

    @staticmethod
    def revoke(**kwargs):
        user = kwargs.get('user')
        client = kwargs.get('client')
        authorization = AuthorizedClients.query.filter_by(user_id=user.id,
                                          client_id=client.client_id).first()
        current_app.logger.debug('authorization to be revoked-- %s',
                                 authorization)
        db.session.delete(authorization)
        db.session.commit()

    @staticmethod
    def getByUser(user):
        authorized_clients = [row.client for row in \
                AuthorizedClients.query.filter_by(user_id=user.id).all()]

        current_app.logger.debug('authorized clients %s', authorized_clients)

        return authorized_clients

1	# -- coding utf-8 --
2	# classes/models/client.py
3	# class:: Client
4
5	from datetime import datetime, timedelta
6	from flask import current_app
7
8	from swtstore.classes.database import db
9	from swtstore.classes.models import User
10	from swtstore.classes import oauth
11
12
13	class Client(db.Model):
14	"""
15	The third-party application registering with the platform
16	"""
17
18	__tablename__ = 'clients'
19
20	id = db.Column(db.String(40), primary_key=True)
21
22	client_secret = db.Column(db.String(55), nullable=False)
23
24	name = db.Column(db.String(60), nullable=False)
25
26	description = db.Column(db.String(400))
27
28	# creator of the client application
29	user_id = db.Column(db.ForeignKey('users.id'))
30	creator = db.relationship('User')
31
32	_is_private = db.Column(db.Boolean)
33
34	_host_url = db.Column(db.String(60))
35
36	_redirect_uris = db.Column(db.Text)
37	_default_scopes = db.Column(db.Text)
38
39
40	@property
41	def client_id(self):
42	return self.id
43
44	@property
45	def client_type(self):
46	if self._is_private:
47	return 'private'
48	return 'public'
49
50	@property
51	def host_url(self):
52	return self._host_url
53
54	@property
55	def redirect_uris(self):
56	if self._redirect_uris:
57	return self._redirect_uris.split()
58	return []
59
60	@property
61	def default_redirect_uri(self):
62	return self.redirect_uris[0]
63
64	@property
65	def default_scopes(self):
66	if self._default_scopes:
67	return self._default_scopes.split()
68	return []
69
70	def __repr__(self):
71	return '<Client: %s :: ID: %s>' % (self.name, self.id)
72
73	def __str__(self):
74	return '<Client: %s :: ID: %s>' % (self.name, self.id)
75
76
77	# create and persist the client to the database
78	def persist(self):
79	db.session.add(self)
80	db.session.commit()
81
82	@staticmethod
83	def getClientsByCreator(user_id):
84	clients = Client.query.filter_by(user_id=user_id)
85	return [each for each in clients]
86
87
88	class Grant(db.Model):
89	"""
90	A grant token is created in the authorization flow, and will be
91	destroyed when the authorization finished. In this case, it would be better
92	to store the data in a cache, which would benefit a better performance.
93	"""
94	#TODO: this would perform better if its only in the cache. and not in a db.
95
96	__tablename__ = 'grants'
97
98	id = db.Column(db.Integer, primary_key=True)
99	user_id = db.Column(db.Integer, db.ForeignKey('users.id',
100	ondelete='CASCADE'))
101	user = db.relationship('User')
102
103	client_id = db.Column(db.String(40), db.ForeignKey('clients.id'),
104	nullable=False)
105	client = db.relationship('Client')
106
107	code = db.Column(db.String(255), index=True, nullable=False)
108
109	redirect_uri = db.Column(db.String(255))
110	expires = db.Column(db.DateTime)
111
112	_scopes = db.Column(db.Text)
113
114	@property
115	def scopes(self):
116	if self._scopes:
117	return self._scopes.split()
118	return []
119
120	def delete(self):
121	db.session.delete(self)
122	db.session.commit()
123
124
125	class Token(db.Model):
126	"""
127	The final token to be used by a client
128	"""
129
130	__tablename__ = 'tokens'
131
132	id = db.Column(db.Integer, primary_key=True)
133
134	client_id = db.Column(db.String(40), db.ForeignKey('clients.id'),
135	nullable=False)
136	client = db.relationship('Client')
137	user_id = db.Column(db.Integer, db.ForeignKey('users.id'))
138	user = db.relationship('User')
139
140	token_type = db.Column(db.String(40))
141
142	access_token = db.Column(db.String(255), unique=True)
143	refresh_token = db.Column(db.String(255), unique=True)
144	expires = db.Column(db.DateTime)
145	_scopes = db.Column(db.Text)
146
147	@property
148	def scopes(self):
149	if self._scopes:
150	return self._scopes.split()
151	return []
152
153
154
155	#TODO: find out how to better structure the following code
156
157	# OAuthLib decorators used by OAuthLib in the OAuth flow
158
159	@oauth.clientgetter
160	def loadClient(client_id):
161	current_app.logger.debug('@oauth.clientgetter')
162	#return Client.query.filter_by(id=client_id).first()
163	return Client.query.get(client_id)
164
165	@oauth.grantgetter
166	def loadGrant(client_id, code):
167	current_app.logger.debug('@oauth.grantgetter')
168	return Grant.query.filter_by(client_id=client_id, code=code).first()
169
170	@oauth.grantsetter
171	def saveGrant(client_id, code, request, args, *kwargs):
172	current_app.logger.debug('@oauth.grantsetter')
173	expires = datetime.utcnow() + timedelta(seconds=100)
174	grant = Grant(
175	client_id = client_id,
176	code = code['code'],
177	redirect_uri = request.redirect_uri,
178	_scopes = ' '.join(request.scopes),
179	user = User.getCurrentUser(),
180	expires = expires
181	)
182	db.session.add(grant)
183	db.session.commit()
184	return grant
185
186	@oauth.tokengetter
187	def loadToken(access_token=None, refresh_token=None):
188	current_app.logger.debug('@oauth.tokengetter')
189	if access_token:
190	return Token.query.filter_by(access_token=access_token).first()
191	elif refresh_token:
192	return Token.query.filter_by(refresh_token=refresh_token).first()
193
194	@oauth.tokensetter
195	def saveToken(token, request, args, *kwargs):
196	current_app.logger.debug('@oauth.tokensetter')
197
198	toks = Token.query.filter_by(client_id=request.client.id,
199	user_id=request.user.id)
200	# make sure that every client has only one token connected to a user
201	for t in toks:
202	db.session.delete(t)
203
204	expires_in = token.pop('expires_in')
205	expires = datetime.utcnow() + timedelta(seconds=expires_in)
206
207	tok = Token(
208	access_token = token['access_token'],
209	refresh_token = token['refresh_token'],
210	token_type = token['token_type'],
211	_scopes = token['scope'],
212	expires = expires,
213	client_id = request.client.id,
214	user = request.user
215	)
216	db.session.add(tok)
217	db.session.commit()
218	return tok
219
220	@oauth.usergetter
221	def getUser():
222	return User.getCurrentUser()
223
224
225
226	# Authorized Clients
227	class AuthorizedClients(db.Model):
228	"""
229	The clients authorized by users
230	"""
231
232	__tablename__ = 'authorized_clients'
233
234	id = db.Column(db.Integer, primary_key=True)
235
236	client_id = db.Column(db.String(40), db.ForeignKey('clients.id'),
237	nullable=False)
238	client = db.relationship('Client')
239
240	user_id = db.Column(db.Integer, db.ForeignKey('users.id'))
241	user = db.relationship('User')
242
243	def persist(self):
244	db.session.add(self)
245	db.session.commit()
246
247	@staticmethod
248	def revoke(**kwargs):
249	user = kwargs.get('user')
250	client = kwargs.get('client')
251	authorization = AuthorizedClients.query.filter_by(user_id=user.id,
252	client_id=client.client_id).first()
253	current_app.logger.debug('authorization to be revoked-- %s',
254	authorization)
255	db.session.delete(authorization)
256	db.session.commit()
257
258	@staticmethod
259	def getByUser(user):
260	authorized_clients = [row.client for row in \
261	AuthorizedClients.query.filter_by(user_id=user.id).all()]
262
263	current_app.logger.debug('authorized clients %s', authorized_clients)
264
265	return authorized_clients

Gitorious