1 |
# -*- coding utf-8 -*- |
2 |
# classes/models/client.py |
3 |
# class:: Client |
4 |
|
5 |
from datetime import datetime, timedelta |
6 |
from flask import current_app |
7 |
|
8 |
from swtstore.classes.database import db |
9 |
from swtstore.classes.models.um import User |
10 |
from swtstore.classes import oauth |
11 |
|
12 |
class Client(db.Model): |
13 |
""" |
14 |
The third-party application registering with the platform |
15 |
""" |
16 |
|
17 |
__tablename__ = 'clients' |
18 |
|
19 |
id = db.Column(db.String(40), primary_key=True) |
20 |
|
21 |
client_secret = db.Column(db.String(55), nullable=False) |
22 |
|
23 |
name = db.Column(db.String(60), nullable=False) |
24 |
|
25 |
description = db.Column(db.String(400)) |
26 |
|
27 |
# creator of the client application |
28 |
user_id = db.Column(db.ForeignKey('users.id')) |
29 |
creator = db.relationship('User') |
30 |
|
31 |
_is_private = db.Column(db.Boolean) |
32 |
|
33 |
_host_url = db.Column(db.String(60)) |
34 |
|
35 |
_redirect_uris = db.Column(db.Text) |
36 |
_default_scopes = db.Column(db.Text) |
37 |
|
38 |
|
39 |
@property |
40 |
def client_id(self): |
41 |
return self.id |
42 |
|
43 |
@property |
44 |
def client_type(self): |
45 |
if self._is_private: |
46 |
return 'private' |
47 |
return 'public' |
48 |
|
49 |
@property |
50 |
def host_url(self): |
51 |
return self._host_url |
52 |
|
53 |
@property |
54 |
def redirect_uris(self): |
55 |
if self._redirect_uris: |
56 |
return self._redirect_uris.split() |
57 |
return [] |
58 |
|
59 |
@property |
60 |
def default_redirect_uri(self): |
61 |
return self.redirect_uris[0] |
62 |
|
63 |
@property |
64 |
def default_scopes(self): |
65 |
if self._default_scopes: |
66 |
return self._default_scopes.split() |
67 |
return [] |
68 |
|
69 |
def __repr__(self): |
70 |
return '<Client: %s :: ID: %s>' % (self.name, self.id) |
71 |
|
72 |
def __str__(self): |
73 |
return '<Client: %s :: ID: %s>' % (self.name, self.id) |
74 |
|
75 |
|
76 |
# create and persist the client to the database |
77 |
def persist(self): |
78 |
db.session.add(self) |
79 |
db.session.commit() |
80 |
|
81 |
@staticmethod |
82 |
def getClientsByCreator(user_id): |
83 |
clients = Client.query.filter_by(user_id=user_id) |
84 |
return [each for each in clients] |
85 |
|
86 |
|
87 |
class Grant(db.Model): |
88 |
""" |
89 |
A grant token is created in the authorization flow, and will be |
90 |
destroyed when the authorization finished. In this case, it would be better |
91 |
to store the data in a cache, which would benefit a better performance. |
92 |
""" |
93 |
#TODO: this would perform better if its only in the cache. and not in a db. |
94 |
|
95 |
__tablename__ = 'grants' |
96 |
|
97 |
id = db.Column(db.Integer, primary_key=True) |
98 |
user_id = db.Column(db.Integer, db.ForeignKey('users.id', |
99 |
ondelete='CASCADE')) |
100 |
user = db.relationship('User') |
101 |
|
102 |
client_id = db.Column(db.String(40), db.ForeignKey('clients.id'), |
103 |
nullable=False) |
104 |
client = db.relationship('Client') |
105 |
|
106 |
code = db.Column(db.String(255), index=True, nullable=False) |
107 |
|
108 |
redirect_uri = db.Column(db.String(255)) |
109 |
expires = db.Column(db.DateTime) |
110 |
|
111 |
_scopes = db.Column(db.Text) |
112 |
|
113 |
@property |
114 |
def scopes(self): |
115 |
if self._scopes: |
116 |
return self._scopes.split() |
117 |
return [] |
118 |
|
119 |
def delete(self): |
120 |
db.session.delete(self) |
121 |
db.session.commit() |
122 |
|
123 |
|
124 |
class Token(db.Model): |
125 |
""" |
126 |
The final token to be used by a client |
127 |
""" |
128 |
|
129 |
__tablename__ = 'tokens' |
130 |
|
131 |
id = db.Column(db.Integer, primary_key=True) |
132 |
|
133 |
client_id = db.Column(db.String(40), db.ForeignKey('clients.id'), |
134 |
nullable=False) |
135 |
client = db.relationship('Client') |
136 |
user_id = db.Column(db.Integer, db.ForeignKey('users.id')) |
137 |
user = db.relationship('User') |
138 |
|
139 |
token_type = db.Column(db.String(40)) |
140 |
|
141 |
access_token = db.Column(db.String(255), unique=True) |
142 |
refresh_token = db.Column(db.String(255), unique=True) |
143 |
expires = db.Column(db.DateTime) |
144 |
_scopes = db.Column(db.Text) |
145 |
|
146 |
@property |
147 |
def scopes(self): |
148 |
if self._scopes: |
149 |
return self._scopes.split() |
150 |
return [] |
151 |
|
152 |
|
153 |
|
154 |
#TODO: find out how to better structure the following code |
155 |
|
156 |
# OAuthLib decorators used by OAuthLib in the OAuth flow |
157 |
|
158 |
@oauth.clientgetter |
159 |
def loadClient(client_id): |
160 |
current_app.logger.debug('@oauth.clientgetter') |
161 |
#return Client.query.filter_by(id=client_id).first() |
162 |
return Client.query.get(client_id) |
163 |
|
164 |
@oauth.grantgetter |
165 |
def loadGrant(client_id, code): |
166 |
current_app.logger.debug('@oauth.grantgetter') |
167 |
return Grant.query.filter_by(client_id=client_id, code=code).first() |
168 |
|
169 |
@oauth.grantsetter |
170 |
def saveGrant(client_id, code, request, *args, **kwargs): |
171 |
current_app.logger.debug('@oauth.grantsetter') |
172 |
expires = datetime.utcnow() + timedelta(seconds=100) |
173 |
grant = Grant( |
174 |
client_id = client_id, |
175 |
code = code['code'], |
176 |
redirect_uri = request.redirect_uri, |
177 |
_scopes = ' '.join(request.scopes), |
178 |
user = User.getCurrentUser(), |
179 |
expires = expires |
180 |
) |
181 |
db.session.add(grant) |
182 |
db.session.commit() |
183 |
return grant |
184 |
|
185 |
@oauth.tokengetter |
186 |
def loadToken(access_token=None, refresh_token=None): |
187 |
current_app.logger.debug('@oauth.tokengetter') |
188 |
if access_token: |
189 |
return Token.query.filter_by(access_token=access_token).first() |
190 |
elif refresh_token: |
191 |
return Token.query.filter_by(refresh_token=refresh_token).first() |
192 |
|
193 |
@oauth.tokensetter |
194 |
def saveToken(token, request, *args, **kwargs): |
195 |
current_app.logger.debug('@oauth.tokensetter') |
196 |
|
197 |
toks = Token.query.filter_by(client_id=request.client.id, |
198 |
user_id=request.user.id) |
199 |
# make sure that every client has only one token connected to a user |
200 |
for t in toks: |
201 |
db.session.delete(t) |
202 |
|
203 |
expires_in = token.pop('expires_in') |
204 |
expires = datetime.utcnow() + timedelta(seconds=expires_in) |
205 |
|
206 |
tok = Token( |
207 |
access_token = token['access_token'], |
208 |
refresh_token = token['refresh_token'], |
209 |
token_type = token['token_type'], |
210 |
_scopes = token['scope'], |
211 |
expires = expires, |
212 |
client_id = request.client.id, |
213 |
user = request.user |
214 |
) |
215 |
db.session.add(tok) |
216 |
db.session.commit() |
217 |
return tok |
218 |
|
219 |
@oauth.usergetter |
220 |
def getUser(): |
221 |
return User.getCurrentUser() |