66 lines
2.3 KiB
Python
66 lines
2.3 KiB
Python
|
import flask
|
||
|
from flask import Blueprint, redirect, request
|
||
|
from flask import current_app, session
|
||
|
from flask import jsonify
|
||
|
from flask.helpers import make_response
|
||
|
from flask.templating import render_template
|
||
|
from oic.oic.message import TokenErrorResponse, UserInfoErrorResponse, EndSessionRequest
|
||
|
|
||
|
from pyop.access_token import AccessToken, BearerTokenError
|
||
|
from pyop.exceptions import InvalidAuthenticationRequest, InvalidAccessToken, InvalidClientAuthentication, OAuthError, \
|
||
|
InvalidSubjectIdentifier, InvalidClientRegistrationRequest
|
||
|
from pyop.util import should_fragment_encode
|
||
|
|
||
|
from flask import Blueprint, render_template, request, url_for
|
||
|
from flask_login import login_required, login_user, logout_user
|
||
|
from werkzeug.utils import redirect
|
||
|
import logging
|
||
|
from urllib.parse import urlparse
|
||
|
from base64 import b64decode, b64encode
|
||
|
import ory_hydra_client as hydra
|
||
|
from requests_oauthlib.oauth2_session import OAuth2Session
|
||
|
import requests
|
||
|
|
||
|
from ..model import User, SecurityUser
|
||
|
from ..model_db import User as DbUser
|
||
|
from ..form.login import LoginForm
|
||
|
from ..auth_providers import LdapAuthProvider
|
||
|
|
||
|
|
||
|
api_views = Blueprint('api', __name__, url_prefix='/api')
|
||
|
|
||
|
@api_views.route('/userinfo', methods=['GET', 'POST'])
|
||
|
def userinfo():
|
||
|
token = request.headers['authorization'].replace('Bearer ', '')
|
||
|
token_info = current_app.hydra_api.introspect_o_auth2_token(token=token)
|
||
|
|
||
|
user_db = DbUser.query.get(token_info.sub)
|
||
|
user = User.query().by_username(user_db.username)
|
||
|
|
||
|
r = requests.get(
|
||
|
"http://127.0.0.1:4444/userinfo",
|
||
|
headers={
|
||
|
'authorization': request.headers['authorization']})
|
||
|
userinfo = r.json()
|
||
|
scopes = token_info.scope.split(' ')
|
||
|
if 'email' in scopes:
|
||
|
userinfo['email'] = str(user.email)
|
||
|
if 'profile' in scopes:
|
||
|
userinfo['username'] = str(user.username)
|
||
|
print(userinfo)
|
||
|
return jsonify(userinfo)
|
||
|
|
||
|
|
||
|
@api_views.route('/users', methods=['GET'])
|
||
|
def user_list():
|
||
|
if 'authorization' not in request.headers:
|
||
|
return '', 403
|
||
|
token = request.headers['authorization'].replace('Bearer ', '')
|
||
|
token_info = current_app.hydra_api.introspect_o_auth2_token(token=token)
|
||
|
|
||
|
if 'lc_i_userlist' not in token_info.scope.split(' '):
|
||
|
return '', 403
|
||
|
|
||
|
return jsonify([{'username': str(user.username), 'email': str(user.email)}
|
||
|
for user in User.query().all()])
|