mirror of
https://github.com/jointakahe/takahe.git
synced 2024-11-21 23:01:00 +00:00
Implement a client_credentials process for read
This commit is contained in:
parent
05992d6553
commit
5ea3d5d143
2 changed files with 20 additions and 12 deletions
|
@ -17,13 +17,17 @@ class ApiTokenMiddleware:
|
|||
request.token = None
|
||||
if auth_header and auth_header.startswith("Bearer "):
|
||||
token_value = auth_header[7:]
|
||||
try:
|
||||
token = Token.objects.get(token=token_value, revoked=None)
|
||||
except Token.DoesNotExist:
|
||||
return HttpResponse("Invalid Bearer token", status=400)
|
||||
request.user = token.user
|
||||
request.identity = token.identity
|
||||
request.token = token
|
||||
if token_value == "__app__":
|
||||
# Special client app token value
|
||||
pass
|
||||
else:
|
||||
try:
|
||||
token = Token.objects.get(token=token_value, revoked=None)
|
||||
except Token.DoesNotExist:
|
||||
return HttpResponse("Invalid Bearer token", status=400)
|
||||
request.user = token.user
|
||||
request.identity = token.identity
|
||||
request.token = token
|
||||
request.session = None
|
||||
response = self.get_response(request)
|
||||
return response
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
import base64
|
||||
import json
|
||||
import secrets
|
||||
import time
|
||||
from urllib.parse import urlparse, urlunparse
|
||||
|
||||
from django.contrib.auth.mixins import LoginRequiredMixin
|
||||
|
@ -169,13 +170,16 @@ class TokenView(View):
|
|||
return JsonResponse({"error": "invalid_grant_type"}, status=400)
|
||||
|
||||
if grant_type == "client_credentials":
|
||||
# TODO: Implement client credentials flow
|
||||
# We don't support individual client credential tokens, but instead
|
||||
# just have a fixed one (since anyone can register an app at any
|
||||
# time anyway)
|
||||
return JsonResponse(
|
||||
{
|
||||
"error": "invalid_grant_type",
|
||||
"error_description": "client credential flow not implemented",
|
||||
},
|
||||
status=400,
|
||||
"access_token": "__app__",
|
||||
"token_type": "Bearer",
|
||||
"scope": "read",
|
||||
"created_at": int(time.time()),
|
||||
}
|
||||
)
|
||||
elif grant_type == "authorization_code":
|
||||
code = post_data.get("code")
|
||||
|
|
Loading…
Reference in a new issue