diff --git a/app/models.py b/app/models.py index eb0d31ee..70b9c760 100644 --- a/app/models.py +++ b/app/models.py @@ -12,7 +12,7 @@ from app import s3 from app.config import URL, MAX_NB_EMAIL_FREE_PLAN, EMAIL_DOMAIN from app.extensions import db from app.log import LOG -from app.oauth_models import ScopeE +from app.oauth_models import Scope from app.utils import convert_to_id, random_string @@ -248,9 +248,9 @@ class Client(db.Model, ModelMixin): def nb_user(self): return ClientUser.filter_by(client_id=self.id).count() - def get_scopes(self) -> [ScopeE]: + def get_scopes(self) -> [Scope]: # todo: client can choose which scopes they want to have access - return [ScopeE.NAME, ScopeE.EMAIL, ScopeE.AVATAR_URL] + return [Scope.NAME, Scope.EMAIL, Scope.AVATAR_URL] @classmethod def create_new(cls, name, user_id) -> "Client": @@ -375,22 +375,22 @@ class ClientUser(db.Model, ModelMixin): res = {"id": self.id, "client": self.client.name, "email_verified": True} for scope in self.client.get_scopes(): - if scope == ScopeE.NAME: - res[ScopeE.NAME.value] = self.user.name - elif scope == ScopeE.AVATAR_URL: + if scope == Scope.NAME: + res[Scope.NAME.value] = self.user.name + elif scope == Scope.AVATAR_URL: if self.user.profile_picture_id: - res[ScopeE.AVATAR_URL.value] = self.user.profile_picture.get_url() + res[Scope.AVATAR_URL.value] = self.user.profile_picture.get_url() else: - res[ScopeE.AVATAR_URL.value] = None - elif scope == ScopeE.EMAIL: + res[Scope.AVATAR_URL.value] = None + elif scope == Scope.EMAIL: # Use generated email if self.gen_email_id: LOG.debug( "Use gen email for user %s, client %s", self.user, self.client ) - res[ScopeE.EMAIL.value] = self.gen_email.email + res[Scope.EMAIL.value] = self.gen_email.email # Use user original email else: - res[ScopeE.EMAIL.value] = self.user.email + res[Scope.EMAIL.value] = self.user.email return res diff --git a/app/oauth/templates/oauth/authorize.html b/app/oauth/templates/oauth/authorize.html index 141dd77f..3c0fbe71 100644 --- a/app/oauth/templates/oauth/authorize.html +++ b/app/oauth/templates/oauth/authorize.html @@ -14,26 +14,27 @@ You have already authorized {{ client.name }}. -
+
+ +
{{ client.name }} has access to the following information:
- - +
{% else %}
{{ client.name }} will receive your following information: diff --git a/app/oauth/views/authorize.py b/app/oauth/views/authorize.py index 544d6aa8..998de1aa 100644 --- a/app/oauth/views/authorize.py +++ b/app/oauth/views/authorize.py @@ -17,7 +17,7 @@ from app.models import ( OauthToken, ) from app.oauth.base import oauth_bp -from app.oauth_models import get_response_types, ResponseType, ScopeE +from app.oauth_models import get_response_types, ResponseType, Scope from app.utils import random_string, encode_url @@ -77,7 +77,7 @@ def authorize(): client=client, user_info=user_info, client_user=client_user, - ScopeE=ScopeE, + Scope=Scope, ) else: # after user logs in, redirect user back to this page diff --git a/app/oauth/views/token.py b/app/oauth/views/token.py index f48f2620..eab47ef2 100644 --- a/app/oauth/views/token.py +++ b/app/oauth/views/token.py @@ -6,7 +6,7 @@ from app.log import LOG from app.models import Client, AuthorizationCode, OauthToken, ClientUser from app.oauth.base import oauth_bp from app.oauth.views.authorize import generate_access_token -from app.oauth_models import ScopeE +from app.oauth_models import Scope @oauth_bp.route("/token", methods=["POST"]) @@ -82,7 +82,7 @@ def get_access_token(): "user": user_data, } - if oauth_token.scope and ScopeE.OPENID.value in oauth_token.scope: + if oauth_token.scope and Scope.OPENID.value in oauth_token.scope: res["id_token"] = make_id_token(client_user) return jsonify(res) diff --git a/app/oauth_models.py b/app/oauth_models.py index 4f46fc5a..4dde6baf 100644 --- a/app/oauth_models.py +++ b/app/oauth_models.py @@ -4,9 +4,7 @@ from typing import Set, Union import flask -class ScopeE(enum.Enum): - """ScopeE to distinguish with Scope model""" - +class Scope(enum.Enum): EMAIL = "email" NAME = "name" OPENID = "openid" @@ -19,10 +17,10 @@ class ResponseType(enum.Enum): ID_TOKEN = "id_token" -def get_scopes(request: flask.Request) -> Set[ScopeE]: +def get_scopes(request: flask.Request) -> Set[Scope]: scope_strs = _split_arg(request.args.getlist("scope")) - return set([ScopeE(scope_str) for scope_str in scope_strs]) + return set([Scope(scope_str) for scope_str in scope_strs]) def get_response_types(request: flask.Request) -> Set[ResponseType]: diff --git a/tests/test_oauth_models.py b/tests/test_oauth_models.py index f3eade81..619a5f2d 100644 --- a/tests/test_oauth_models.py +++ b/tests/test_oauth_models.py @@ -1,7 +1,7 @@ import flask import pytest -from app.oauth_models import get_scopes, ScopeE, get_response_types, ResponseType +from app.oauth_models import get_scopes, Scope, get_response_types, ResponseType def test_get_scopes(flask_app): @@ -11,17 +11,17 @@ def test_get_scopes(flask_app): with flask_app.test_request_context("/?scope=email&scope=name"): scopes = get_scopes(flask.request) - assert scopes == {ScopeE.NAME, ScopeE.EMAIL} + assert scopes == {Scope.NAME, Scope.EMAIL} # a space between email and name with flask_app.test_request_context("/?scope=email%20name"): scopes = get_scopes(flask.request) - assert scopes == {ScopeE.NAME, ScopeE.EMAIL} + assert scopes == {Scope.NAME, Scope.EMAIL} # a comma between email and name with flask_app.test_request_context("/?scope=email,name"): scopes = get_scopes(flask.request) - assert scopes == {ScopeE.NAME, ScopeE.EMAIL} + assert scopes == {Scope.NAME, Scope.EMAIL} # non-existent scope: raise ValueError with flask_app.test_request_context("/?scope=abcd"):