From 5ea3d5d14372bccf6f571a6e6d41451a2a3e7a07 Mon Sep 17 00:00:00 2001 From: Andrew Godwin Date: Mon, 6 Mar 2023 15:48:43 -0700 Subject: [PATCH] Implement a client_credentials process for read --- api/middleware.py | 18 +++++++++++------- api/views/oauth.py | 14 +++++++++----- 2 files changed, 20 insertions(+), 12 deletions(-) diff --git a/api/middleware.py b/api/middleware.py index ae3c44a..cea8238 100644 --- a/api/middleware.py +++ b/api/middleware.py @@ -17,13 +17,17 @@ class ApiTokenMiddleware: request.token = None if auth_header and auth_header.startswith("Bearer "): token_value = auth_header[7:] - try: - token = Token.objects.get(token=token_value, revoked=None) - except Token.DoesNotExist: - return HttpResponse("Invalid Bearer token", status=400) - request.user = token.user - request.identity = token.identity - request.token = token + if token_value == "__app__": + # Special client app token value + pass + else: + try: + token = Token.objects.get(token=token_value, revoked=None) + except Token.DoesNotExist: + return HttpResponse("Invalid Bearer token", status=400) + request.user = token.user + request.identity = token.identity + request.token = token request.session = None response = self.get_response(request) return response diff --git a/api/views/oauth.py b/api/views/oauth.py index 161e18a..4d3b213 100644 --- a/api/views/oauth.py +++ b/api/views/oauth.py @@ -1,6 +1,7 @@ import base64 import json import secrets +import time from urllib.parse import urlparse, urlunparse from django.contrib.auth.mixins import LoginRequiredMixin @@ -169,13 +170,16 @@ class TokenView(View): return JsonResponse({"error": "invalid_grant_type"}, status=400) if grant_type == "client_credentials": - # TODO: Implement client credentials flow + # We don't support individual client credential tokens, but instead + # just have a fixed one (since anyone can register an app at any + # time anyway) return JsonResponse( { - "error": "invalid_grant_type", - "error_description": "client credential flow not implemented", - }, - status=400, + "access_token": "__app__", + "token_type": "Bearer", + "scope": "read", + "created_at": int(time.time()), + } ) elif grant_type == "authorization_code": code = post_data.get("code")