Implement a client_credentials process for read

This commit is contained in:
Andrew Godwin 2023-03-06 15:48:43 -07:00
parent 05992d6553
commit 5ea3d5d143
2 changed files with 20 additions and 12 deletions

View File

@ -17,13 +17,17 @@ class ApiTokenMiddleware:
request.token = None request.token = None
if auth_header and auth_header.startswith("Bearer "): if auth_header and auth_header.startswith("Bearer "):
token_value = auth_header[7:] token_value = auth_header[7:]
try: if token_value == "__app__":
token = Token.objects.get(token=token_value, revoked=None) # Special client app token value
except Token.DoesNotExist: pass
return HttpResponse("Invalid Bearer token", status=400) else:
request.user = token.user try:
request.identity = token.identity token = Token.objects.get(token=token_value, revoked=None)
request.token = token except Token.DoesNotExist:
return HttpResponse("Invalid Bearer token", status=400)
request.user = token.user
request.identity = token.identity
request.token = token
request.session = None request.session = None
response = self.get_response(request) response = self.get_response(request)
return response return response

View File

@ -1,6 +1,7 @@
import base64 import base64
import json import json
import secrets import secrets
import time
from urllib.parse import urlparse, urlunparse from urllib.parse import urlparse, urlunparse
from django.contrib.auth.mixins import LoginRequiredMixin from django.contrib.auth.mixins import LoginRequiredMixin
@ -169,13 +170,16 @@ class TokenView(View):
return JsonResponse({"error": "invalid_grant_type"}, status=400) return JsonResponse({"error": "invalid_grant_type"}, status=400)
if grant_type == "client_credentials": if grant_type == "client_credentials":
# TODO: Implement client credentials flow # We don't support individual client credential tokens, but instead
# just have a fixed one (since anyone can register an app at any
# time anyway)
return JsonResponse( return JsonResponse(
{ {
"error": "invalid_grant_type", "access_token": "__app__",
"error_description": "client credential flow not implemented", "token_type": "Bearer",
}, "scope": "read",
status=400, "created_at": int(time.time()),
}
) )
elif grant_type == "authorization_code": elif grant_type == "authorization_code":
code = post_data.get("code") code = post_data.get("code")