|
|
|
@@ -10,7 +10,6 @@ from frappe.utils.response import build_response |
|
|
|
from frappe import _ |
|
|
|
from urlparse import urlparse |
|
|
|
from urllib import urlencode |
|
|
|
from frappe.integration_broker.oauth2 import oauth_server |
|
|
|
|
|
|
|
def handle(): |
|
|
|
""" |
|
|
|
@@ -37,24 +36,8 @@ def handle(): |
|
|
|
""" |
|
|
|
|
|
|
|
form_dict = frappe.local.form_dict |
|
|
|
authorization_header = frappe.get_request_header("Authorization").split(" ") if frappe.get_request_header("Authorization") else None |
|
|
|
if authorization_header and authorization_header[0].lower() == "bearer": |
|
|
|
token = authorization_header[1] |
|
|
|
r = frappe.request |
|
|
|
parsed_url = urlparse(r.url) |
|
|
|
access_token = { "access_token": token} |
|
|
|
uri = parsed_url.scheme + "://" + parsed_url.netloc + parsed_url.path + "?" + urlencode(access_token) |
|
|
|
http_method = r.method |
|
|
|
body = r.get_data() |
|
|
|
headers = r.headers |
|
|
|
|
|
|
|
required_scopes = frappe.db.get_value("OAuth Bearer Token", token, "scopes").split(";") |
|
|
|
|
|
|
|
valid, oauthlib_request = oauth_server.verify_request(uri, http_method, body, headers, required_scopes) |
|
|
|
|
|
|
|
if valid: |
|
|
|
frappe.set_user(frappe.db.get_value("OAuth Bearer Token", token, "user")) |
|
|
|
frappe.local.form_dict = form_dict |
|
|
|
validate_oauth() |
|
|
|
|
|
|
|
parts = frappe.request.path[1:].split("/",3) |
|
|
|
call = doctype = name = None |
|
|
|
@@ -146,3 +129,24 @@ def handle(): |
|
|
|
raise frappe.DoesNotExistError |
|
|
|
|
|
|
|
return build_response("json") |
|
|
|
|
|
|
|
def validate_oauth(): |
|
|
|
authorization_header = frappe.get_request_header("Authorization").split(" ") if frappe.get_request_header("Authorization") else None |
|
|
|
if authorization_header and authorization_header[0].lower() == "bearer": |
|
|
|
from frappe.integration_broker.oauth2 import oauth_server |
|
|
|
token = authorization_header[1] |
|
|
|
r = frappe.request |
|
|
|
parsed_url = urlparse(r.url) |
|
|
|
access_token = { "access_token": token} |
|
|
|
uri = parsed_url.scheme + "://" + parsed_url.netloc + parsed_url.path + "?" + urlencode(access_token) |
|
|
|
http_method = r.method |
|
|
|
body = r.get_data() |
|
|
|
headers = r.headers |
|
|
|
|
|
|
|
required_scopes = frappe.db.get_value("OAuth Bearer Token", token, "scopes").split(";") |
|
|
|
|
|
|
|
valid, oauthlib_request = oauth_server.verify_request(uri, http_method, body, headers, required_scopes) |
|
|
|
|
|
|
|
if valid: |
|
|
|
frappe.set_user(frappe.db.get_value("OAuth Bearer Token", token, "user")) |
|
|
|
frappe.local.form_dict = form_dict |
Rushabh Mehta
8 vuotta sitten