Source code for invenio_oauth2server.validators
# -*- coding: utf-8 -*-
#
# This file is part of Invenio.
# Copyright (C) 2015-2018 CERN.
#
# Invenio is free software; you can redistribute it and/or modify it
# under the terms of the MIT License; see LICENSE file for more details.
"""Validators for OAuth 2.0 redirect URIs and scopes."""
from __future__ import absolute_import, print_function
from flask import current_app
from oauthlib.oauth2.rfc6749.errors import InsecureTransportError, \
InvalidRedirectURIError
from six.moves.urllib_parse import urlparse
from wtforms.validators import URL
from .errors import ScopeDoesNotExists
from .proxies import current_oauth2server
[docs]def validate_redirect_uri(value):
"""Validate a redirect URI.
Redirect URIs must be a valid URL and use https unless the host is
localhost for which http is accepted.
:param value: The redirect URI.
"""
sch, netloc, path, par, query, fra = urlparse(value)
if not (sch and netloc):
raise InvalidRedirectURIError()
if sch != 'https':
if ':' in netloc:
netloc, port = netloc.split(':', 1)
if not (netloc in ('localhost', '127.0.0.1') and sch == 'http'):
raise InsecureTransportError()
[docs]def validate_scopes(value_list):
"""Validate if each element in a list is a registered scope.
:param value_list: The list of scopes.
:raises invenio_oauth2server.errors.ScopeDoesNotExists: The exception is
raised if a scope is not registered.
:returns: ``True`` if it's successfully validated.
"""
for value in value_list:
if value not in current_oauth2server.scopes:
raise ScopeDoesNotExists(value)
return True
[docs]class URLValidator(URL):
"""URL validator."""
def __call__(self, form, field):
"""Check URL."""
parsed = urlparse(field.data)
if current_app.debug and parsed.hostname == 'localhost':
return
super(URLValidator, self).__call__(form=form, field=field)