mirror of
https://git.sr.ht/~tsileo/microblog.pub
synced 2024-11-15 11:14:28 +00:00
More IndieAuth tweaks
This commit is contained in:
Thomas Sileo
parent
17b1779d82
commit
23c8ca0c5a
1 changed files with 27 additions and 5 deletions
32
app.py
32
app.py
|
|
@ -2202,7 +2202,13 @@ def indieauth_endpoint():
|
||||||
"client_id": client_id,
|
"client_id": client_id,
|
||||||
"verified": False,
|
"verified": False,
|
||||||
},
|
},
|
||||||
{"$set": {"verified": True, "action": "login"}},
|
{
|
||||||
|
"$set": {
|
||||||
|
"verified": True,
|
||||||
|
"verified_by": "login",
|
||||||
|
"verified_at": datetime.now().timestamp(),
|
||||||
|
}
|
||||||
|
},
|
||||||
)
|
)
|
||||||
print(auth)
|
print(auth)
|
||||||
print(code, redirect_uri, client_id)
|
print(code, redirect_uri, client_id)
|
||||||
|
|
@ -2232,6 +2238,9 @@ def token_endpoint():
|
||||||
redirect_uri = request.form.get("redirect_uri")
|
redirect_uri = request.form.get("redirect_uri")
|
||||||
client_id = request.form.get("client_id")
|
client_id = request.form.get("client_id")
|
||||||
|
|
||||||
|
now = datetime.now()
|
||||||
|
|
||||||
|
# This query ensure code, client_id, redirect_uri and me are matching with the code request
|
||||||
auth = DB.indieauth.find_one_and_update(
|
auth = DB.indieauth.find_one_and_update(
|
||||||
{
|
{
|
||||||
"code": code,
|
"code": code,
|
||||||
|
|
@ -2240,17 +2249,28 @@ def token_endpoint():
|
||||||
"client_id": client_id,
|
"client_id": client_id,
|
||||||
"verified": False,
|
"verified": False,
|
||||||
},
|
},
|
||||||
{"$set": {"verified": True, "action": "token"}},
|
{
|
||||||
|
"$set": {
|
||||||
|
"verified": True,
|
||||||
|
"verified_by": "token",
|
||||||
|
"verified_at": now.timestamp(),
|
||||||
|
}
|
||||||
|
},
|
||||||
)
|
)
|
||||||
|
|
||||||
if not auth:
|
if not auth:
|
||||||
abort(403)
|
abort(403)
|
||||||
|
|
||||||
now = datetime.now()
|
scope = auth["scope"].split()
|
||||||
|
|
||||||
|
# Ensure there's at least one scope
|
||||||
|
if not len(scope):
|
||||||
|
abort(400)
|
||||||
|
|
||||||
# Ensure the code is recent
|
# Ensure the code is recent
|
||||||
if (now - datetime.fromtimestamp(auth["ts"])) > timedelta(minutes=5):
|
if (now - datetime.fromtimestamp(auth["ts"])) > timedelta(minutes=5):
|
||||||
abort(400)
|
abort(400)
|
||||||
|
|
||||||
scope = auth["scope"].split()
|
|
||||||
payload = dict(me=me, client_id=client_id, scope=scope, ts=now.timestamp())
|
payload = dict(me=me, client_id=client_id, scope=scope, ts=now.timestamp())
|
||||||
token = JWT.dumps(payload).decode("utf-8")
|
token = JWT.dumps(payload).decode("utf-8")
|
||||||
DB.indieauth.update_one(
|
DB.indieauth.update_one(
|
||||||
|
|
@ -2275,7 +2295,9 @@ def token_endpoint():
|
||||||
abort(403)
|
abort(403)
|
||||||
|
|
||||||
# Check the token expritation (valid for 3 hours)
|
# Check the token expritation (valid for 3 hours)
|
||||||
if (datetime.now() - datetime.fromtimestamp(payload["ts"])) > timedelta(minutes=180):
|
if (datetime.now() - datetime.fromtimestamp(payload["ts"])) > timedelta(
|
||||||
|
minutes=180
|
||||||
|
):
|
||||||
abort(401)
|
abort(401)
|
||||||
|
|
||||||
return build_auth_resp(
|
return build_auth_resp(
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue