askiiart/microblog.pub
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

More IndieAuth tweaks

Browse source
This commit is contained in:
Thomas Sileo 2019-05-02 01:19:01 +02:00
parent 17b1779d82
commit 23c8ca0c5a
1 changed files with 27 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
app.py
View file

@ -2202,7 +2202,13 @@ def indieauth_endpoint():
"client_id": client_id,
"verified": False,
},
{"$set": {"verified": True, "action": "login"}},
{
"$set": {
"verified": True,
"verified_by": "login",
"verified_at": datetime.now().timestamp(),
}
},
)
print(auth)
print(code, redirect_uri, client_id)
@ -2232,6 +2238,9 @@ def token_endpoint():
redirect_uri = request.form.get("redirect_uri")
client_id = request.form.get("client_id")
now = datetime.now()
# This query ensure code, client_id, redirect_uri and me are matching with the code request
auth = DB.indieauth.find_one_and_update(
{
"code": code,
@ -2240,17 +2249,28 @@ def token_endpoint():
"client_id": client_id,
"verified": False,
},
{"$set": {"verified": True, "action": "token"}},
{
"$set": {
"verified": True,
"verified_by": "token",
"verified_at": now.timestamp(),
}
},
)
if not auth:
abort(403)
now = datetime.now()
scope = auth["scope"].split()
# Ensure there's at least one scope
if not len(scope):
abort(400)
# Ensure the code is recent
if (now - datetime.fromtimestamp(auth["ts"])) > timedelta(minutes=5):
abort(400)
scope = auth["scope"].split()
payload = dict(me=me, client_id=client_id, scope=scope, ts=now.timestamp())
token = JWT.dumps(payload).decode("utf-8")
DB.indieauth.update_one(
@ -2275,7 +2295,9 @@ def token_endpoint():
abort(403)
# Check the token expritation (valid for 3 hours)
if (datetime.now() - datetime.fromtimestamp(payload["ts"])) > timedelta(minutes=180):
if (datetime.now() - datetime.fromtimestamp(payload["ts"])) > timedelta(
minutes=180
):
abort(401)
return build_auth_resp(