1 # GNU MediaGoblin -- federated, autonomous media hosting
2 # Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
4 # This program is free software: you can redistribute it and/or modify
5 # it under the terms of the GNU Affero General Public License as published by
6 # the Free Software Foundation, either version 3 of the License, or
7 # (at your option) any later version.
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU Affero General Public License for more details.
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
19 from mediagoblin
.meddleware
.csrf
import csrf_exempt
20 from mediagoblin
.tools
.response
import json_response
21 from mediagoblin
.tools
.crypto
import random_string
22 from mediagoblin
.db
.models
import Client
24 # possible client types
25 client_types
= ["web", "native"] # currently what pump supports
28 def client_register(request
):
29 """ Endpoint for client registration """
30 data
= request
.get_data()
31 if request
.content_type
== "application/json":
33 data
= json
.loads(data
)
35 return json_response({"error":"Could not decode JSON"})
37 return json_response({"error":"Unknown Content-Type"}, status
=400)
39 if "type" not in data
:
40 return json_response({"error":"No registration type provided"}, status
=400)
42 if "application_type" not in data
or data
["application_type"] not in client_types
:
43 return json_response({"error":"Unknown application_type."}, status
=400)
45 client_type
= data
["type"]
47 if client_type
== "client_update":
49 if "client_id" not in data
:
50 return json_response({"error":"client_id is required to update."}, status
=400)
51 elif "client_secret" not in data
:
52 return json_response({"error":"client_secret is required to update."}, status
=400)
54 client
= Client
.query
.filter_by(id=data
["client_id"], secret
=data
["client_secret"]).all()
57 return json_response({"error":"Unauthorized.", status
=403)
59 client
.logo_url
= data
.get("logo_url", client
.logo_url
)
60 client
.application_name
= data
.get("application_name", client
.application_name
)
61 app_name
= ("application_type", client
.application_name
)
62 if app_name
in client_types
:
63 client
.application_name
= app_name
67 expirey
= 0 if client
.expirey
is None else client
.expirey
71 "client_id":client
.id,
72 "client_secret":client
.secret
,
76 elif client_type
== "client_associate":
78 if "client_id" in data
:
79 return json_response({"error":"Only set client_id for update."}, status
=400)
80 elif "access_token" in data
:
81 return json_response({"error":"access_token not needed for registration."}, status
=400)
82 elif "client_secret" in data
:
83 return json_response({"error":"Only set client_secret for update."}, status
=400)
85 # generate the client_id and client_secret
86 client_id
= random_string(22) # seems to be what pump uses
87 client_secret
= random_string(43) # again, seems to be what pump uses
88 expirey
= 0 # for now, lets not have it expire
89 expirey_db
= None if expirey
== 0 else expirey
96 application_type
=data
["type"],
97 logo_url
=data
.get("logo_url", None),
98 redirect_uri
=data
.get("redirect_uri", None),
99 application_type
=data
["application_type"]
103 return json_response(
105 "client_id":client_id
,
106 "client_secret":client_secret
,
107 "expires_at":expirey
,