Hope i didn't break anything!

Author: Michael Zhang

cal.py

@@ -1,21 +1,24 @@
 import os
 
 from flask import Flask
+from flask_oauthlib.provider import OAuth2Provider
 
 import config
 import views
 from filters import filters
-from models import db, login_manager
+from models import db, login_manager, oauth
 
 app = Flask(__name__, static_url_path='')
 self_path = os.path.dirname(os.path.abspath(__file__))
 app.config.from_object(config.CalendarConfig(app_root=self_path))
 db.init_app(app)
 
 login_manager.init_app(app)
+oauth.init_app(app)
 
 app.register_blueprint(views.base.blueprint)
 app.register_blueprint(views.events.blueprint, url_prefix='/events')
+app.register_blueprint(views.oauth.blueprint, url_prefix='/oauth')
 app.register_blueprint(views.users.blueprint)
 
 app.jinja_env.trim_blocks = True

migrations/versions/8a9998406bc7_.py

@@ -0,0 +1,69 @@
+"""Add OAuth2 stuff
+
+Revision ID: 8a9998406bc7
+Revises: daf5b5301c75
+Create Date: 2016-08-25 02:37:06.559438
+
+"""
+
+# revision identifiers, used by Alembic.
+revision = '8a9998406bc7'
+down_revision = 'daf5b5301c75'
+
+from alembic import op
+import sqlalchemy as sa
+
+
+def upgrade():
+### commands auto generated by Alembic - please adjust! ###
+    op.add_column(u'events', sa.Column('_default_scopes', sa.Text(), nullable=True))
+    op.add_column(u'events', sa.Column('_redirect_uris', sa.Text(), nullable=True))
+    op.add_column(u'events', sa.Column('client_id', sa.String(length=40), nullable=True))
+    op.add_column(u'events', sa.Column('client_secret', sa.String(length=55), nullable=False))
+    op.add_column(u'events', sa.Column('is_confidential', sa.Boolean(), nullable=True))
+    op.create_index(op.f('ix_events_client_secret'), 'events', ['client_secret'], unique=True)
+    op.create_unique_constraint(None, 'events', ['client_id'])
+    op.create_table('token',
+    sa.Column('id', sa.Integer(), nullable=False),
+    sa.Column('client_id', sa.String(length=40), nullable=False),
+    sa.Column('user_id', sa.Integer(), nullable=True),
+    sa.Column('token_type', sa.String(length=40), nullable=True),
+    sa.Column('access_token', sa.String(length=255), nullable=True),
+    sa.Column('refresh_token', sa.String(length=255), nullable=True),
+    sa.Column('expires', sa.DateTime(), nullable=True),
+    sa.Column('_scopes', sa.Text(), nullable=True),
+    sa.ForeignKeyConstraint(['client_id'], ['events.client_id'], ),
+    sa.ForeignKeyConstraint(['user_id'], ['users.id'], ),
+    sa.PrimaryKeyConstraint('id'),
+    sa.UniqueConstraint('access_token'),
+    sa.UniqueConstraint('refresh_token')
+    )
+    op.create_table('grant',
+    sa.Column('id', sa.Integer(), nullable=False),
+    sa.Column('user_id', sa.Integer(), nullable=True),
+    sa.Column('client_id', sa.String(length=40), nullable=False),
+    sa.Column('code', sa.String(length=255), nullable=False),
+    sa.Column('redirect_uri', sa.String(length=255), nullable=True),
+    sa.Column('expires', sa.DateTime(), nullable=True),
+    sa.Column('_scopes', sa.Text(), nullable=True),
+    sa.ForeignKeyConstraint(['client_id'], ['events.client_id'], ),
+    sa.ForeignKeyConstraint(['user_id'], ['users.id'], ondelete='CASCADE'),
+    sa.PrimaryKeyConstraint('id')
+    )
+    op.create_index(op.f('ix_grant_code'), 'grant', ['code'], unique=False)
+    ### end Alembic commands ###
+
+
+def downgrade():
+### commands auto generated by Alembic - please adjust! ###
+    op.drop_constraint(None, 'events', type_='unique')
+    op.drop_index(op.f('ix_events_client_secret'), table_name='events')
+    op.drop_column(u'events', 'is_confidential')
+    op.drop_column(u'events', 'client_secret')
+    op.drop_column(u'events', 'client_id')
+    op.drop_column(u'events', '_redirect_uris')
+    op.drop_column(u'events', '_default_scopes')
+    op.drop_table('token')
+    op.drop_index(op.f('ix_grant_code'), table_name='grant')
+    op.drop_table('grant')
+    ### end Alembic commands ###

models.py

@@ -1,13 +1,17 @@
-from flask_login import LoginManager
+from flask_login import current_user, LoginManager
+from flask_oauthlib.provider import OAuth2Provider
 from flask_sqlalchemy import SQLAlchemy
+
 from sqlalchemy import UniqueConstraint
 from sqlalchemy.orm import backref
 from sqlalchemy.ext.hybrid import hybrid_property
 
+from datetime import datetime, timedelta
 import util
 
 db = SQLAlchemy()
 login_manager = LoginManager()
+oauth = OAuth2Provider()
 
 
 class User(db.Model):
@@ -92,6 +96,35 @@ class Event(db.Model):
     link = db.Column(db.Unicode(length=256))
     removed = db.Column(db.Boolean, default=False)
 
+    # OAuth2 stuff
+    client_id = db.Column(db.String(40), unique=True)
+    client_secret = db.Column(db.String(55), unique=True, index=True, nullable=False)
+    is_confidential = db.Column(db.Boolean)
+    _redirect_uris = db.Column(db.Text)
+    _default_scopes = db.Column(db.Text)
+
+    @property
+    def client_type(self):
+        if self.is_confidential:
+            return 'confidential'
+        return 'public'
+
+    @property
+    def redirect_uris(self):
+        if self._redirect_uris:
+            return self._redirect_uris.split()
+        return []
+
+    @property
+    def default_redirect_uri(self):
+        return self.redirect_uris[0]
+
+    @property
+    def default_scopes(self):
+        if self._default_scopes:
+            return self._default_scopes.split()
+        return []
+
 
 class EventVote(db.Model):
     __tablename__ = 'eventvotes'
@@ -102,3 +135,125 @@ class EventVote(db.Model):
     event = db.relationship('Event', backref='votes')
     direction = db.Column(db.Boolean)
     __table_args__ = (UniqueConstraint('user_id', 'event_id', name='eventvote_user_event_uc'),)
+
+
+class Grant(db.Model):
+    id = db.Column(db.Integer, primary_key=True)
+    user_id = db.Column(db.Integer, db.ForeignKey('users.id', ondelete='CASCADE'))
+    user = db.relationship('User')
+
+    client_id = db.Column(db.String(40), db.ForeignKey('events.client_id'), nullable=False)
+    client = db.relationship('Event')
+
+    code = db.Column(db.String(255), index=True, nullable=False)
+
+    redirect_uri = db.Column(db.String(255))
+    expires = db.Column(db.DateTime)
+
+    _scopes = db.Column(db.Text)
+
+    def delete(self):
+        db.session.delete(self)
+        db.session.commit()
+        return self
+
+    @property
+    def scopes(self):
+        if self._scopes:
+            return self._scopes.split()
+        return []
+
+
+class Token(db.Model):
+    id = db.Column(db.Integer, primary_key=True)
+    client_id = db.Column(
+        db.String(40), db.ForeignKey('events.client_id'),
+        nullable=False,
+    )
+    client = db.relationship('Event')
+
+    user_id = db.Column(
+        db.Integer, db.ForeignKey('users.id')
+    )
+    user = db.relationship('User')
+
+    token_type = db.Column(db.String(40))
+
+    access_token = db.Column(db.String(255), unique=True)
+    refresh_token = db.Column(db.String(255), unique=True)
+    expires = db.Column(db.DateTime)
+    _scopes = db.Column(db.Text)
+
+    def delete(self):
+        db.session.delete(self)
+        db.session.commit()
+        return self
+
+    @property
+    def scopes(self):
+        if self._scopes:
+            return self._scopes.split()
+        return []
+
+def get_current_user():
+    if current_user:
+        return current_user
+    return None
+
+
+@oauth.clientgetter
+def load_client(client_id):
+    return Event.query.filter_by(client_id=client_id).first()
+
+
+@oauth.grantgetter
+def load_grant(client_id, code):
+    return Grant.query.filter_by(client_id=client_id, code=code).first()
+
+@oauth.grantsetter
+def save_grant(client_id, code, request, *args, **kwargs):
+    expires = datetime.utcnow() + timedelta(seconds=100)
+    grant = Grant(
+        client_id=client_id,
+        code=code['code'],
+        redirect_uri=request.redirect_uri,
+        _scopes=' '.join(request.scopes),
+        user=get_current_user(),
+        expires=expires
+    )
+    db.session.add(grant)
+    db.session.commit()
+    return grant
+
+
+@oauth.tokengetter
+def load_token(access_token=None, refresh_token=None):
+    if access_token:
+        return Token.query.filter_by(access_token=access_token).first()
+    elif refresh_token:
+        return Token.query.filter_by(refresh_token=refresh_token).first()
+
+
+@oauth.tokensetter
+def save_token(token, request, *args, **kwargs):
+    toks = Token.query.filter_by(client_id=request.client.client_id,
+                                 user_id=request.user.id)
+    # make sure that every client has only one token connected to a user
+    for t in toks:
+        db.session.delete(t)
+
+    expires_in = token.get('expires_in')
+    expires = datetime.utcnow() + timedelta(seconds=expires_in)
+
+    tok = Token(
+        access_token=token['access_token'],
+        refresh_token=token['refresh_token'],
+        token_type=token['token_type'],
+        _scopes=token['scope'],
+        expires=expires,
+        client_id=request.client.client_id,
+        user_id=request.user.id,
+    )
+    db.session.add(tok)
+    db.session.commit()
+    return tok

views/__init__.py

@@ -1,3 +1,4 @@
 import base
 import events
+import oauth
 import users

views/events.py

@@ -128,4 +128,4 @@ def events_remove(event_id):
         abort(403)
     event.removed = True
     db.session.commit()
-    return redirect(url_for('.events_owned'))
+    return redirect(url_for('.events_owned'))

views/oauth.py

@@ -0,0 +1,30 @@
+from flask import Blueprint, request
+from flask_login import login_required
+
+from models import db, oauth, Event
+
+blueprint = Blueprint('oauth', __name__, template_folder='templates')
+
+@blueprint.route('/authorize', methods=['GET', 'POST'])
+@login_required
+@oauth.authorize_handler
+def authorize(*args, **kwargs):
+    if request.method == 'GET':
+        client_id = kwargs.get('client_id')
+        client = Event.query.filter_by(client_id=client_id).first()
+        kwargs['client'] = client
+        return render_template('oauthorize.html', **kwargs)
+
+    confirm = request.form.get('confirm', 'no')
+    return confirm == 'yes'
+
+
+@blueprint.route('/token')
+@oauth.token_handler
+def access_token():
+    return None
+
+
+@blueprint.route('/revoke', methods=['POST'])
+@oauth.revoke_handler
+def revoke_token(): pass