OLD | NEW |
1 # Copyright 2013 Google Inc. | 1 # Copyright 2013 Google Inc. |
2 # | 2 # |
3 # Licensed under the Apache License, Version 2.0 (the "License"); | 3 # Licensed under the Apache License, Version 2.0 (the "License"); |
4 # you may not use this file except in compliance with the License. | 4 # you may not use this file except in compliance with the License. |
5 # You may obtain a copy of the License at | 5 # You may obtain a copy of the License at |
6 # | 6 # |
7 # http://www.apache.org/licenses/LICENSE-2.0 | 7 # http://www.apache.org/licenses/LICENSE-2.0 |
8 # | 8 # |
9 # Unless required by applicable law or agreed to in writing, software | 9 # Unless required by applicable law or agreed to in writing, software |
10 # distributed under the License is distributed on an "AS IS" BASIS, | 10 # distributed under the License is distributed on an "AS IS" BASIS, |
(...skipping 76 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
87 config is in the datastore, else the tuple (None, None, []). | 87 config is in the datastore, else the tuple (None, None, []). |
88 """ | 88 """ |
89 config = cls.get_by_id(cls.GLOBAL_KEY) | 89 config = cls.get_by_id(cls.GLOBAL_KEY) |
90 if config is None: | 90 if config is None: |
91 return None, None, [] | 91 return None, None, [] |
92 else: | 92 else: |
93 return (config.client_id, config.client_secret, | 93 return (config.client_id, config.client_secret, |
94 config.additional_client_ids) | 94 config.additional_client_ids) |
95 | 95 |
96 | 96 |
| 97 class OwnClientId(ndb.Model): |
| 98 """Model to store Rietveld's own API client ids.""" |
| 99 client_id = ndb.StringProperty() |
| 100 |
| 101 |
| 102 def get_own_web_client_id(): |
| 103 """Returns client id for the web client.""" |
| 104 return OwnClientId.get_or_insert('web').client_id |
| 105 |
| 106 |
97 def _get_client_id(tries=3): | 107 def _get_client_id(tries=3): |
98 """Call oauth.get_client_id() and retry if it times out.""" | 108 """Call oauth.get_client_id() and retry if it times out.""" |
99 for attempt in xrange(tries): | 109 for attempt in xrange(tries): |
100 try: | 110 try: |
101 return oauth.get_client_id(EMAIL_SCOPE) | 111 return oauth.get_client_id(EMAIL_SCOPE) |
102 except apiproxy_errors.DeadlineExceededError: | 112 except apiproxy_errors.DeadlineExceededError: |
103 logging.error('get_client_id() timed out on attempt %r', attempt) | 113 logging.error('get_client_id() timed out on attempt %r', attempt) |
104 if attempt == tries - 1: | 114 if attempt == tries - 1: |
105 raise | 115 raise |
106 | 116 |
107 | 117 |
108 def get_current_rietveld_oauth_user(): | 118 def get_current_rietveld_oauth_user(): |
109 """Gets the current OAuth 2.0 user associated with a request. | 119 """Gets the current OAuth 2.0 user associated with a request. |
110 | 120 |
111 This user must be intending to reach this application, so we check the token | 121 This user must be intending to reach this application, so we check the token |
112 info to verify this is the case. | 122 info to verify this is the case. |
113 | 123 |
114 Returns: | 124 Returns: |
115 A users.User object that was retrieved from the App Engine OAuth library if | 125 A users.User object that was retrieved from the App Engine OAuth library if |
116 the token is valid, otherwise None. | 126 the token is valid, otherwise None. |
117 """ | 127 """ |
(...skipping 66 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
184 if cookie_user_is_admin: | 194 if cookie_user_is_admin: |
185 return cookie_user_is_admin | 195 return cookie_user_is_admin |
186 | 196 |
187 # oauth.is_current_user_admin is not sufficient, we must first check that the | 197 # oauth.is_current_user_admin is not sufficient, we must first check that the |
188 # OAuth 2.0 user has a token minted for this application. | 198 # OAuth 2.0 user has a token minted for this application. |
189 rietveld_user = get_current_rietveld_oauth_user() | 199 rietveld_user = get_current_rietveld_oauth_user() |
190 if rietveld_user is None: | 200 if rietveld_user is None: |
191 return False | 201 return False |
192 | 202 |
193 return oauth.is_current_user_admin(EMAIL_SCOPE) | 203 return oauth.is_current_user_admin(EMAIL_SCOPE) |
OLD | NEW |