Merge pull request #66 from Fisherworks/auth_when_owner_not_login

client ask for Auth on behalf of owner when owner got no session on auth server

Author: lepture

.gitignore

@@ -1,2 +1,3 @@
 *.sqlite
 *.pyc
+venv/*

website/routes.py

@@ -1,5 +1,5 @@
 import time
-from flask import Blueprint, request, session
+from flask import Blueprint, request, session, url_for
 from flask import render_template, redirect, jsonify
 from werkzeug.security import gen_salt
 from authlib.integrations.flask_oauth2 import current_token
@@ -32,12 +32,17 @@ def home():
             db.session.add(user)
             db.session.commit()
         session['id'] = user.id
+        # if user is not just to log in, but need to head back to the auth page, then go for it
+        next_page = request.args.get('next')
+        if next_page:
+            return redirect(next_page)
         return redirect('/')
     user = current_user()
     if user:
         clients = OAuth2Client.query.filter_by(user_id=user.id).all()
     else:
         clients = []
+
     return render_template('home.html', user=user, clients=clients)
 
 
@@ -87,6 +92,9 @@ def create_client():
 @bp.route('/oauth/authorize', methods=['GET', 'POST'])
 def authorize():
     user = current_user()
+    # if user log status is not true (Auth server), then to log it in
+    if not user:
+        return redirect(url_for('website.routes.home', next=request.url))
     if request.method == 'GET':
         try:
             grant = authorization.validate_consent_request(end_user=user)

website/templates/authorize.html

@@ -1,7 +1,11 @@
-<p>{{grant.client.client_name}} is requesting:
+<p>The application <strong>{{grant.client.client_name}}</strong> is requesting:
 <strong>{{ grant.request.scope }}</strong>
 </p>
 
+<p>
+  from You - a.k.a. <strong>{{ user.username }}</strong>
+</p>
+
 <form action="" method="post">
   <label>
     <input type="checkbox" name="confirm">