django-oauth · edemocracy · Nov 19, 2013 · Nov 19, 2013
diff --git a/oauth2_provider/forms.py b/oauth2_provider/forms.py
@@ -11,6 +11,10 @@ class AllowForm(forms.Form):
     state = forms.CharField(required=False, widget=forms.HiddenInput())
     response_type = forms.CharField(widget=forms.HiddenInput())
 
+from django.contrib.auth.forms import AuthenticationForm
+
+class AllowLoginForm(AuthenticationForm,AllowForm): pass
+
 
 class RegistrationForm(forms.ModelForm):
     """

diff --git a/oauth2_provider/templates/oauth2_provider/authorize.html b/oauth2_provider/templates/oauth2_provider/authorize.html
@@ -8,11 +8,21 @@
                 <h3 class="block-center-heading">{% trans "Authorize" %} {{ application.name }}?</h3>
                 {% csrf_token %}
 
-                {% for field in form %}
-                    {% if field.is_hidden %}
-                        {{ field }}
-                    {% endif %}
-                {% endfor %}
+                {% for hidden in form.hidden_fields %}{{ hidden }}{% endfor %}
+
+                {% if form.errors %}
+                    <p class="errornote">
+                    {% if form.errors.items|length == 1 %}{% trans "Please correct the error below." %}{% else %}{% trans "Please correct the errors below." %}{% endif %}
+                    </p>
+                {% endif %}
+
+                {% if form.non_field_errors %}
+                    {% for error in form.non_field_errors %}
+                    <p class="errornote">
+                        {{ error }}
+                    </p>
+                    {% endfor %}
+                {% endif %}
 
                 <p>{% trans "Application requires following permissions" %}</p>
                 <ul>
@@ -21,8 +31,22 @@ <h3 class="block-center-heading">{% trans "Authorize" %} {{ application.name }}?
                     {% endfor %}
                 </ul>
 
-                {{ form.errors }}
-                {{ form.non_field_errors }}
+                {% if require_login %}
+                    <div class="form-row">
+                      {{ form.username.errors }}
+                      <label for="id_username" class="required">{{ form.username.label }}:</label> {{ form.username }}
+                    </div>
+                    <div class="form-row">
+                      {{ form.password.errors }}
+                      <label for="id_password" class="required">{% trans 'Password:' %}</label> {{ form.password }}
+                    </div>
+                    {% url 'password_reset' as password_reset_url %}
+                    {% if password_reset_url %}
+                    <div class="password-reset-link">
+                      <a href="{{ password_reset_url }}">{% trans 'Forgotten your password or username?' %}</a>
+                    </div>
+                    {% endif %}
+                {% endif %}
 
                 <div class="control-group">
                     <div class="controls">

diff --git a/oauth2_provider/views/base.py b/oauth2_provider/views/base.py
@@ -9,7 +9,7 @@
 
 from ..settings import oauth2_settings
 from ..exceptions import OAuthToolkitError
-from ..forms import AllowForm
+from ..forms import AllowForm, AllowLoginForm
 from ..models import get_application_model
 from ..oauth2_validators import OAuth2Validator
 from .mixins import OAuthLibMixin
@@ -66,6 +66,7 @@ class AuthorizationView(BaseAuthorizationView, FormView):
     template_name = 'oauth2_provider/authorize.html'
     form_class = AllowForm
 
+    builtin_login = False
     server_class = Server
     validator_class = OAuth2Validator
 
@@ -92,6 +93,12 @@ def form_valid(self, form):
 
             scopes = form.cleaned_data.get('scopes')
             allow = form.cleaned_data.get('allow')
+            if self.builtin_login and not self.request.user.is_authenticated():
+                from django.contrib.auth import login
+                # Okay, security check complete. Log the user in.
+                login(self.request, form.get_user())
+                if django.VERSION[1]<6 and self.request.session.test_cookie_worked():
+                    self.request.session.delete_test_cookie()
             uri, headers, body, status = self.create_authorization_response(
                 request=self.request, scopes=scopes, credentials=credentials, allow=allow)
             self.success_url = uri
@@ -101,15 +108,19 @@ def form_valid(self, form):
         except OAuthToolkitError as error:
             return self.error_response(error)
 
+    def dispatch(self, request, *args, **kwargs):
+        from braces.views import LoginRequiredMixin
+        self.oauth2_data = {}
+        if not self.builtin_login and not request.user.is_authenticated():
+            return super(AuthorizationView, self).dispatch(request, *args, **kwargs)
+        # skip login
+        return super(LoginRequiredMixin, self).dispatch(request, *args, **kwargs)
+
     def get(self, request, *args, **kwargs):
         try:
             scopes, credentials = self.validate_authorization_request(request)
-            kwargs['scopes_descriptions'] = [oauth2_settings.SCOPES[scope] for scope in scopes]
-            kwargs['scopes'] = scopes
-            # at this point we know an Application instance with such client_id exists in the database
-            kwargs['application'] = Application.objects.get(client_id=credentials['client_id'])  # TODO: cache it!
-            kwargs.update(credentials)
-            self.oauth2_data = kwargs
+            credentials['scopes'] = scopes # add the scopes
+            self.oauth2_data = credentials
             # following code is here only because of https://code.djangoproject.com/ticket/17795
             form = self.get_form(self.get_form_class())
             kwargs['form'] = form
@@ -118,6 +129,36 @@ def get(self, request, *args, **kwargs):
         except OAuthToolkitError as error:
             return self.error_response(error)
 
+    def get_form_class(self):
+        if self.builtin_login: return AllowLoginForm
+        return AllowForm
+
+    def get_form_kwargs(self):
+        kwargs = super(AuthorizationView, self).get_form_kwargs()
+        if self.builtin_login: kwargs.update({'request': self.request}) # required for login
+        return kwargs
+
+    def get_context_data(self,**kwargs):
+        from oauth2_provider.settings import oauth2_settings
+        from oauth2_provider.models import get_application_model
+        from django import VERSION
+        Application = get_application_model()
+        kwargs = super(AuthorizationView, self).get_context_data(**kwargs)
+        self.request.POST = {} # validate based only on GET parameters
+        scopes, credentials = self.validate_authorization_request(self.request)
+        kwargs['scopes_descriptions'] = [oauth2_settings.SCOPES[scope] for scope in scopes]
+        kwargs['scopes'] = scopes
+        # at this point we know an Application instance with such client_id exists in the database
+        kwargs['application'] = Application.objects.get(client_id=credentials['client_id'])
+        kwargs['require_login'] = self.builtin_login and not self.request.user.is_authenticated()
+        kwargs.update(credentials)
+        if kwargs['require_login'] and VERSION[1]<6:
+            self.request.session.set_test_cookie()
+        return kwargs
+
+class AuthorizationLoginView(AuthorizationView):
+    builtin_login = True
+
 
 class TokenView(CsrfExemptMixin, OAuthLibMixin, View):
     """