better support

hivesolutions · May 30, 2017 · 28353bd · 28353bd
1 parent 7066ee9
commit 28353bd
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 1 deletion.
diff --git a/src/appier_extras/parts/admin/models/oauth/oauth_token.py b/src/appier_extras/parts/admin/models/oauth/oauth_token.py
@@ -208,13 +208,20 @@ def pre_create(self):
 
         self._verify()
 
+    def unset_code_s(self):
+        self.authorization_code = None
+        self.authorization_code_date = None
+        self.save()
+
     def get_account(self):
         return self.owner.admin_part.account_c.get(
             username = self.username
         )
 
     def verify_code(self, code, grant_type = "authorization_code"):
         cls = self.__class__
+        appier.verify(not self.authorization_code == None)
+        appier.verify(not self.authorization_code_date == None)
         appier.verify(self.authorization_code == code)
         appier.verify(time.time() - self.authorization_code_date < cls.CODE_DURATION)
         appier.verify(grant_type, "authorization_code")

diff --git a/src/appier_extras/parts/admin/part.py b/src/appier_extras/parts/admin/part.py
@@ -619,12 +619,18 @@ def oauth_deny(self):
         )
 
     def oauth_access_token(self):
+        # retrieve the multiple fields that are going to be used for the
+        # process of issuing the access token (only authorization code is
+        # going to be returned to the client)
         client_id = self.field("client_id", mandatory = True)
         client_secret = self.field("client_secret", mandatory = True)
         redirect_uri = self.field("redirect_uri", mandatory = True)
         code = self.field("code", mandatory = True)
         grant_type = self.field("grant_type", "authorization_code")
 
+        # tries to retrieve the oauth client associated with the
+        # provided client id and secret and then uses the value to
+        # retrieve the associated oauth token via association
         oauth_client = models.OAuthClient.get(
             client_id = client_id,
             client_secret = client_secret,
@@ -635,13 +641,21 @@ def oauth_access_token(self):
             client = oauth_client.id,
             rules = False
         )
+
+        # verifies that the authorization code is the expected
+        # one and then unsets it from the oauth token, so that
+        # it's no longer going to be used
         oauth_token.verify_code(
             code,
             grant_type = grant_type
         )
+        oauth_token.unset_code_s()
 
         return dict(
-            access_token = oauth_token.access_token
+            access_token = oauth_token.access_token,
+            token_type = "normal",
+            expires_in = oauth_token.expires_in,
+            refresh_token = oauth_token.refresh_token
         )
 
     @appier.ensure(token = "admin")