From 04de45cd81f55b30a196aa7e40734c5fe7868214 Mon Sep 17 00:00:00 2001
From: Julian Rother <julianr@fsmpi.rwth-aachen.de>
Date: Sat, 8 Oct 2016 14:23:41 +0200
Subject: [PATCH] Add rwthauth endpoint using userinfo.rwth, closes #36

---
 l2pauth.py | 32 +++++++++++++++++++-------------
 1 file changed, 19 insertions(+), 13 deletions(-)

diff --git a/l2pauth.py b/l2pauth.py
index e0ef7e0..f1f1064 100644
--- a/l2pauth.py
+++ b/l2pauth.py
@@ -1,7 +1,5 @@
 from server import *
 import requests
-import json
-from time import sleep
 
 L2P_BASE = 'https://www3.elearning.rwth-aachen.de/_vti_bin/l2pservices/api.svc/v1/'
 OAUTH_BASE = 'https://oauth.campus.rwth-aachen.de/oauth2waitress/oauth2.svc/'
@@ -19,24 +17,32 @@ def oauthget(endpoint, **args):
 @app.route('/l2pauth')
 def start_l2pauth():
 	code = oauthget('code', scope='l2p2013.rwth')
-	session['l2p_oauthcode'] = code['device_code']
+	session['oauthcode'] = code['device_code']
+	session['oauthscope'] = 'l2p'
 	return redirect(code['verification_url']+'?q=verify&d='+code['user_code'])
 
-@app.route('/l2p')
-def test_l2pauth():
-	return str(session.get('l2p_courses', {}))
+@app.route('/rwthauth')
+def start_rwthauth():
+	code = oauthget('code', scope='userinfo.rwth')
+	session['oauthcode'] = code['device_code']
+	session['oauthscope'] = 'rwth'
+	return redirect(code['verification_url']+'?q=verify&d='+code['user_code'])
 
 @app.before_request
 def finish_oauth():
-	if 'l2p_oauthcode' not in session:
+	if 'oauthcode' not in session or 'oauthscope' not in session:
 		return
-	token = oauthget('token', code=session['l2p_oauthcode'], grant_type='device')
+	token = oauthget('token', code=session['oauthcode'], grant_type='device')
 	if token.get('status') != 'ok':
 		return
-	del session['l2p_oauthcode']
+	del session['oauthcode']
+	if session['oauthscope'] not in ['l2p', 'rwth']:
+		return
 	session['rwthintern'] = True
-	session['l2p_courses'] = []
-	for course in l2pget('viewAllCourseInfo', token['access_token'])['dataSet']:
-		session['l2p_courses'].append(course['uniqueid'])
+	if session['oauthscope'] == 'l2p':
+		session['l2p_courses'] = []
+		for course in l2pget('viewAllCourseInfo', token['access_token'])['dataSet']:
+			session['l2p_courses'].append(course['uniqueid'])
+		flash('Folgende Kurse wurden freigegeben: '+', '.join(session['l2p_courses']))
+	del session['oauthscope']
 	oauthget('token', refresh_token=token['refresh_token'], grant_type='invalidate')
-	flash('Folgende Kurse wurden freigegeben: '+', '.join(session['l2p_courses']))
-- 
GitLab