Change consent provider backend to graphql

consent_provider/app.py

-from flask import abort, Flask, redirect, render_template, request
+from flask import abort, Flask, redirect, request
 from flask.views import View
 from os import urandom, environ
 from hydra_client import HydraAdmin
-from flask_wtf import FlaskForm
-from wtforms import SubmitField, HiddenField
-from flask_wtf.csrf import CSRFProtect
-from wtforms.validators import DataRequired
-
+from db import User
 
 HYDRA_ADMIN_URL = environ['HYDRA_ADMIN_URL']
 
-
-class ConsentForm(FlaskForm):
-    accept = SubmitField("accept")
-    challenge = HiddenField("challenge")
-
-
-class ConsentView(View):
-
-    methods = "GET", "POST"
-
-    def render_form(self, form, **context):
-        return render_template("consent.html", form=form, **context)
-
-    def dispatch_request(self):
-        hydra = HydraAdmin(HYDRA_ADMIN_URL)
-        form = ConsentForm()
-
-        challenge = request.args.get("consent_challenge") or form.challenge.data
-        if not challenge:
-            abort(400)
-
-        consent_request = hydra.consent_request(challenge)
-
-        session = {
-            "access_token": {},
-            "id_token": {
-                "sub": "248289761010",
-                "name": "Example User",
-                "given_name": "Example",
-                "family_name": "User",
-                "preferred_username": "example",
-                "email": "example@oas.example.com",
-                "picture": "",
-            },
-        }
-
-        if request.method == "GET":
-            return self.get(form, consent_request, session)
-        elif request.method == "POST":
-            return self.post(form, consent_request, session)
-        abort(405)
-
-    def get(self, form, consent_request, session):
-        if consent_request.skip:
-            redirect_to = consent_request.accept(
-                grant_scope=consent_request.requested_scope,
-                grant_access_token_audience=consent_request.requested_access_token_audience,
-                session=session,
-            )
-            return redirect(redirect_to)
-        else:
-            form.challenge.data = consent_request.challenge
-        return self.render_form(
-            form, user=consent_request.subject, client=consent_request.client
-        )
-
-    def post(self, form, consent_request, session):
-        if form.validate():
-            if form.accept.data:
-                redirect_to = consent_request.accept(
-                    grant_scope=consent_request.requested_scope,
-                    grant_access_token_audience=consent_request.requested_access_token_audience,
-                    session=session,
-                    remember=False
-                )
-            else:
-                redirect_to = consent_request.reject(error="user_decline")
-            return redirect(redirect_to)
-        else:
-            # TODO: show error message
-            pass
-        return self.render_form(form)
-
-
 app = Flask(__name__)
-app.secret_key = urandom(16)
-csrf = CSRFProtect(app)
 
-app.add_url_rule("/consent", view_func=ConsentView.as_view("consent"))
+@app.route('/', methods=['GET'])
+def home():
+    hydra = HydraAdmin(HYDRA_ADMIN_URL)
+    challenge = request.args.get("consent_challenge")
+    if not challenge:
+        abort(403)
+    consent_request = hydra.consent_request(challenge)
+    app_name = consent_request.client["client_name"]
+    username = consent_request.subject
+    user = User(username)
+    access_granted = user.has_app_permission(app_name)
+    if access_granted:
+        session = user.get_oauth_session()
+        return redirect(consent_request.accept(
+            grant_scope=consent_request.requested_scope,
+            grant_access_token_audience=consent_request.requested_access_token_audience,
+            session=session,
+            ))
+    return redirect(consent_request.reject(
+        "Permission denied",
+        error_description="Login request was denied due to missing application permission"))
+
+if __name__ == '__main__':
+    app.run()