Adding support for Authorization Code Grant in addition to JWT

Author: InbarGazit

.env

@@ -1,7 +1,9 @@
 # Configuration file for the example
 ##
-# Integrator Key is the same as client id
+# Integration Key is the same as client id
 DS_CLIENT_ID={DS_CLIENT_ID}
+# Integration secret key
+DS_CLIENT_SECRET={DS_CLIENT_SECRET}
 
 # API Username
 DS_IMPERSONATED_USER_GUID={DS_USER_GUID}
@@ -18,12 +20,12 @@ DS_PAYMENT_GATEWAY_DISPLAY_NAME={DS_PAYMENT_GATEWAY_DISPLAY_NAME}
 # NOTE: the Python config file parser requires that you
 # add a space at the beginning of the second and
 # subsequent lines of the multiline key value:
-DS_PRIVATE_KEY={RSA_KEY}
+DS_PRIVATE_KEY={DS_PRIVATE_KEY}
 
 # React environment variables
 #UI and BE links
-REACT_APP_DS_RETURN_URL=http://localhost:3000
-REACT_APP_API_BASE_URL=http://localhost:5001/api
+REACT_APP_DS_RETURN_URL={REACT_APP_DS_RETURN_URL}
+REACT_APP_API_BASE_URL={REACT_APP_API_BASE_URL}
 
 # The DS Authentication server
 REACT_APP_DS_AUTH_SERVER=https://account-d.docusign.com

.gitignore

@@ -1,6 +1,5 @@
 *.pyc
 .idea
-.env
 
 # pyenv
 .python-version
@@ -11,4 +10,4 @@
 
 # frontend
 /node_modules
-/build
+/build

README.MD

@@ -1,7 +1,6 @@
 # Python and React: MySure Insurance Sample Application
 
-### GitHub repo: sample-app-mysure-python
-Visit [MySure sample application](https://mysuresample.esigndemos.com/) on DoucSign to see this code publicly hosted
+### Github repo: MySureSampleApp
 
 ## Introduction
 MySuresample application written in Python 3.7 (server) and React (client). You can find a live instance running at [https://mysuresample.esigndemos.com/](https://mysuresample.esigndemos.com/).
@@ -30,7 +29,6 @@ MySure demonstrates the following:
 ## Installation
 
 ### Prerequisites
-
 * A DocuSign Developer Sandbox account (email and password) on [demo.docusign.net](https://demo.docusign.net). If you don't already have a developer sandbox, create a [free account](https://go.docusign.com/sandbox/productshot/?elqCampaignId=16535).
 * A DocuSign integration key (a client ID) that is configured to use **JSON Web Token (JWT) Grant**.
    You will need the **integration key** itself and its **RSA key pair**. To use this application, you must add your application's **Redirect URI** to your integration key. This [**video**](https://www.youtube.com/watch?v=GgDqa7-L0yo) demonstrates how to create an integration key (client ID) for a user application like this example. 
@@ -41,6 +39,7 @@ MySure demonstrates the following:
 ### Required environment variables
 
 * **DS_CLIENT_ID** - The integration key is the same as the client ID
+* **DS_CLIENT_SECRET** - Integration Secret Key
 * **DS_IMPERSONATED_USER_GUID** - API account ID
 * **DS_TARGET_ACCOUNT_ID** - Target account ID. Use FALSE to indicate the user's default
 * **DS_PAYMENT_GATEWAY_ID** - Payment gateway ID (Only Stripe method supported)

app/__init__.py

@@ -2,7 +2,7 @@
 from flask_cors import CORS
 from flask_session import Session
 
-from app.api import clickwrap, requests, common
+from app.api import clickwrap, requests, common, auth
 
 
 URL_PREFIX = '/api'
@@ -12,5 +12,6 @@
 app.register_blueprint(clickwrap, url_prefix=URL_PREFIX)
 app.register_blueprint(common, url_prefix=URL_PREFIX)
 app.register_blueprint(requests, url_prefix=URL_PREFIX)
+app.register_blueprint(auth, url_prefix=URL_PREFIX)
 Session(app)
-cors = CORS(app)
+cors = CORS(app)

app/api/__init__.py

@@ -1,3 +1,4 @@
 from app.api.clickwrap import clickwrap
 from app.api.common import common
 from app.api.requests import requests
+from app.api.auth import auth

app/api/auth.py

@@ -0,0 +1,75 @@
+from docusign_esign import ApiException
+from flask import Blueprint, jsonify, request, redirect, url_for
+from flask_cors import cross_origin
+
+from app.api.utils import process_error
+from app.ds_client import DsClient
+
+auth = Blueprint('auth', __name__)
+
+
+@auth.route('/code_grant_auth', methods=['GET'])
+@cross_origin(support_creadentials=True)
+def code_grant_auth():
+    try:
+        url = DsClient.code_auth()
+    except ApiException as ex:
+        return process_error(ex)
+    return jsonify({
+        'reason': 'Unauthorized',
+        'response': 'Permissions should be granted for current integration',
+        'url': url}), 401
+
+
+@auth.route('/callback', methods=['POST'])
+@cross_origin(support_creadentials=True)
+def callback():
+    try:
+        try:
+            req_json = request.get_json(force=True)
+            code = req_json['code']
+        except TypeError:
+            return jsonify(message='Invalid json input'), 400
+        DsClient.callback(code)
+    except ApiException:
+        return redirect(url_for("auth.jwt_auth"), code=307)
+    return jsonify(message="Logged in with code grant"), 200
+
+
+@auth.route('/jwt_auth', methods=['POST'])
+@cross_origin(support_creadentials=True)
+def jwt_auth():
+    try:
+        DsClient.update_token()
+    except ApiException as ex:
+        return process_error(ex)
+    return jsonify(message="Logged in with JWT"), 200
+
+
+@auth.route('/get_status', methods=['GET'])
+@cross_origin(support_creadentials=True)
+def get_status():
+    if DsClient.code_grant:
+        return jsonify(logged=DsClient.logged, auth_type="code_grant"), 200
+    elif DsClient.jwt_auth:
+        return jsonify(logged=DsClient.logged, auth_type="jwt"), 200
+    return jsonify(logged=DsClient.logged, auth_type="undefined"), 200
+
+
+@auth.route('/logout', methods=['POST'])
+@cross_origin(support_credentials=True)
+def log_out():
+    DsClient.destroy()
+    return jsonify(message="Logged out"), 200
+
+
+@auth.route('/check_payment', methods=['GET'])
+@cross_origin(support_credentials=True)
+def check_payment():
+    try:
+        if DsClient.check_payment_gateway():
+            return jsonify(message="User has a payment gateway account"), 200
+        else:
+            return jsonify(message="User doesn't have a payment gateway account"), 402
+    except ApiException as ex:
+        return process_error(ex)

app/api/clickwrap.py

@@ -2,14 +2,15 @@
 from flask import Blueprint, jsonify, request
 from flask_cors import cross_origin
 
-from app.api.utils import process_error
+from app.api.utils import process_error, check_token
 from app.clickwrap import Clickwrap
 
 clickwrap = Blueprint('clickwrap', __name__)
 
 
 @clickwrap.route('/clickwraps/renewal', methods=['POST'])
 @cross_origin(supports_credentials=True)
+@check_token
 def insurance_renewal():
     """Create a clickwrap for submitting insurance policy renewal"""
     try:

app/api/envelope.py

@@ -0,0 +1,51 @@
+from docusign_esign import ApiException
+from flask import request, jsonify
+
+from app.api import authenticate, api
+from app.envelope import Envelope
+
+
+@api.route('/envelope/multi_signers', methods=['POST'])
+@authenticate
+def multi_signers():
+    try:
+        req_json = request.get_json(force=True)
+        student = req_json['student']
+        envelope_args = {
+            "signer_client_id": 1000,
+            "ds_return_url": req_json['callback-url'],
+            "account_id": req_json['account-id'],
+            "base_path": req_json['base-path'],
+            'access_token': request.headers.get('Authorization').replace('Bearer ', '')
+        }
+    except TypeError:
+        return jsonify(message="Invalid json input"), 400
+
+    try:
+        envelope = Envelope.create('multi-sign.html', student, envelope_args)
+        envelope_id = Envelope.send(envelope, envelope_args)
+        result = Envelope.get_view(envelope_id,  envelope_args, student)
+    except ApiException as e:
+        return jsonify({'error': e.body.decode('utf-8')}), 400
+    return jsonify({"envelope_id": envelope_id, "redirect_url": result.url})
+
+
+@api.route('/envelope/list', methods=['POST'])
+@authenticate
+def envelope_list():
+    try:
+        req_json = request.get_json(force=True)
+        envelope_args = {
+            'account_id': req_json['account-id'],
+            'from_date': req_json['from-date'],
+            "base_path": req_json['base-path'],
+            'access_token': request.headers.get('Authorization').replace('Bearer ', '')
+        }
+    except TypeError:
+        return jsonify(message="Invalid json input"), 400
+
+    try:
+        envelopes_information = Envelope.list(envelope_args)
+    except ApiException as e:
+        return jsonify({'error': e.body.decode('utf-8')}), 400
+    return jsonify({"envelopes": envelopes_information.to_dict()})

app/api/requests.py

@@ -2,7 +2,7 @@
 from flask import Blueprint, jsonify, request, session
 from flask_cors import cross_origin
 
-from app.api.utils import process_error
+from app.api.utils import process_error, check_token
 from app.document import DsDocument
 from app.ds_config import DsConfig
 from app.envelope import Envelope
@@ -12,6 +12,7 @@
 
 @requests.route('/requests/claim', methods=['POST'])
 @cross_origin(supports_credentials=True)
+@check_token
 def submit_claim():
     """Submit a claim"""
     try:
@@ -45,12 +46,14 @@ def submit_claim():
 
 @requests.route('/requests/newinsurance', methods=['POST'])
 @cross_origin(supports_credentials=True)
+@check_token
 def buy_new_insurance():
     """Request for the purchase of a new insurance"""
     try:
         req_json = request.get_json(force=True)
         insurance_info = req_json['insurance']
         user = req_json['user']
+
         envelope_args = {
             'signer_client_id': 1000,
             'ds_return_url': req_json['callback-url'],
@@ -104,6 +107,7 @@ def envelope_list():
 
 @requests.route('/requests/download', methods=['GET'])
 @cross_origin(supports_credentials=True)
+@check_token
 def envelope_download():
     """Request for document download from the envelope"""
     try:

app/api/user.py

@@ -0,0 +1,18 @@
+import requests
+from docusign_esign import ApiException
+from flask import request, jsonify
+
+from app.ds_config import DS_CONFIG
+from app.api import api, authenticate
+
+
+@api.route('/user/info', methods=['POST'])
+@authenticate
+def user_info():
+    url = DS_CONFIG["authorization_server"] + "/oauth/userinfo"
+    auth = {"Authorization": request.headers.get('Authorization')}
+    try:
+        response = requests.get(url, headers=auth).json()
+    except ApiException as e:
+        return jsonify({'error': e.body.decode('utf-8')}), 400
+    return jsonify(response)