class DelegatedOAuthMiddleware(object): def __init__(self): if settings.OAUTH_ENABLED: self.is_oauth_enabled = True logger.info("clientid = %s" % settings.OAUTH_CLIENT_ID) self.oauth = OAuth( key=settings.OAUTH_CLIENT_ID, secret=settings.OAUTH_CLIENT_SECRET, callback_url=settings.OAUTH_CALLBACK, domain=settings.OAUTH_DOMAIN, access_token_url=settings.OAUTH_ACCESS_TOKEN_URL, authorize_url=settings.OAUTH_AUTHORIZE_URL, scope=settings.OAUTH_DEFAULT_SCOPE) logger.info("Successfully created OAuth!") else: logger.info("OAuth is not enabled!") self.is_oauth_enabled = False def process_request(self, request): if request.path.startswith('/auth/'): logger.debug("Bypass OAuth redirect request " + request.path) return None if request.path.startswith('/health_check/'): logger.debug("Bypass health_check request " + request.path) return None if not self.is_oauth_enabled: anonymous = UserIdentity(name="anonymous") request.teletraan_user_id = anonymous return None # extract employee oauth token, redirect to OAuth if missing or invalid if self.oauth.validate_token(session=request.session): username = request.session.get('teletraan_user') token = request.session.get('oauth_token') userId = UserIdentity(name=username, token=token) request.teletraan_user_id = userId return None else: # TODO call logout to remove session cleanly # self.logout(request) data = {'origin_path': request.get_full_path()} url = self.oauth.get_authorization_url(session=request.session, data=data) logger.debug("Redirect oauth for authentication!, url = " + url) return HttpResponseRedirect(url) # TODO not currently used, need to add logout button on the UI and call this def logout(self, request): self.oauth.logout(session=request.session) if 'teletraan_user' in request.session: del request.session['teletraan_user'] return HttpResponseRedirect('/')
class DelegatedOAuthMiddleware(object): def __init__(self): if settings.OAUTH_ENABLED: self.is_oauth_enabled = True logger.info("clientid = %s" % settings.OAUTH_CLIENT_ID) self.oauth = OAuth( key=settings.OAUTH_CLIENT_ID, secret=settings.OAUTH_CLIENT_SECRET, callback_url=settings.OAUTH_CALLBACK, domain=settings.OAUTH_DOMAIN, access_token_url=settings.OAUTH_ACCESS_TOKEN_URL, authorize_url=settings.OAUTH_AUTHORIZE_URL, scope=settings.OAUTH_DEFAULT_SCOPE ) logger.info("Successfully created OAuth!") else: logger.info("OAuth is not enabled!") self.is_oauth_enabled = False def process_request(self, request): if request.path.startswith('/auth/'): logger.debug("Bypass OAuth redirect request " + request.path) return None if request.path.startswith('/health_check/'): logger.debug("Bypass health_check request " + request.path) return None if not self.is_oauth_enabled: anonymous = UserIdentity(name="anonymous") request.teletraan_user_id = anonymous return None # extract employee oauth token, redirect to OAuth if missing or invalid if self.oauth.validate_token(session=request.session): username = request.session.get('teletraan_user') token = request.session.get('oauth_token') userId = UserIdentity(name=username, token=token) request.teletraan_user_id = userId return None else: # TODO call logout to remove session cleanly # self.logout(request) data = {'origin_path': request.get_full_path()} url = self.oauth.get_authorization_url(session=request.session, data=data) logger.debug("Redirect oauth for authentication!, url = " + url) return HttpResponseRedirect(url) # TODO not currently used, need to add logout button on the UI and call this def logout(self, request): self.oauth.logout(session=request.session) if 'teletraan_user' in request.session: del request.session['teletraan_user'] return HttpResponseRedirect('/')
def login_authorized(request): logger.debug("Redirect back from oauth!") if not settings.OAUTH_ENABLED: logger.error("OAuth is not enabled!") return HttpResponseRedirect('/') oauth = OAuth(key=settings.OAUTH_CLIENT_ID, secret=settings.OAUTH_CLIENT_SECRET, callback_url=settings.OAUTH_CALLBACK, domain=settings.OAUTH_DOMAIN, access_token_url=settings.OAUTH_ACCESS_TOKEN_URL, authorize_url=settings.OAUTH_AUTHORIZE_URL, scope=settings.OAUTH_DEFAULT_SCOPE) code = request.GET.get('code') state = request.GET.get('state') try: data = oauth.handle_oauth2_response(code, state, session=request.session) user_name = oauth.oauth_data( user_info_uri=settings.OAUTH_USER_INFO_URI, session=request.session) # extract user_name from oauth_data based on OAUTH_USERNAME_INFO_KEY and OAUTH_EXTRACT_USERNAME_FROM_EMAIL if settings.OAUTH_USERNAME_INFO_KEY: keys = settings.OAUTH_USERNAME_INFO_KEY.split() for key in keys: user_name = user_name[key] if settings.OAUTH_EXTRACT_USERNAME_FROM_EMAIL is not None and settings.OAUTH_EXTRACT_USERNAME_FROM_EMAIL == "TRUE": user_name = user_name.split("@")[0] except OAuthException as e: # failed to login for some reason, do something logger.error(traceback.format_exc()) return render(request, 'oauth_failure.html', { "message": e.message, }) except OAuthExpiredTokenException as e: # When auth.pinadmin.com returns a 401 error logger.error(traceback.format_exc()) # remove access token from session cookie and redirect to / page # this will cause a re trigger of auth.pinadmin.com login process oauth.oauth_handler.token_remove(session=request.session) return HttpResponseRedirect("/") logger.debug("get user_name %s and data %s back from oauth!" % (user_name, data)) request.session['teletraan_user'] = user_name if data and 'origin_path' in data: return HttpResponseRedirect(data['origin_path']) return HttpResponseRedirect('/')
def login_authorized(request): logger.debug("Redirect back from oauth!") if not settings.OAUTH_ENABLED: logger.error("OAuth is not enabled!") return HttpResponseRedirect('/') oauth = OAuth( key=settings.OAUTH_CLIENT_ID, secret=settings.OAUTH_CLIENT_SECRET, callback_url=settings.OAUTH_CALLBACK, domain=settings.OAUTH_DOMAIN, access_token_url=settings.OAUTH_ACCESS_TOKEN_URL, authorize_url=settings.OAUTH_AUTHORIZE_URL, scope=settings.OAUTH_DEFAULT_SCOPE ) code = request.GET.get('code') state = request.GET.get('state') try: data = oauth.handle_oauth2_response(code, state, session=request.session) user_name = oauth.oauth_data(user_info_uri=settings.OAUTH_USER_INFO_URI, session=request.session) # extract user_name from oauth_data based on OAUTH_USERNAME_INFO_KEY and OAUTH_EXTRACT_USERNAME_FROM_EMAIL if settings.OAUTH_USERNAME_INFO_KEY is not None: keys = settings.OAUTH_USERNAME_INFO_KEY.split() for key in keys: user_name = user_name[key] if settings.OAUTH_EXTRACT_USERNAME_FROM_EMAIL is not None and settings.OAUTH_EXTRACT_USERNAME_FROM_EMAIL == "TRUE": user_name = user_name.split("@")[0] except OAuthException as e: # failed to login for some reason, do something logger.error(traceback.format_exc()) return render(request, 'oauth_failure.html', { "message": e.message, }) except OAuthExpiredTokenException as e: # When auth.pinadmin.com returns a 401 error logger.error(traceback.format_exc()) # remove access token from session cookie and redirect to / page # this will cause a re trigger of auth.pinadmin.com login process oauth.oauth_handler.token_remove(session=request.session) return HttpResponseRedirect("/") logger.debug("get user_name %s and data %s back from oauth!" % (user_name, data)) request.session['teletraan_user'] = user_name if data and 'origin_path' in data: return HttpResponseRedirect(data['origin_path']) return HttpResponseRedirect('/')
def __init__(self): if settings.OAUTH_ENABLED: self.is_oauth_enabled = True logger.info("clientid = %s" % settings.OAUTH_CLIENT_ID) self.oauth = OAuth( key=settings.OAUTH_CLIENT_ID, secret=settings.OAUTH_CLIENT_SECRET, callback_url=settings.OAUTH_CALLBACK, domain=settings.OAUTH_DOMAIN, access_token_url=settings.OAUTH_ACCESS_TOKEN_URL, authorize_url=settings.OAUTH_AUTHORIZE_URL, scope=settings.OAUTH_DEFAULT_SCOPE) logger.info("Successfully created OAuth!") else: logger.info("OAuth is not enabled!") self.is_oauth_enabled = False
def logout(request): logger.debug("Logout %s!" % request.session.get("teletraan_user", "anonymous")) if not settings.OAUTH_ENABLED: logger.error("OAuth is not enabled!") return HttpResponseRedirect('/') oauth = OAuth(key=settings.OAUTH_CLIENT_ID, secret=settings.OAUTH_CLIENT_SECRET, callback_url=settings.OAUTH_CALLBACK, domain=settings.OAUTH_DOMAIN, access_token_url=settings.OAUTH_ACCESS_TOKEN_URL, authorize_url=settings.OAUTH_AUTHORIZE_URL, scope=settings.OAUTH_DEFAULT_SCOPE) oauth.logout(session=request.session) if 'teletraan_user' in request.session: del request.session['teletraan_user'] return HttpResponseRedirect('/loggedout/')
def logout(request): logger.debug("Logout %s!" % request.session.get("teletraan_user", "anonymous")) if not settings.OAUTH_ENABLED: logger.error("OAuth is not enabled!") return HttpResponseRedirect('/') oauth = OAuth( key=settings.OAUTH_CLIENT_ID, secret=settings.OAUTH_CLIENT_SECRET, callback_url=settings.OAUTH_CALLBACK, domain=settings.OAUTH_DOMAIN, access_token_url=settings.OAUTH_ACCESS_TOKEN_URL, authorize_url=settings.OAUTH_AUTHORIZE_URL, scope=settings.OAUTH_DEFAULT_SCOPE ) oauth.logout(session=request.session) if 'teletraan_user' in request.session: del request.session['teletraan_user'] return HttpResponseRedirect('/loggedout/')
def login_authorized(request): logger.debug("Redirect back from oauth!") if not settings.OAUTH_ENABLED: logger.error("OAuth is not enabled!") return HttpResponseRedirect('/') oauth = OAuth(key=settings.OAUTH_CLIENT_ID, secret=settings.OAUTH_CLIENT_SECRET, callback_url=settings.OAUTH_CALLBACK, domain=settings.OAUTH_DOMAIN, access_token_url=settings.OAUTH_ACCESS_TOKEN_URL, authorize_url=settings.OAUTH_AUTHORIZE_URL, scope=settings.OAUTH_DEFAULT_SCOPE) code = request.GET.get('code') state = request.GET.get('state') try: data = oauth.handle_oauth2_response(code, state, session=request.session) user_name = oauth.oauth_data( user_info_uri=settings.OAUTH_USER_INFO_URI, key=settings.OAUTH_USERNAME_INFO_KEY, session=request.session)['username'] except OAuthException as e: # failed to login for some reason, do something logger.error(traceback.format_exc()) return render(request, 'oauth_failure.html', { "message": e.message, }) logger.debug("get user_name %s and data %s back from oauth!" % (user_name, data)) request.session['teletraan_user'] = user_name if data and 'origin_path' in data: return HttpResponseRedirect(data['origin_path']) return HttpResponseRedirect('/')
def login_authorized(request): logger.debug("Redirect back from oauth!") if not settings.OAUTH_ENABLED: logger.error("OAuth is not enabled!") return HttpResponseRedirect('/') oauth = OAuth( key=settings.OAUTH_CLIENT_ID, secret=settings.OAUTH_CLIENT_SECRET, callback_url=settings.OAUTH_CALLBACK, domain=settings.OAUTH_DOMAIN, access_token_url=settings.OAUTH_ACCESS_TOKEN_URL, authorize_url=settings.OAUTH_AUTHORIZE_URL, scope=settings.OAUTH_DEFAULT_SCOPE ) code = request.GET.get('code') state = request.GET.get('state') try: data = oauth.handle_oauth2_response(code, state, session=request.session) user_name = oauth.oauth_data(user_info_uri=settings.OAUTH_USER_INFO_URI, key=settings.OAUTH_USERNAME_INFO_KEY, session=request.session)['username'] except OAuthException as e: # failed to login for some reason, do something logger.error(traceback.format_exc()) return render(request, 'oauth_failure.html', { "message": e.message, }) logger.debug("get user_name %s and data %s back from oauth!" % (user_name, data)) request.session['teletraan_user'] = user_name if data and 'origin_path' in data: return HttpResponseRedirect(data['origin_path']) return HttpResponseRedirect('/')
def __init__(self): if settings.OAUTH_ENABLED: self.is_oauth_enabled = True logger.info("clientid = %s" % settings.OAUTH_CLIENT_ID) self.oauth = OAuth( key=settings.OAUTH_CLIENT_ID, secret=settings.OAUTH_CLIENT_SECRET, callback_url=settings.OAUTH_CALLBACK, domain=settings.OAUTH_DOMAIN, access_token_url=settings.OAUTH_ACCESS_TOKEN_URL, authorize_url=settings.OAUTH_AUTHORIZE_URL, scope=settings.OAUTH_DEFAULT_SCOPE ) logger.info("Successfully created OAuth!") else: logger.info("OAuth is not enabled!") self.is_oauth_enabled = False
from auth import OAuth import requests auth = OAuth() headers = {'Authorization': f'bearer {auth.config["access_token"]}'} r = requests.get(auth.url_root, headers=headers) print(r.text)