def __init__(self, user_id):
count = self.query_count(user_id__eq=user_id)
create = (count == 0)
if create:
data = {
'user_id': user_id,
'email': '',
'verification_code': gen_random_secret(),
'is_verified': 0
}
self.create(data)
self.item = self.fetch(user_id=user_id)
self.is_new = create
def get(self):
# self_redirect_uri should be similar to 'http://<host>/jboxauth/linkedin/'
self_redirect_uri = self.request.full_url()
idx = self_redirect_uri.index("jboxauth/linkedin/")
self_redirect_uri = self_redirect_uri[0:(idx +
len("jboxauth/linkedin/"))]
code = self.get_argument('code', False)
if code is not False:
state = self.get_argument('state', None)
secret = self.get_state_cookie()
if not state or not secret or state != secret:
self.log_warn("LinkedIn auth: Invalid login attempt")
self.rendertpl("index.tpl",
cfg=JBoxCfg.nv,
state=self.state(error="Invalid login request",
success=""))
return
user = yield self.get_authenticated_user(
redirect_uri=self_redirect_uri, code=code)
user_info = yield self.get_user_info(user)
try:
self.update_user_profile(user_info)
except:
self.log_error("exception while capturing user profile")
traceback.print_exc()
user_id = user_info['emailAddress']
LinkedInAuthHandler.log_debug("logging in user_id=%r", user_id)
self.post_auth_launch_container(user_id)
return
else:
error = self.get_argument('error', False)
if error is not False:
error_description = self.get_argument('error_description', '')
LinkedInAuthHandler.log_info("Linked in auth error: %r, %r",
error, error_description)
self.redirect(self_redirect_uri[0:idx])
return
else:
state = gen_random_secret()
self.set_state_cookie(state)
yield self.authorize_redirect(
redirect_uri=self_redirect_uri,
client_id=self.settings[self._OAUTH_SETTINGS_KEY]['key'],
scope=self.SCOPES,
response_type='code',
extra_params={'state': state})
def get(self):
# self_redirect_uri should be similar to 'http://<host>/jboxauth/linkedin/'
self_redirect_uri = self.request.full_url()
idx = self_redirect_uri.index("jboxauth/linkedin/")
self_redirect_uri = self_redirect_uri[0:(idx + len("jboxauth/linkedin/"))]
code = self.get_argument('code', False)
if code is not False:
state = self.get_argument('state', None)
secret = self.get_state_cookie()
if not state or not secret or state != secret:
self.log_warn("LinkedIn auth: Invalid login attempt")
self.rendertpl("index.tpl", cfg=JBoxCfg.nv, state=self.state(
error="Invalid login request", success=""))
return
user = yield self.get_authenticated_user(redirect_uri=self_redirect_uri, code=code)
user_info = yield self.get_user_info(user)
try:
self.update_user_profile(user_info)
except:
self.log_error("exception while capturing user profile")
traceback.print_exc()
user_id = user_info['emailAddress']
LinkedInAuthHandler.log_debug("logging in user_id=%r", user_id)
self.post_auth_launch_container(user_id)
return
else:
error = self.get_argument('error', False)
if error is not False:
error_description = self.get_argument('error_description', '')
LinkedInAuthHandler.log_info("Linked in auth error: %r, %r", error, error_description)
self.redirect(self_redirect_uri[0:idx])
return
else:
state = gen_random_secret()
self.set_state_cookie(state)
yield self.authorize_redirect(redirect_uri=self_redirect_uri,
client_id=self.settings[self._OAUTH_SETTINGS_KEY]['key'],
scope=self.SCOPES,
response_type='code',
extra_params={'state': state})
self.update_user_profile(user_info)
except:
self.log_error("exception while capturing user profile")
traceback.print_exc()
user_id = user_info['email']
if task == 'store_creds':
creds = self.make_credentials(user)
credtok = creds.to_json()
self.post_auth_store_credentials(user_id, "gdrive", credtok)
return
else:
self.post_auth_launch_container(user_id)
return
else:
secret = gen_random_secret()
new_state = {'secret': secret}
if state == 'ask_gdrive':
user_id = self.get_user_id()
new_state['task'] = 'store_creds'
scope = ['https://www.googleapis.com/auth/drive']
extra_params = {'access_type': 'offline', 'prompt': 'consent',
'login_hint': user_id, 'include_granted_scopes': 'true'}
else:
scope = ['profile', 'email']
extra_params = {'approval_prompt': 'auto'}
extra_params['state'] = base64.b64encode(json.dumps(new_state))
self.set_state_cookie(secret)
yield self.authorize_redirect(redirect_uri=self_redirect_uri,
client_id=self.settings[self._OAUTH_SETTINGS_KEY]['key'],
def get(self):
# self_redirect_uri should be similar to 'http://<host>/jboxauth/github/'
self_redirect_uri = self.request.full_url()
idx = self_redirect_uri.index("jboxauth/github/")
self_redirect_uri = self_redirect_uri[0 : (idx + len("jboxauth/github/"))]
code = self.get_argument("code", False)
if code is not False:
state = self.get_argument("state", None)
secret = self.get_state_cookie()
if not state or not secret or state != secret:
self.log_warn("GitHub auth: Invalid login attempt")
self.rendertpl("index.tpl", cfg=JBoxCfg.nv, state=self.state(error="Invalid login request", success=""))
return
user = yield self.get_authenticated_user(redirect_uri=self_redirect_uri, code=code)
err = user.get("error")
if err and err[0] == "bad_verification_code": # Invalid code, get new code.
self.redirect(self_redirect_uri)
return
if not user.has_key("access_token"):
self.log_error("GitHub auth error: Key `access_token` not found in response: %r", user)
self.rendertpl(
"index.tpl",
cfg=JBoxCfg.nv,
state=self.state(
error="GitHub authentication failed due to unexpected error. Please try again.", success=""
),
)
return
user["access_token"] = user["access_token"][0]
user["token_type"] = user["token_type"][0]
user_info = yield self.get_user_info(user)
user_id = user_info.get("email")
if not user_id:
user_emails = yield self.get_user_emails(user)
for email in user_emails:
if email["primary"] and email["verified"]:
user_id = email["email"]
break
if not user_id:
self.rendertpl(
"index.tpl",
cfg=JBoxCfg.nv,
state=self.state(error="Unable to get verified email address, login failed.", success=""),
)
return
try:
self.update_user_profile(user_id, user_info)
except:
self.log_error("exception while capturing user profile")
traceback.print_exc()
GitHubAuthHandler.log_debug("logging in user_id=%r", user_id)
self.post_auth_launch_container(user_id)
return
else:
state = gen_random_secret()
self.set_state_cookie(state)
yield self.authorize_redirect(
redirect_uri=self_redirect_uri,
client_id=self.settings[self._OAUTH_SETTINGS_KEY]["key"],
scope=self.SCOPES,
response_type="code",
extra_params={"allow_signup": "true", "state": state},
)
def get(self):
# self_redirect_uri should be similar to 'http://<host>/jboxauth/github/'
self_redirect_uri = self.request.full_url()
idx = self_redirect_uri.index("jboxauth/github/")
self_redirect_uri = self_redirect_uri[0:(idx + len("jboxauth/github/"))]
code = self.get_argument('code', False)
if code is not False:
state = self.get_argument('state', None)
secret = self.get_state_cookie()
if not state or not secret or state != secret:
self.log_warn("GitHub auth: Invalid login attempt")
self.rendertpl("index.tpl", cfg=JBoxCfg.nv, state=self.state(
error="Invalid login request", success=""))
return
user = yield self.get_authenticated_user(redirect_uri=self_redirect_uri, code=code)
err = user.get('error')
if err and err[0] == 'bad_verification_code': # Invalid code, get new code.
self.redirect(self_redirect_uri)
return
if not user.has_key('access_token'):
self.log_error('GitHub auth error: Key `access_token` not found in response: %r', user)
self.rendertpl("index.tpl", cfg=JBoxCfg.nv, state=self.state(
error="GitHub authentication failed due to unexpected error. Please try again.",
success=""))
return
user['access_token'] = user['access_token'][0]
user['token_type'] = user['token_type'][0]
user_info = yield self.get_user_info(user)
user_id = user_info.get('email')
if not user_id:
user_emails = yield self.get_user_emails(user)
for email in user_emails:
if email['primary'] and email['verified']:
user_id = email['email']
break
if not user_id:
self.rendertpl("index.tpl", cfg=JBoxCfg.nv, state=self.state(
error="Unable to get verified email address, login failed.",
success=""))
return
try:
self.update_user_profile(user_id, user_info)
except:
self.log_error("exception while capturing user profile")
traceback.print_exc()
GitHubAuthHandler.log_debug("logging in user_id=%r", user_id)
self.post_auth_launch_container(user_id)
return
else:
state = gen_random_secret()
self.set_state_cookie(state)
yield self.authorize_redirect(redirect_uri=self_redirect_uri,
client_id=self.settings[self._OAUTH_SETTINGS_KEY]['key'],
scope=self.SCOPES,
response_type='code',
extra_params={'allow_signup': 'true',
'state': state})
self.update_user_profile(user_info)
except:
self.log_error("exception while capturing user profile")
traceback.print_exc()
user_id = user_info['email']
if task == 'store_creds':
creds = self.make_credentials(user)
credtok = creds.to_json()
self.post_auth_store_credentials(user_id, "gdrive", credtok)
return
else:
self.post_auth_launch_container(user_id)
return
else:
secret = gen_random_secret()
new_state = {'secret': secret}
if state == 'ask_gdrive':
user_id = self.get_user_id()
new_state['task'] = 'store_creds'
scope = ['https://www.googleapis.com/auth/drive']
extra_params = {
'access_type': 'offline',
'prompt': 'consent',
'login_hint': user_id,
'include_granted_scopes': 'true'
}
else:
scope = ['profile', 'email']
extra_params = {'approval_prompt': 'auto'}
