def oauth_account5() -> BaseOAuthAccount:
return BaseOAuthAccount(
oauth_name="service5",
access_token="TOKEN",
expires_at=1579000751,
account_id="verified_superuser_oauth1",
account_email="*****@*****.**",
)
def oauth_account4() -> BaseOAuthAccount:
return BaseOAuthAccount(
oauth_name="service4",
access_token="TOKEN",
expires_at=1579000751,
account_id="verified_user_oauth1",
account_email="*****@*****.**",
)
def oauth_account2() -> BaseOAuthAccount:
return BaseOAuthAccount(
oauth_name="service2",
access_token="TOKEN",
expires_at=1579000751,
account_id="user_oauth2",
account_email="*****@*****.**",
)
def oauth_account3() -> BaseOAuthAccount:
return BaseOAuthAccount(
oauth_name="service3",
access_token="TOKEN",
expires_at=1579000751,
account_id="inactive_user_oauth1",
account_email="*****@*****.**",
)
async def login_google(request: Request,
response: Response,
code: str = Form(...),
client_id: str = Form(...),
redirect_uri: str = Form(...),
response_type: str = Form(...),
grant_type: str = Form(...),
code_verifier: str = Form(...)):
url = 'https://oauth2.googleapis.com/token'
data = {
'code': code,
'client_id': client_id,
'client_secret': settings.client_key,
'code_verifier': code_verifier,
'redirect_uri': redirect_uri,
'grant_type': grant_type
}
r = httpx.post(url, json=data).json()
token = r['id_token']
try:
oauth_user = id_token.verify_oauth2_token(
token, requests.Request(), client_id)
except ValueError:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail='Invalid authentication'
)
# 'email_verified': True,
# 'locale': 'de',
user = await user_db.get_by_oauth_account(
oauth_client.name, oauth_user['sub'])
new_oauth_account = BaseOAuthAccount(
oauth_name=oauth_client.name,
expires_at=oauth_user['exp'],
account_email=oauth_user['email'],
access_token=r['access_token'],
account_id=oauth_user['sub']
)
if not user:
user = await user_db.get_by_email(oauth_user['email'])
if user:
# Link account
user.oauth_accounts.append(new_oauth_account)
await user_db.update(user)
else:
# Create account
password = generate_password()
user = user_db_model(
email=oauth_user['email'],
hashed_password=get_password_hash(password),
oauth_accounts=[new_oauth_account],
)
await user_db.create(user)
if after_register:
await run_handler(after_register, user, request)
else:
# Update oauth
updated_oauth_accounts = []
for oauth_account in user.oauth_accounts:
if oauth_account.account_id == oauth_user['sub']:
updated_oauth_accounts.append(new_oauth_account)
else:
updated_oauth_accounts.append(oauth_account)
user.oauth_accounts = updated_oauth_accounts
await user_db.update(user)
if not user.is_active:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail='Must activate account'
)
elif not user.is_confirmed:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail='Account not confirmed'
)
elif not user.is_accepted:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail='Account not accepted'
)
# Authenticate
for backend in authenticator.backends:
if backend.name == 'jwt':
return await backend.get_login_response(
cast(BaseUserDB, user), response
)
