@APP.errorhandler(AuthError) def handle_auth_error(ex): response = jsonify(ex.error) response.status_code = ex.status_code return response @APP.errorhandler(Exception) def handle_auth_error(ex): response = jsonify(ex) return response oauth = OAuth(APP) auth0 = oauth.remote_app( 'auth0', consumer_key=AUTH0_CLIENT_ID, consumer_secret=AUTH0_CLIENT_SECRET, request_token_params={ 'scope': 'openid profile', 'audience': API_AUDIENCE }, base_url='https://%s' % AUTH0_DOMAIN, access_token_method='POST', access_token_url='/oauth/token', authorize_url='/authorize', )
SCHEDULER_API_ENABLED = True SCHEDULER_TIMEZONE = 'Europe/London' app = Flask('AlarmManager') app.logger.addHandler(ch) app.secret_key = 'development' app.config.update( {'SQLALCHEMY_DATABASE_URI': 'sqlite:///oauth_alarm_manager.sqlite'}) app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False db = SQLAlchemy(app) # as provider oauth = OAuth2Provider(app) # as client oauth_client = OAuth(app) api = Api(app) app.config.from_object(Config()) conn = pymysql.connect(host='172.18.0.25', port=3306, user='******', passwd='alarm', db='alarm_db') DEGREE_DIFFERENCE = 3 JWT = None CREDENTIALS = {} def build_remote_app(consumer_key, consumer_secret, request_token_params,
def __init__(self, appbuilder): super(BaseSecurityManager, self).__init__(appbuilder) app = self.appbuilder.get_app # Base Security Config app.config.setdefault("AUTH_ROLE_ADMIN", "Admin") app.config.setdefault("AUTH_ROLE_PUBLIC", "Public") app.config.setdefault("AUTH_TYPE", AUTH_DB) # Self Registration app.config.setdefault("AUTH_USER_REGISTRATION", False) app.config.setdefault("AUTH_USER_REGISTRATION_ROLE", self.auth_role_public) # LDAP Config if self.auth_type == AUTH_LDAP: if "AUTH_LDAP_SERVER" not in app.config: raise Exception("No AUTH_LDAP_SERVER defined on config" " with AUTH_LDAP authentication type.") app.config.setdefault("AUTH_LDAP_SEARCH", "") app.config.setdefault("AUTH_LDAP_SEARCH_FILTER", "") app.config.setdefault("AUTH_LDAP_BIND_USER", "") app.config.setdefault("AUTH_LDAP_APPEND_DOMAIN", "") app.config.setdefault("AUTH_LDAP_USERNAME_FORMAT", "") app.config.setdefault("AUTH_LDAP_BIND_PASSWORD", "") # TLS options app.config.setdefault("AUTH_LDAP_USE_TLS", False) app.config.setdefault("AUTH_LDAP_ALLOW_SELF_SIGNED", False) app.config.setdefault("AUTH_LDAP_TLS_DEMAND", False) app.config.setdefault("AUTH_LDAP_TLS_CACERTDIR", "") app.config.setdefault("AUTH_LDAP_TLS_CACERTFILE", "") app.config.setdefault("AUTH_LDAP_TLS_CERTFILE", "") app.config.setdefault("AUTH_LDAP_TLS_KEYFILE", "") # Mapping options app.config.setdefault("AUTH_LDAP_UID_FIELD", "uid") app.config.setdefault("AUTH_LDAP_FIRSTNAME_FIELD", "givenName") app.config.setdefault("AUTH_LDAP_LASTNAME_FIELD", "sn") app.config.setdefault("AUTH_LDAP_EMAIL_FIELD", "mail") if self.auth_type == AUTH_OID: self.oid = OpenID(app) if self.auth_type == AUTH_OAUTH: from flask_oauthlib.client import OAuth self.oauth = OAuth() self.oauth_remotes = dict() for _provider in self.oauth_providers: provider_name = _provider["name"] log.debug("OAuth providers init {0}".format(provider_name)) obj_provider = self.oauth.remote_app(provider_name, **_provider["remote_app"]) obj_provider._tokengetter = self.oauth_tokengetter if not self.oauth_user_info: self.oauth_user_info = self.get_oauth_user_info # Whitelist only users with matching emails if "whitelist" in _provider: self.oauth_whitelists[provider_name] = _provider[ "whitelist"] self.oauth_remotes[provider_name] = obj_provider # Setup Flask-Login self.lm = self.create_login_manager(app) # Setup Flask-Jwt-Extended self.jwt_manager = self.create_jwt_manager(app)
from flask_oauthlib.client import OAuth from flask import current_app, url_for, session, request oauth = OAuth(current_app) class OAuthSignIn(object): """Parent OAuth class""" providers = None def __init__(self, provider_name): self.provider_name = provider_name credentials = current_app.config['OAUTH_CREDENTIALS'][provider_name] self.consumer_id = credentials['id'] self.consumer_secret = credentials['secret'] def authorize(self, callback=False): pass def callback(self): pass def get_callback_url(self): return url_for('auth_routes.oauth_callback', provider=self.provider_name, _external=True) @classmethod def get_provider(self, provider_name): if self.providers is None: self.providers = {}
from flask import Flask, g, request from sqlalchemy import or_, func from sqlalchemy.orm import Session, sessionmaker from datetime import datetime, timedelta, timezone from flask_oauthlib.client import OAuth, OAuthException app = Flask(__name__) app.config.from_json("config.json") engine = sqlalchemy.create_engine( "postgresql://{username}:{password}@localhost/{dbname}".format( username=app.config["DB_USER"], password=app.config["DB_PASS"], dbname=app.config["DB_NAME"])) # type: sqlalchemy.engine.base.Engine oauth = OAuth() shardbound = oauth.remote_app( 'shardbound', base_url='https://st-george.spiritwalkgames.com/', request_token_url=None, access_token_url='oauth/token', authorize_url='oauth/authorize', consumer_key=app.config["OAUTH_ID"], consumer_secret=app.config["OAUTH_SECRET"], request_token_params={'scope': 'public'}) @shardbound.tokengetter def get_shardbound_oauth_token(): return flask.session.get('shardbound_token')
def instance(app): """:rtype: OAuth""" oauth = OAuth() oauth.remote_app('github', app_key='GITHUB_OAUTH') oauth.init_app(app) return oauth
from flask import (Flask, request, jsonify, render_template, abort, Response, redirect, url_for, session) config = ConfigParser.ConfigParser() config.read('/etc/shuttleofx/client.cfg') g_app = Flask(__name__) g_app.config['GOOGLE_ID'] = config.get('OAUTH_CONFIG', 'googleId') g_app.config['GOOGLE_SECRET'] = config.get('OAUTH_CONFIG', 'googleSecret') g_app.config['GITHUB_ID'] = config.get('OAUTH_CONFIG', 'githubId') g_app.config['GITHUB_SECRET'] = config.get('OAUTH_CONFIG', 'githubSecret') g_app.debug = True g_app.secret_key = 'development' oauth = OAuth(g_app) google = oauth.remote_app( 'google', consumer_key=g_app.config.get('GOOGLE_ID'), consumer_secret=g_app.config.get('GOOGLE_SECRET'), request_token_params={ 'scope': 'https://www.googleapis.com/auth/userinfo.profile' }, base_url='https://www.googleapis.com/oauth2/v1/', request_token_url=None, access_token_method='POST', access_token_url='https://accounts.google.com/o/oauth2/token', authorize_url='https://accounts.google.com/o/oauth2/auth', )
def __init__(self, appbuilder): super(BaseSecurityManager, self).__init__(appbuilder) app = self.appbuilder.get_app # Base Security Config app.config.setdefault('AUTH_ROLE_ADMIN', 'Admin') app.config.setdefault('AUTH_ROLE_PUBLIC', 'Public') app.config.setdefault('AUTH_TYPE', AUTH_DB) # Self Registration app.config.setdefault('AUTH_USER_REGISTRATION', False) app.config.setdefault('AUTH_USER_REGISTRATION_ROLE', self.auth_role_public) # LDAP Config if self.auth_type == AUTH_LDAP: if 'AUTH_LDAP_SERVER' not in app.config: raise Exception( "No AUTH_LDAP_SERVER defined on config with AUTH_LDAP authentication type." ) app.config.setdefault('AUTH_LDAP_SEARCH', '') app.config.setdefault('AUTH_LDAP_SEARCH_FILTER', '') app.config.setdefault('AUTH_LDAP_BIND_USER', '') app.config.setdefault('AUTH_LDAP_APPEND_DOMAIN', '') app.config.setdefault('AUTH_LDAP_USERNAME_FORMAT', '') app.config.setdefault('AUTH_LDAP_BIND_PASSWORD', '') # TLS options app.config.setdefault('AUTH_LDAP_USE_TLS', False) app.config.setdefault('AUTH_LDAP_ALLOW_SELF_SIGNED', False) app.config.setdefault('AUTH_LDAP_TLS_DEMAND', False) app.config.setdefault('AUTH_LDAP_TLS_CACERTDIR', '') app.config.setdefault('AUTH_LDAP_TLS_CACERTFILE', '') app.config.setdefault('AUTH_LDAP_TLS_CERTFILE', '') app.config.setdefault('AUTH_LDAP_TLS_KEYFILE', '') # Mapping options app.config.setdefault('AUTH_LDAP_UID_FIELD', 'uid') app.config.setdefault('AUTH_LDAP_FIRSTNAME_FIELD', 'givenName') app.config.setdefault('AUTH_LDAP_LASTNAME_FIELD', 'sn') app.config.setdefault('AUTH_LDAP_EMAIL_FIELD', 'mail') if self.auth_type == AUTH_OID: self.oid = OpenID(app) if self.auth_type == AUTH_OAUTH: from flask_oauthlib.client import OAuth self.oauth = OAuth() self.oauth_remotes = dict() for _provider in self.oauth_providers: provider_name = _provider['name'] log.debug("OAuth providers init {0}".format(provider_name)) obj_provider = self.oauth.remote_app(provider_name, **_provider['remote_app']) obj_provider._tokengetter = self.oauth_tokengetter if not self.oauth_user_info: self.oauth_user_info = self.get_oauth_user_info # Whitelist only users with matching emails if 'whitelist' in _provider: self.oauth_whitelists[provider_name] = _provider[ 'whitelist'] self.oauth_remotes[provider_name] = obj_provider self.lm = LoginManager(app) self.lm.login_view = 'login' self.lm.user_loader(self.load_user)
# some bits of text for the page. header_text = ''' <html>\n<head> <title>EB Flask Test with websocket </title> </head>\n<body>''' instructions = ''' There is an endpoint of websocket (staged) \n''' home_link = '<p><a href="/">Back</a></p>\n' footer_text = '</body>\n</html>' # EB looks for an 'application' callable by default. application = Flask(__name__) application.config['SECRET_KEY'] = 'secret!' application.jinja_env.line_statement_prefix = '#' socketio = SocketIO(application) oauth = OAuth(application) #linkedin linkedin = oauth.remote_app(\ 'linkedin',\ consumer_key=os.environ.get('linkedinappkey'),\ consumer_secret=os.environ.get('linkedinappsecret'),\ request_token_params={\ 'scope': ['r_basicprofile','r_emailaddress'],\ 'state': 'RandomString',\ },\ base_url='https://api.linkedin.com/v1/',\ request_token_url=None,\ access_token_method='POST',\ access_token_url='https://www.linkedin.com/uas/oauth2/accessToken',\ authorize_url='https://www.linkedin.com/uas/oauth2/authorization')
http_auth = credentials.authorize(httplib2.Http()) drive = discovery.build('drive', 'v3', http_auth) files = drive.files().list(q="'{0}' in parents and (mimeType='application/vnd.google-apps.spreadsheet' or mimeType='application/vnd.google-apps.folder')".format(id), orderBy="name").execute()['files'] return render_template('charts_of_accounts.html', files = files, blueprint_name = blueprint.name) @blueprint.route("/set_chart_of_accounts/<string:sheet_id>") def set_chart_of_accounts(sheet_id): session['sheet_id'] = sheet_id return redirect(url_for("{0}.authorize_qbo".format(blueprint.name))) # Step-3, authorize QBO qbo = OAuth().remote_app( 'qbo', request_token_url = 'https://oauth.intuit.com/oauth/v1/get_request_token', access_token_url = 'https://oauth.intuit.com/oauth/v1/get_access_token', authorize_url = 'https://appcenter.intuit.com/Connect/Begin', consumer_key = app.config['QBO_CONSUMER_KEY'], consumer_secret = app.config['QBO_CONSUMER_SECRET'] ) @blueprint.route("/authorize_qbo") def authorize_qbo(): return qbo.authorize(callback=url_for("{0}.qbo_authorized".format(blueprint.name))) @blueprint.route("/qbo_authorized") def qbo_authorized(): qbo_tokens = qbo.authorized_response() session['qbo_tokens'] = qbo_tokens; qbo_company_id = request.args.get('realmId'); session['qbo_company_id'] = qbo_company_id; models.store_qbo_authentication_tokens(qbo_tokens, qbo_company_id)
from app import site from flask_oauthlib.client import OAuth, OAuthException oauth = OAuth(site) google = oauth.remote_app( 'google', consumer_key=site.config.get('GOOGLE_KEY'), consumer_secret=site.config.get('GOOGLE_SECRET'), request_token_params={'scope': 'email profile'}, base_url='https://www.googleapis.com/oauth2/v3/', request_token_url=None, access_token_method='POST', access_token_url='https://accounts.google.com/o/oauth2/token', authorize_url='https://accounts.google.com/o/oauth2/auth' ) github = oauth.remote_app( 'github', consumer_key=site.config.get('GITHUB_KEY'), consumer_secret=site.config.get('GITHUB_SECRET'), request_token_params={'scope': 'user:email'}, base_url='https://api.github.com/', request_token_url=None, access_token_method='POST', access_token_url='https://github.com/login/oauth/access_token', authorize_url='https://github.com/login/oauth/authorize', ) facebook = oauth.remote_app( 'facebook',
def prepare_app(name): app = fk.Flask(name) app.config.from_pyfile('config.py', silent=True) # Check for required configuration variables required = [ 'SECRET_KEY', 'MSAPI_CONSUMER_KEY', 'MSAPI_CONSUMER_SECRET', 'MSAPI_REDIRECT_URL', ] absent = list(filter(lambda v: v not in app.config, required)) if len(absent) > 0: absent = ', '.join(absent) raise LookupError(f'The following variables are needed to proceed: {absent}') # Set defaults for optional variables optional = { 'MSAPI_ORIGIN_URL': 'https://graph.microsoft.com/v1.0/', 'MSAPI_TOKEN_URL': 'https://login.microsoftonline.com/common/oauth2/v2.0/token', 'MSAPI_AUTHORIZE_URL': 'https://login.microsoftonline.com/common/oauth2/v2.0/authorize', 'GROOM_HOST': 'localhost', 'GROOM_PORT': 4221, } for key, value in optional.items(): app.config.setdefault(key, value) # Configure plugins limiter = Limiter(app, key_func=partial(get_limit_key, app)) db = SQLAlchemy(app) class Attempt(db.Model): __tablename__ = 'attempt' id = db.Column(db.Integer, primary_key=True) user = db.Column(db.String(120)) time = db.Column(db.Integer) # XXX: Maybe we should use an enum instead. result = db.Column(db.Text) def __init__(self, user, result): self.user, self.result = user or 'unknown', result self.time = time.time() class User(db.Model): __tablename__ = 'user' id = db.Column(db.Integer, primary_key=True) user = db.Column(db.String(120), unique=True) # XXX: Maybe we should use an enum instead. level = db.Column(db.Integer) # Levels: # -1 : Disabled # 0 : Can open the door # 1 : Can view logs # 2 : Can ban/unban users from the service if level < theirs # 3 : Can promote/demote users def __init__(self, user, level): self.user, self.level = user, level msapi = OAuth(app).remote_app( 'msapi', consumer_key=app.config['MSAPI_CONSUMER_KEY'], consumer_secret=app.config['MSAPI_CONSUMER_SECRET'], request_token_params={'scope': ['User.Read']}, base_url=app.config['MSAPI_ORIGIN_URL'], access_token_method='POST', access_token_url=app.config['MSAPI_TOKEN_URL'], request_token_url=None, authorize_url=app.config['MSAPI_AUTHORIZE_URL'] ) @app.before_request def groom_export(): fk.g.db = db fk.g.Attempt = Attempt fk.g.User = User fk.g.msapi = msapi @msapi.tokengetter def msapi_get_token(): return fk.session.get('access_token'), '' return app, limiter, db, User, Attempt
def init(app): oauth = OAuth(app) twitch = oauth.remote_app( 'twitch', consumer_key=app.bot_config['webtwitchapi']['client_id'], consumer_secret=app.bot_config['webtwitchapi']['client_secret'], request_token_params={ 'scope': 'user_read', }, base_url='https://api.twitch.tv/kraken/', request_token_url=None, access_token_method='POST', access_token_url='https://api.twitch.tv/kraken/oauth2/token', authorize_url='https://api.twitch.tv/kraken/oauth2/authorize', ) @app.route('/login') def login(): callback_url = app.bot_config['webtwitchapi'][ 'redirect_uri'] if 'redirect_uri' in app.bot_config[ 'webtwitchapi'] else url_for('authorized', _external=True) state = request.args.get('n') or request.referrer or None return twitch.authorize( callback=callback_url, state=state, ) @app.route('/login/error') def login_error(): return render_template('login_error.html') @app.route('/login/authorized') def authorized(): try: resp = twitch.authorized_response() except OAuthException: log.exception('An exception was caught while authorizing') next_url = get_next_url(request, 'state') return redirect(next_url) except: log.exception('Unhandled exception while authorizing') return render_template('login_error.html') print(resp) if resp is None: if 'error' in request.args and 'error_description' in request.args: log.warn('Access denied: reason={}, error={}'.format( request.args['error'], request.args['error_description'])) next_url = get_next_url(request, 'state') return redirect(next_url) elif type(resp) is OAuthException: log.warn(resp.message) log.warn(resp.data) log.warn(resp.type) next_url = get_next_url(request, 'state') return redirect(next_url) session['twitch_token'] = (resp['access_token'], ) me = twitch.get('user') level = 100 with DBManager.create_session_scope() as db_session: db_user = db_session.query(User).filter_by( username=me.data['name'].lower()).one_or_none() if db_user: level = db_user.level session['user'] = { 'username': me.data['name'], 'username_raw': me.data['display_name'], 'level': level, } next_url = get_next_url(request, 'state') return redirect(next_url) def get_next_url(request, key='n'): next_url = request.args.get(key, '/') if next_url.startswith('//'): return '/' return next_url @app.route('/logout') def logout(): session.pop('twitch_token', None) session.pop('user', None) next_url = get_next_url(request) if next_url.startswith('/admin'): next_url = '/' return redirect(next_url) @twitch.tokengetter def get_twitch_oauth_token(): return session.get('twitch_token') def change_twitch_header(uri, headers, body): auth = headers.get('Authorization') if auth: auth = auth.replace('Bearer', 'OAuth') headers['Authorization'] = auth return uri, headers, body twitch.pre_request = change_twitch_header
from __future__ import absolute_import from flask import url_for, session, request, jsonify, Blueprint, flash, current_app from flask_oauthlib.client import OAuth from keg.web import redirect oauthlib = OAuth() class OAuthError(Exception): pass class Provider(object): def authorize(self, **kwargs): return self.remote_app.authorize(**kwargs) def get(self, *args): return self.remote_app.get(*args) class Google(Provider): def __init__(self): self.remote_app = oauthlib.remote_app( 'google', request_token_params={ 'scope': 'https://www.googleapis.com/auth/userinfo.email' }, base_url='https://www.googleapis.com/oauth2/v1/', request_token_url=None,
from flask import Blueprint from flask import redirect, url_for, session, request from flask_oauthlib.client import OAuth, OAuthException from config import Config blueprint = Blueprint('spotify_controller', __name__, url_prefix='/') oauth = OAuth(blueprint) spotify = oauth.remote_app( 'spotify', consumer_key=Config.SPOTIFY_APP_ID, consumer_secret=Config.SPOTIFY_APP_SECRET, request_token_params={ 'scope': ['user-read-email', 'playlist-read-private'] }, base_url='https://accounts.spotify.com', request_token_url=None, access_token_url='/api/token', authorize_url='https://accounts.spotify.com/authorize') @blueprint.route('login') def login(): callback = url_for('spotify_controller.spotify_authorized', _external=True) return spotify.authorize(callback=callback) @blueprint.route('login/authorized') def spotify_authorized(): resp = spotify.authorized_response()
def create_oauth_client(app): oauth = OAuth(app) app.secret_key = SECRET if not app.debug: app.config.update( SESSION_COOKIE_SECURE=True, SESSION_COOKIE_HTTPONLY=True, SESSION_COOKIE_SAMESITE='Lax', ) remote = oauth.remote_app( "ok-server", # Server Name consumer_key=CONSUMER_KEY, consumer_secret=SECRET, request_token_params={ "scope": "email", "state": lambda: security.gen_salt(10) }, base_url="https://okpy.org/api/v3/", request_token_url=None, access_token_method="POST", access_token_url="https://okpy.org/oauth/token", authorize_url="https://okpy.org/oauth/authorize", ) def check_req(uri, headers, body): """ Add access_token to the URL Request. """ if "access_token" not in uri and session.get("dev_token"): params = {"access_token": session.get("dev_token")[0]} url_parts = list(urllib.parse.urlparse(uri)) query = dict(urllib.parse.parse_qsl(url_parts[4])) query.update(params) url_parts[4] = urllib.parse.urlencode(query) uri = urllib.parse.urlunparse(url_parts) return uri, headers, body remote.pre_request = check_req @app.route("/oauth/login") def login(): response = remote.authorize( callback=url_for("authorized", _external=True)) return response @app.route("/oauth/authorized") def authorized(): resp = remote.authorized_response() if resp is None: return "Access denied: error=%s" % (request.args["error"]) if isinstance(resp, dict) and "access_token" in resp: session["dev_token"] = (resp["access_token"], "") return redirect("/") @app.route("/api/user", methods=["POST"]) def client_method(): if "dev_token" not in session: abort(401) token = session["dev_token"][0] r = requests.get( "https://okpy.org/api/v3/user/?access_token={}".format(token)) if not r.ok: abort(401) return jsonify(r.json()) @remote.tokengetter def get_oauth_token(): return session.get("dev_token") app.remote = remote
def run_server(auction, mapping_expire_time, logger, timezone='Europe/Kiev', bids_form=BidsForm, bids_handler=BidsHandler, form_handler=form_handler, cookie_path=AUCTION_SUBPATH): app = initialize_application() add_url_rules(app) app.config.update(auction.worker_defaults) # Replace Flask custom logger app.logger_name = logger.name app._logger = logger app.config['timezone'] = tz(timezone) app.config['SESSION_COOKIE_PATH'] = '/{}/{}'.format( cookie_path, auction.context['auction_doc_id']) app.config['SESSION_COOKIE_NAME'] = 'auction_session' app.oauth = OAuth(app) app.gsm = getGlobalSiteManager() app.context = app.gsm.queryUtility(IContext) app.bids_form = bids_form app.bids_handler = bids_handler() app.form_handler = form_handler app.remote_oauth = app.oauth.remote_app( 'remote', consumer_key=app.config['OAUTH_CLIENT_ID'], consumer_secret=app.config['OAUTH_CLIENT_SECRET'], request_token_params={'scope': 'email'}, base_url=app.config['OAUTH_BASE_URL'], access_token_url=app.config['OAUTH_ACCESS_TOKEN_URL'], authorize_url=app.config['OAUTH_AUTHORIZE_URL']) @app.remote_oauth.tokengetter def get_oauth_token(): return session.get('remote_oauth') os.environ['OAUTHLIB_INSECURE_TRANSPORT'] = 'true' # Start server on unused port request_id = generate_request_id() listener = get_lisener(auction.worker_defaults["STARTS_PORT"], host=auction.worker_defaults.get( "WORKER_BIND_IP", "")) app.logger.info("Start server on {0}:{1}".format(*listener.getsockname()), extra={"JOURNAL_REQUEST_ID": request_id}) server = WSGIServer(listener, app, log=_LoggerStream(logger), handler_class=AuctionsWSGIHandler) server.start() # Set mapping mapping_value = "http://{0}:{1}/".format(*listener.getsockname()) create_mapping(auction.worker_defaults, auction.context['auction_doc_id'], mapping_value) app.logger.info("Server mapping: {} -> {}".format( auction.context['auction_doc_id'], mapping_value, mapping_expire_time), extra={"JOURNAL_REQUEST_ID": request_id}) # Spawn events functionality spawn( push_timestamps_events, app, ) spawn( check_clients, app, ) return server
def create_oauth_client( app: flask.Flask, consumer_key, secret_key=None, success_callback=None, return_response=None, ): """Add Okpy OAuth for ``consumer_key`` to the current ``app``. Specifically, adds an endpoint ``/oauth/login`` that redirects to the Okpy login process, ``/oauth/authorized`` that receives the successful result of authentication, ``/api/user`` that acts as a test endpoint, and a :meth:`~flask_oauthlib.client.OAuthRemoteApp.tokengetter`. :param app: the app to add OAuth endpoints to :type app: ~flask.Flask :param consumer_key: the OAuth client consumer key :type consumer_key: str :param secret_key: the OAuth client secret, inferred using :func:`~common.rpc.secrets.get_secret` if omitted :type secret_key: str :param success_callback: an optional function to call upon login :type success_callback: func :param return_response: an optional function to send the OAuth response to :type return_response: func """ oauth = OAuth(app) if os.getenv("ENV") == "prod": if secret_key is None: app.secret_key = get_secret(secret_name="OKPY_OAUTH_SECRET") else: app.secret_key = secret_key else: consumer_key = "local-dev-all" app.secret_key = "kmSPJYPzKJglOOOmr7q0irMfBVMRFXN" if not app.debug: app.config.update( SESSION_COOKIE_SECURE=True, SESSION_COOKIE_HTTPONLY=True, SESSION_COOKIE_SAMESITE="Lax", ) remote = oauth.remote_app( "ok-server", # Server Name consumer_key=consumer_key, consumer_secret=app.secret_key, request_token_params={ "scope": "all", "state": lambda: security.gen_salt(10) }, base_url="https://okpy.org/api/v3/", request_token_url=None, access_token_method="POST", access_token_url="https://okpy.org/oauth/token", authorize_url="https://okpy.org/oauth/authorize", ) def check_req(uri, headers, body): """ Add access_token to the URL Request. """ if "access_token" not in uri and session.get("access_token"): params = {"access_token": session.get("access_token")[0]} url_parts = list(urllib.parse.urlparse(uri)) query = dict(urllib.parse.parse_qsl(url_parts[4])) query.update(params) url_parts[4] = urllib.parse.urlencode(query) uri = urllib.parse.urlunparse(url_parts) return uri, headers, body remote.pre_request = check_req @app.route("/oauth/login") def login(): if app.debug: response = remote.authorize( callback=url_for("authorized", _external=True)) else: response = remote.authorize( url_for("authorized", _external=True, _scheme="https")) return response @app.route("/oauth/authorized") def authorized(): resp = remote.authorized_response() if resp is None: return "Access denied: error=%s" % (request.args["error"]) if isinstance(resp, dict) and "access_token" in resp: session["access_token"] = (resp["access_token"], "") if return_response: return_response(resp) if success_callback: success_callback() target = session.get(REDIRECT_KEY) if target: session.pop(REDIRECT_KEY) return redirect(target) return redirect(url_for("index")) @app.route("/api/user", methods=["POST"]) def client_method(): if "access_token" not in session: abort(401) token = session["access_token"][0] r = requests.get( "https://okpy.org/api/v3/user/?access_token={}".format(token)) if not r.ok: abort(401) return jsonify(r.json()) @remote.tokengetter def get_oauth_token(): return session.get("access_token") app.remote = remote
from flask import Flask, redirect, url_for, session, request, jsonify, Blueprint, flash from flask_oauthlib.client import OAuth, OAuthException import json import kunjika OA = Blueprint('oauth', __name__, template_folder='templates') oauth = OAuth(kunjika) google = oauth.remote_app( 'google', consumer_key=kunjika.GOOGLE_ID, consumer_secret=kunjika.GOOGLE_SECRET, request_token_params={ 'scope': 'https://www.googleapis.com/auth/userinfo.email' }, base_url='https://www.googleapis.com/oauth2/v1/', request_token_url=None, access_token_method='POST', access_token_url='https://accounts.google.com/o/oauth2/token', authorize_url='https://accounts.google.com/o/oauth2/auth', ) facebook = oauth.remote_app( 'facebook', consumer_key=kunjika.FACEBOOK_ID, consumer_secret=kunjika.FACEBOOK_SECRET, request_token_params={'scope': 'email'}, base_url='https://graph.facebook.com', request_token_url=None, access_token_url='/oauth/access_token',
from __future__ import absolute_import import os import datetime import flask from gevent import pool from flask_oauthlib.client import OAuth from flask.ext import login import twitter as twitter_api from sirius.models import user as user_model from sirius.models.db import db blueprint = flask.Blueprint('twitter_oauth', __name__) oauth_app = OAuth() # TODO move the consumer_key/secret to flask configuration. The # current key is a test app that redirects to 127.0.0.1:8000. twitter = oauth_app.remote_app( 'twitter', base_url='https://api.twitter.com/1/', request_token_url='https://api.twitter.com/oauth/request_token', access_token_url='https://api.twitter.com/oauth/access_token', authorize_url='https://api.twitter.com/oauth/authenticate', consumer_key=os.environ.get('TWITTER_CONSUMER_KEY', 'DdrpQ1uqKuQouwbCsC6OMA4oF'), consumer_secret=os.environ.get( 'TWITTER_CONSUMER_SECRET', 'S8XGuhptJ8QIJVmSuIk7k8wv3ULUfMiCh9x1b19PmKSsBh1VDM'), )
def create_client(app): oauth = OAuth(app) remote = oauth.remote_app( 'dev', consumer_key='dev', consumer_secret='dev', request_token_params={'scope': 'address'}, base_url='http://local.wushuyi.com:5000/api/', request_token_url=None, access_token_method='POST', access_token_url='http://local.wushuyi.com:5000/oauth/token', authorize_url='http://local.wushuyi.com:5000/oauth/authorize') @app.route('/') def index(): if 'dev_token' in session: print(session.get('dev_token')) ret = remote.get('email') return jsonify(ret.data) return redirect(url_for('login')) @app.route('/login') def login(): return remote.authorize(callback=url_for('authorized', _external=True)) @app.route('/logout') def logout(): session.pop('dev_token', None) return redirect(url_for('index')) @app.route('/authorized') def authorized(): resp = remote.authorized_response() if resp is None: return 'Access denied: error=%s' % (request.args['error']) if isinstance(resp, dict) and 'access_token' in resp: session['dev_token'] = (resp['access_token'], '') return jsonify(resp) return str(resp) @app.route('/client') def client_method(): ret = remote.get("client") if ret.status not in (200, 201): return abort(ret.status) return ret.raw_data @app.route('/address') def address(): test = 'wushuyi' ret = remote.get('address/hangzhou') if ret.status not in (200, 201): return ret.raw_data, ret.status return ret.raw_data @app.route('/method/<name>') def method(name): func = getattr(remote, name) ret = func('method') return ret.raw_data @remote.tokengetter def get_oauth_token(): return session.get('dev_token') return remote
def init(api): if not has_streamlabs(): log.info('Streamlabs support not set up') log.info( 'Check out the install/config.example.ini and set up the client_id and client_secret under the [streamlabs] section' ) return oauth = OAuth(api) streamlabs = oauth.remote_app( 'streamlabs', consumer_key=app.bot_config['streamlabs']['client_id'], consumer_secret=app.bot_config['streamlabs']['client_secret'], base_url='https://streamlabs.com/api/v1.0/', request_token_params={ 'scope': [ 'donations.read', 'donations.create', ], }, request_token_url=None, access_token_headers={ 'User-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36', }, access_token_method='POST', access_token_url='https://streamlabs.com/api/v1.0/token', authorize_url='https://streamlabs.com/api/v1.0/authorize', ) class StreamlabsIndex(Resource): def get(self): return redirect(url_for('streamlabslogin')) class StreamlabsLogin(Resource): def get(self): callback = url_for('streamlabsloginauthorized', _external=True) return streamlabs.authorize(callback=callback, state=uuid.uuid4()) class StreamlabsLoginAuthorized(Resource): def __init__(self): super().__init__() self.parser = reqparse.RequestParser() self.parser.add_argument('error') self.parser.add_argument('error_description') def get(self): try: resp = streamlabs.authorized_response() except OAuthException: log.exception( 'Exception caught while authorizing with streamlabs') return 'error 1' except: log.exception( 'Unhandled exception caught while authorizing with streamlabs' ) return 'error 2' args = self.parser.parse_args() if resp is None: log.warn('Access denied: reason={}, error={}'.format( args['error'], args['error_description'])) return args['error'] if type(resp) is OAuthException: log.warn(resp.message) log.warn(resp.data) log.warn(resp.type) return 'error 3' session['streamlabs_token'] = (resp['access_token'], ) me = streamlabs.get('user') log.info(me) log.info(me.data) log.info(me.data['twitch']) log.info(me.data['twitch']['name']) if me.data['twitch']['name'] in ( 'pajlada', app.bot_config['main']['streamer']): password = pajbot.web.utils.create_pleblist_login( app.bot_config) resp = flask.make_response( flask.jsonify({'password': password})) resp.set_cookie('password', password) return resp return 'you can\'t use this pleblist' @streamlabs.tokengetter def get_streamlabs_oauth_token(): return session.get('streamlabs_token') api.add_resource(StreamlabsIndex, '/streamlabs') api.add_resource(StreamlabsLogin, '/streamlabs/login') api.add_resource(StreamlabsLoginAuthorized, '/streamlabs/login/authorized')
import uuid import flask import requests from flask import Flask from flask_oauthlib.client import OAuth import config from rclone_client import Rclone APP = Flask(__name__) APP.debug = True APP.secret_key = 'development' OAUTH = OAuth(APP) MSGRAPH = OAUTH.remote_app( 'microsoft', consumer_key=config.CLIENT_ID, consumer_secret=config.CLIENT_SECRET, request_token_params={'scope': config.SCOPES}, base_url=config.RESOURCE + config.API_VERSION + '/', request_token_url=None, access_token_method='POST', access_token_url=config.AUTHORITY_URL + config.TOKEN_ENDPOINT, authorize_url=config.AUTHORITY_URL + config.AUTH_ENDPOINT) @APP.route('/') def hello_world(): return 'Hello World!'
def create_oauth_client(app, name, **kwargs): """Helper function to create a OAuth2 client to test an OAuth2 provider.""" blueprint = Blueprint('oauth2test', __name__, template_folder='templates') default = dict( consumer_key='confidential', consumer_secret='confidential', request_token_params={'scope': 'test:scope'}, request_token_url=None, access_token_method='POST', access_token_url='/oauth/token', authorize_url='/oauth/authorize', content_type='application/json', ) default.update(kwargs) oauth = OAuth(app) remote = oauth.remote_app(name, **default) @blueprint.route('/oauth2test/login') def login(): return remote.authorize( callback=url_for('oauth2test.authorized', _external=True)) @blueprint.route('/oauth2test/logout') def logout(): session.pop('confidential_token', None) return "logout" @blueprint.route('/oauth2test/authorized') @remote.authorized_handler def authorized(resp): if resp is None: return 'Access denied: error=%s' % (request.args.get( 'error', "unknown")) if isinstance(resp, dict) and 'access_token' in resp: session['confidential_token'] = (resp['access_token'], '') return jsonify(resp) return str(resp) def get_test(test_url): if 'confidential_token' not in session: abort(403) else: ret = remote.get(test_url) if ret.status != 200: return abort(ret.status) return ret.raw_data @blueprint.route('/oauth2test/test-ping') def test_ping(): return get_test(url_for("invenio_oauth2server.ping")) @blueprint.route('/oauth2test/test-info') def test_info(): return get_test(url_for('invenio_oauth2server.info')) @blueprint.route('/oauth2test/test-invalid') def test_invalid(): return get_test(url_for('invenio_oauth2server.invalid')) @remote.tokengetter def get_oauth_token(): return session.get('confidential_token') app.register_blueprint(blueprint) return remote
def init(app): oauth = OAuth(app) # enables the usage of 127.0.0.1:7221 over http for OAuth purposes. os.environ["OAUTHLIB_INSECURE_TRANSPORT"] = "1" twitch = oauth.remote_app( "twitch", consumer_key=app.bot_config["webtwitchapi"]["client_id"], consumer_secret=app.bot_config["webtwitchapi"]["client_secret"], request_token_params={"scope": "user_read"}, base_url="{}/kraken/".format(os.environ.get("APIPROXY_HOST", "http://127.0.0.1:7221")), request_token_url=None, access_token_method="POST", access_token_url="https://id.twitch.tv/oauth2/token", authorize_url="https://id.twitch.tv/oauth2/authorize", ) @app.route("/login") def login(): callback_url = ( app.bot_config["webtwitchapi"]["redirect_uri"] if "redirect_uri" in app.bot_config["webtwitchapi"] else url_for("authorized", _external=True) ) state = request.args.get("n") or request.referrer or None return twitch.authorize(callback=callback_url, state=state) @app.route("/bot_login") def bot_login(): callback_url = ( app.bot_config["webtwitchapi"]["redirect_uri"] if "redirect_uri" in app.bot_config["webtwitchapi"] else url_for("authorized", _external=True) ) state = request.args.get("n") or request.referrer or None return twitch.authorize( callback=callback_url, state=state, scope="user_read user:edit user:read:email channel:moderate chat:edit chat:read whispers:read whispers:edit", force_verify="true", ) @app.route("/login/error") def login_error(): return render_template("login_error.html") @app.route("/login/authorized") def authorized(): try: resp = twitch.authorized_response() except OAuthException: log.exception("An exception was caught while authorizing") next_url = get_next_url(request, "state") return redirect(next_url) except: log.exception("Unhandled exception while authorizing") return render_template("login_error.html") if resp is None: if "error" in request.args and "error_description" in request.args: log.warning( "Access denied: reason={}, error={}".format( request.args["error"], request.args["error_description"] ) ) next_url = get_next_url(request, "state") return redirect(next_url) elif type(resp) is OAuthException: log.warning(resp.message) log.warning(resp.data) log.warning(resp.type) next_url = get_next_url(request, "state") return redirect(next_url) session["twitch_token"] = (resp["access_token"],) me = twitch.get("user") level = 100 with DBManager.create_session_scope() as db_session: db_user = db_session.query(User).filter_by(username=me.data["name"].lower()).one_or_none() if db_user: level = db_user.level session["user"] = {"username": me.data["name"], "username_raw": me.data["display_name"], "level": level} if me.data["name"].lower() == app.bot_config["main"]["nickname"].lower(): redis = RedisManager.get() redis.set("{}:token".format(app.bot_config["main"]["nickname"]), json.dumps(resp)) next_url = get_next_url(request, "state") return redirect(next_url) def get_next_url(request, key="n"): next_url = request.args.get(key, "/") if next_url.startswith("//"): return "/" return next_url @app.route("/logout") def logout(): session.pop("twitch_token", None) session.pop("user", None) next_url = get_next_url(request) if next_url.startswith("/admin"): next_url = "/" return redirect(next_url) @twitch.tokengetter def get_twitch_oauth_token(): return session.get("twitch_token") def change_twitch_header(uri, headers, body): auth = headers.get("Authorization") if auth: auth = auth.replace("Bearer", "OAuth") headers["Authorization"] = auth return uri, headers, body twitch.pre_request = change_twitch_header
import app.controllers.ajax_login_controller import app.controllers.crowdsourcing_controller import app.models.point import app.models.powerline import app.models.user import app.permissions from app import GisApp from app.controllers.admin.transnset_logs_controller import TransnetLogsController from app.controllers.admin.transnset_users_controller import TransnetUsersController from app.controllers.contribution_controller import ContributionController login_manager = LoginManager() login_manager.init_app(GisApp) login_manager.login_view = "/admin/login" oauth = OAuth(GisApp) google = oauth.remote_app( 'google', consumer_key=GisApp.config.get('GOOGLE_CLIENT_ID'), consumer_secret=GisApp.config.get('GOOGLE_CLIENT_SECRET'), request_token_params={ 'scope': 'https://www.googleapis.com/auth/userinfo.email' }, base_url='https://www.googleapis.com/oauth2/v1/', request_token_url=None, access_token_method='POST', access_token_url='https://accounts.google.com/o/oauth2/token', authorize_url='https://accounts.google.com/o/oauth2/auth', )
def test_raise_app(): app = Flask(__name__) oauth = OAuth(app) client = app.extensions['oauthlib.client'] assert client.demo.name == 'dev'
def init(app): oauth = OAuth(app) twitch = oauth.remote_app( "twitch", consumer_key=app.bot_config["twitchapi"]["client_id"], consumer_secret=app.bot_config["twitchapi"]["client_secret"], request_token_params={"scope": "user_read"}, base_url="https://api.twitch.tv/kraken/", request_token_url=None, access_token_method="POST", access_token_url="https://id.twitch.tv/oauth2/token", authorize_url="https://id.twitch.tv/oauth2/authorize", ) @app.route("/login") def login(): callback_url = (app.bot_config["twitchapi"]["redirect_uri"] if "redirect_uri" in app.bot_config["twitchapi"] else url_for("authorized", _external=True)) state = request.args.get("n") or request.referrer or None return twitch.authorize(callback=callback_url, state=state) @app.route("/bot_login") def bot_login(): callback_url = (app.bot_config["twitchapi"]["redirect_uri"] if "redirect_uri" in app.bot_config["twitchapi"] else url_for("authorized", _external=True)) state = request.args.get("n") or request.referrer or None return twitch.authorize( callback=callback_url, state=state, scope= ("user_read user:edit user:read:email channel:moderate chat:edit " + "chat:read whispers:read whispers:edit channel_editor"), force_verify="true", ) streamer_scopes = ["user_read", "channel:read:subscriptions"] """Request these scopes on /streamer_login""" @app.route("/streamer_login") def streamer_login(): callback_url = (app.bot_config["twitchapi"]["redirect_uri"] if "redirect_uri" in app.bot_config["twitchapi"] else url_for("authorized", _external=True)) state = request.args.get("n") or request.referrer or None return twitch.authorize(callback=callback_url, state=state, scope=" ".join(streamer_scopes), force_verify="true") @app.route("/login/error") def login_error(): return render_template("login_error.html") @app.route("/login/authorized") def authorized(): try: resp = twitch.authorized_response() except OAuthException: log.exception("An exception was caught while authorizing") next_url = get_next_url(request, "state") return redirect(next_url) except: log.exception("Unhandled exception while authorizing") return render_template("login_error.html") if resp is None: if "error" in request.args and "error_description" in request.args: log.warning("Access denied: reason={}, error={}".format( request.args["error"], request.args["error_description"])) next_url = get_next_url(request, "state") return redirect(next_url) elif type(resp) is OAuthException: log.warning(resp.message) log.warning(resp.data) log.warning(resp.type) next_url = get_next_url(request, "state") return redirect(next_url) session["twitch_token"] = (resp["access_token"], ) me = twitch.get("user", headers={"Accept": "application/vnd.twitchtv.v5+json"}) level = 100 with DBManager.create_session_scope() as db_session: db_user = db_session.query(User).filter_by( username=me.data["name"].lower()).one_or_none() if db_user: level = db_user.level session["user"] = { "username": me.data["name"], "username_raw": me.data["display_name"], "level": level } if me.data["name"].lower() == app.bot_config["main"]["nickname"].lower( ): redis = RedisManager.get() bot_id = me.data["_id"] token_json = UserAccessToken.from_api_response(resp).jsonify() redis.set("authentication:user-access-token:{}".format(bot_id), json.dumps(token_json)) log.info("Successfully updated bot token in redis") # streamer login if me.data["name"].lower() == app.bot_config["main"]["streamer"].lower( ): # there's a good chance the streamer will later log in using the normal login button. # we only update their access token if the returned scope containes the special scopes requested # in /streamer_login if set(resp["scope"]) != set(streamer_scopes): log.info( "Streamer logged in but not all scopes present, will not update streamer token" ) else: redis = RedisManager.get() streamer_id = me.data["_id"] token_json = UserAccessToken.from_api_response(resp).jsonify() redis.set( "authentication:user-access-token:{}".format(streamer_id), json.dumps(token_json)) log.info("Successfully updated streamer token in redis") next_url = get_next_url(request, "state") return redirect(next_url) def get_next_url(request, key="n"): next_url = request.args.get(key, "/") if next_url.startswith("//"): return "/" return next_url @app.route("/logout") def logout(): session.pop("twitch_token", None) session.pop("user", None) next_url = get_next_url(request) if next_url.startswith("/admin"): next_url = "/" return redirect(next_url) @twitch.tokengetter def get_twitch_oauth_token(): return session.get("twitch_token") def change_twitch_header(uri, headers, body): auth = headers.get("Authorization") if auth: auth = auth.replace("Bearer", "OAuth") headers["Authorization"] = auth return uri, headers, body twitch.pre_request = change_twitch_header
from flask import request, url_for, redirect, session, jsonify from flask_oauthlib.client import OAuth from mindmap import app oauth = OAuth(app) weibo = oauth.remote_app( 'weibo', consumer_key='909122383', consumer_secret='2cdc60e5e9e14398c1cbdf309f2ebd3a', request_token_params={'scope': 'email,statuses_to_me_read'}, base_url='https://api.weibo.com/2/', authorize_url='https://api.weibo.com/oauth2/authorize', request_token_url=None, access_token_method='POST', access_token_url='https://api.weibo.com/oauth2/access_token', # since weibo's response is a shit, we need to force parse the content content_type='application/json', ) @app.route('/') def index(): if 'oauth_token' in session: # access_token = session['oauth_token'][0] resp = weibo.get('statuses/home_timeline.json') return jsonify(resp.data) return redirect(url_for('login'))
# pylint: disable=R1714,C0121 import os import json from flask import render_template, request, session, url_for from flask_oauthlib.client import OAuth, redirect from gradGyde import app from .db_helper import (add_aoc, assign_aoc, create_class, delete_aoc, delete_class, delete_class_taken, delete_pref_aoc, get_all_classes_json, get_all_requirements_json, get_all_tags, get_aoc_by_id, get_aoc_json, get_class_by_id, get_classes, get_classes_taken, get_classes_taken_json, get_lacs_json, get_user, make_user, search_aoc_json, search_classes_json, take_class, take_lac_default, update_user) from .models import UserType, SemesterType OAUTH = OAuth() GOOGLE = OAUTH.remote_app( 'google', consumer_key=os.getenv('GOOGLE_CONS_KEY'), consumer_secret=os.getenv('GOOGLE_CONS_SECRET'), request_token_params={'scope': 'email'}, base_url='https://www.googleapis.com/oauth2/v1/', request_token_url=None, access_token_method='POST', access_token_url='https://accounts.google.com/o/oauth2/token', authorize_url='https://accounts.google.com/o/oauth2/auth') @GOOGLE.tokengetter def get_google_token(): return session.get("google_token")