Ejemplo n.º 1
0
def configure_app(app, production=True, debug=True):
    app.debug = debug
    app.use_evalex = False
    if production:
        config = frontend_config()
        if config.get('session-secret') is None:
            raise Exception("Configure a sesssion-secret in the configuration for production usage")
        app.secret_key = config.get('session-secret')
    else:
        app.secret_key =  "ThisIsOnlyForDevelopmentMode"
    return app
Ejemplo n.º 2
0
def configure_app(app, production=True, debug=True):
    app.debug = debug
    app.use_evalex = False
    if production:
        config = frontend_config()
        if config.get('session-secret') is None:
            raise Exception("Configure a sesssion-secret in the configuration for production usage")
        app.secret_key = config.get('session-secret')
    else:
        app.secret_key =  "ThisIsOnlyForDevelopmentMode"
    return app
def get_api_login_oauth_providers():
    providers = frontend_config().get('login', {}).get('oauth', {}).get('providers', {})

    # The list of providers with a client_secret set
    result = {
        'success': True,
        'data': {
            'providers': [provider for provider in providers.keys() if providers.get(provider, {}).get('client_secret', '')]
        }
    }

    # Put the reason in the API response, if a previous oauth login had failed
    if 'reason' in session:
        result['reason'] = session.pop('reason')

    return jsonify(result)
Ejemplo n.º 4
0
import datetime
import functools
import json
import pprint
import sys

from flask import render_template, redirect, url_for, session, jsonify, request, session, Response, g

from minion.frontend import app
from minion.frontend.persona import verify_assertion
from minion.frontend.utils import frontend_config

import requests

config = frontend_config()

#
# Simple wrappers around common backend functionality
#

def login_user(email):
    r = requests.put(config['backend-api']['url'] + "/login",
        headers={'Content-Type': 'application/json'},
        data=json.dumps({'email': email}))
    r.raise_for_status()
    j = r.json()
    if not j.get('success'):
        return None
    return j.get('user')
# file, You can obtain one at http://mozilla.org/MPL/2.0/.

import functools
import json
import ldap
import uuid

from flask import jsonify, request, session, Response, g

from minion.frontend import app
from minion.frontend.persona import verify_assertion
from minion.frontend.utils import frontend_config

import requests

config = frontend_config()

#
# Simple wrappers around common backend functionality
#


def login_user(email):
    r = requests.put(config['backend-api']['url'] + "/login",
                     headers={'Content-Type': 'application/json'},
                     data=json.dumps({'email': email}))
    r.raise_for_status()
    j = r.json()
    if not j.get('success'):
        return None
    return j.get('user')
def get_api_login_oauth_facebook():
    ACCESS_TOKEN_URL = 'https://graph.facebook.com/v2.3/oauth/access_token'
    AUTHORIZATION_URL = 'https://www.facebook.com/dialog/oauth'
    API_URL = 'https://graph.facebook.com/me/'

    config = frontend_config()['login']['oauth']['providers']['facebook']

    # Called when we need to send them to Facebook
    if not request.args:
        # Facebook requires a client_id, redirect_uri, and scope
        parameters = {
            'client_id': config['client_id'],
            'redirect_uri': request.base_url,
            'scope': 'email'
        }

        # It also requires a nonce (state) as an anti-CSRF token
        parameters['state'] = session['state'] = str(uuid.uuid4())

        # Redirect to Facebook for authorization
        url = AUTHORIZATION_URL + '?' + urlencode(parameters)
        return redirect(url)

    # Called when Facebook redirects back to us
    else:
        # Get the code and state from Facebook
        code = request.args.get('code')
        state = request.args.get('state')

        # Facebook auth fails
        if code == None or state == None:
            return __oauth_failed_login_redirect()

        # Validate the nonce
        if not session.get('state') or session.get('state') != state:
            return __oauth_failed_login_redirect('error')

        # Get the session information from Facebook
        try:
            r = requests.post(url=ACCESS_TOKEN_URL,
                              data={
                                  'client_id': config['client_id'],
                                  'client_secret': config['client_secret'],
                                  'code': code,
                                  'redirect_uri': request.base_url,
                                  'state': state
            })
            r = loads(r.text)

        except:
            return __oauth_failed_login_redirect()

        # Check for error's in Facebook's response
        if 'error' in r or 'access_token' not in r:
            return __oauth_failed_login_redirect()

        # Get the user's email address from Facebook
        parameters = {
            'access_token': r['access_token'],
            'fields': 'email'
        }
        r = requests.get(API_URL + '?' + urlencode(parameters))
        r = loads(r.text)

        if 'email' not in r:
            return __oauth_failed_login_redirect()

        return __oauth_create_api_session(r['email'])
def get_api_login_oauth_google():
    ACCESS_TOKEN_URL = 'https://www.googleapis.com/oauth2/v3/token'
    AUTHORIZATION_URL = 'https://accounts.google.com/o/oauth2/auth'
    API_URL = 'https://www.googleapis.com/oauth2/v2/userinfo'

    config = frontend_config()['login']['oauth']['providers']['google']

    # Called when we need to send them to Google
    if not request.args:
        # Google requires a client_id, redirect_url, response_type, and scope
        parameters = {
            'client_id': config['client_id'],
            'response_type': 'code',
            'redirect_uri': request.base_url,
            'scope': 'email'
        }

        # It also requires a nonce (state) as an anti-CSRF token
        parameters['state'] = session['state'] = str(uuid.uuid4())

        # Redirect to Google for authorization
        url = AUTHORIZATION_URL + '?' + urlencode(parameters)
        return redirect(url)

    # Called when Google redirects back to us
    else:
        # Get the code and state from Google
        code = request.args.get('code')
        state = request.args.get('state')

        # Google auth fails
        if code == None or state == None:
            return __oauth_failed_login_redirect()

        # Validate the nonce
        if not session.get('state') or session.get('state') != state:
            return __oauth_failed_login_redirect('error')

        # Get the session information from Google
        try:
            r = requests.post(url=ACCESS_TOKEN_URL,
                              data={
                                  'client_id': config['client_id'],
                                  'client_secret': config['client_secret'],
                                  'code': code,
                                  'grant_type': 'authorization_code',
                                  'redirect_uri': request.base_url,
                                  'state': state
            })
            r = loads(r.text)
        except:
            return __oauth_failed_login_redirect()

        # Check for error's in Google's response
        if 'error' in r or 'access_token' not in r:
            return __oauth_failed_login_redirect()

        # Get the user's email address from Google
        r = requests.get(API_URL, headers={'Authorization': 'Bearer ' + r.get('access_token')})
        r = loads(r.text)

        # Make sure it's a verified email address
        if 'email' not in r or not r.get('verified_email', False):
            return __oauth_failed_login_redirect()

        return __oauth_create_api_session(r['email'])
def get_api_login_oauth_github():
    ACCESS_TOKEN_URL = 'https://github.com/login/oauth/access_token'
    AUTHORIZATION_URL = 'https://github.com/login/oauth/authorize'
    API_URL = 'https://api.github.com/user/emails'

    config = frontend_config()['login']['oauth']['providers']['github']

    # Called when we need to send them to GitHub
    if not request.args:
        # GitHub requires a client_id, redirect_url, and scope
        parameters = {
            'client_id': config['client_id'],
            'redirect_url': request.base_url,
            'scope': 'user:email'
        }

        # It also requires a nonce (state) as an anti-CSRF token
        parameters['state'] = session['state'] = str(uuid.uuid4())

        # Redirect to GitHub for authorization
        url = AUTHORIZATION_URL + '?' + urlencode(parameters)
        return redirect(url)

    # Called when GitHub redirects back to us
    else:
        # Get the code and state from GitHub
        code = request.args.get('code')
        state = request.args.get('state')

        # GitHub auth fails
        if code == None or state == None:
            return __oauth_failed_login_redirect()

        # Validate the nonce
        if not session.get('state') or session.get('state') != state:
            return __oauth_failed_login_redirect('error')

        # Get the session information from GitHub
        try:
            r = requests.post(url=ACCESS_TOKEN_URL,
                              headers={
                                  'Accept': 'application/json'
            },
                              data={
                                  'client_id': config['client_id'],
                                  'client_secret': config['client_secret'],
                                  'code': code,
                                  'state': state
            })
            r = loads(r.text)
        except:
            return __oauth_failed_login_redirect()

        # Check for error's in GitHub's response
        if 'error' in r or 'access_token' not in r or 'user:email' not in r.get('scope'):
            return __oauth_failed_login_redirect()

        # Get the user's email address from GitHub
        r = requests.get(API_URL, headers={'Authorization': 'token ' + r.get('access_token')})
        r = loads(r.text)

        email = None
        for address in r:
            if 'email' not in address:
                return __oauth_failed_login_redirect()

            if address.get('primary', False) and address.get('verified', False):
                email = address.get('email')

        return __oauth_create_api_session(email)
def get_api_login_oauth_firefoxaccounts():
    # Development OAuth
    # ACCESS_TOKEN_URL = 'https://oauth-latest.dev.lcip.org/v1/token'
    # AUTHORIZATION_URL = 'https://oauth-latest.dev.lcip.org/v1/authorization'
    # API_URL = 'https://latest.dev.lcip.org/profile/v1/email'
    # OAUTH_URL = 'https://oauth-latest.dev.lcip.org/v1'

    # Production OAuth
    ACCESS_TOKEN_URL = 'https://oauth.accounts.firefox.com/v1/token'
    AUTHORIZATION_URL = 'https://oauth.accounts.firefox.com/v1/authorization'
    API_URL = 'https://profile.accounts.firefox.com/v1/email'
    OAUTH_URL = 'https://oauth.accounts.firefox.com/v1'

    config = frontend_config()['login']['oauth']['providers']['firefoxaccounts']

    # Called when we need to send them to FxA
    if not request.args:
        # GitHub requires a client_id, oauth_uri, redirect_uri, and scope
        parameters = {
            'client_id': config['client_id'],
            'oauth_uri': OAUTH_URL,
            'redirect_uri': request.base_url,
            'scope': 'profile:email'
        }

        # It also requires a nonce (state) as an anti-CSRF token
        parameters['state'] = session['state'] = str(uuid.uuid4())

        # Redirect to FxA for authorization
        url = AUTHORIZATION_URL + '?' + urlencode(parameters)
        return redirect(url)

    # Called when FxA redirects back to us
    else:
        # Get the code and state from FxA
        code = request.args.get('code')
        state = request.args.get('state')

        # FxA auth fails
        if code == None or state == None:
            return __oauth_failed_login_redirect()

        # Validate the nonce
        if not session.get('state') or session.get('state') != state:
            return __oauth_failed_login_redirect('error')

        # Get the session information from FxA
        try:
            r = requests.post(url=ACCESS_TOKEN_URL,
                              data={
                                  'client_id': config['client_id'],
                                  'client_secret': config['client_secret'],
                                  'code': code,
                                  'state': state,
                                  'ttl': 3600  # one hour
            })
            r = loads(r.text)
        except:
            return __oauth_failed_login_redirect()

        # Check for error's in FxA's response
        if 'error' in r or 'access_token' not in r or 'profile:email' not in r.get('scope'):
            return __oauth_failed_login_redirect()

        # Get the user's email address from FxA
        r = requests.get(API_URL,
                         headers = {'Authorization': 'Bearer ' + r.get('access_token')})
        r = loads(r.text)

        if 'email' not in r:
            return __oauth_failed_login_redirect()

        return __oauth_create_api_session(r['email'])