def handle_stackexchange(self, data):
self.send_response(302)
c = Client(auth_endpoint='https://stackexchange.com/oauth',
client_id=config['stackexchange.client_id'],
redirect_uri='http://localhost/login/stackexchange')
self.send_header('Location', c.auth_uri())
self.end_headers()
def authenticate(self, code=None, provider_key=None):
""" Django API function, authenticating a user
Authentication method required of a Django authentication backend. If
successful, this method will retrieve an access token from the
provider.
:note: A method ``fetch_user`` is expected as a static function on the
custom user class. This is responsible for retrieiving the
actual user instance required by the Django backend. It will
receive the ``provider_key`` and an instance of a sanction
client (which should contain the access token)
:param code: The code returned by the OAuth 2.0 provider once the user
has given your application authorization.
:param provider_key: The key for the provider sending authorization
data. This should match the keys used in your
settings file for ``SANCTION_PROVIDERS``.
"""
model = get_user_model()
provider = settings.SANCTION_PROVIDERS[provider_key]
c = SanctionClient(token_endpoint=provider['token_endpoint'],
resource_endpoint=provider['resource_endpoint'],
auth_endpoint=provider['auth_endpoint'],
client_id=provider['client_id'],
client_secret=provider['client_secret'],
redirect_uri=provider['redirect_uri'])
c.request_token(code=code, parser=provider.get('parser', None))
return model.fetch_user(provider_key, c)
def handle_foursquare(self, data):
self.send_response(302)
c = Client(auth_endpoint="https://foursquare.com/oauth2/authenticate",
client_id=config["foursquare.client_id"],
redirect_uri="http://localhost:8080/login/foursquare")
self.send_header("Location", c.auth_uri())
self.end_headers()
def handle_stackexchange_login(self, data):
self.send_response(200)
self.send_header("Content-type", "text/html")
self.log_message(self.path)
self.end_headers()
c = Client(StackExchange, get_config())
cred = c.flow.authorization_received(data)
d = c.request("/me", body=urlencode({
"site": "stackoverflow"
}))
self.wfile.write("<!DOCTYPE html>")
self.wfile.write("<head><meta charset=\"utf-8\"/></head><body>")
self.wfile.write("Access token: %s<br>" % cred.access_token)
self.wfile.write("Type: %s<br>" % cred.token_type)
self.wfile.write("Expires in: %d<br>" % cred.expires_in)
# stackexchange gzips all data
h = StringIO(d)
gzip_data = GzipFile(fileobj=h)
d = gzip_data.read()
gzip_data.close()
self.wfile.write(d)
self.wfile.write("</body></html>")
def handle_foursquare(self, data):
self.send_response(302)
c = Client(auth_endpoint='https://foursquare.com/oauth2/authenticate',
client_id=config['foursquare.client_id'],
redirect_uri='http://localhost/login/foursquare')
self.send_header('Location', c.auth_uri())
self.end_headers()
def handle_github(self, data):
self.send_response(302)
c = Client(auth_endpoint='https://github.com/login/oauth/authorize',
client_id=config['github.client_id'],
redirect_uri='http://localhost/login/github')
self.send_header('Location', c.auth_uri())
self.end_headers()
def handle_instagram(self, data):
self.send_response(302)
c = Client(auth_endpoint='https://api.instagram.com/oauth/authorize/',
client_id=config['instagram.client_id'],
redirect_uri='http://localhost/login/instagram')
self.send_header('Location', c.auth_uri())
self.end_headers()
def process_request(self, request):
if not request.user.is_anonymous():
try:
provider = filter(lambda p: p["name"] == request.user.provider_key,
(settings.OAUTH2_PROVIDERS[k] for k in
settings.OAUTH2_PROVIDERS))[-1]
c = Client(token_endpoint=provider["token_endpoint"],
resource_endpoint=provider["resource_endpoint"],
auth_endpoint=provider["auth_endpoint"],
redirect_uri=provider.get("redirect_uri", None),
client_id=provider["client_id"],
client_secret=provider["client_secret"])
c.access_token = request.user.access_token
c.expires = request.user.expires
setattr(request.user, "resource", c)
# play nice with other authentication backends
except IndexError:
raise KeyError("Provider %s doesn't exist" %
request.user.provider_key)
except AttributeError:
# current user isn't a django_sanction user
pass
def handle_facebook_login(self, data):
self.send_response(200)
self.send_header("Content-type", "text/html")
self.log_message(self.path)
self.end_headers()
c = Client(
token_endpoint="https://graph.facebook.com/oauth/access_token",
resource_endpoint="https://graph.facebook.com",
redirect_uri="http://localhost:8080/login/facebook",
client_id=config["facebook.client_id"],
client_secret=config["facebook.client_secret"])
c.request_token(data=data,
parser = lambda data: dict(parse_qsl(data)))
d = c.request("/me")
self.wfile.write("Access token: %s<br>" % c.access_token)
self.wfile.write("First name: %s<br>" % d["first_name"])
self.wfile.write("Last name: %s<br>" % d["last_name"])
self.wfile.write("Email: %s<br>" % d["email"])
# to see a wall post in action, uncomment this
try:
d = c.request("/me/feed", data=urlencode({
"message": "test post from py-sanction"
}))
self.wfile.write(
"I posted a message to your wall (in sandbox mode, nobody else will see it)")
except:
self.wfile.write(
"Unable to post to your wall")
def handle_bitly(self, data):
self.send_response(302)
c = Client(auth_endpoint="https://bitly.com/oauth/authorize",
client_id=config["bitly.client_id"],
redirect_uri="http://localhost:8080/login/bitly")
self.send_header("Location", c.auth_uri())
self.end_headers()
def test_inst(self):
from urlparse import urlparse
from urlparse import parse_qsl
from sanction.client import Client
c = get_config()
client = Client(TestAdapterImpl, c)
uri = client.flow.authorization_uri()
o = urlparse(uri)
qs = dict(parse_qsl(o.query))
self.assertEquals(qs["scope"], c["testadapterimpl.scope"])
self.assertEquals(qs["redirect_uri"],
c["testadapterimpl.redirect_uri"])
self.assertEquals(qs["response_type"], "code")
self.assertEquals(qs["client_id"], c["testadapterimpl.client_id"])
start_server()
cred = client.flow.authorization_received({
"code": "test"
})
self.assertTrue(isinstance(cred, BearerCredentials))
start_server()
r = client.request("/me")
def authenticate(self, code=None, provider_key=None):
""" Django API function, authenticating a user
Authentication method required of a Django authentication backend. If
successful, this method will retrieve an access token from the
provider.
:note: A method ``fetch_user`` is expected as a static function on the
custom user class. This is responsible for retrieiving the
actual user instance required by the Django backend. It will
receive the ``provider_key`` and an instance of a sanction
client (which should contain the access token)
:param code: The code returned by the OAuth 2.0 provider once the user
has given your application authorization.
:param provider_key: The key for the provider sending authorization
data. This should match the keys used in your
settings file for ``SANCTION_PROVIDERS``.
"""
model = get_user_model()
provider = settings.SANCTION_PROVIDERS[provider_key]
c = SanctionClient(token_endpoint=provider['token_endpoint'],
resource_endpoint=provider['resource_endpoint'],
auth_endpoint=provider['auth_endpoint'],
client_id=provider['client_id'],
client_secret=provider['client_secret'],
redirect_uri=provider['redirect_uri'])
c.request_token(code=code, parser=provider.get('parser', None))
return model.fetch_user(provider_key, c)
def handle_stackexchange(self, data):
self.send_response(302)
c = Client(auth_endpoint="https://stackexchange.com/oauth",
client_id=config["stackexchange.client_id"],
redirect_uri="http://localhost/login/stackexchange")
self.send_header("Location", c.auth_uri())
self.end_headers()
def handle_github(self, data):
self.send_response(302)
c = Client(auth_endpoint="https://github.com/login/oauth/authorize",
client_id=config["github.client_id"],
redirect_uri="http://localhost/login/github")
self.send_header("Location", c.auth_uri())
self.end_headers()
def handle_facebook_login(self, data):
c = Client(
token_endpoint='https://graph.facebook.com/oauth/access_token',
resource_endpoint='https://graph.facebook.com',
redirect_uri='http://localhost/login/facebook',
client_id=config['facebook.client_id'],
client_secret=config['facebook.client_secret'])
c.request_token(code=data['code'],
parser=lambda data: dict(parse_qsl(data)))
self.dump_client(c)
d = c.request('/me')
self.dump_response(d)
try:
d = c.request('/me/feed', data=urlencode({
'message': 'test post from py-sanction'
}))
self.wfile.write(
'I posted a message to your wall (in sandbox mode, nobody '
'else will see it)'.encode(ENCODING_UTF8))
except:
self.wfile.write(
'Unable to post to your wall')
def handle_foursquare_login(self, data):
def token_transport(url, access_token, data=None, method=None):
parts = urlsplit(url)
query = dict(parse_qsl(parts.query))
query.update({
'oauth_token': access_token
})
url = urlunsplit((parts.scheme, parts.netloc, parts.path,
urlencode(query), parts.fragment))
try:
req = Request(url, data=data, method=method)
except TypeError:
req = Request(url, data=data)
req.get_method = lambda: method
return req
c = Client(
token_endpoint='https://foursquare.com/oauth2/access_token',
resource_endpoint='https://api.foursquare.com/v2',
redirect_uri='http://localhost/login/foursquare',
client_id=config['foursquare.client_id'],
client_secret=config['foursquare.client_secret'],
token_transport=token_transport
)
c.request_token(code=data['code'])
self.dump_client(c)
d = c.request('/users/24700343')
self.dump_response(d)
def handle_instagram(self, data):
self.send_response(302)
c = Client(auth_endpoint="https://api.instagram.com/oauth/authorize/",
client_id=config["instagram.client_id"],
redirect_uri="http://localhost:8080/login/instagram")
self.send_header("Location", c.auth_uri())
self.end_headers()
def handle_foursquare_login(self, data):
self.send_response(200)
self.send_header("Content-type", "text/html")
self.log_message(self.path)
self.end_headers()
c = Client(
token_endpoint="https://foursquare.com/oauth2/access_token",
resource_endpoint="https://api.foursquare.com/v2",
redirect_uri="http://localhost:8080/login/foursquare",
client_id=config["foursquare.client_id"],
client_secret=config["foursquare.client_secret"],
)
c.access_token_key = "oauth_token"
c.request_token(data=data)
d = c.request("/users/24700343")
self.wfile.write("Access token: %s<br>" % c.access_token)
self.wfile.write("First name: %s<br>" %
d["response"]["user"]["firstName"])
self.wfile.write("Last name: %s<br>" %
d["response"]["user"]["lastName"])
self.wfile.write("Email: %s<br>" %
d["response"]["user"]["contact"]["email"])
def handle_deviantart(self, data):
self.send_response(302)
c = Client(
auth_endpoint='https://www.deviantart.com/oauth2/draft15/authorize',
client_id=config['deviantart.client_id'],
redirect_uri=config['deviantart.redirect_uri'])
self.send_header('Location', c.auth_uri())
self.end_headers()
def handle_google(self, data):
self.send_response(302)
c = Client(auth_endpoint='https://accounts.google.com/o/oauth2/auth',
client_id=config['google.client_id'],
redirect_uri='http://localhost/login/google')
self.send_header('Location', c.auth_uri(
scope=config['google.scope'].split(','), access_type='offline'))
self.end_headers()
def handle_google(self, data):
self.send_response(302)
c = Client(auth_endpoint="https://accounts.google.com/o/oauth2/auth",
client_id=config["google.client_id"],
redirect_uri="http://localhost/login/google")
self.send_header("Location", c.auth_uri(
scope=config["google.scope"].split(","), access_type="offline"))
self.end_headers()
def test_request_token(self):
c = Client(token_endpoint=token_endpoint)
try:
c.request_token()
self.fail()
except:
pass
def callback():
client = Client(token_endpoint='https://api.sandbox.slcedu.org/api/oauth/token',
resource_endpoint='https://api.sandbox.slcedu.org/api/rest/v1',
client_id=client_id, client_secret=shared_secret,
redirect_uri='http://slcgoals.cloudapp.net/callback')
client.request_token(code=request.args['code'])
access_token = client.access_token
login_user(load_user(access_token))
return redirect('/')
def handle_facebook(self, data):
self.send_response(302)
c = Client(auth_endpoint="https://www.facebook.com/dialog/oauth",
client_id=config["facebook.client_id"],
redirect_uri="http://localhost/login/facebook")
self.send_header("Location", c.auth_uri(
scope=config["facebook.scope"].split(","),
scope_delim=","))
self.end_headers()
def handle_facebook(self, data):
self.send_response(302)
c = Client(auth_endpoint='https://www.facebook.com/dialog/oauth',
client_id=config['facebook.client_id'],
redirect_uri='http://localhost/login/facebook')
self.send_header('Location', c.auth_uri(
scope=config['facebook.scope'].split(','),
scope_delim=','))
self.end_headers()
def test_request_token(self):
# i don't want to bother mocking an oauth2 server, so i'm just going
# to test failure cases and rely on manual testing for correct ones
c = Client()
try:
c.request_token({ "error": "something bad happened" })
self.fail("shouldn't hit here")
except IOError:
pass
def get_oauth2_starter_url(provider_name, csrf_token):
"""returns redirect url for the oauth2 protocol for a given provider"""
from sanction.client import Client
providers = get_enabled_login_providers()
params = providers[provider_name]
client_id = getattr(askbot_settings, provider_name.replace("-", "_").upper() + "_KEY")
redirect_uri = site_url(reverse("user_complete_oauth2_signin"))
client = Client(auth_endpoint=params["auth_endpoint"], client_id=client_id, redirect_uri=redirect_uri)
return client.auth_uri(state=csrf_token, **params.get("extra_auth_params", {}))
def handle_instagram_login(self, data):
c = Client(token_endpoint='https://api.instagram.com/oauth/access_token',
resource_endpoint='https://api.instagram.com/v1',
redirect_uri='http://localhost/login/instagram',
client_id=config['instagram.client_id'],
client_secret=config['instagram.client_secret'])
c.request_token(code=data['code'])
self.dump_client(c)
data = c.request('/users/self')['data']
self.dump_response(data)
def handle_instagram_login(self, data):
c = Client(token_endpoint="https://api.instagram.com/oauth/access_token",
resource_endpoint="https://api.instagram.com/v1",
redirect_uri="http://localhost/login/instagram",
client_id=config["instagram.client_id"],
client_secret=config["instagram.client_secret"])
c.request_token(code=data["code"])
self.dump_client(c)
data = c.request("/users/self")["data"]
self.dump_response(data)
def test_get_auth_uri(self):
c = Client(auth_endpoint = auth_endpoint,
client_id = client_id)
uri = c.auth_uri()
o = urlparse(uri)
self.assertEquals(o.netloc, "example.com")
d = dict(parse_qsl(o.query))
self.assertEquals(d["response_type"], "code")
self.assertEquals(d["client_id"], client_id)
def resource(self):
provider = settings.SANCTION_PROVIDERS[self.name]
c = SanctionClient(auth_endpoint=provider['auth_endpoint'],
token_endpoint=provider['token_endpoint'],
resource_endpoint=provider['resource_endpoint'],
client_id=provider['client_id'],
client_secret=provider['client_secret'])
c.refresh_token = self.refresh_token
c.access_token = self.access_token
c.token_expires = self.token_expires
return c
def handle_deviantart_login(self, data):
c = Client(
token_endpoint='https://www.deviantart.com/oauth2/draft15/token',
resource_endpoint='https://www.deviantart.com/api/draft15',
redirect_uri=config['deviantart.redirect_uri'],
client_id=config['deviantart.client_id'],
client_secret=config['deviantart.client_secret'])
c.request_token(code=data['code'])
self.dump_client(c)
data = c.request('/user/whoami')
self.dump_response(data)
def get_oauth2_starter_url(provider_name, csrf_token):
"""returns redirect url for the oauth2 protocol for a given provider"""
from sanction.client import Client
providers = get_enabled_login_providers()
params = providers[provider_name]
client_id = getattr(askbot_settings, provider_name.upper() + '_KEY')
redirect_uri = site_url(reverse('user_complete_oauth2_signin'))
client = Client(auth_endpoint=params['auth_endpoint'],
client_id=client_id,
redirect_uri=redirect_uri)
return client.auth_uri(state=csrf_token)
def make_client_from_auth_session(auth):
c = Client(
auth_endpoint = auth.auth_endpoint,
token_endpoint= auth.token_endpoint,
resource_endpoint =auth.resource_endpoint,
client_id = auth.client_id,
client_secret = auth.client_secret,
redirect_uri = auth.redirect_uri)
return c
def _redirect(request, provider):
p = settings.SANCTION_PROVIDERS[provider]
c = SanctionClient(auth_endpoint=p['auth_endpoint'],
client_id=p['client_id'],
redirect_uri=p['redirect_uri'])
kwargs = p.get('auth_params', {})
response = redirect(
c.auth_uri(p['scope'] if 'scope' in p else None, **kwargs))
# inject the state query param
if getattr(settings, 'SANCTION_USE_CSRF', True):
CsrfViewMiddleware().process_view(request, response, [], {})
url = list(urlparse(response['location']))
urlp = dict(parse_qsl(url[4]))
urlp.update({'state': csrf.get_token(request)})
url[4] = urlencode(urlp)
response['location'] = urlunparse(url)
return response
def shoe():
if 'shoe_client' in session:
c = session['shoe_client']
else:
c = Client(
auth_endpoint=AUTH_URL,
token_endpoint=TOKEN_URL,
resource_endpoint=API_BASE,
redirect_uri=REDIRECT_URL,
client_id=CLIENT_ID,
client_secret=CLIENT_KEY
)
if hasattr(c, 'refresh_token'):
c.request_token(grant_type="refresh_token",
refresh_token=c.refresh_token)
# XXX: Refactor this to be only when we're expired or something.
session['shoe_client'] = c
return c
