def test_exists_user_ng(self):
self.assertFalse(UserUtil.exists_user(self.dynamodb, 'test-user'))
def exec_main_proc(self):
body = json.loads(self.event.get('body'))
code = body['code']
client_id = os.environ['LINE_CHANNEL_ID']
client_secret = os.environ['LINE_CHANNEL_SECRET']
try:
# JWTの取得
got_jwt = self.__get_line_jwt(code, client_id, client_secret,
settings.LINE_REQUEST_HEADER)
except LineOauthError as e:
logging.info(self.event)
logging.fatal(e)
traceback.print_exc()
return ResponseBuilder.response(
status_code=e.status_code,
body={'message': json.loads(e.message)})
# JWTのデコード
decoded_id_token = self.__decode_jwt(got_jwt, client_secret, client_id)
user_id = settings.LINE_USERNAME_PREFIX + decoded_id_token['sub']
if UserUtil.exists_user(self.dynamodb, user_id):
try:
external_provider_users = self.dynamodb.Table(
os.environ['EXTERNAL_PROVIDER_USERS_TABLE_NAME'])
external_provider_user = external_provider_users.get_item(
Key={
'external_provider_user_id': user_id
}).get('Item')
hash_data = external_provider_user['password']
byte_hash_data = hash_data.encode()
decoded_iv = external_provider_user['iv']
iv = decoded_iv.encode()
password = CryptoUtil.decrypt_password(byte_hash_data, iv)
has_user_id = UserUtil.has_user_id(self.dynamodb, user_id)
if external_provider_user is not None and 'user_id' in external_provider_user:
user_id = external_provider_user['user_id']
response = UserUtil.external_provider_login(
cognito=self.cognito,
user_pool_id=os.environ['COGNITO_USER_POOL_ID'],
user_pool_app_id=os.environ['COGNITO_USER_POOL_APP_ID'],
user_id=user_id,
password=password,
provider=os.environ['EXTERNAL_PROVIDER_LOGIN_MARK'])
return ResponseBuilder.response(
status_code=200,
body={
'access_token':
response['AuthenticationResult']['AccessToken'],
'id_token':
response['AuthenticationResult']['IdToken'],
'refresh_token':
response['AuthenticationResult']['RefreshToken'],
'last_auth_user':
user_id,
'has_user_id':
has_user_id,
'status':
'login'
})
except ClientError as e:
logging.info(self.event)
logging.fatal(e)
traceback.print_exc()
return ResponseBuilder.response(
status_code=500, body={'message': 'Internal server error'})
else:
try:
if 'email' not in decoded_id_token:
return ResponseBuilder.response(
status_code=400, body={'message': 'NotRegistered'})
if not decoded_id_token['email']:
email = user_id + '@' + settings.FAKE_USER_EMAIL_DOMAIN
else:
email = decoded_id_token['email']
backed_temp_password = os.environ[
'EXTERNAL_PROVIDER_LOGIN_COMMON_TEMP_PASSWORD']
backed_password = UserUtil.generate_password()
response = UserUtil.create_external_provider_user(
cognito=self.cognito,
user_pool_id=os.environ['COGNITO_USER_POOL_ID'],
user_pool_app_id=os.environ['COGNITO_USER_POOL_APP_ID'],
user_id=user_id,
email=email,
backed_temp_password=backed_temp_password,
backed_password=backed_password,
provider=os.environ['EXTERNAL_PROVIDER_LOGIN_MARK'])
aes_iv = os.urandom(settings.AES_IV_BYTES)
encrypted_password = CryptoUtil.encrypt_password(
backed_password, aes_iv)
iv = base64.b64encode(aes_iv).decode()
UserUtil.add_external_provider_user_info(
dynamodb=self.dynamodb,
external_provider_user_id=user_id,
password=encrypted_password,
iv=iv,
email=email)
return ResponseBuilder.response(
status_code=200,
body={
'access_token':
response['AuthenticationResult']['AccessToken'],
'id_token':
response['AuthenticationResult']['IdToken'],
'refresh_token':
response['AuthenticationResult']['RefreshToken'],
'last_auth_user':
user_id,
'has_user_id':
False,
'status':
'sign_up'
})
except ClientError as e:
logging.info(self.event)
logging.fatal(e)
traceback.print_exc()
if e.response['Error']['Code'] == 'UsernameExistsException':
return ResponseBuilder.response(
status_code=400,
body={'message': 'EmailExistsException'})
return ResponseBuilder.response(
status_code=500, body={'message': 'Internal server error'})
def test_exists_user_ok(self):
self.assertTrue(
UserUtil.exists_user(self.dynamodb, 'external_provider_user_id'))
def exec_main_proc(self):
yahoo = YahooUtil(client_id=os.environ['YAHOO_CLIENT_ID'],
secret=os.environ['YAHOO_SECRET'],
callback_url=os.environ['YAHOO_OAUTH_CALLBACK_URL'])
try:
yahoo.verify_state_nonce(dynamodb=self.dynamodb,
state=self.params['state'])
token = yahoo.get_access_token(code=self.params['code'])
yahoo.verify_access_token(dynamodb=self.dynamodb,
access_token=token['access_token'],
id_token=token['id_token'])
user_info = yahoo.get_user_info(access_token=token['access_token'])
except YahooOauthError as e:
if e.status_code == 401:
message = json.loads(e.message)
return ResponseBuilder.response(
status_code=401,
body={'message': message['error_description']})
logging.info(self.event)
logging.fatal(e)
traceback.print_exc()
return ResponseBuilder.response(
status_code=500, body={'message': 'Internal server error'})
except (jwt.ExpiredSignatureError, jwt.InvalidTokenError, ClientError,
YahooVerifyException) as e:
logging.info(self.event)
logging.fatal(e)
traceback.print_exc()
return ResponseBuilder.response(
status_code=500, body={'message': 'Internal server error'})
if UserUtil.exists_user(self.dynamodb, user_info['user_id']):
try:
has_user_id = UserUtil.has_user_id(
dynamodb=self.dynamodb,
external_provider_user_id=user_info['user_id'],
)
if has_user_id is True:
user_id = UserUtil.get_user_id(
dynamodb=self.dynamodb,
external_provider_user_id=user_info['user_id'])
else:
user_id = user_info['user_id']
# パスワードの取得、デコード処理追加
password = CryptoUtil.get_external_provider_password(
dynamodb=self.dynamodb, user_id=user_info['user_id'])
response = UserUtil.external_provider_login(
cognito=self.cognito,
user_pool_id=os.environ['COGNITO_USER_POOL_ID'],
user_pool_app_id=os.environ['COGNITO_USER_POOL_APP_ID'],
user_id=user_id,
password=password,
provider=os.environ['EXTERNAL_PROVIDER_LOGIN_MARK'])
return ResponseBuilder.response(
status_code=200,
body={
'access_token':
response['AuthenticationResult']['AccessToken'],
'id_token':
response['AuthenticationResult']['IdToken'],
'refresh_token':
response['AuthenticationResult']['RefreshToken'],
'last_auth_user':
user_id,
'has_user_id':
has_user_id,
'status':
'login'
})
except ClientError as e:
logging.info(self.event)
logging.fatal(e)
traceback.print_exc()
return ResponseBuilder.response(
status_code=500, body={'message': 'Internal server error'})
try:
backed_password = UserUtil.generate_backend_password()
response = UserUtil.create_external_provider_user(
cognito=self.cognito,
user_pool_id=os.environ['COGNITO_USER_POOL_ID'],
user_pool_app_id=os.environ['COGNITO_USER_POOL_APP_ID'],
user_id=user_info['user_id'],
email=user_info['email'],
backed_temp_password=os.
environ['EXTERNAL_PROVIDER_LOGIN_COMMON_TEMP_PASSWORD'],
backed_password=backed_password,
provider=os.environ['EXTERNAL_PROVIDER_LOGIN_MARK'])
aes_iv = os.urandom(settings.AES_IV_BYTES)
encrypted_password = CryptoUtil.encrypt_password(
backed_password, aes_iv)
iv = base64.b64encode(aes_iv).decode()
UserUtil.add_external_provider_user_info(
dynamodb=self.dynamodb,
external_provider_user_id=user_info['user_id'],
password=encrypted_password,
iv=iv,
email=user_info['email'])
return ResponseBuilder.response(
status_code=200,
body={
'access_token':
response['AuthenticationResult']['AccessToken'],
'id_token':
response['AuthenticationResult']['IdToken'],
'refresh_token':
response['AuthenticationResult']['RefreshToken'],
'last_auth_user':
user_info['user_id'],
'has_user_id':
False,
'status':
'sign_up'
})
except ClientError as e:
logging.info(self.event)
logging.fatal(e)
traceback.print_exc()
if e.response['Error']['Code'] == 'UsernameExistsException':
return ResponseBuilder.response(
status_code=400, body={'message': 'EmailExistsException'})
return ResponseBuilder.response(
status_code=500, body={'message': 'Internal server error'})