def oauth_login(): endpoint = get_app_config('OAUTH_AUTHORIZATION_ENDPOINT') \ or get_config('oauth_authorization_endpoint') \ or 'https://auth.majorleaguecyber.org/oauth/authorize' if get_config('user_mode') == 'teams': scope = 'profile team' else: scope = 'profile' client_id = get_app_config('OAUTH_CLIENT_ID') or get_config('oauth_client_id') if client_id is None: error_for( endpoint='auth.login', message='OAuth Settings not configured. ' 'Ask your CTF administrator to configure MajorLeagueCyber integration.' ) return redirect(url_for('auth.login')) redirect_url = "{endpoint}?response_type=code&client_id={client_id}&scope={scope}&state={state}".format( endpoint=endpoint, client_id=client_id, scope=scope, state=session['nonce'] ) return redirect(redirect_url)
def oauth_login(): endpoint = (get_app_config("OAUTH_AUTHORIZATION_ENDPOINT") or get_config("oauth_authorization_endpoint") or "https://auth.majorleaguecyber.org/oauth/authorize") if get_config("user_mode") == "teams": scope = "profile team" else: scope = "profile" client_id = get_app_config("OAUTH_CLIENT_ID") or get_config( "oauth_client_id") if client_id is None: error_for( endpoint="auth.login", message="OAuth Settings not configured. " "Ask your CTF administrator to configure MajorLeagueCyber integration.", ) return redirect(url_for("auth.login")) redirect_url = "{endpoint}?response_type=code&client_id={client_id}&scope={scope}&state={state}".format( endpoint=endpoint, client_id=client_id, scope=scope, state=session["nonce"]) return redirect(redirect_url)
def oauth_redirect(): os.environ['OAUTHLIB_INSECURE_TRANSPORT'] = '1' if request.values.get('error'): log("logins", "[{date}] {ip} - Received redirect without OAuth code") error_for(endpoint="auth.login", message=str(request.values['error'])) return redirect(url_for("auth.login")) else: discord = make_session(state=session.get('oauth2_state')) token = discord.fetch_token( "https://discordapp.com/api/oauth2/token", client_secret="kHLKALybV7qJmlYCsvAr5URdFl1jh4F2", authorization_response=request.url) discord = make_session(token=token) discord_user = discord.get( "https://discordapp.com/api/users/@me").json() guilds = discord.get( "https://discordapp.com/api/users/@me/guilds").json() user = Users.query.filter_by(email=discord_user['email']).first() if user is None: user = Users( name=discord_user['username'], email=discord_user['email'], oauth_id=discord_user['id'], ) db.session.add(user) db.session.commit() login_user(user) return redirect(url_for("challenges.listing"))
def reddit_login(): endpoint = (get_app_config("REDDIT_AUTHORIZATION_ENDPOINT") or get_config("reddit_authorization_endpoint") or "https://ssl.reddit.com/api/v1/authorize") client_id = get_app_config("REDDIT_CLIENT_ID") or get_config( "reddit_client_id") callback_url = get_app_config("REDDIT_CALLBACK_URL") or get_config( "reddit_callback_url") if client_id is None: error_for( endpoint="reddit.login", message="Reddit OAuth Settings not configured. " "Ask your CTF administrator to configure Reddit integration.", ) return redirect(url_for("auth.login")) redirect_url = "{endpoint}?client_id={client_id}&response_type=code&state={state}&redirect_uri={callback_url}&duration=temporary&scope=identity".format( endpoint=endpoint, client_id=client_id, state=session["nonce"], callback_url=callback_url) return redirect(redirect_url)
def oauth_redirect(): oauth_code = request.args.get("code") state = request.args.get("state") if session["nonce"] != state: log("logins", "[{date}] {ip} - OAuth State validation mismatch") error_for(endpoint="auth.login", message="OAuth State validation mismatch.") return redirect(url_for("auth.login")) if oauth_code: url = (get_app_config("OAUTH_TOKEN_ENDPOINT") or get_config("oauth_token_endpoint") or "https://auth.majorleaguecyber.org/oauth/token") client_id = get_app_config("OAUTH_CLIENT_ID") or get_config( "oauth_client_id") client_secret = get_app_config("OAUTH_CLIENT_SECRET") or get_config( "oauth_client_secret") headers = {"content-type": "application/x-www-form-urlencoded"} data = { "code": oauth_code, "client_id": client_id, "client_secret": client_secret, "grant_type": "authorization_code", } token_request = requests.post(url, data=data, headers=headers) if token_request.status_code == requests.codes.ok: token = token_request.json()["access_token"] user_url = (get_app_config("OAUTH_API_ENDPOINT") or get_config("oauth_api_endpoint") or "https://api.majorleaguecyber.org/user") headers = { "Authorization": "Bearer " + str(token), "Content-type": "application/json", } api_data = requests.get(url=user_url, headers=headers).json() user_id = api_data["id"] user_name = api_data["name"] user_email = api_data["email"] user = Users.query.filter_by(email=user_email).first() if user is None: # Check if we are allowing registration before creating users if registration_visible(): user = Users( name=user_name, email=user_email, oauth_id=user_id, verified=True, ) db.session.add(user) db.session.commit() else: log("logins", "[{date}] {ip} - Public registration via MLC blocked") error_for( endpoint="auth.login", message= "Public registration is disabled. Please try again later.", ) return redirect(url_for("auth.login")) if get_config("user_mode") == TEAMS_MODE: team_id = api_data["team"]["id"] team_name = api_data["team"]["name"] team = Teams.query.filter_by(oauth_id=team_id).first() if team is None: team = Teams(name=team_name, oauth_id=team_id, captain_id=user.id) db.session.add(team) db.session.commit() team.members.append(user) db.session.commit() if user.oauth_id is None: user.oauth_id = user_id user.verified = True db.session.commit() login_user(user) return redirect(url_for("challenges.listing")) else: log("logins", "[{date}] {ip} - OAuth token retrieval failure") error_for(endpoint="auth.login", message="OAuth token retrieval failure.") return redirect(url_for("auth.login")) else: log("logins", "[{date}] {ip} - Received redirect without OAuth code") error_for(endpoint="auth.login", message="Received redirect without OAuth code.") return redirect(url_for("auth.login"))
def oauth_redirect(): oauth_code = request.args.get('code') state = request.args.get('state') if session['nonce'] != state: log('logins', "[{date}] {ip} - OAuth State validation mismatch") error_for(endpoint='auth.login', message='OAuth State validation mismatch.') return redirect(url_for('auth.login')) if oauth_code: url = get_app_config('OAUTH_TOKEN_ENDPOINT') \ or get_config('oauth_token_endpoint') \ or 'https://auth.majorleaguecyber.org/oauth/token' client_id = get_app_config('OAUTH_CLIENT_ID') or get_config('oauth_client_id') client_secret = get_app_config('OAUTH_CLIENT_SECRET') or get_config('oauth_client_secret') headers = { 'content-type': 'application/x-www-form-urlencoded' } data = { 'code': oauth_code, 'client_id': client_id, 'client_secret': client_secret, 'grant_type': 'authorization_code' } token_request = requests.post(url, data=data, headers=headers) if token_request.status_code == requests.codes.ok: token = token_request.json()['access_token'] user_url = get_app_config('OAUTH_API_ENDPOINT') \ or get_config('oauth_api_endpoint') \ or 'http://api.majorleaguecyber.org/user' headers = { 'Authorization': 'Bearer ' + str(token), 'Content-type': 'application/json' } api_data = requests.get(url=user_url, headers=headers).json() user_id = api_data['id'] user_name = api_data['name'] user_email = api_data['email'] user = Users.query.filter_by(email=user_email).first() if user is None: user = Users( name=user_name, email=user_email, oauth_id=user_id, verified=True ) db.session.add(user) db.session.commit() if get_config('user_mode') == TEAMS_MODE: team_id = api_data['team']['id'] team_name = api_data['team']['name'] team = Teams.query.filter_by(oauth_id=team_id).first() if team is None: team = Teams( name=team_name, oauth_id=team_id ) db.session.add(team) db.session.commit() team.members.append(user) db.session.commit() login_user(user) return redirect(url_for('challenges.listing')) else: log('logins', "[{date}] {ip} - OAuth token retrieval failure") error_for( endpoint='auth.login', message='OAuth token retrieval failure.' ) return redirect(url_for('auth.login')) else: log('logins', "[{date}] {ip} - Received redirect without OAuth code") error_for( endpoint='auth.login', message='Received redirect without OAuth code.' ) return redirect(url_for('auth.login'))
def oauth_redirect(): oauth_code = request.args.get("code") state = request.args.get("state") if session["nonce"] != state: log("logins", "[{date}] {ip} - OAuth State validation mismatch") error_for(endpoint="auth.login", message="OAuth State validation mismatch.") return redirect(url_for("auth.login")) if oauth_code: url = (get_app_config("OAUTH_TOKEN_ENDPOINT") or get_config("oauth_token_endpoint") or "https://auth.majorleaguecyber.org/oauth/token") client_id = get_app_config("OAUTH_CLIENT_ID") or get_config( "oauth_client_id") client_secret = get_app_config("OAUTH_CLIENT_SECRET") or get_config( "oauth_client_secret") headers = {"content-type": "application/x-www-form-urlencoded"} data = { "code": oauth_code, "client_id": client_id, "client_secret": client_secret, "grant_type": "authorization_code", } token_request = requests.post(url, data=data, headers=headers) if token_request.status_code == requests.codes.ok: token = token_request.json()["access_token"] user_url = (get_app_config("OAUTH_API_ENDPOINT") or get_config("oauth_api_endpoint") or "https://api.majorleaguecyber.org/user") headers = { "Authorization": "Bearer " + str(token), "Content-type": "application/json", } api_data = requests.get(url=user_url, headers=headers).json() user_id = api_data["id"] user_name = api_data["name"] user_email = api_data["email"] user = Users.query.filter_by(email=user_email).first() if user is None: # Check if we are allowing registration before creating users if registration_visible() or mlc_registration(): user = Users( name=user_name, email=user_email, oauth_id=user_id, verified=True, ) db.session.add(user) db.session.commit() else: log("logins", "[{date}] {ip} - Public registration via MLC blocked") error_for( endpoint="auth.login", message= "Public registration is disabled. Please try again later.", ) return redirect(url_for("auth.login")) if get_config("user_mode") == TEAMS_MODE: team_id = api_data["team"]["id"] team_name = api_data["team"]["name"] team = Teams.query.filter_by(oauth_id=team_id).first() if team is None: num_teams_limit = int(get_config("num_teams", default=0)) num_teams = Teams.query.filter_by(banned=False, hidden=False).count() if num_teams_limit and num_teams >= num_teams_limit: abort( 403, description= f"Reached the maximum number of teams ({num_teams_limit}). Please join an existing team.", ) team = Teams(name=team_name, oauth_id=team_id, captain_id=user.id) db.session.add(team) db.session.commit() clear_team_session(team_id=team.id) team_size_limit = get_config("team_size", default=0) if team_size_limit and len(team.members) >= team_size_limit: plural = "" if team_size_limit == 1 else "s" size_error = "Teams are limited to {limit} member{plural}.".format( limit=team_size_limit, plural=plural) error_for(endpoint="auth.login", message=size_error) return redirect(url_for("auth.login")) team.members.append(user) db.session.commit() if user.oauth_id is None: user.oauth_id = user_id user.verified = True db.session.commit() clear_user_session(user_id=user.id) login_user(user) return redirect(url_for("challenges.listing")) else: log("logins", "[{date}] {ip} - OAuth token retrieval failure") error_for(endpoint="auth.login", message="OAuth token retrieval failure.") return redirect(url_for("auth.login")) else: log("logins", "[{date}] {ip} - Received redirect without OAuth code") error_for(endpoint="auth.login", message="Received redirect without OAuth code.") return redirect(url_for("auth.login"))
def oauth_redirect(): oauth_code = request.args.get("code") state = request.args.get("state") if session["nonce"] != state: log("logins", "[{date}] {ip} - OAuth State validation mismatch") error_for(endpoint="auth.login", message="OAuth State validation mismatch.") return redirect(url_for("auth.login")) if oauth_code: url = (get_app_config("REDDIT_TOKEN_ENDPOINT") or get_config("reddit_token_endpoint") or "https://ssl.reddit.com/api/v1/access_token") client_id = get_app_config("REDDIT_CLIENT_ID") or get_config( "reddit_client_id") client_secret = get_app_config( "REDDIT_CLIENT_SECRET") or get_config("reddit_client_secret") reddit_user_agent = get_app_config( "REDDIT_USER_AGENT") or get_config("reddit_user_agent") callback_url = get_app_config("REDDIT_CALLBACK_URL") or get_config( "reddit_callback_url") client_auth = requests.auth.HTTPBasicAuth(client_id, client_secret) headers = { "content-type": "application/x-www-form-urlencoded", "User-Agent": reddit_user_agent } token_request = requests.post(url, auth=client_auth, data={ "grant_type": "authorization_code", "code": oauth_code, "redirect_uri": callback_url }, headers=headers) if token_request.status_code == requests.codes.ok: token = token_request.json()["access_token"] user_url = (get_app_config("REDDIT_API_ENDPOINT") or get_config("reddit_api_endpoint") or "https://oauth.reddit.com/api/v1/me") headers = { "Authorization": "Bearer " + str(token), "User-Agent": reddit_user_agent } api_response = requests.get(url=user_url, headers=headers) log("logins", str(api_response)) api_data = api_response.json() user_id = api_data["id"] user_name = api_data["name"] user_email = api_data["name"] + "@reddit.com" user = Users.query.filter_by(name=user_name).first() if user is None: # Check if we are allowing registration before creating users if registration_visible(): user = Users( name=user_name, email=user_email, oauth_id=user_id, verified=True, ) db.session.add(user) db.session.commit() else: log( "logins", "[{date}] {ip} - Public registration via Reddit blocked" ) error_for( endpoint="auth.login", message= "Public registration is disabled. Please try again later.", ) return redirect(url_for("auth.login")) if get_config("user_mode") == TEAMS_MODE: team_id = api_data["team"]["id"] team_name = api_data["team"]["name"] team = Teams.query.filter_by(oauth_id=team_id).first() if team is None: team = Teams(name=team_name, oauth_id=team_id, captain_id=user.id) db.session.add(team) db.session.commit() team_size_limit = get_config("team_size", default=0) if team_size_limit and len( team.members) >= team_size_limit: plural = "" if team_size_limit == 1 else "s" size_error = "Teams are limited to {limit} member{plural}.".format( limit=team_size_limit, plural=plural) error_for(endpoint="auth.login", message=size_error) return redirect(url_for("auth.login")) team.members.append(user) db.session.commit() if user.oauth_id is None: user.oauth_id = user_id user.verified = True db.session.commit() login_user(user) return redirect(url_for("challenges.listing")) else: log("logins", "[{date}] {ip} - OAuth token retrieval failure") log("logins", str(token_request)) log("logins", str(token_request.status_code)) log("logins", token_request.json()["access_token"]) error_for(endpoint="auth.login", message="OAuth token retrieval failure.") return redirect(url_for("auth.login")) else: log("logins", "[{date}] {ip} - Received redirect without OAuth code") error_for(endpoint="auth.login", message="Received redirect without OAuth code.") return redirect(url_for("auth.login"))