def test_get_url_pat(self):
self.assertEqual("/", get_url_path(""))
self.assertEqual("/next", get_url_path("/next"))
self.assertEqual("/next", get_url_path("https://aleph.ui:3000/next"))
url = get_url_path("https://example.com\\@aleph.ui/oauth?path=%%2F")
self.assertEqual("/oauth?path=%%2F", url)
self.assertEqual("/%%2F", get_url_path("https://example.com\\@aleph.ui/%%2F"))
def test_get_url_pat(self):
self.assertEqual('/', get_url_path(''))
self.assertEqual('/next', get_url_path('/next'))
self.assertEqual('/next', get_url_path('https://aleph.ui:3000/next'))
self.assertEqual(
'/oauth?path=%%2F',
get_url_path(
'https://example.com\\@aleph.ui/oauth?path=%%2F')) # noqa
self.assertEqual(
'/%%2F',
get_url_path('https://example.com\\@aleph.ui/%%2F')) # noqa
def oauth_callback():
require(settings.OAUTH)
try:
token = oauth.provider.authorize_access_token()
except AuthlibBaseError as err:
log.warning("Failed OAuth: %r", err)
raise Unauthorized(gettext("Authentication has failed."))
if token is None or isinstance(token, AuthlibBaseError):
log.warning("Failed OAuth: %r", token)
raise Unauthorized(gettext("Authentication has failed."))
role = handle_oauth(oauth.provider, token)
if role is None:
log.error("No OAuth handler was installed.")
raise Unauthorized(gettext("Authentication has failed."))
if role.is_blocked:
raise Unauthorized(gettext("Your account is blocked."))
db.session.commit()
update_role(role)
log.info("Logged in: %r", role)
request.authz = Authz.from_role(role)
token = request.authz.to_token(role=role)
token = token.decode('utf-8')
next_path = get_url_path(request.args.get('state'))
next_url = ui_url(settings.OAUTH_UI_CALLBACK, next=next_path)
next_url = '%s#token=%s' % (next_url, token)
return redirect(next_url)
def oauth_callback():
require(settings.OAUTH)
resp = oauth.provider.authorized_response()
if resp is None or isinstance(resp, OAuthException):
log.warning("Failed OAuth: %r", resp)
raise Unauthorized(gettext("Authentication has failed."))
response = signals.handle_oauth_session.send(provider=oauth.provider,
oauth=resp)
for (_, role) in response:
if role is None:
continue
db.session.commit()
update_role(role)
log.info("Logged in: %r", role)
request.authz = Authz.from_role(role)
token = request.authz.to_token(role=role)
token = token.decode('utf-8')
next_path = get_url_path(request.args.get('state'))
next_url = ui_url(settings.OAUTH_UI_CALLBACK, next=next_path)
next_url = '%s#token=%s' % (next_url, token)
return redirect(next_url)
log.error("No OAuth handler for %r was installed.", oauth.provider.name)
raise Unauthorized(gettext("Authentication has failed."))
def oauth_callback():
require(settings.OAUTH)
err = Unauthorized(gettext("Authentication has failed."))
state = cache.get_complex(_oauth_session(request.args.get("state")))
if state is None:
raise err
try:
oauth.provider.framework.set_session_data(request, "state",
state.get("state"))
uri = state.get("redirect_uri")
token = oauth.provider.authorize_access_token(redirect_uri=uri)
except AuthlibBaseError as err:
log.warning("Failed OAuth: %r", err)
raise err
if token is None or isinstance(token, AuthlibBaseError):
log.warning("Failed OAuth: %r", token)
raise err
role = handle_oauth(oauth.provider, token)
if role is None:
raise err
db.session.commit()
update_role(role)
log.debug("Logged in: %r", role)
request.authz = Authz.from_role(role)
next_path = get_url_path(state.get("next_url"))
next_url = ui_url("oauth", next=next_path)
next_url = "%s#token=%s" % (next_url, request.authz.to_token())
session.clear()
return redirect(next_url)
def oauth_callback():
require(settings.OAUTH)
err = Unauthorized(gettext("Authentication has failed."))
state = cache.get_complex(_oauth_session(request.args.get("state")))
if state is None:
raise err
try:
oauth.provider.framework.set_session_data(request, "state", state.get("state"))
uri = state.get("redirect_uri")
oauth_token = oauth.provider.authorize_access_token(redirect_uri=uri)
except AuthlibBaseError as err:
log.warning("Failed OAuth: %r", err)
raise err
if oauth_token is None or isinstance(oauth_token, AuthlibBaseError):
log.warning("Failed OAuth: %r", oauth_token)
raise err
role = handle_oauth(oauth.provider, oauth_token)
if role is None:
raise err
# Determine session duration based on OAuth settings
expire = oauth_token.get("expires_in", Authz.EXPIRE)
expire = oauth_token.get("refresh_expires_in", expire)
db.session.commit()
update_role(role)
log.debug("Logged in: %r", role)
request.authz = Authz.from_role(role, expire=expire)
token = request.authz.to_token()
# Store id_token to generate logout URL later
id_token = oauth_token.get("id_token")
if id_token is not None:
cache.set(_token_session(token), id_token, expires=expire)
next_path = get_url_path(state.get("next_url"))
next_url = ui_url("oauth", next=next_path)
next_url = "%s#token=%s" % (next_url, token)
session.clear()
return redirect(next_url)
