def test_get_url_pat(self): self.assertEqual("/", get_url_path("")) self.assertEqual("/next", get_url_path("/next")) self.assertEqual("/next", get_url_path("https://aleph.ui:3000/next")) url = get_url_path("https://example.com\\@aleph.ui/oauth?path=%%2F") self.assertEqual("/oauth?path=%%2F", url) self.assertEqual("/%%2F", get_url_path("https://example.com\\@aleph.ui/%%2F"))
def test_get_url_pat(self): self.assertEqual('/', get_url_path('')) self.assertEqual('/next', get_url_path('/next')) self.assertEqual('/next', get_url_path('https://aleph.ui:3000/next')) self.assertEqual( '/oauth?path=%%2F', get_url_path( 'https://example.com\\@aleph.ui/oauth?path=%%2F')) # noqa self.assertEqual( '/%%2F', get_url_path('https://example.com\\@aleph.ui/%%2F')) # noqa
def oauth_callback(): require(settings.OAUTH) try: token = oauth.provider.authorize_access_token() except AuthlibBaseError as err: log.warning("Failed OAuth: %r", err) raise Unauthorized(gettext("Authentication has failed.")) if token is None or isinstance(token, AuthlibBaseError): log.warning("Failed OAuth: %r", token) raise Unauthorized(gettext("Authentication has failed.")) role = handle_oauth(oauth.provider, token) if role is None: log.error("No OAuth handler was installed.") raise Unauthorized(gettext("Authentication has failed.")) if role.is_blocked: raise Unauthorized(gettext("Your account is blocked.")) db.session.commit() update_role(role) log.info("Logged in: %r", role) request.authz = Authz.from_role(role) token = request.authz.to_token(role=role) token = token.decode('utf-8') next_path = get_url_path(request.args.get('state')) next_url = ui_url(settings.OAUTH_UI_CALLBACK, next=next_path) next_url = '%s#token=%s' % (next_url, token) return redirect(next_url)
def oauth_callback(): require(settings.OAUTH) resp = oauth.provider.authorized_response() if resp is None or isinstance(resp, OAuthException): log.warning("Failed OAuth: %r", resp) raise Unauthorized(gettext("Authentication has failed.")) response = signals.handle_oauth_session.send(provider=oauth.provider, oauth=resp) for (_, role) in response: if role is None: continue db.session.commit() update_role(role) log.info("Logged in: %r", role) request.authz = Authz.from_role(role) token = request.authz.to_token(role=role) token = token.decode('utf-8') next_path = get_url_path(request.args.get('state')) next_url = ui_url(settings.OAUTH_UI_CALLBACK, next=next_path) next_url = '%s#token=%s' % (next_url, token) return redirect(next_url) log.error("No OAuth handler for %r was installed.", oauth.provider.name) raise Unauthorized(gettext("Authentication has failed."))
def oauth_callback(): require(settings.OAUTH) err = Unauthorized(gettext("Authentication has failed.")) state = cache.get_complex(_oauth_session(request.args.get("state"))) if state is None: raise err try: oauth.provider.framework.set_session_data(request, "state", state.get("state")) uri = state.get("redirect_uri") token = oauth.provider.authorize_access_token(redirect_uri=uri) except AuthlibBaseError as err: log.warning("Failed OAuth: %r", err) raise err if token is None or isinstance(token, AuthlibBaseError): log.warning("Failed OAuth: %r", token) raise err role = handle_oauth(oauth.provider, token) if role is None: raise err db.session.commit() update_role(role) log.debug("Logged in: %r", role) request.authz = Authz.from_role(role) next_path = get_url_path(state.get("next_url")) next_url = ui_url("oauth", next=next_path) next_url = "%s#token=%s" % (next_url, request.authz.to_token()) session.clear() return redirect(next_url)
def oauth_callback(): require(settings.OAUTH) err = Unauthorized(gettext("Authentication has failed.")) state = cache.get_complex(_oauth_session(request.args.get("state"))) if state is None: raise err try: oauth.provider.framework.set_session_data(request, "state", state.get("state")) uri = state.get("redirect_uri") oauth_token = oauth.provider.authorize_access_token(redirect_uri=uri) except AuthlibBaseError as err: log.warning("Failed OAuth: %r", err) raise err if oauth_token is None or isinstance(oauth_token, AuthlibBaseError): log.warning("Failed OAuth: %r", oauth_token) raise err role = handle_oauth(oauth.provider, oauth_token) if role is None: raise err # Determine session duration based on OAuth settings expire = oauth_token.get("expires_in", Authz.EXPIRE) expire = oauth_token.get("refresh_expires_in", expire) db.session.commit() update_role(role) log.debug("Logged in: %r", role) request.authz = Authz.from_role(role, expire=expire) token = request.authz.to_token() # Store id_token to generate logout URL later id_token = oauth_token.get("id_token") if id_token is not None: cache.set(_token_session(token), id_token, expires=expire) next_path = get_url_path(state.get("next_url")) next_url = ui_url("oauth", next=next_path) next_url = "%s#token=%s" % (next_url, token) session.clear() return redirect(next_url)