Example #1
0
    def post(self):

        # Validate the identity
        id_token = json.loads(request.data.decode())["id_token"]
        if id_token is None:
            return "No ID token provided", HTTPStatus.FORBIDDEN

        try:
            identity = validate_id_token(id_token, app.config["GOOGLE_CLIENT_ID"])
        except ValueError:
            return "Invalid ID token", HTTPStatus.FORBIDDEN

        # Get the user info out of the validated identity
        if "sub" not in identity or "name" not in identity or "picture" not in identity:
            return "Unexcpected authorization response", HTTPStatus.FORBIDDEN

        # This just adds a new user that hasn't been seen before and assumes it
        # will work, but you could extend the logic to do something different
        # (such as only allow known users, or somehow mark a user as new so
        # your frontend can collect extra profile information).
        user = user_manager.add_or_update_google_user(
            identity["sub"], identity["name"], identity["picture"]
        )

        # Authorize the user:
        user_log_in = login_user(user, force=True)

        return self.get()
Example #2
0
    def post(self):
        # Validate the identity
        id_token = request.form.get('id_token')
        if id_token is None:
            print("No ID token provided")
            return "No ID token provided", HTTPStatus.FORBIDDEN

        try:
            identity = google_token.validate_id_token(
                id_token, app.config['GOOGLE_CLIENT_ID'])
        except ValueError:
            print("No ID token provided")
            return 'Invalid ID token', HTTPStatus.FORBIDDEN

        # Get the user info out of the validated identity
        if ('sub' not in identity or
                'name' not in identity or
                'picture' not in identity):
            print("Unexcpected authorization response")
            return "Unexcpected authorization response", HTTPStatus.FORBIDDEN

        # This just adds a new user that hasn't been seen before and assumes it
        # will work, but you could extend the logic to do something different
        # (such as only allow known users, or somehow mark a user as new so
        # your frontend can collect extra profile information).
        user = user_manager.add_or_update_google_user(
            identity['sub'], identity['name'], identity['picture'])

        # Authorize the user:
        login_user(user, remember=True)

        return self.get()
Example #3
0
    def post(cls):
        '''User Google Login'''
        try:
            if 'id_token' not in request.get_json():
                return {"msg": "No Google ID token provided"}, HTTPStatus.FORBIDDEN

            token = request.get_json()['id_token']

            try:
                identity = google_token.validate_id_token(
                    token, configs['GOOGLE_CLIENT_ID'])
            except ValueError:
                return {"message": 'Invalid Google ID token'}, HTTPStatus.FORBIDDEN

            # Get the user info out of the validated identity
            if ('email' not in identity or 'name' not in identity):
                return {"message": "Unexcpected authorization response"}, HTTPStatus.FORBIDDEN

            if not UserModel.find_by_email(email=identity['email']):
                user = UserModel(
                    email=identity['email'], name=identity['name'])
                user.save_to_db()
            access_token = create_access_token(
                identity=identity['email'], expires_delta=datetime.timedelta(hours=1))
            isAdmin = check_admin_credential(identity['email'])
            return {"message": "Login Success", "access_token": access_token, "isAdmin":isAdmin, "email": identity['email']}, HTTPStatus.OK

        except Exception as e:
            print(e)
            return {"message": "Something went wrong!"}, HTTPStatus.INTERNAL_SERVER_ERROR
Example #4
0
    def post(self):
        # Validate the identity
        id_token = json.loads(request.data.decode())["id_token"]

        try:
            identity = validate_id_token(id_token, google_app_credentials["client_id"])
        except ValueError:
            return make_response(jsonify({"message": "Invalid ID token"}, HTTPStatus.FORBIDDEN))
        
        if not identity["email_verified"]:
            return make_response(jsonify({"message": "Email not verfied"}, HTTPStatus.FORBIDDEN))

        # save user to application if does not exists
        user_from_pool: UserPool = UserPool.get_user_from_pool(identity['email'])

        if not user_from_pool:
           UserPool.register_user_in_pool(UserPool(name=identity["name"], email=identity["email"],password=None, provider="Google"))
           user = User(identity["name"], identity["email"])
           User.create_user(user)

        # create access and refresh tokens
        access_token = jwt.encode({
                'public_id': user_from_pool.email,
                'name' : user_from_pool.name,
                'iat': datetime.datetime.utcnow(),
                'nbf': datetime.datetime.utcnow(),
                'exp': datetime.datetime.utcnow() + datetime.timedelta(minutes=30)
            }, 'my_precious_secret_key')
        
        refresh_token = jwt.encode({
                'public_id': user_from_pool.email,
                'iat': datetime.datetime.utcnow(),
                'nbf': datetime.datetime.utcnow(),
                'exp': datetime.datetime.utcnow() + datetime.timedelta(days=1)
            }, 'my_secret_key')

        return make_response(jsonify({"access_token" : access_token.decode("UTF-8"), "refresh_token" : refresh_token.decode("UTF-8")}), 200)    
Example #5
0
def login():
    data = request.json
    id_token = data.get("id_token")

    # Case 1: Null Check
    if id_token is None:
        return jsonify({"login": False})

    # Case 2: Decodes Token + Checks For Invalid ID Token
    try:
        identity = google_token.validate_id_token(
            id_token, app.config['GOOGLE_CLIENT_ID'])
    except ValueError:
        return jsonify({"login": False})

    # Case 3: Unexpected Response
    if ('email' not in identity):
        return jsonify({"login": False})

    # Case 4: Unauthorized @berkeley.edu email login
    cur = conn.cursor()
    sql = """SELECT id FROM authusers WHERE email=%s"""
    # Execute a query
    cur.execute(sql, (identity['email'], ))
    # Retrieve query results
    records = cur.fetchall()
    print(records)
    # Close cursor
    cur.close()
    if len(records) == 0:
        return jsonify({"login": False})
    print(records[0][0])

    # Create user and signin
    user_model = User(records[0][0], identity['email'])
    login_user(user_model)
    return jsonify({"login": True})