def __init__(self, user_id): count = self.query_count(user_id__eq=user_id) create = (count == 0) if create: data = { 'user_id': user_id, 'email': '', 'verification_code': gen_random_secret(), 'is_verified': 0 } self.create(data) self.item = self.fetch(user_id=user_id) self.is_new = create
def get(self): # self_redirect_uri should be similar to 'http://<host>/jboxauth/linkedin/' self_redirect_uri = self.request.full_url() idx = self_redirect_uri.index("jboxauth/linkedin/") self_redirect_uri = self_redirect_uri[0:(idx + len("jboxauth/linkedin/"))] code = self.get_argument('code', False) if code is not False: state = self.get_argument('state', None) secret = self.get_state_cookie() if not state or not secret or state != secret: self.log_warn("LinkedIn auth: Invalid login attempt") self.rendertpl("index.tpl", cfg=JBoxCfg.nv, state=self.state(error="Invalid login request", success="")) return user = yield self.get_authenticated_user( redirect_uri=self_redirect_uri, code=code) user_info = yield self.get_user_info(user) try: self.update_user_profile(user_info) except: self.log_error("exception while capturing user profile") traceback.print_exc() user_id = user_info['emailAddress'] LinkedInAuthHandler.log_debug("logging in user_id=%r", user_id) self.post_auth_launch_container(user_id) return else: error = self.get_argument('error', False) if error is not False: error_description = self.get_argument('error_description', '') LinkedInAuthHandler.log_info("Linked in auth error: %r, %r", error, error_description) self.redirect(self_redirect_uri[0:idx]) return else: state = gen_random_secret() self.set_state_cookie(state) yield self.authorize_redirect( redirect_uri=self_redirect_uri, client_id=self.settings[self._OAUTH_SETTINGS_KEY]['key'], scope=self.SCOPES, response_type='code', extra_params={'state': state})
def get(self): # self_redirect_uri should be similar to 'http://<host>/jboxauth/linkedin/' self_redirect_uri = self.request.full_url() idx = self_redirect_uri.index("jboxauth/linkedin/") self_redirect_uri = self_redirect_uri[0:(idx + len("jboxauth/linkedin/"))] code = self.get_argument('code', False) if code is not False: state = self.get_argument('state', None) secret = self.get_state_cookie() if not state or not secret or state != secret: self.log_warn("LinkedIn auth: Invalid login attempt") self.rendertpl("index.tpl", cfg=JBoxCfg.nv, state=self.state( error="Invalid login request", success="")) return user = yield self.get_authenticated_user(redirect_uri=self_redirect_uri, code=code) user_info = yield self.get_user_info(user) try: self.update_user_profile(user_info) except: self.log_error("exception while capturing user profile") traceback.print_exc() user_id = user_info['emailAddress'] LinkedInAuthHandler.log_debug("logging in user_id=%r", user_id) self.post_auth_launch_container(user_id) return else: error = self.get_argument('error', False) if error is not False: error_description = self.get_argument('error_description', '') LinkedInAuthHandler.log_info("Linked in auth error: %r, %r", error, error_description) self.redirect(self_redirect_uri[0:idx]) return else: state = gen_random_secret() self.set_state_cookie(state) yield self.authorize_redirect(redirect_uri=self_redirect_uri, client_id=self.settings[self._OAUTH_SETTINGS_KEY]['key'], scope=self.SCOPES, response_type='code', extra_params={'state': state})
self.update_user_profile(user_info) except: self.log_error("exception while capturing user profile") traceback.print_exc() user_id = user_info['email'] if task == 'store_creds': creds = self.make_credentials(user) credtok = creds.to_json() self.post_auth_store_credentials(user_id, "gdrive", credtok) return else: self.post_auth_launch_container(user_id) return else: secret = gen_random_secret() new_state = {'secret': secret} if state == 'ask_gdrive': user_id = self.get_user_id() new_state['task'] = 'store_creds' scope = ['https://www.googleapis.com/auth/drive'] extra_params = {'access_type': 'offline', 'prompt': 'consent', 'login_hint': user_id, 'include_granted_scopes': 'true'} else: scope = ['profile', 'email'] extra_params = {'approval_prompt': 'auto'} extra_params['state'] = base64.b64encode(json.dumps(new_state)) self.set_state_cookie(secret) yield self.authorize_redirect(redirect_uri=self_redirect_uri, client_id=self.settings[self._OAUTH_SETTINGS_KEY]['key'],
def get(self): # self_redirect_uri should be similar to 'http://<host>/jboxauth/github/' self_redirect_uri = self.request.full_url() idx = self_redirect_uri.index("jboxauth/github/") self_redirect_uri = self_redirect_uri[0 : (idx + len("jboxauth/github/"))] code = self.get_argument("code", False) if code is not False: state = self.get_argument("state", None) secret = self.get_state_cookie() if not state or not secret or state != secret: self.log_warn("GitHub auth: Invalid login attempt") self.rendertpl("index.tpl", cfg=JBoxCfg.nv, state=self.state(error="Invalid login request", success="")) return user = yield self.get_authenticated_user(redirect_uri=self_redirect_uri, code=code) err = user.get("error") if err and err[0] == "bad_verification_code": # Invalid code, get new code. self.redirect(self_redirect_uri) return if not user.has_key("access_token"): self.log_error("GitHub auth error: Key `access_token` not found in response: %r", user) self.rendertpl( "index.tpl", cfg=JBoxCfg.nv, state=self.state( error="GitHub authentication failed due to unexpected error. Please try again.", success="" ), ) return user["access_token"] = user["access_token"][0] user["token_type"] = user["token_type"][0] user_info = yield self.get_user_info(user) user_id = user_info.get("email") if not user_id: user_emails = yield self.get_user_emails(user) for email in user_emails: if email["primary"] and email["verified"]: user_id = email["email"] break if not user_id: self.rendertpl( "index.tpl", cfg=JBoxCfg.nv, state=self.state(error="Unable to get verified email address, login failed.", success=""), ) return try: self.update_user_profile(user_id, user_info) except: self.log_error("exception while capturing user profile") traceback.print_exc() GitHubAuthHandler.log_debug("logging in user_id=%r", user_id) self.post_auth_launch_container(user_id) return else: state = gen_random_secret() self.set_state_cookie(state) yield self.authorize_redirect( redirect_uri=self_redirect_uri, client_id=self.settings[self._OAUTH_SETTINGS_KEY]["key"], scope=self.SCOPES, response_type="code", extra_params={"allow_signup": "true", "state": state}, )
def get(self): # self_redirect_uri should be similar to 'http://<host>/jboxauth/github/' self_redirect_uri = self.request.full_url() idx = self_redirect_uri.index("jboxauth/github/") self_redirect_uri = self_redirect_uri[0:(idx + len("jboxauth/github/"))] code = self.get_argument('code', False) if code is not False: state = self.get_argument('state', None) secret = self.get_state_cookie() if not state or not secret or state != secret: self.log_warn("GitHub auth: Invalid login attempt") self.rendertpl("index.tpl", cfg=JBoxCfg.nv, state=self.state( error="Invalid login request", success="")) return user = yield self.get_authenticated_user(redirect_uri=self_redirect_uri, code=code) err = user.get('error') if err and err[0] == 'bad_verification_code': # Invalid code, get new code. self.redirect(self_redirect_uri) return if not user.has_key('access_token'): self.log_error('GitHub auth error: Key `access_token` not found in response: %r', user) self.rendertpl("index.tpl", cfg=JBoxCfg.nv, state=self.state( error="GitHub authentication failed due to unexpected error. Please try again.", success="")) return user['access_token'] = user['access_token'][0] user['token_type'] = user['token_type'][0] user_info = yield self.get_user_info(user) user_id = user_info.get('email') if not user_id: user_emails = yield self.get_user_emails(user) for email in user_emails: if email['primary'] and email['verified']: user_id = email['email'] break if not user_id: self.rendertpl("index.tpl", cfg=JBoxCfg.nv, state=self.state( error="Unable to get verified email address, login failed.", success="")) return try: self.update_user_profile(user_id, user_info) except: self.log_error("exception while capturing user profile") traceback.print_exc() GitHubAuthHandler.log_debug("logging in user_id=%r", user_id) self.post_auth_launch_container(user_id) return else: state = gen_random_secret() self.set_state_cookie(state) yield self.authorize_redirect(redirect_uri=self_redirect_uri, client_id=self.settings[self._OAUTH_SETTINGS_KEY]['key'], scope=self.SCOPES, response_type='code', extra_params={'allow_signup': 'true', 'state': state})
self.update_user_profile(user_info) except: self.log_error("exception while capturing user profile") traceback.print_exc() user_id = user_info['email'] if task == 'store_creds': creds = self.make_credentials(user) credtok = creds.to_json() self.post_auth_store_credentials(user_id, "gdrive", credtok) return else: self.post_auth_launch_container(user_id) return else: secret = gen_random_secret() new_state = {'secret': secret} if state == 'ask_gdrive': user_id = self.get_user_id() new_state['task'] = 'store_creds' scope = ['https://www.googleapis.com/auth/drive'] extra_params = { 'access_type': 'offline', 'prompt': 'consent', 'login_hint': user_id, 'include_granted_scopes': 'true' } else: scope = ['profile', 'email'] extra_params = {'approval_prompt': 'auto'}