def api_authGithubAuthorized(): """Handle a callback from a successful OAUTH request. Tracks oauth users in a database. """ # clear temporary cookie values first expect = cookie.unchecked_remove(_COOKIE_NONCE) or '<missing-nonce>' t = cookie.unchecked_remove(_COOKIE_SIM_TYPE) oc = _oauth_client() if not oc.authorize_access_token(): util.raise_forbidden('missing oauth response') got = flask.request.args.get('state', '<missing-state>') if expect != got: pkdlog( 'mismatch oauth state: expected {} != got {}', expect, got, ) auth.login_fail_redirect(t, this_module, 'oauth-state', reload_js=True) raise AssertionError('auth.login_fail_redirect returned unexpectedly') d = oc.get('user').json() with auth_db.thread_lock: u = AuthGithubUser.search_by(oauth_id=d['id']) if u: # always update user_name u.user_name = d['login'] else: u = AuthGithubUser(oauth_id=d['id'], user_name=d['login']) u.save() auth.login(this_module, model=u, sim_type=t, want_redirect=True) raise AssertionError('auth.login returned unexpectedly')
def api_authEmailAuthorized(simulation_type, token): """Clicked by user in an email Token must exist in db and not be expired. """ t = sirepo.template.assert_sim_type(simulation_type) with auth_db.thread_lock: u = AuthEmailUser.search_by(token=token) if u and u.expires >= datetime.datetime.utcnow(): u.query.filter( (AuthEmailUser.user_name == u.unverified_email), AuthEmailUser.unverified_email != u.unverified_email, ).delete() u.user_name = u.unverified_email u.token = None u.expires = None u.save() return auth.login(this_module, sim_type=t, model=u) if not u: pkdlog('login with invalid token={}', token) else: pkdlog( 'login with expired token={}, email={}', token, u.unverified_email, ) return auth.login_fail_redirect(t, this_module, 'email-token')
def api_authEmailAuthorized(simulation_type, token): """Clicked by user in an email Token must exist in db and not be expired. """ if http_request.is_spider(): sirepo.util.raise_forbidden('robots not allowed') req = http_request.parse_params(type=simulation_type) with auth_db.thread_lock: u = AuthEmailUser.search_by(token=token) if u and u.expires >= srtime.utc_now(): n = _verify_confirm(req.type, token, auth.need_complete_registration(u)) u.query.filter( (AuthEmailUser.user_name == u.unverified_email), AuthEmailUser.unverified_email != u.unverified_email, ).delete() u.user_name = u.unverified_email u.token = None u.expires = None u.save() auth.login(this_module, sim_type=req.type, model=u, display_name=n) raise AssertionError('auth.login returned unexpectedly') if not u: pkdlog('login with invalid token={}', token) else: pkdlog( 'login with expired token={}, email={}', token, u.unverified_email, ) # if user is already logged in via email, then continue to the app if auth.user_if_logged_in(AUTH_METHOD): pkdlog( 'user already logged in. ignoring invalid token: {}, user: {}', token, auth.logged_in_user(), ) raise sirepo.util.Redirect(sirepo.uri.local_route(req.type)) auth.login_fail_redirect(req.type, this_module, 'email-token')
def api_authGithubAuthorized(): """Handle a callback from a successful OAUTH request. Tracks oauth users in a database. """ # clear temporary cookie values first oc = _client(cookie.unchecked_remove(_COOKIE_NONCE)) t = cookie.unchecked_remove(_COOKIE_SIM_TYPE) if not oc.authorize_access_token(): auth.login_fail_redirect(t, this_module, 'oauth-state', reload_js=True) raise AssertionError('auth.login_fail_redirect returned unexpectedly') d = oc.get('user').json() with auth_db.thread_lock: u = AuthGithubUser.search_by(oauth_id=d['id']) if u: # always update user_name u.user_name = d['login'] else: u = AuthGithubUser(oauth_id=d['id'], user_name=d['login']) u.save() auth.login(this_module, model=u, sim_type=t, want_redirect=True) raise AssertionError('auth.login returned unexpectedly')