def perform_create(self, serializer):
user = serializer.save()
if serializer.validated_data.get('access_token'):
self.request.social_strategy = load_strategy(self.request)
if not hasattr(self.request, 'strategy'):
self.request.strategy = self.request.social_strategy
self.request.backend = load_backend(self.request.social_strategy, "facebook",
reverse("accounts:token-auth"))
self.request.social_strategy = load_strategy(self.request)
self.request.backend = load_backend(self.request.social_strategy, 'facebook', None)
self.request.backend.do_auth(serializer.validated_data.get("access_token"), None, user=user, is_new=True)
return user
def refresh_user_course_permissions(user):
"""
Refresh user course permissions from the auth server.
Arguments
user (User) -- User whose permissions should be refreshed
"""
backend = EdXOpenIdConnect(strategy=load_strategy())
user_social_auth = user.social_auth.filter(provider=backend.name).first()
if not user_social_auth:
raise UserNotAssociatedWithBackendError
access_token = user_social_auth.extra_data.get('access_token')
if not access_token:
raise InvalidAccessTokenError
courses = _get_user_courses(access_token, backend)
# If the backend does not provide course permissions, assign no permissions and log a warning as there may be an
# issue with the backend provider.
if not courses:
logger.warning(
'Authorization server did not return course permissions. Defaulting to no course access.'
)
courses = []
set_user_course_permissions(user, courses)
return courses
def refresh_user_course_permissions(user):
"""
Refresh user course permissions from the auth server.
Arguments
user (User) -- User whose permissions should be refreshed
"""
backend = EdXOpenIdConnect(strategy=load_strategy())
user_social_auth = user.social_auth.filter(provider=backend.name).first()
if not user_social_auth:
raise UserNotAssociatedWithBackendError
access_token = user_social_auth.extra_data.get('access_token')
if not access_token:
raise InvalidAccessTokenError
courses = _get_user_courses(access_token, backend)
# If the backend does not provide course permissions, assign no permissions and log a warning as there may be an
# issue with the backend provider.
if not courses:
logger.warning('Authorization server did not return course permissions. Defaulting to no course access.')
courses = []
set_user_course_permissions(user, courses)
return courses
def register_by_access_token(request, *args, **kwargs):
# TODO: make me pretty, decorator? api_view
# LD: looks fine :)
# print request.META
social_serializer = SocialTokenSerializer(data=request.data)
social_serializer.is_valid(raise_exception=True)
try:
# TODO: this is really bad!
client_id, client_secret = _get_client_id_and_secret(request)
try:
app = Application.objects.get(client_id=client_id)
except ObjectDoesNotExist:
return Response({"errors": ["client_id doesn't exist"]}, status=status.HTTP_400_BAD_REQUEST)
data = social_serializer.data
strategy = load_strategy(request)
backend = load_backend(strategy, data['backend'], None)
user = backend.do_auth(data['social_token'])
if user:
if not user.last_login:
login(request, user)
serializer = UserSerializer(user, context={'request': request})
returned_json = {
'user': serializer.data,
'token': get_access_token(user, app)
}
return JsonResponse({'data': returned_json})
else:
return Response({"errors": ["user already registered"]}, status=status.HTTP_400_BAD_REQUEST)
else:
return _facebook_login_error("after token user is none")
except HTTPError as e:
return _facebook_login_error(e.message + " when connecting to " + data['backend'])
def home(request):
tracks = []
soundcloud_auth = False
pnos = 0
next_page = 0
prev_page = 0
current_page = request.GET.get('current_page', 1)
current_page = int(current_page)
print 'current_page is'
print current_page
if request.user and request.user.is_anonymous(
) is False and request.user.is_superuser is False:
try:
soundcloud_auth = UserSocialAuth.objects.get(user=request.user,
provider="soundcloud")
if soundcloud_auth:
soundcloud_auth = True
except Exception, e:
#Nothing to worry , Sound cloud isn't connected
print e
#Try refreshing the token
try:
if soundcloud_auth:
User = get_user_model()
suser = User.objects.get(id=request.user.id)
social = suser.social_auth.get(provider='soundcloud')
social.refresh_token(load_strategy())
except Exception, e:
print 'refresh token error'
print e
def home(request):
tracks = []
soundcloud_auth = False
pnos=0
next_page = 0
prev_page = 0
current_page = request.GET.get('current_page',1)
current_page = int(current_page)
print 'current_page is'
print current_page
if request.user and request.user.is_anonymous() is False and request.user.is_superuser is False:
try:
soundcloud_auth = UserSocialAuth.objects.get(user=request.user,provider="soundcloud")
if soundcloud_auth:
soundcloud_auth = True
except Exception, e:
#Nothing to worry , Sound cloud isn't connected
print e
#Try refreshing the token
try:
if soundcloud_auth:
User = get_user_model()
suser = User.objects.get(id=request.user.id)
social = suser.social_auth.get(provider='soundcloud')
social.refresh_token(load_strategy())
except Exception, e:
print 'refresh token error'
print e
def social_login(request):
"""
Returns two-tuple of (user, token) if authentication succeeds,
or None otherwise.
"""
token = request.DATA.get('access_token', None)
backend = request.DATA.get('backend', None)
strategy = load_strategy(request=request)
try:
backend = load_backend(strategy, backend, reverse(NAMESPACE + ":complete", args=(backend,)))
except MissingBackend:
msg = 'Invalid token header. Invalid backend.'
return Response(str(msg), status=400)
try:
user = backend.do_auth(access_token=token)
except requests.HTTPError as e:
msg = e.response.text
return Response(str(msg), status=400)
if not user:
msg = 'Bad credentials.'
return Response(str(msg), status=400)
login(request, user)
serialized = AccountSerializer(user)
return Response(serialized.data, status=status.HTTP_200_OK )
def register_by_access_token(request, backend):
uri=''
strategy = load_strategy(request)
backend = load_backend(strategy, backend, uri)
# Split by spaces and get the array
auth = get_authorization_header(request).split()
if not auth:
msg= 'No auth provided'
return msg
if not auth or auth[0].lower() != b'bearer':
msg = 'No token header provided.'
return msg
if len(auth) == 1:
msg = 'Invalid token header. No credentials provided.'
return msg
access_token = auth[1].decode(encoding='UTF-8')
user = backend.do_auth(access_token)
return user
def get_request_and_strategy(self, auth_entry=None, redirect_uri=None):
"""Gets a fully-configured request and strategy.
These two objects contain circular references, so we create them
together. The references themselves are a mixture of normal __init__
stuff and monkey-patching done by python-social-auth. See, for example,
social.apps.django_apps.utils.strategy().
"""
request = self.request_factory.get(
pipeline.get_complete_url(self.backend_name) +
'?redirect_state=redirect_state_value&code=code_value&state=state_value'
)
request.user = auth_models.AnonymousUser()
request.session = cache.SessionStore()
request.session[self.backend_name + '_state'] = 'state_value'
if auth_entry:
request.session[pipeline.AUTH_ENTRY_KEY] = auth_entry
strategy = social_utils.load_strategy(request=request)
request.social_strategy = strategy
request.backend = social_utils.load_backend(strategy,
self.backend_name,
redirect_uri)
return request, strategy
def refresh_access(user): if user and user.is_authenticated(): social = user.social_auth.get(provider="reddit") #social.refresh_token(redirect_uri=SOCIAL_AUTH_REDDIT_REDIRECT) #social.refresh_token(social.extra_data["refresh_token"], redirect_uri=SOCIAL_AUTH_REDDIT_REDIRECT) strategy = load_strategy() social.refresh_token(strategy, redirect_uri=SOCIAL_AUTH_REDDIT_REDIRECT)
def get_officevideo_embed_code(self, officevideo_url):
embed_code = ''
try:
django_user_social = User.objects.get(
id=self.xmodule_runtime.user_id).social_auth.get(
provider='azuread-oauth2')
if int(django_user_social.extra_data['expires_on']) < int(
time.time()):
django_user_social.refresh_token(load_strategy())
django_user_social = User.objects.get(
id=self.xmodule_runtime.user_id).social_auth.get(
provider='azuread-oauth2')
url = self.video_url
parsed = urlparse.urlparse(url)
query_params = urlparse.parse_qs(parsed.query)
resp = requests.get("https://" + parsed.netloc +
"/portals/hub/_api/VideoService/Channels('" +
query_params['chid'][0] + "')/Videos('" +
query_params['vid'][0] +
"')/GetVideoEmbedCode",
headers={
'Authorization':
'Bearer ' + django_user_social.tokens,
'Content-Type':
'application/json;odata=verbose'
})
root = ET.fromstring(resp._content)
embed_code = unicode(root.text, "utf-8")
except:
embed_code = '<a target="_blank" href="' + officevideo_url + '">Office 365 Video</a>'
return embed_code
def refresh_access(user): if user and user.is_authenticated(): social = user.social_auth.get(provider="reddit") #social.refresh_token(redirect_uri=SOCIAL_AUTH_REDDIT_REDIRECT) #social.refresh_token(social.extra_data["refresh_token"], redirect_uri=SOCIAL_AUTH_REDDIT_REDIRECT) strategy = load_strategy() social.refresh_token(strategy, redirect_uri=settings.SOCIAL_AUTH_REDDIT_REDIRECT)
def setUp(self):
super(AccessTokenExchangeFormTest, self).setUp()
self.request = RequestFactory().post("dummy_url")
redirect_uri = 'dummy_redirect_url'
SessionMiddleware().process_request(self.request)
self.request.social_strategy = social_utils.load_strategy(self.request)
# pylint: disable=no-member
self.request.backend = social_utils.load_backend(self.request.social_strategy, self.BACKEND, redirect_uri)
def __init__(self, user, request=None, provider='google-oauth2'):
self.user = user
self.request = request
self.provider = provider
self.strategy = load_strategy(request)
self.user_social = UserSocialAuth.get_social_auth_for_user(user=self.user, provider=self.provider)[0]
self.backend = self.user_social.get_backend_instance(strategy=self.strategy)
def _fake_strategy(self):
"""Simulate the strategy passed to the pipeline step. """
request = RequestFactory().get(
pipeline.get_complete_url(self.BACKEND_NAME))
request.user = self.user
request.session = cache.SessionStore()
return social_utils.load_strategy(backend=self.BACKEND_NAME,
request=request)
def _fn(self, *args, **kwargs):
try:
return fn(self, *args, **kwargs)
except HTTPError:
s = load_strategy(backend='google-oauth2')
sa = self._user.social_auth.get()
sa.refresh_token(s)
sa.save()
return fn(self, *args, **kwargs)
def github_token(self):
strategy = load_strategy()
github_auth = self.contributor.user.social_auth.filter(
provider='github')
if github_auth.count():
github_auth = github_auth[0]
github_auth.refresh_token(strategy)
if github_auth:
return github_auth.access_token
def _fake_strategy(self):
"""Simulate the strategy passed to the pipeline step. """
request = RequestFactory().get(pipeline.get_complete_url(self.BACKEND_NAME))
request.user = self.user
request.session = cache.SessionStore()
return social_utils.load_strategy(
backend=self.BACKEND_NAME, request=request
)
def setUp(self):
super(AccessTokenExchangeFormTest, self).setUp()
self.request = RequestFactory().post("dummy_url")
redirect_uri = 'dummy_redirect_url'
SessionMiddleware().process_request(self.request)
self.request.social_strategy = social_utils.load_strategy(self.request)
# pylint: disable=no-member
self.request.backend = social_utils.load_backend(
self.request.social_strategy, self.BACKEND, redirect_uri)
def obj_create(self, bundle, request=None, **kwargs):
provider = bundle.data['provider']
access_token = bundle.data['access_token']
strategy = load_strategy(backend=provider)
user = strategy.backend.do_auth(access_token)
if user and user.is_active:
bundle.obj = user
return bundle
else:
raise BadRequest(_("Error authenticating user with this provider"))
def bind(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
user = request.user
oauth = Oauth.objects.create(access_token=serializer.data['access_token'], user=user, provider=Providers.Github)
strategy = load_strategy(request=request)
kwargs = dict({(k, i) for k, i in serializer.data.items() if k != 'backend'})
# 使用者驗證
tmp = strategy.backend.do_auth(**kwargs)
return Response(data={'message': '绑定成功'}, status=status.HTTP_200_OK)
def __init__(self, user, request=None, provider='google-oauth2'):
self.user = user
self.request = request
self.provider = provider
self.strategy = load_strategy(request)
self.user_social = UserSocialAuth.get_social_auth_for_user(
user=self.user, provider=self.provider)[0]
self.backend = self.user_social.get_backend_instance(
strategy=self.strategy)
def get_fb_user_token(self):
"""
Retrieve facebook user token from python-social-auth lib
"""
user = User.objects.get(username=settings.ADMIN_USER) #this should not be static
#get the oath2 token for user haike
social = user.social_auth.get(provider='facebook')
strategy = load_strategy(backend='facebook')
social.refresh_token(strategy)
return social.extra_data['access_token']
def create(self, request, *args, **kwargs):
"""
Override `create` instead of `perform_create` to access request
request is necessary for `load_strategy`
"""
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
provider = request.data['provider']
# If this request was made with an authenticated user, try to associate this social account with it
authed_user = request.user if not request.user.is_anonymous() else None
strategy = load_strategy(request)
backend = load_backend(strategy=strategy,
name=provider,
redirect_uri=None)
if isinstance(backend, BaseOAuth1):
token = {
'oauth_token': request.data['access_token'],
'oauth_token_secret': request.data['access_token_secret'],
}
elif isinstance(backend, BaseOAuth2):
token = request.data['access_token']
try:
user = backend.do_auth(token, user=authed_user)
except AuthAlreadyAssociated:
return Response(
{"errors": "That social media account is already in use"},
status=status.HTTP_400_BAD_REQUEST)
if user and user.is_active:
# if the access token was set to an empty string, then save the access token from the request
auth_created = user.social_auth.get(provider=provider)
if not auth_created.extra_data['access_token']:
auth_created.extra_data['access_token'] = token
auth_created.save()
# Allow client to send up password to complete auth flow
if not authed_user and 'password' in request.data:
password = base64.decodestring(request.data['password'])
user.set_password(password)
user.save()
# Set instance since we are not calling `serializer.save()`
serializer.instance = user
headers = self.get_success_headers(serializer.data)
return Response(serializer.data,
status=status.HTTP_201_CREATED,
headers=headers)
else:
return Response({"errors": "Error with social authentication"},
status=status.HTTP_400_BAD_REQUEST)
def post(self, request):
serializer = self.serializer_class(data=request.data)
if serializer.is_valid():
backend = serializer.data['backend']
access_token = serializer.data['access_token']
jwt = serializer.data.get('jwt_token', None)
else:
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
# 讀取python-social-auth strategy
strategy = load_strategy(request=request)
backend = load_backend(strategy, backend, 'next')
try:
kwargs = dict({(k, i) for k, i in serializer.data.items() if k != 'backend'})
if jwt:
# Get user from provided jwt
try:
payload = jwt_decode_handler(jwt)
user = User.objects.get(id=payload['user_id'])
if user.is_authenticated():
kwargs['user'] = user
else:
raise Exception('not authenticated')
except:
kwargs['user'] = None
pass
user = backend.do_auth(**kwargs)
except AuthAlreadyAssociated:
data = {
'error_code': 'social_already_associated',
'status': 'Auth associated with another user.',
}
return Response(data, status=status.HTTP_403_FORBIDDEN)
if not user:
data = {
'error_code': 'social_no_user',
'status': 'No associated user.',
}
return Response(data, status=status.HTTP_403_FORBIDDEN)
if not user.is_active:
data = {
'error_code': 'social_inactive',
'status': 'Associated user is inactive.'
}
return Response(data, status=status.HTTP_403_FORBIDDEN)
payload = jwt_payload_handler(user)
return Response({'token': jwt_encode_handler(payload), 'username': user.username}) # 回傳JWT token及使用者帳號
def __getattr__(self, name, **kwargs):
"""Translate an HTTP verb into a request method."""
try:
return super(DjangoSoundcloudClient,
self).__getattr__(name, **kwargs)
except HTTPError:
strategy = load_strategy()
django_user.social_auth.get().refresh_token(strategy)
finally:
return super(DjangoSoundcloudClient,
self).__getattr__(name, **kwargs)
def refresh_access_token_for_user(self, user=None):
"""
Get a new access token using the refresh token
"""
if user is None:
user = User.objects.get(username=settings.SOCIAL_AUTH_FALLBACK_USERNAME)
# get the stored oauth2 access token for user
social = user.social_auth.get(provider='google-oauth2', user=user)
strategy = load_strategy(backend='google-oauth2')
new_token = social.refresh_token(strategy)
return new_token
def __getattr__(self, name, **kwargs):
"""Translate an HTTP verb into a request method."""
try:
return super(DjangoSoundcloudClient, self).__getattr__(name,
**kwargs)
except HTTPError:
strategy = load_strategy()
django_user.social_auth.get().refresh_token(strategy)
finally:
return super(DjangoSoundcloudClient, self).__getattr__(name,
**kwargs)
def create(self, request, *args, **kwargs):
provider = request.data['provider']
# If this request was made with an authenticated user, try to associate this social
# account with it
authed_user = request.user if not request.user.is_anonymous() else None
# `strategy` is a python-social-auth concept referencing the Python framework to
# be used (Django, Flask, etc.). By passing `request` to `load_strategy`, PSA
# knows to use the Django strategy
strategy = load_strategy(request)
# Now we get the backend that corresponds to our user's social auth provider
# e.g., Facebook, Twitter, etc.
backend = load_backend(strategy=strategy, name=provider, redirect_uri=None)
if isinstance(backend, BaseOAuth1):
# Twitter, for example, uses OAuth1 and requires that you also pass
# an `oauth_token_secret` with your authentication request
token = {
'oauth_token': request.data['access_token'],
'oauth_token_secret': request.data['access_token_secret'],
}
elif isinstance(backend, BaseOAuth2):
# We're using oauth's implicit grant type (usually used for web and mobile
# applications), so all we have to pass here is an access_token
token = request.data['access_token']
try:
# if `authed_user` is None, python-social-auth will make a new user,
# else this social account will be associated with the user you pass in
user = backend.do_auth(token, user=authed_user)
login(request, user)
except AuthAlreadyAssociated:
# You can't associate a social account with more than user
return Response({"errors": "That social media account is already in use"},
status=status.HTTP_400_BAD_REQUEST)
if user and user.is_active:
# if the access token was set to an empty string, then save the access token
# from the request
auth_created = user.social_auth.get(provider=provider)
if not auth_created.extra_data['access_token']:
# Facebook for example will return the access_token in its response to you.
# This access_token is then saved for your future use. However, others
# e.g., Instagram do not respond with the access_token that you just
# provided. We save it here so it can be used to make subsequent calls.
auth_created.extra_data['access_token'] = token
auth_created.save()
return get_access_token(user)
else:
return Response({"errors": "Error with social authentication"},
status=status.HTTP_400_BAD_REQUEST)
def complete(self, **kwargs):
# Before we proceed the auth, clear the session to ensure that no
# half-backed registrations are left over (this would result in a
# redirect to extradata after login even if the logged in user has a
# complete profile.
self.request.session.clear()
# Load social strategy to ensure this request looks like a social auth
# request.
self.request.social_strategy = load_strategy(backend='username')
return complete(self.request, 'username', **kwargs)
def refresh_access_tokens():
""" Refresh all social access tokens in turn.
This should avoid hitting http://dev.1flow.net/webapps/1flow/group/664/
"""
start_time = now()
users = User.objects.all()
# sleep_time = 1500 / count
count = users.count()
done = 0
errors = 0
nosoc = 0
django_stategy = load_strategy()
for user in users:
# See http://django-social-auth.readthedocs.org/en/latest/use_cases.html#token-refreshing # NOQA
# LOGGER.warning(u'Refreshing invalid access_token for user %s.',
# user.username)
social_accounts = user.social_auth.filter(provider='google-oauth2')
if social_accounts.count() == 0:
nosoc += 1
continue
for social in social_accounts:
try:
social.refresh_token(django_stategy)
except:
LOGGER.exception(
u'Access token could not be refreshed for '
u'user %s, forcing re-authentication at '
u'next login.', user.username)
# With `associate_by_email` in the social-auth pipeline,
# a reconnecting user will be re-associated with his
# existing Django account, getting back all his preferences
# and 1flow data. We delete here only the association.
social.delete()
errors += 1
else:
done += 1
LOGGER.warning(
u'refresh_access_tokens finished, %s/%s refreshed, '
u'%s error(s), %s not associated, duration: %s.', done, count, errors,
nosoc, humanize.time.naturaldelta(now() - start_time))
def create(self, request, *args, **kwargs):
if 'backend' not in request.data:
return Response({"errors": 'Specify backend type'},
status=status.HTTP_400_BAD_REQUEST)
elif request.data['backend'] != 'google':
return Response({"errors": 'Wrong backend type'},
status=status.HTTP_400_BAD_REQUEST)
else:
provider = GOOGLE_PROVIDER
if 'access_token' not in request.data or not request.data[
'access_token']:
return Response({"errors": 'Access_token is not provided'},
status=status.HTTP_400_BAD_REQUEST)
authed_user = request.user if not request.user.is_anonymous() else None
strategy = load_strategy(request)
backend = load_backend(strategy=strategy,
name=provider,
redirect_uri=None)
token = request.data['access_token']
is_new = False
try:
user = backend.do_auth(token, user=authed_user)
is_new = user.is_new
except AuthAlreadyAssociated:
return Response(
{"errors": "That social media account is already in use"},
status=status.HTTP_400_BAD_REQUEST)
except HTTPError:
try:
user = User.objects.get(token=token)
user.social_auth.get(provider=provider).refresh_token(strategy)
except:
return Response({"errors": "Unauthorized token for url"},
status=status.HTTP_403_FORBIDDEN)
if user and user.is_active:
auth_created = user.social_auth.get(provider=provider)
if auth_created.access_token != user.token:
user.token = auth_created.access_token
user.save()
resp = {'token': user.token, 'is_new': is_new, 'user_id': user.id}
serializer = self.get_serializer(data=resp)
serializer.is_valid(raise_exception=True)
headers = self.get_success_headers(serializer.data)
status_response = status.HTTP_201_CREATED if is_new else status.HTTP_200_OK
return Response(serializer.data,
status=status_response,
headers=headers)
else:
return Response({"errors": "Error with social authentication"},
status=status.HTTP_400_BAD_REQUEST)
def auth_by_token(request, backend):
uri = ''
strategy = load_strategy(request)
backend = load_backend(strategy, backend, uri)
user = request.user
user = backend.do_auth(
access_token=request.data.get('access_token'),
user=user.is_authenticated() and user or None
)
if user and user.is_active:
return user# Return anything that makes sense here
else:
return None
def refresh_access_tokens():
""" Refresh all social access tokens in turn.
This should avoid hitting http://dev.1flow.net/webapps/1flow/group/664/
"""
start_time = now()
users = User.objects.all()
# sleep_time = 1500 / count
count = users.count()
done = 0
errors = 0
nosoc = 0
django_stategy = load_strategy()
for user in users:
# See http://django-social-auth.readthedocs.org/en/latest/use_cases.html#token-refreshing # NOQA
# LOGGER.warning(u'Refreshing invalid access_token for user %s.',
# user.username)
social_accounts = user.social_auth.filter(provider='google-oauth2')
if social_accounts.count() == 0:
nosoc += 1
continue
for social in social_accounts:
try:
social.refresh_token(django_stategy)
except:
LOGGER.exception(u'Access token could not be refreshed for '
u'user %s, forcing re-authentication at '
u'next login.', user.username)
# With `associate_by_email` in the social-auth pipeline,
# a reconnecting user will be re-associated with his
# existing Django account, getting back all his preferences
# and 1flow data. We delete here only the association.
social.delete()
errors += 1
else:
done += 1
LOGGER.warning(u'refresh_access_tokens finished, %s/%s refreshed, '
u'%s error(s), %s not associated, duration: %s.',
done, count, errors, nosoc,
humanize.time.naturaldelta(now() - start_time))
def register_by_access_token(request, backend):
uri = ''
strategy = load_strategy(request)
backend = load_backend(strategy, backend, uri) # Split by spaces and get the array
if request.data['accessToken'] is None:
msg = 'No access token provided.'
return msg
else:
access_token = request.data['accessToken']
# Real authentication takes place here
user = backend.do_auth(access_token)
return user
def __init__(self, provider, uid, data):
self.strategy = load_strategy()
self.provider = provider
self.uid = uid
self.data = data
self.user = None
self.social = None
self.is_new = True
self.new_assoc = True
self.username = None
self.details = None
self.is_validated = False
self.cleaned_data = {}
self.load_proper_backend()
def __init__(self, provider, uid, data):
self.strategy = load_strategy()
self.provider = provider
self.uid = uid
self.data = data
self.user = None
self.social = None
self.is_new = True
self.new_assoc= True
self.username = None
self.details = None
self.is_validated = False
self.cleaned_data = {}
self.load_proper_backend()
def bind(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
user = request.user
oauth = Oauth.objects.create(
access_token=serializer.data['access_token'],
user=user,
provider=Providers.Github)
strategy = load_strategy(request=request)
kwargs = dict({(k, i)
for k, i in serializer.data.items() if k != 'backend'})
# 使用者驗證
tmp = strategy.backend.do_auth(**kwargs)
return Response(data={'message': '绑定成功'}, status=status.HTTP_200_OK)
def _send_refresh_request(user_social):
"""
Private function that refresh an user access token
"""
strategy = load_strategy()
try:
user_social.refresh_token(strategy)
except HTTPError as exc:
if exc.response.status_code in (400, 401,):
raise InvalidCredentialStored(
message='Received a {} status code from the OAUTH server'.format(
exc.response.status_code),
http_status_code=exc.response.status_code
)
raise
def register_by_access_token(request, backend):
access_token = request.DATA.get('access_token', None)
if not access_token:
return Response("missing access_token", status=400)
try:
user = request.strategy.backend.do_auth(access_token=access_token)
except Exception as err:
return Response(str(err), status=400)
if user:
social_fb_api.enrich_via_facebook(user)
strategy = load_strategy(request=request, backend=backend)
login(strategy.request, user)
serializer = LoginSerializer(instance=user, context={'request': request})
return Response(data=serializer.data, status=status.HTTP_200_OK)
else:
return Response("Bad Credentials", status=403)
def do_auth(oauth_token):
strategy = load_strategy()
path = NAMESPACE + ":complete"
backend = 'github'
backend = load_backend(strategy, backend,
reverse(path, args=(backend,)))
try:
user = backend.do_auth(access_token=oauth_token)
except requests.HTTPError as e:
raise AuthenticationFailed(e.response.json())
if not user:
raise AuthenticationFailed('Bad credentials')
social = user.social_auth.get(provider='github')
social.extra_data['access_token'] = oauth_token
social.save()
return user
def saml_metadata_view(request):
"""
Get the Service Provider metadata for this edx-platform instance.
You must send this XML to any Shibboleth Identity Provider that you wish to use.
"""
if not SAMLConfiguration.is_enabled():
raise Http404
complete_url = reverse('social:complete', args=("tpa-saml", ))
if settings.APPEND_SLASH and not complete_url.endswith('/'):
complete_url = complete_url + '/' # Required for consistency
saml_backend = load_backend(load_strategy(request), "tpa-saml", redirect_uri=complete_url)
metadata, errors = saml_backend.generate_metadata_xml()
if not errors:
return HttpResponse(content=metadata, content_type='text/xml')
return HttpResponseServerError(content=', '.join(errors))
def saml_metadata_view(request):
"""
Get the Service Provider metadata for this edx-platform instance.
You must send this XML to any Shibboleth Identity Provider that you wish to use.
"""
if not SAMLConfiguration.is_enabled():
raise Http404
complete_url = reverse('social:complete', args=("tpa-saml", ))
if settings.APPEND_SLASH and not complete_url.endswith('/'):
complete_url = complete_url + '/' # Required for consistency
saml_backend = load_backend(load_strategy(request), "tpa-saml", redirect_uri=complete_url)
metadata, errors = saml_backend.generate_metadata_xml()
if not errors:
return HttpResponse(content=metadata, content_type='text/xml')
return HttpResponseServerError(content=', '.join(errors))
def get_access_token_for_user(self, user=None):
"""
Retrieve social_auth token for given user, fall back to default user if
none given. This is only for demo/R&D purposes.
"""
self.logger.debug('get acces token debug test')
if user is None:
user = User.objects.get(username=settings.SOCIAL_AUTH_FALLBACK_USERNAME)
# get the stored oauth2 access token for user
social = user.social_auth.get(provider='google-oauth2', user=user)
# get a new access token using the refresh token if necessary
if social.extra_data['expires'] == 0:
self.logger.debug("""access token expired, retrieving new token
using refresh token""")
strategy = load_strategy(backend='google-oauth2')
social.refresh_token(strategy)
return social.extra_data['access_token']
def post(self, request):
auth_token = request.data.get('access_token', None)
backend = request.data.get('backend', None)
if auth_token and backend:
try:
user = auth_by_token(request, backend)
except Exception as err:
return Response(str(err), status=400)
if user:
strategy = load_strategy(request=request)
token, created = Token.objects.get_or_create(user=user)
return Response({'key': token.key})
else:
return Response("Bad Credentials", status=403)
else:
return Response("Bad request", status=400)
def get(self, request, *args, **kwargs):
from social.apps.django_app.utils import load_backend, load_strategy
complete_url = reverse('social:complete', args=('saml', ))
saml_backend = load_backend(
load_strategy(request),
'saml',
redirect_uri=complete_url,
)
try:
metadata, errors = saml_backend.generate_metadata_xml()
except Exception as e:
logger.exception('unable to generate SAML metadata')
errors = e
if not errors:
return HttpResponse(content=metadata, content_type='text/xml')
else:
return HttpResponse(content=str(errors), content_type='text/plain')
def post(self, request):
serializer = self.social_serializer(data=request.DATA,
files=request.FILES)
if serializer.is_valid():
backend = serializer.data['backend']
else:
return Response(serializer.errors,
status=status.HTTP_400_BAD_REQUEST)
strategy = load_strategy(request=request, backend=backend)
try:
kwargs = dict({(k, i)
for k, i in serializer.data.items()
if k != 'backend'})
user = request.user
kwargs['user'] = user.is_authenticated() and user or None
user = strategy.backend.do_auth(**kwargs)
except AuthAlreadyAssociated:
data = {
'error_code': 'social_already_accociated',
'status': 'Auth associated with another user.',
}
return Response(data, status=status.HTTP_403_FORBIDDEN)
if not user:
data = {
'error_code': 'social_no_user',
'status': 'No associated user.',
}
return Response(data, status=status.HTTP_403_FORBIDDEN)
if not user.is_active:
data = {
'error_code': 'social_inactive',
'status': 'Associated user is inactive.',
}
return Response(data, status=status.HTTP_403_FORBIDDEN)
_do_login(strategy, user)
if not self.user_serializer:
msg = 'SocialAuthView.user_serializer should be a serializer.'
raise ImproperlyConfigured(msg)
serializer = self.user_serializer(user)
return Response(serializer.data, status=status.HTTP_201_CREATED)
def social_register(request):
auth_token = request.data.get('access_token', None)
backend = request.data.get('backend', None)
if auth_token and backend:
try:
user = auth_by_token(request, backend)
except Exception, err:
return Response(str(err), status=400)
if user:
uri = ''
strategy = load_strategy(request)
backend = load_backend(strategy, backend, uri)
_do_login(backend , user, strategy)
return Response( "User logged in", status=status.HTTP_200_OK )
else:
return Response("Bad Credentials", status=403)
def api_request(self, url, params={}, refresh=True):
s = self.get_social_auth()
params.update({"format": "json"})
params.update({"access_token": s.access_token})
r = requests.get("https://ion.tjhsst.edu/api/{}".format(url),
params=params)
if r.status_code == 401:
if refresh:
try:
self.get_social_auth().refresh_token(load_strategy())
except:
client.captureException()
return self.api_request(url, params, False)
else:
client.captureMessage("Ion API Request Failure: {} {}".format(
r.status_code, r.json()))
return r.json()
def sync_youtube_videos(userobj=None):
playlist_users = Playlist.objects.exclude(youtube_pl_id__exact=None).\
filter(youtube_last_err=None)
playlist_users = Playlist.objects.exclude(youtube_pl_id__exact=None)
if userobj:
playlist_users = playlist_users.filter(user=userobj)
for user_items in playlist_users:
userobj = user_items.user.social_auth.get(provider='google-oauth2')
credentials = AccessTokenCredentials(
userobj.extra_data.get('access_token'), 'friendlyvibe/1.0')
youtube = build(
'youtube', 'v3', http=credentials.authorize(httplib2.Http()))
for plitem in user_items.playlistitem_set.filter(youtube_synced=None):
video_add = {}
try:
video_add = youtube.playlistItems().insert(
part="snippet",
body=dict(
snippet=dict(
playlistId=user_items.youtube_pl_id,
resourceId=dict(
kind='youtube#video',
videoId=plitem.item_obj.source_identifier
),
position=0
)
)
).execute()
except AccessTokenCredentialsError, e:
# refresh the token
strategy = load_strategy(backend='google-oauth2')
userobj.refresh_token(strategy)
except Exception, e:
# record the error so next time we won't attempt to send it
plitem.playlist_obj.youtube_last_err = str(e)
plitem.playlist_obj.save()
# make a note of the successfull answer
if video_add.get('id'):
plitem.youtube_synced = True
plitem.youtube_data = simplejson.dumps(video_add)
plitem.youtube_synced = datetime.datetime.now()
plitem.save()
def authenticate(self, request):
"""
Returns two-tuple of (user, token) if authentication succeeds,
or None otherwise.
"""
auth_header = get_authorization_header(request).decode(
HTTP_HEADER_ENCODING)
auth = auth_header.split()
if not auth or auth[0].lower() != 'bearer':
return None
if len(auth) == 1:
msg = 'Invalid token header. No backend provided.'
raise exceptions.AuthenticationFailed(msg)
elif len(auth) == 2:
msg = 'Invalid token header. No credentials provided.'
raise exceptions.AuthenticationFailed(msg)
elif len(auth) > 3:
msg = 'Invalid token header. Token string should not contain spaces.'
raise exceptions.AuthenticationFailed(msg)
token = auth[2]
backend = auth[1]
strategy = load_strategy(request=request)
try:
backend = load_backend(
strategy, backend,
reverse(SOCIAL_AUTH_NAMESPACE + ':complete', args=(backend, )))
except MissingBackend:
msg = 'Invalid token header. Invalid backend.'
raise exceptions.AuthenticationFailed(msg)
try:
user = backend.do_auth(access_token=token)
except requests.HTTPError as e:
msg = e.response.text
raise exceptions.AuthenticationFailed(msg)
if not user:
msg = 'Bad credentials.'
raise exceptions.AuthenticationFailed(msg)
return user, token
def post(self, request):
serializer = self.social_serializer(data=request.DATA,
files=request.FILES)
if serializer.is_valid():
backend = serializer.data['backend']
else:
return Response(serializer.errors,
status=status.HTTP_400_BAD_REQUEST)
strategy = load_strategy(request=request, backend=backend)
try:
kwargs = dict({(k, i) for k, i in serializer.data.items()
if k != 'backend'})
user = request.user
kwargs['user'] = user.is_authenticated() and user or None
user = strategy.backend.do_auth(**kwargs)
except AuthAlreadyAssociated:
data = {
'error_code': 'social_already_accociated',
'status': 'Auth associated with another user.',
}
return Response(data, status=status.HTTP_403_FORBIDDEN)
if not user:
data = {
'error_code': 'social_no_user',
'status': 'No associated user.',
}
return Response(data, status=status.HTTP_403_FORBIDDEN)
if not user.is_active:
data = {
'error_code': 'social_inactive',
'status': 'Associated user is inactive.',
}
return Response(data, status=status.HTTP_403_FORBIDDEN)
_do_login(strategy, user)
if not self.user_serializer:
msg = 'SocialAuthView.user_seriliser should be a serializer.'
raise ImproperlyConfigured(msg)
serializer = self.user_serializer(user)
return Response(serializer.data, status=status.HTTP_201_CREATED)
def _authenticate_with_facebook(self, request):
# WARNING! not rest_framework.Request, nor django.Request
# but oauthlib.oauth.common.Request
fb_token = getattr(request, 'fb_token', None)
if not fb_token:
return None
strategy = load_strategy(backend='facebook')
user = FacebookBackend(strategy=strategy).do_auth(fb_token)
if user and user.is_active:
f_uid = UserSocialAuth.objects.values('uid').get(user_id=user.pk)['uid']
img = FACEBOOK_IMG_URL % f_uid
if user.img != img:
user.img = img
user.save()
return user
def post(self, request, *args, **kwargs):
"""
:param request:here we get post request with access token
:return:this function use that access token and authenticate with backend and create a user
and return response code 201 for created
"""
try:
provider = 'google-oauth2'
authed_user = request.user if not request.user.is_anonymous else None
strategy = load_strategy(request)
backend = load_backend(strategy=strategy,
name=provider,
redirect_uri=None)
if isinstance(backend, BaseOAuth1):
token = {
'oauth_token': request.data['access_token'],
'oauth_token_secret': request.data['access_token_secret'],
}
elif isinstance(backend, BaseOAuth2):
token = request.data['access_token']
try:
user = backend.do_auth(token, user=authed_user)
except AuthAlreadyAssociated:
return Response(
{"errors": "That social media account is already in use"},
status=status.HTTP_400_BAD_REQUEST)
if user and user.is_active:
return Response('logged in', status=status.HTTP_201_CREATED)
else:
return Response({"errors": "Error with social authentication"},
status=status.HTTP_400_BAD_REQUEST)
except Exception:
smd = Smd_Response()
return smd
def create(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.DATA,
files=request.FILES)
if serializer.is_valid():
self.pre_save(serializer.object)
provider = request.DATA['provider']
# If this request was made with an authenticated user, try to associate this social account with it
authed_user = request.user if not request.user.is_anonymous(
) else None
strategy = load_strategy(request)
backend = load_backend(strategy=strategy,
name=provider,
redirect_uri=None)
if isinstance(backend, BaseOAuth1):
token = {
'oauth_token': request.DATA['access_token'],
'oauth_token_secret': request.DATA['access_token_secret'],
}
elif isinstance(backend, BaseOAuth2):
token = request.DATA['access_token']
user = backend.do_auth(token, user=authed_user)
serializer.object = user
if user and user.is_active:
if not authed_user and request.DATA['password']:
password = base64.decodestring(request.DATA['password'])
user.set_password(password)
user.save()
self.post_save(serializer.object, created=True)
headers = self.get_success_headers(serializer.data)
return Response(serializer.data,
status=status.HTTP_201_CREATED,
headers=headers)
else:
return Response({"errors": "Error with social authentication"},
status=status.HTTP_400_BAD_REQUEST)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
def post(self, request):
from social.apps.django_app.utils import load_strategy
from urllib2 import unquote
strategy = load_strategy()
uid = request.POST.get('uid')
provider = request.POST.get('provider')
details = json.loads(unquote(request.DATA.get('details')))
response = json.loads(unquote(request.DATA.get('response')))
try:
social = UserSocialAuth.objects.get(provider=provider,uid=uid)
return Response(user_dict(social.user))
except UserSocialAuth.DoesNotExist:
manager = SocialAuthManager(provider, uid, details)
if manager.user.pk:
profile = profile_activation(manager.user)
manager_data = manager.is_valid()
return Response(user_dict(manager.user))
def __crest(self):
"""
Helper function to occasionally refresh the access token whenever it
expires.
"""
provider = self.social_auth.get(provider='eveonline')
difference = (datetime.strptime(provider.extra_data['expires'],
"%Y-%m-%dT%H:%M:%S") -
datetime.now()).total_seconds()
if difference < 10:
provider.refresh_token(load_strategy())
expiry = datetime.now() + timedelta(seconds=1200)
provider.extra_data['expires'] = expiry.strftime(
"%Y-%m-%dT%H:%M:%S")
provider.save()
return provider.extra_data
def social_sign_up(request):
data = {}
status = 400
try:
provider = request.data['provider']
a_user = request.user if not request.user.is_anonymous() else None
strategy = load_strategy(request)
backend = load_backend(strategy=strategy,
name=provider,
redirect_uri=None)
if isinstance(backend, BaseOAuth1):
access_token = {
'oauth_token': request.data['access_token'],
'oauth_token_secret': request.data['access_token_secret'],
}
else:
# We assume that if our backend is not instance of BaseOAuth1,
# it is instance of BaseOAuth2
access_token = request.data['access_token']
user = backend.do_auth(access_token, user=a_user)
if user and user.is_active:
social = user.social_auth.get(provider=provider)
if social.extra_data['access_token']:
social.extra_data['access_token'] = access_token
social.save()
login(request, user)
token = Token.objects.get(user=user)
data = {'username': user.username, 'id': user.id, 'token': token.key}
status = 200
except KeyError as k:
data['detail'] = ['{} parameter is missed'.format(k)]
except Exception as exc:
data['detail'] = [str(exc)]
finally:
return Response(data, status=status)
