class DelegatedOAuthMiddleware(object):
def __init__(self):
if settings.OAUTH_ENABLED:
self.is_oauth_enabled = True
logger.info("clientid = %s" % settings.OAUTH_CLIENT_ID)
self.oauth = OAuth(
key=settings.OAUTH_CLIENT_ID,
secret=settings.OAUTH_CLIENT_SECRET,
callback_url=settings.OAUTH_CALLBACK,
domain=settings.OAUTH_DOMAIN,
access_token_url=settings.OAUTH_ACCESS_TOKEN_URL,
authorize_url=settings.OAUTH_AUTHORIZE_URL,
scope=settings.OAUTH_DEFAULT_SCOPE)
logger.info("Successfully created OAuth!")
else:
logger.info("OAuth is not enabled!")
self.is_oauth_enabled = False
def process_request(self, request):
if request.path.startswith('/auth/'):
logger.debug("Bypass OAuth redirect request " + request.path)
return None
if request.path.startswith('/health_check/'):
logger.debug("Bypass health_check request " + request.path)
return None
if not self.is_oauth_enabled:
anonymous = UserIdentity(name="anonymous")
request.teletraan_user_id = anonymous
return None
# extract employee oauth token, redirect to OAuth if missing or invalid
if self.oauth.validate_token(session=request.session):
username = request.session.get('teletraan_user')
token = request.session.get('oauth_token')
userId = UserIdentity(name=username, token=token)
request.teletraan_user_id = userId
return None
else:
# TODO call logout to remove session cleanly
# self.logout(request)
data = {'origin_path': request.get_full_path()}
url = self.oauth.get_authorization_url(session=request.session,
data=data)
logger.debug("Redirect oauth for authentication!, url = " + url)
return HttpResponseRedirect(url)
# TODO not currently used, need to add logout button on the UI and call this
def logout(self, request):
self.oauth.logout(session=request.session)
if 'teletraan_user' in request.session:
del request.session['teletraan_user']
return HttpResponseRedirect('/')
class DelegatedOAuthMiddleware(object):
def __init__(self):
if settings.OAUTH_ENABLED:
self.is_oauth_enabled = True
logger.info("clientid = %s" % settings.OAUTH_CLIENT_ID)
self.oauth = OAuth(
key=settings.OAUTH_CLIENT_ID,
secret=settings.OAUTH_CLIENT_SECRET,
callback_url=settings.OAUTH_CALLBACK,
domain=settings.OAUTH_DOMAIN,
access_token_url=settings.OAUTH_ACCESS_TOKEN_URL,
authorize_url=settings.OAUTH_AUTHORIZE_URL,
scope=settings.OAUTH_DEFAULT_SCOPE
)
logger.info("Successfully created OAuth!")
else:
logger.info("OAuth is not enabled!")
self.is_oauth_enabled = False
def process_request(self, request):
if request.path.startswith('/auth/'):
logger.debug("Bypass OAuth redirect request " + request.path)
return None
if request.path.startswith('/health_check/'):
logger.debug("Bypass health_check request " + request.path)
return None
if not self.is_oauth_enabled:
anonymous = UserIdentity(name="anonymous")
request.teletraan_user_id = anonymous
return None
# extract employee oauth token, redirect to OAuth if missing or invalid
if self.oauth.validate_token(session=request.session):
username = request.session.get('teletraan_user')
token = request.session.get('oauth_token')
userId = UserIdentity(name=username, token=token)
request.teletraan_user_id = userId
return None
else:
# TODO call logout to remove session cleanly
# self.logout(request)
data = {'origin_path': request.get_full_path()}
url = self.oauth.get_authorization_url(session=request.session, data=data)
logger.debug("Redirect oauth for authentication!, url = " + url)
return HttpResponseRedirect(url)
# TODO not currently used, need to add logout button on the UI and call this
def logout(self, request):
self.oauth.logout(session=request.session)
if 'teletraan_user' in request.session:
del request.session['teletraan_user']
return HttpResponseRedirect('/')
def login_authorized(request):
logger.debug("Redirect back from oauth!")
if not settings.OAUTH_ENABLED:
logger.error("OAuth is not enabled!")
return HttpResponseRedirect('/')
oauth = OAuth(key=settings.OAUTH_CLIENT_ID,
secret=settings.OAUTH_CLIENT_SECRET,
callback_url=settings.OAUTH_CALLBACK,
domain=settings.OAUTH_DOMAIN,
access_token_url=settings.OAUTH_ACCESS_TOKEN_URL,
authorize_url=settings.OAUTH_AUTHORIZE_URL,
scope=settings.OAUTH_DEFAULT_SCOPE)
code = request.GET.get('code')
state = request.GET.get('state')
try:
data = oauth.handle_oauth2_response(code,
state,
session=request.session)
user_name = oauth.oauth_data(
user_info_uri=settings.OAUTH_USER_INFO_URI,
session=request.session)
# extract user_name from oauth_data based on OAUTH_USERNAME_INFO_KEY and OAUTH_EXTRACT_USERNAME_FROM_EMAIL
if settings.OAUTH_USERNAME_INFO_KEY:
keys = settings.OAUTH_USERNAME_INFO_KEY.split()
for key in keys:
user_name = user_name[key]
if settings.OAUTH_EXTRACT_USERNAME_FROM_EMAIL is not None and settings.OAUTH_EXTRACT_USERNAME_FROM_EMAIL == "TRUE":
user_name = user_name.split("@")[0]
except OAuthException as e:
# failed to login for some reason, do something
logger.error(traceback.format_exc())
return render(request, 'oauth_failure.html', {
"message": e.message,
})
except OAuthExpiredTokenException as e:
# When auth.pinadmin.com returns a 401 error
logger.error(traceback.format_exc())
# remove access token from session cookie and redirect to / page
# this will cause a re trigger of auth.pinadmin.com login process
oauth.oauth_handler.token_remove(session=request.session)
return HttpResponseRedirect("/")
logger.debug("get user_name %s and data %s back from oauth!" %
(user_name, data))
request.session['teletraan_user'] = user_name
if data and 'origin_path' in data:
return HttpResponseRedirect(data['origin_path'])
return HttpResponseRedirect('/')
def login_authorized(request):
logger.debug("Redirect back from oauth!")
if not settings.OAUTH_ENABLED:
logger.error("OAuth is not enabled!")
return HttpResponseRedirect('/')
oauth = OAuth(
key=settings.OAUTH_CLIENT_ID,
secret=settings.OAUTH_CLIENT_SECRET,
callback_url=settings.OAUTH_CALLBACK,
domain=settings.OAUTH_DOMAIN,
access_token_url=settings.OAUTH_ACCESS_TOKEN_URL,
authorize_url=settings.OAUTH_AUTHORIZE_URL,
scope=settings.OAUTH_DEFAULT_SCOPE
)
code = request.GET.get('code')
state = request.GET.get('state')
try:
data = oauth.handle_oauth2_response(code, state, session=request.session)
user_name = oauth.oauth_data(user_info_uri=settings.OAUTH_USER_INFO_URI, session=request.session)
# extract user_name from oauth_data based on OAUTH_USERNAME_INFO_KEY and OAUTH_EXTRACT_USERNAME_FROM_EMAIL
if settings.OAUTH_USERNAME_INFO_KEY is not None:
keys = settings.OAUTH_USERNAME_INFO_KEY.split()
for key in keys:
user_name = user_name[key]
if settings.OAUTH_EXTRACT_USERNAME_FROM_EMAIL is not None and settings.OAUTH_EXTRACT_USERNAME_FROM_EMAIL == "TRUE":
user_name = user_name.split("@")[0]
except OAuthException as e:
# failed to login for some reason, do something
logger.error(traceback.format_exc())
return render(request, 'oauth_failure.html', {
"message": e.message,
})
except OAuthExpiredTokenException as e:
# When auth.pinadmin.com returns a 401 error
logger.error(traceback.format_exc())
# remove access token from session cookie and redirect to / page
# this will cause a re trigger of auth.pinadmin.com login process
oauth.oauth_handler.token_remove(session=request.session)
return HttpResponseRedirect("/")
logger.debug("get user_name %s and data %s back from oauth!" % (user_name, data))
request.session['teletraan_user'] = user_name
if data and 'origin_path' in data:
return HttpResponseRedirect(data['origin_path'])
return HttpResponseRedirect('/')
def __init__(self):
if settings.OAUTH_ENABLED:
self.is_oauth_enabled = True
logger.info("clientid = %s" % settings.OAUTH_CLIENT_ID)
self.oauth = OAuth(
key=settings.OAUTH_CLIENT_ID,
secret=settings.OAUTH_CLIENT_SECRET,
callback_url=settings.OAUTH_CALLBACK,
domain=settings.OAUTH_DOMAIN,
access_token_url=settings.OAUTH_ACCESS_TOKEN_URL,
authorize_url=settings.OAUTH_AUTHORIZE_URL,
scope=settings.OAUTH_DEFAULT_SCOPE)
logger.info("Successfully created OAuth!")
else:
logger.info("OAuth is not enabled!")
self.is_oauth_enabled = False
def logout(request):
logger.debug("Logout %s!" %
request.session.get("teletraan_user", "anonymous"))
if not settings.OAUTH_ENABLED:
logger.error("OAuth is not enabled!")
return HttpResponseRedirect('/')
oauth = OAuth(key=settings.OAUTH_CLIENT_ID,
secret=settings.OAUTH_CLIENT_SECRET,
callback_url=settings.OAUTH_CALLBACK,
domain=settings.OAUTH_DOMAIN,
access_token_url=settings.OAUTH_ACCESS_TOKEN_URL,
authorize_url=settings.OAUTH_AUTHORIZE_URL,
scope=settings.OAUTH_DEFAULT_SCOPE)
oauth.logout(session=request.session)
if 'teletraan_user' in request.session:
del request.session['teletraan_user']
return HttpResponseRedirect('/loggedout/')
def logout(request):
logger.debug("Logout %s!" % request.session.get("teletraan_user", "anonymous"))
if not settings.OAUTH_ENABLED:
logger.error("OAuth is not enabled!")
return HttpResponseRedirect('/')
oauth = OAuth(
key=settings.OAUTH_CLIENT_ID,
secret=settings.OAUTH_CLIENT_SECRET,
callback_url=settings.OAUTH_CALLBACK,
domain=settings.OAUTH_DOMAIN,
access_token_url=settings.OAUTH_ACCESS_TOKEN_URL,
authorize_url=settings.OAUTH_AUTHORIZE_URL,
scope=settings.OAUTH_DEFAULT_SCOPE
)
oauth.logout(session=request.session)
if 'teletraan_user' in request.session:
del request.session['teletraan_user']
return HttpResponseRedirect('/loggedout/')
def login_authorized(request):
logger.debug("Redirect back from oauth!")
if not settings.OAUTH_ENABLED:
logger.error("OAuth is not enabled!")
return HttpResponseRedirect('/')
oauth = OAuth(key=settings.OAUTH_CLIENT_ID,
secret=settings.OAUTH_CLIENT_SECRET,
callback_url=settings.OAUTH_CALLBACK,
domain=settings.OAUTH_DOMAIN,
access_token_url=settings.OAUTH_ACCESS_TOKEN_URL,
authorize_url=settings.OAUTH_AUTHORIZE_URL,
scope=settings.OAUTH_DEFAULT_SCOPE)
code = request.GET.get('code')
state = request.GET.get('state')
try:
data = oauth.handle_oauth2_response(code,
state,
session=request.session)
user_name = oauth.oauth_data(
user_info_uri=settings.OAUTH_USER_INFO_URI,
key=settings.OAUTH_USERNAME_INFO_KEY,
session=request.session)['username']
except OAuthException as e:
# failed to login for some reason, do something
logger.error(traceback.format_exc())
return render(request, 'oauth_failure.html', {
"message": e.message,
})
logger.debug("get user_name %s and data %s back from oauth!" %
(user_name, data))
request.session['teletraan_user'] = user_name
if data and 'origin_path' in data:
return HttpResponseRedirect(data['origin_path'])
return HttpResponseRedirect('/')
def login_authorized(request):
logger.debug("Redirect back from oauth!")
if not settings.OAUTH_ENABLED:
logger.error("OAuth is not enabled!")
return HttpResponseRedirect('/')
oauth = OAuth(
key=settings.OAUTH_CLIENT_ID,
secret=settings.OAUTH_CLIENT_SECRET,
callback_url=settings.OAUTH_CALLBACK,
domain=settings.OAUTH_DOMAIN,
access_token_url=settings.OAUTH_ACCESS_TOKEN_URL,
authorize_url=settings.OAUTH_AUTHORIZE_URL,
scope=settings.OAUTH_DEFAULT_SCOPE
)
code = request.GET.get('code')
state = request.GET.get('state')
try:
data = oauth.handle_oauth2_response(code, state, session=request.session)
user_name = oauth.oauth_data(user_info_uri=settings.OAUTH_USER_INFO_URI,
key=settings.OAUTH_USERNAME_INFO_KEY,
session=request.session)['username']
except OAuthException as e:
# failed to login for some reason, do something
logger.error(traceback.format_exc())
return render(request, 'oauth_failure.html', {
"message": e.message,
})
logger.debug("get user_name %s and data %s back from oauth!" % (user_name, data))
request.session['teletraan_user'] = user_name
if data and 'origin_path' in data:
return HttpResponseRedirect(data['origin_path'])
return HttpResponseRedirect('/')
def __init__(self):
if settings.OAUTH_ENABLED:
self.is_oauth_enabled = True
logger.info("clientid = %s" % settings.OAUTH_CLIENT_ID)
self.oauth = OAuth(
key=settings.OAUTH_CLIENT_ID,
secret=settings.OAUTH_CLIENT_SECRET,
callback_url=settings.OAUTH_CALLBACK,
domain=settings.OAUTH_DOMAIN,
access_token_url=settings.OAUTH_ACCESS_TOKEN_URL,
authorize_url=settings.OAUTH_AUTHORIZE_URL,
scope=settings.OAUTH_DEFAULT_SCOPE
)
logger.info("Successfully created OAuth!")
else:
logger.info("OAuth is not enabled!")
self.is_oauth_enabled = False
from auth import OAuth
import requests
auth = OAuth()
headers = {'Authorization': f'bearer {auth.config["access_token"]}'}
r = requests.get(auth.url_root, headers=headers)
print(r.text)