def login_view():
next_url = request.args.get('next', default='/', type=str)
if app.config.get('IGNORE_AUTH'):
fake_id = 'anonymous_superuser'
anonymous_superuser = models.User.query.get(fake_id)
if not anonymous_superuser:
anonymous_superuser = models.User(
id=fake_id,
email_address='*****@*****.**',
superuser=True)
db.session.add(anonymous_superuser)
db.session.commit()
login_user(anonymous_superuser)
confirm_login()
return redirect(next_url)
# Inspired by:
# http://stackoverflow.com/questions/9499286
# /using-google-oauth2-with-flask
params = dict(
response_type='code',
client_id=app.config['GOOGLE_OAUTH2_CLIENT_ID'],
redirect_uri=app.config['GOOGLE_OAUTH2_REDIRECT_URI'],
scope=GOOGLE_OAUTH2_SCOPES,
state=urllib.quote(next_url),
)
if app.config['GOOGLE_OAUTH2_HOSTED_DOMAIN'] is not None:
params['hd'] = app.config['GOOGLE_OAUTH2_HOSTED_DOMAIN']
target_url = '%s?%s' % (GOOGLE_OAUTH2_AUTH_URL, urllib.urlencode(params))
logging.debug('Redirecting user to login at url=%r', target_url)
return redirect(target_url)
def login_auth():
# TODO: Handle when the 'error' parameter is present
params = dict(
code=request.args.get('code'),
client_id=config.GOOGLE_OAUTH2_CLIENT_ID,
client_secret=config.GOOGLE_OAUTH2_CLIENT_SECRET,
redirect_uri=config.GOOGLE_OAUTH2_REDIRECT_URI,
grant_type='authorization_code'
)
payload = urllib.urlencode(params)
logging.debug('Posting for token to url=%r, payload=%r',
GOOGLE_OAUTH2_TOKEN_URL, payload)
fetch_request = urllib2.Request(GOOGLE_OAUTH2_TOKEN_URL, payload)
conn = urllib2.urlopen(fetch_request, timeout=FETCH_TIMEOUT_SECONDS)
data = conn.read()
result_dict = json.loads(data)
params = dict(
access_token=result_dict['access_token']
)
payload = urllib.urlencode(params)
target_url = '%s?%s' % (GOOGLE_OAUTH2_USERINFO_URL, payload)
logging.debug('Fetching user info from url=%r', target_url)
fetch_request = urllib2.Request(target_url)
conn = urllib2.urlopen(fetch_request, timeout=FETCH_TIMEOUT_SECONDS)
data = conn.read()
result_dict = json.loads(data)
logging.debug('Result user info dict: %r', result_dict)
email_address = result_dict['email']
if not result_dict['verified_email']:
abort(flask.Response('Your email address must be verified', 403))
user_id = '%s:%s' % (models.User.GOOGLE_OAUTH2, result_dict['id'])
user = models.User.query.get(user_id)
if not user:
user = models.User(id=user_id)
# Email address on the account may change, user ID will stay the same.
# Do not allow the user to claim existing build invitations with their
# old email address.
if user.email_address != email_address:
user.email_address = email_address
user.last_seen = datetime.datetime.utcnow()
db.session.add(user)
db.session.commit()
login_user(user)
confirm_login()
# Clear all flashed messages from the session on login.
flask.get_flashed_messages()
final_url = urllib.unquote(request.args.get('state'))
logging.debug('User is logged in. Redirecting to url=%r', final_url)
return redirect(final_url)
def manage_admins():
"""Page for viewing and managing build admins."""
build = g.build
# Do not show cached data
db.session.add(build)
db.session.refresh(build)
add_form = forms.AddAdminForm()
if add_form.validate_on_submit():
invitation_user_id = '%s:%s' % (models.User.EMAIL_INVITATION,
add_form.email_address.data)
invitation_user = models.User.query.get(invitation_user_id)
if not invitation_user:
invitation_user = models.User(
id=invitation_user_id,
email_address=add_form.email_address.data)
db.session.add(invitation_user)
db.session.add(build)
db.session.add(invitation_user)
db.session.refresh(build, lockmode='update')
build.owners.append(invitation_user)
save_admin_log(build,
invited_new_admin=True,
message=invitation_user.email_address)
db.session.commit()
logging.info('Added user=%r as owner to build_id=%r',
invitation_user.id, build.id)
return redirect(url_for('manage_admins', build_id=build.id))
add_form.build_id.data = build.id
revoke_form_list = []
for user in build.owners:
form = forms.RemoveAdminForm()
form.user_id.data = user.id
form.build_id.data = build.id
form.revoke.data = True
revoke_form_list.append((user, form))
return render_template('view_admins.html',
build=build,
add_form=add_form,
revoke_form_list=revoke_form_list)
