def post(self):
# Validate the identity
id_token = json.loads(request.data.decode())["id_token"]
if id_token is None:
return "No ID token provided", HTTPStatus.FORBIDDEN
try:
identity = validate_id_token(id_token, app.config["GOOGLE_CLIENT_ID"])
except ValueError:
return "Invalid ID token", HTTPStatus.FORBIDDEN
# Get the user info out of the validated identity
if "sub" not in identity or "name" not in identity or "picture" not in identity:
return "Unexcpected authorization response", HTTPStatus.FORBIDDEN
# This just adds a new user that hasn't been seen before and assumes it
# will work, but you could extend the logic to do something different
# (such as only allow known users, or somehow mark a user as new so
# your frontend can collect extra profile information).
user = user_manager.add_or_update_google_user(
identity["sub"], identity["name"], identity["picture"]
)
# Authorize the user:
user_log_in = login_user(user, force=True)
return self.get()
def post(self):
# Validate the identity
id_token = request.form.get('id_token')
if id_token is None:
print("No ID token provided")
return "No ID token provided", HTTPStatus.FORBIDDEN
try:
identity = google_token.validate_id_token(
id_token, app.config['GOOGLE_CLIENT_ID'])
except ValueError:
print("No ID token provided")
return 'Invalid ID token', HTTPStatus.FORBIDDEN
# Get the user info out of the validated identity
if ('sub' not in identity or
'name' not in identity or
'picture' not in identity):
print("Unexcpected authorization response")
return "Unexcpected authorization response", HTTPStatus.FORBIDDEN
# This just adds a new user that hasn't been seen before and assumes it
# will work, but you could extend the logic to do something different
# (such as only allow known users, or somehow mark a user as new so
# your frontend can collect extra profile information).
user = user_manager.add_or_update_google_user(
identity['sub'], identity['name'], identity['picture'])
# Authorize the user:
login_user(user, remember=True)
return self.get()
def post(cls):
'''User Google Login'''
try:
if 'id_token' not in request.get_json():
return {"msg": "No Google ID token provided"}, HTTPStatus.FORBIDDEN
token = request.get_json()['id_token']
try:
identity = google_token.validate_id_token(
token, configs['GOOGLE_CLIENT_ID'])
except ValueError:
return {"message": 'Invalid Google ID token'}, HTTPStatus.FORBIDDEN
# Get the user info out of the validated identity
if ('email' not in identity or 'name' not in identity):
return {"message": "Unexcpected authorization response"}, HTTPStatus.FORBIDDEN
if not UserModel.find_by_email(email=identity['email']):
user = UserModel(
email=identity['email'], name=identity['name'])
user.save_to_db()
access_token = create_access_token(
identity=identity['email'], expires_delta=datetime.timedelta(hours=1))
isAdmin = check_admin_credential(identity['email'])
return {"message": "Login Success", "access_token": access_token, "isAdmin":isAdmin, "email": identity['email']}, HTTPStatus.OK
except Exception as e:
print(e)
return {"message": "Something went wrong!"}, HTTPStatus.INTERNAL_SERVER_ERROR
def post(self):
# Validate the identity
id_token = json.loads(request.data.decode())["id_token"]
try:
identity = validate_id_token(id_token, google_app_credentials["client_id"])
except ValueError:
return make_response(jsonify({"message": "Invalid ID token"}, HTTPStatus.FORBIDDEN))
if not identity["email_verified"]:
return make_response(jsonify({"message": "Email not verfied"}, HTTPStatus.FORBIDDEN))
# save user to application if does not exists
user_from_pool: UserPool = UserPool.get_user_from_pool(identity['email'])
if not user_from_pool:
UserPool.register_user_in_pool(UserPool(name=identity["name"], email=identity["email"],password=None, provider="Google"))
user = User(identity["name"], identity["email"])
User.create_user(user)
# create access and refresh tokens
access_token = jwt.encode({
'public_id': user_from_pool.email,
'name' : user_from_pool.name,
'iat': datetime.datetime.utcnow(),
'nbf': datetime.datetime.utcnow(),
'exp': datetime.datetime.utcnow() + datetime.timedelta(minutes=30)
}, 'my_precious_secret_key')
refresh_token = jwt.encode({
'public_id': user_from_pool.email,
'iat': datetime.datetime.utcnow(),
'nbf': datetime.datetime.utcnow(),
'exp': datetime.datetime.utcnow() + datetime.timedelta(days=1)
}, 'my_secret_key')
return make_response(jsonify({"access_token" : access_token.decode("UTF-8"), "refresh_token" : refresh_token.decode("UTF-8")}), 200)
def login():
data = request.json
id_token = data.get("id_token")
# Case 1: Null Check
if id_token is None:
return jsonify({"login": False})
# Case 2: Decodes Token + Checks For Invalid ID Token
try:
identity = google_token.validate_id_token(
id_token, app.config['GOOGLE_CLIENT_ID'])
except ValueError:
return jsonify({"login": False})
# Case 3: Unexpected Response
if ('email' not in identity):
return jsonify({"login": False})
# Case 4: Unauthorized @berkeley.edu email login
cur = conn.cursor()
sql = """SELECT id FROM authusers WHERE email=%s"""
# Execute a query
cur.execute(sql, (identity['email'], ))
# Retrieve query results
records = cur.fetchall()
print(records)
# Close cursor
cur.close()
if len(records) == 0:
return jsonify({"login": False})
print(records[0][0])
# Create user and signin
user_model = User(records[0][0], identity['email'])
login_user(user_model)
return jsonify({"login": True})