def google_auth(self,request,response,badResponse,*args,**kwargs):
# pdb.set_trace()
auth_code = json.loads(request.body.decode('utf-8'))['auth_code']
# try:
credentials = google_client.credentials_from_clientsecrets_and_code(
settings.CLIENT_SECRET_FILE,
# ['https://www.googleapis.com/plus/v1/people/me'],
["https://www.googleapis.com/auth/plus.me","https://www.googleapis.com/auth/userinfo.profile"], #Important: Use different scopes to use different google apis
auth_code)
http_auth = credentials.authorize(httplib2.Http())
user_service = discovery.build('oauth2', 'v1', http=http_auth)
userinfo = user_service.userinfo().get().execute()
gsm_user_util = GSMUsersUtils(params={'email':userinfo['email'],'first_name':userinfo['given_name'],'last_name':userinfo['family_name']})
gsm_usr_obj = gsm_user_util.findOrCreate()
if not gsm_usr_obj.verified:
gsm_usr_obj.verified = True
gsm_usr_obj.save(update_fields=['verified'])
stoken = SessionTokenUtils(gsm_user=gsm_usr_obj.id)
vtoken = VerificationTokenUtils(gsm_user=gsm_usr_obj.id)
vtoken.expireToken()
res = {}
res['sessiontoken'] = stoken.token.__dict__[stoken.token_name]
# res['user'] = JSONRenderer().render(GSMUsersSerializer(gsm_usr_obj).data)
res['user'] = GSMUsersSerializer(gsm_usr_obj).data
response.write("%s"%(json.dumps(res)))
return response
def post(self, request, format=None):
code = request.data.get('code')
credentials = client.credentials_from_clientsecrets_and_code(
settings.CLIENT_SECRET_FILE, ['profile', 'email'], code)
google_id = credentials.id_token.get('sub')
username = credentials.id_token.get('email')
full_name = credentials.id_token.get('name')
avatar = credentials.id_token.get('picture')
try:
user = User.objects.get(profile__google_id=google_id)
token, created = Token.objects.get_or_create(user=user)
return Response({'token': token.key}, status=status.HTTP_200_OK)
except:
pass
try:
User.objects.get(username=username)
return Response(
{'login_error': 'There was an account with this username'},
status=status.HTTP_400_BAD_REQUEST)
except:
pass
user = User.objects.create_user(username=username)
profile = Profile(full_name=full_name,
avatar=avatar,
google_id=google_id,
password_set=False,
user=user)
profile.save()
token, created = Token.objects.get_or_create(user=user)
return Response({'token': token.key}, status=status.HTTP_201_CREATED)
def export_google_sheet_do_export():
spreadsheet_id = request.values.get('spreadsheet_id')
name = request.values.get('name')
code = request.values.get('code')
if code is None:
raise InvalidUsage('no code specified')
# Exchange auth code for access token
credentials = client.credentials_from_clientsecrets_and_code(
current_app.config.get('GOOGLE_CLIENT_SECRET_FILE'),
['https://www.googleapis.com/auth/spreadsheets', 'profile'], code)
http_auth = credentials.authorize(httplib2.Http())
sheet_service = discovery.build('sheets', 'v4', http=http_auth)
if spreadsheet_id is None or spreadsheet_id == '':
# No spreadsheet id specified -> create one
if name is None or name == '':
raise InvalidUsage('no name specified for spreadsheet')
response = sheet_service.spreadsheets().create(body={
'properties': {
'title': name
}
}).execute()
spreadsheet_id = response['spreadsheetId']
print('************ SSID: ', spreadsheet_id)
return jsonify(response={'spreadsheetId': spreadsheet_id})
def storeauthcode():
# If this request does not have `X-Requested-With` header, this could be a CSRF
if not request.headers.get('X-Requested-With'):
# abort(403)
return json.dumps({'error': "error"})
auth_code = request.data
# Set path to the Web application client_secret_*.json file you downloaded from the
# Google API Console: https://console.developers.google.com/apis/credentials
CLIENT_SECRET_FILE = 'client_secrets.json'
# Exchange auth code for access token, refresh token, and ID token
credentials = client.credentials_from_clientsecrets_and_code(
CLIENT_SECRET_FILE,
['https://www.googleapis.com/auth/drive.appdata', 'profile', 'email'],
auth_code)
# Call Google API
http_auth = credentials.authorize(httplib2.Http())
# drive_service = discovery.build('drive', 'v3', http=http_auth)
# appfolder = drive_service.files().get(fileId='appfolder').execute()
# Get profile info from ID token
userid = credentials.id_token['sub']
email = credentials.id_token['email']
return json.dumps({'user': userid, 'email': email})
def post(request):
credentials = client.credentials_from_clientsecrets_and_code(
os.path.join(settings.BASE_DIR, 'Tutorials', 'secret_file.json'), [
'https://www.googleapis.com/auth/calendar',
'https://www.googleapis.com/auth/classroom.courses.readonly',
'https://www.googleapis.com/auth/classroom.profile.photos',
'https://www.googleapis.com/auth/classroom.announcements',
'https://www.googleapis.com/auth/classroom.coursework.students',
'https://www.googleapis.com/auth/userinfo.email',
'https://www.googleapis.com/auth/userinfo.profile',
'https://www.googleapis.com/auth/classroom.rosters'
], request.data['code'])
account, created = User.objects.get_or_create(
email=credentials.id_token['email'],
username=credentials.id_token['email'])
account.username = account.id
token, created = Token.objects.get_or_create(user=account)
token = token.key
cred, _ = CredentialModel.objects.get_or_create(user=account)
cred.token = credentials.refresh_token
cred.refresh_token = credentials.refresh_token
cred.token_uri = credentials.token_uri
cred.client_id = credentials.client_id
cred.client_secret = credentials.client_secret
cred.save()
return Response({
'token': token,
'created': created
},
status=status.HTTP_202_ACCEPTED)
def gconnect():
"""Callback Function For Google Login"""
if request.args.get('state') != session['state']:
response = make_response(json.dumps('Invalid state parameter.'), 401)
response.headers['Content-Type'] = 'application/json'
return response
if not request.headers.get('X-Requested-With'):
abort(403)
code = request.data
CLIENT_SECRET_FILE = 'client_secrets.json'
credentials = client.credentials_from_clientsecrets_and_code(
CLIENT_SECRET_FILE, ['profile', 'email'], code)
http_auth = credentials.authorize(httplib2.Http())
session['name'] = credentials.id_token['name']
session['email'] = credentials.id_token['email']
user_id = getUserID(session['email'])
if not user_id:
user_id = createUser(session)
session['uid'] = user_id
print session.get('access_token')
output = ''
output += '<h1>Welcome, '
output += session['name']
output += '!</h1>'
flash("you are now logged in as %s" % session['name'])
return output
def oauth2callback(request):
auth_code = request.GET['code']
print auth_code
credentials = client.credentials_from_clientsecrets_and_code(
settings.CLIENT_SECRET_FILE,
['https://www.googleapis.com/auth/drive', 'profile', 'email'],
auth_code,
redirect_uri=settings.HOST_ADDR + '/oauth2callback')
# credentials = flow.step2_exchange(auth_code)
print credentials.id_token
email = credentials.id_token['email']
guser_id = credentials.id_token['sub']
print credentials.id_token
username = email.split('@')[0]
try:
user = User.objects.get(email=email)
except:
user = User(username=username, email=email)
user.save()
googleuser, created = GoogleUser.objects.get_or_create(user=user)
googleuser.access_token = credentials.access_token
googleuser.refresh_token = credentials.refresh_token
googleuser.guser_id = guser_id
googleuser.save()
login(request, user)
state = request.GET.get('state')
if state:
param = state
else:
param = ''
redirect_uri = '/?' + param
return HttpResponseRedirect(redirect_uri)
def verify_cridentials(self, request):
"""
https://developers.google.com/api-client-library/python/start/get_started
https://developers.google.com/+/web/api/rest/oauth
https://developers.google.com/+/web/api/rest/latest/people/get
"""
if not request.params.get('code'):
return
if not request.headers.get('X-Requested-With'):
raise LoginProviderException('X-Requested-With required for google login')
credentials = client.credentials_from_clientsecrets_and_code(
self.client_secret_file,
['profile', 'email'],
request.params.get('code'),
)
# Google API's
# https://developers.google.com/api-client-library/python/apis/
# Google API Explorer - Reference
# https://developers.google.com/apis-explorer/#p/people/v1/people.people.get?resourceName=people%252Fme&personFields=photos%252Cnames%252CemailAddresses&_h=11&
people_service = build('people', 'v1', http=credentials.authorize(httplib2.Http()))
profile = people_service.people().get(resourceName='people/me', personFields='photos,names,emailAddresses').execute()
return ProviderToken(self.name, profile['names'][0]['metadata']['source']['id'], profile)
def google_login(request):
"""
1. Receive google token from google's signin callback.
2. Get token's email & get/create a user against it.
3. Mark the user as logged in.
"""
# Exchange auth code for access token, refresh token, and ID token
auth_code = request.POST['authCode']
credentials = client.credentials_from_clientsecrets_and_code(
settings.CLIENT_SECRET_FILE,
['https://www.googleapis.com/auth/drive', 'profile', 'email'],
auth_code)
email = credentials.id_token['email']
guser_id = credentials.id_token['sub']
username = email.split('@')[0]
try:
user = User.objects.get(email=email)
except:
user = User(username=username, email=email)
user.save()
googleuser, created = GoogleUser.objects.get_or_create(user=user)
googleuser.access_token = credentials.access_token
googleuser.refresh_token = credentials.refresh_token
googleuser.guser_id = guser_id
googleuser.save()
login(request, user)
return JsonResponse({"success": True})
def googSignIn():
""" This is the function to handle Google Sign-In """
if not request.headers.get('X-Requested-With'):
abort(403)
CLIENT_SECRET = 'client_secret.json'
auth_code = request.data
credentials = client.credentials_from_clientsecrets_and_code(
CLIENT_SECRET,
['https://www.googleapis.com/auth/drive.appdata', 'profile', 'email'],
auth_code)
credentials.authorize(httplib2.Http())
email = credentials.id_token['email']
user = db.query(User).filter_by(email=email).first()
if not user:
name = credentials.id_token['name']
password = generate_password_hash(credentials.id_token['sub'])
newUser = User(name=name, email=email, password=password)
db.add(newUser)
db.commit()
newuser = db.query(User).filter_by(email=email).first()
session['user_id'] = newuser.id
else:
session['user_id'] = user.id
return redirect(url_for('displayCategories'))
def googlesignin():
auth_code = Utils.getParam(request.form, 'data', '')
if not auth_code:
return ''
client_secret_file = '/etc/ostrich_conf/google_client_secret.json'
credentials = client.credentials_from_clientsecrets_and_code(
client_secret_file, ['profile', 'email'], auth_code)
http_auth = credentials.authorize(httplib2.Http())
users_service = discovery.build('oauth2', 'v2', http=http_auth)
user_document = users_service.userinfo().get().execute()
#TODO check consistencies b/w session and user cache
#from app import cache
#cache_key = credentials.id_token['sub']
#user = cache.get(cache_key)
user = session.get('_user', None)
if not user:
user_data = {
'username': user_document['email'],
'name': user_document['name'],
'email': user_document['email'],
'google_id': credentials.id_token['sub'],
'picture': user_document['picture'],
'source': 'web'
}
user = User.createUser(user_data)
WebUtils.storeUserSession(user,
client=Utils.getParam(request.form,
'client',
default=None))
user = session['_user']
visible_user_data = {'user': user}
return jsonify(data=visible_user_data)
def store_auth_code():
req = request.get_data()
CLIENT_SECRET_FILE = 'credentials.json'
credentials = client.credentials_from_clientsecrets_and_code(
CLIENT_SECRET_FILE, [
'https://www.googleapis.com/auth/calendar',
'https://www.googleapis.com/auth/calendar.events'
], req)
airtable_url = "https://api.airtable.com/v0/app4l7uUwpnOQedPM/google-credentials"
api_key = "keyOrtPlDobjLtiaJ"
cred = json.loads(credentials.to_json())
response = {
'records': [{
'fields': {
'googleid': cred['id_token']['sub'],
'credential': json.dumps(cred)
}
}]
}
headers = {
'Authorization': 'Bearer ' + api_key,
'Content-Type': 'application/json'
}
airtable_response = requests.post(airtable_url,
data=json.dumps(response),
headers=headers)
print(airtable_response.status_code)
print(airtable_response.text)
return req
def login_callback():
if not request.headers.get('X-Requested-With'):
return json.dumps({'success': False}), 403, {'ContentType': 'application/json'}
content_type = request.headers.get("Content-Type")
auth_code = request.stream if content_type == "application/octet-stream" else request.get_data()
CLIENT_SECRET_FILE = 'website/static/secret/BCVS_client_secret.json'
# Exchange auth code for access token, refresh token, and ID token
credentials = client.credentials_from_clientsecrets_and_code(
CLIENT_SECRET_FILE,
['profile', 'email'],
auth_code)
print(credentials.id_token)
# Get profile info from ID token
session['authenticated'] = True
session['userid'] = credentials.id_token['sub']
session['fname'] = credentials.id_token['given_name']
try:
session['lname'] = credentials.id_token['family_name']
except KeyError:
session['lname'] = " "
session['email'] = credentials.id_token['email']
return json.dumps({'success': True}), 200, {'ContentType': 'application/json'}
def check_credentials(self, user_uid):
google_token_db = "google"
# If length is less than 60, auth code given
# Convert auth code to credential
cred = firebase.database().child("users").child(user_uid).child(
"tokens").child(google_token_db).get().val()
if (len(cred) < 60):
credentials = client.credentials_from_clientsecrets_and_code(
filename=CLIENT_SECRET_FILE,
scope=['https://www.googleapis.com/auth/gmail.readonly'],
code=cred,
redirect_uri=flask.url_for('oauthhandler', _external=True))
print(credentials.to_json())
firebase.database().child("users").child(user_uid).child(
"tokens").update({google_token_db: credentials.to_json()})
else:
# Create credentials from credentials json
credentials = client.Credentials.new_from_json(
json.loads(json.dumps(cred)))
# Refresh token if expired
if credentials.access_token_expired:
credentials.refresh(httplib2.Http())
firebase.database().child("users").child(user_uid).child(
"tokens").update({google_token_db: credentials.to_json()})
self.credentials = credentials
def get_user_access_token_google():
global credentials
print(request.data)
auth_code = str(request.data).split("\'")[1]
print(auth_code)
CLIENT_SECRET_FILE = 'client_secret_1070969009500-4674ntngjh3dvlbcvoer0r4c7hao04dh.apps.googleusercontent.com.json'
# Exchange auth code for access token, refresh token, and ID token
credentials = client.credentials_from_clientsecrets_and_code(
CLIENT_SECRET_FILE,
['https://www.googleapis.com/auth/drive.appdata', 'profile', 'email'],
auth_code)
# Call Google API
http = httplib2.Http()
http_auth = credentials.authorize(http)
resp, content = http.request(
'https://www.googleapis.com/language/translate/v2/?q=voiture&target=en&source=fr'
)
print(resp.status)
print(content.decode('utf-8'))
# # Get profile info from ID token
userid = credentials.id_token['sub']
email = credentials.id_token['email']
session['email'] = email
session['userid'] = userid
# session['credentials'] = jsonpickle.dumps(credentials)
# if not 'credentials' in session:
# print("Credentials not saved to session")
# session.modified = True
print(userid)
print(email)
return jsonify(email=email)
def google_connect():
"""The google sign in route which will be used to sign in the User into the application"""
if not request.headers.get('X-Requested-With'):
abort(403)
auth_code = request.data
site_root = path.realpath(path.dirname(__file__)) + '/../'
client_secret_file = path.join(site_root, 'static', 'client_secret.json')
credentials = client.credentials_from_clientsecrets_and_code(
client_secret_file,
['https://www.googleapis.com/auth/drive.appdata', 'profile', 'email'],
auth_code)
email = credentials.id_token['email']
try:
result = users.get_by_email(email=email)
token = result.token
except NoResultFound:
token = b64encode(urandom(100)).decode('utf-8')
new_user = User(email=email, token=token)
users.add(new_user)
unit_of_work.save()
response = make_response(redirect(request.referrer))
response.set_cookie('token', token)
return response
def credentials_using_auth_code(auth_code, scopes=None):
if scopes is None:
scopes = [
'https://www.googleapis.com/auth/cloud-platform',
'profile',
'email',
'https://www.googleapis.com/auth/admin.directory.group'
]
# Fetch token from cached users
cached_user_credentials = cached_users.get(auth_code, None)
if cached_user_credentials is None:
get_content_to_file("gcp-flask-api", "client_secret_creation_form.json")
# Exchange auth code for access token, refresh token, and ID token
credentials = client.credentials_from_clientsecrets_and_code(
CLIENT_SECRET_FILE,
scopes,
auth_code)
# Cache new user's token
cached_users[auth_code] = credentials
else:
print('Returned from cached_user_credentials: {}'.format(
cached_user_credentials))
credentials = cached_user_credentials
return credentials
def gauth():
db_session = start()
# If this request does not have `X-Requested-With` header, this could be a CSRF
if not request.headers.get('X-Requested-With'):
abort(403)
# Exchange auth code for access token, refresh token, and ID token
auth_code = request.data
credentials = client.credentials_from_clientsecrets_and_code(CLIENT_SECRET_FILE, ['profile', 'email'], auth_code)
# Get profile info from ID token
userid = credentials.id_token['sub']
email = credentials.id_token['email']
name = credentials.id_token['name']
picture = credentials.id_token['picture']
# Check if user already exists
old_user = db_session.query(User).filter(User.email == email).first()
if old_user is None:
# create new user and login
user = User(name=name, email=email, picture=picture)
db_session.add(user)
db_session.commit()
login_user(user)
else:
# login the old user
login_user(old_user)
db_session.close()
flash("Login Successful, Welcome {}".format(name))
return redirect(url_for('home'))
def test_exchange_code_and_cached_file_for_token(self):
http = HttpMockSequence([({"status": "200"}, b'{ "access_token":"asdfghjkl"}')])
cache_mock = CacheMock()
load_and_cache("client_secrets.json", "some_secrets", cache_mock)
credentials = credentials_from_clientsecrets_and_code(
"some_secrets", self.scope, self.code, http=http, cache=cache_mock
)
self.assertEqual(credentials.access_token, "asdfghjkl")
def post(self, request):
SAMPLE_SPREADSHEET_ID = '1BxiMVs0XRA5nFMdKvBdBZjgmUUqptlbs74OgvE2upms'
SAMPLE_RANGE_NAME = 'Class Data!A2:E'
#CLIENT_SECRET_FILE = os.path.join(os.path.dirname(__file__), '..', 'client_secrets.json'
auth_code = "4/QgEWsHaVX2AHvgm_oFobYcvfHJFX4Kxmi9ELsOBDOTHlYndDlDnyGLwotzeQoV9R7xhZ058J82VsEUzwXoFfh3o"
# Exchange auth code for access token, refresh token, and ID token
credentials = client.credentials_from_clientsecrets_and_code(
CLIENT_SECRET_FILE, [
'https://www.googleapis.com/auth/drive.file',
'https://www.googleapis.com/auth/spreadsheets.readonly'
], auth_code)
# Call Google API
##http_auth = credentials.authorize(httplib2.Http())
service = discovery.build('sheets', 'v4', credentials=credentials)
sheet = service.spreadsheets()
spreadsheet = {'properties': {'title': "sheet example ja"}}
spreadsheet = sheet.create(body=spreadsheet,
fields='spreadsheetId').execute()
print('Spreadsheet ID: {0}'.format(spreadsheet.get('spreadsheetId')))
auth_code = "4/PQELICMYJTtywERyDS8nkvp-xH3NKs7Qxuw4YeIZ-WscCBhVpifvX_ZQ02hvLt8j_tjROM_8wX74NPLK82dzB2I"
scope = [
'https://www.googleapis.com/auth/drive.file',
'https://www.googleapis.com/auth/spreadsheets.readonly'
]
credentials = client.credentials_from_clientsecrets_and_code(
CLIENT_SECRET_FILE, scope, auth_code)
service = discovery.build('sheets', 'v4', credentials=credentials)
sheet = service.spreadsheets()
spreadsheet = {'properties': {'title': "TEST SHEET API"}}
spreadsheet = sheet.create(body=spreadsheet,
fields='spreadsheetId').execute()
print('Spreadsheet ID: {0}'.format(spreadsheet.get('spreadsheetId')))
return Response({"detail": "Done"}, status=HTTP_200_OK)
def get_credentials(authCode):
if (session.get("credentials", None) == None
or session.get('authCode', None) != authCode):
session[
'credentials'] = client.credentials_from_clientsecrets_and_code(
CLIENT_SECRET_FILE, SCOPES, authCode,
redirect_uri=redir).to_json()
session['authCode'] = authCode
return session['credentials']
def get_token_using_authorization_code(self, auth_code: str, scopes: list,
redirect_uri: str) -> dict:
secret = os.environ['GOOGLE_OAUTH_SECRET_FILE_PATH']
try:
credentials = client.credentials_from_clientsecrets_and_code(
secret, scopes, auth_code, redirect_uri=redirect_uri)
return self._tokens_output(credentials)
except FlowExchangeError as e:
raise exceptions.LoginFailureError(
"Not able to sign in with given code", e)
def test_exchange_code_and_file_for_token_fail(self):
http = HttpMockSequence([({"status": "400"}, b'{"error":"invalid_request"}')])
try:
credentials = credentials_from_clientsecrets_and_code(
datafile("client_secrets.json"), self.scope, self.code, http=http
)
self.fail("should raise exception if exchange doesn't get 200")
except FlowExchangeError:
pass
def gconnect():
# If this request does not have `X-Requested-With` header, this could be a
# CSRF
if not request.headers.get("X-Requested-With"):
response = make_response(json.dumps("Not authorized!"), 403)
response.headers["Content-Type"] = "application/json"
return response
# Set path to the Web application client_secret_*.json file you downloaded
# from the Google API Console:
# https://console.developers.google.com/apis/credentials
CLIENT_SECRET_FILE = "/var/www/catalogapp/client_secrets.json"
auth_code = request.data
# Exchange auth code for access token, refresh token, and ID token
credentials = client.credentials_from_clientsecrets_and_code(
CLIENT_SECRET_FILE,
["https://www.googleapis.com/auth/drive.appdata", "profile", "email"],
auth_code,
)
# Call Google API http_auth = credentials.authorize(httplib2.Http())
# drive_service = discovery.build('drive', 'v3', http=http_auth)
# appfolder = drive_service.files().get(fileId='appfolder').execute()
guser_id = credentials.id_token["sub"]
stored_access_token = login_session.get("access_token")
stored_guser_id = login_session.get("user_id")
if stored_access_token is not None and guser_id == stored_guser_id:
response = make_response(
json.dumps("Current user is already connected."), 200)
response.headers["Content-Type"] = "application/json"
return response
print(str(credentials.id_token))
# Store the access token in the session for later use.
login_session["access_token"] = credentials.access_token
login_session["user_id"] = guser_id
login_session["username"] = credentials.id_token["name"]
login_session["picture"] = credentials.id_token["picture"]
login_session["email"] = credentials.id_token["email"]
try:
db.session.query(User).filter_by(id=guser_id).one()
except BaseException:
newUser = User(
id=login_session["user_id"],
name=login_session["username"],
email=login_session["email"],
group="google",
)
print("Adding user " + guser_id + " in database")
db.session.add(newUser)
db.session.commit()
return "You have logged in!"
def googleConnect():
# check if the STATE is the same server/client. this is needed to control any malicious javascript
if request.args.get('state') != login_session['state']:
response = make_response(json.dumps('Invalid state parameter.'), 401)
response.headers['Content-Type'] = 'application/json'
return response
# prevent CSRF attacks
if not request.headers.get('X-Requested-With'):
response = make_response(json.dumps('aborted for security reason.'),
403)
response.headers['Content-Type'] = 'application/json'
return response
auth_code = request.data
# Exchange auth code for access token, refresh token, and ID token
credentials = client.credentials_from_clientsecrets_and_code(
CLIENT_SECRETS_FILE, SCOPES, auth_code)
# pprint(credentials.to_json())
# Call Google API
# http_auth = credentials.authorize(httplib2.Http())
# service = googleapiclient.discovery.build('oauth2', 'v3', credentials=credentials)
# Get profile info from ID token
#login_session['userid'] = credentials.id_token['sub']
login_session['username'] = credentials.id_token['name']
login_session['email'] = credentials.id_token['email']
picture_url = credentials.id_token['picture']
## Save image on server ##
urllib.request.urlretrieve(
picture_url,
"static/cache/images/" + login_session['username'] + ".jpg")
login_session['picture'] = "static/cache/images/" + \
login_session['username']+".jpg"
login_session['provider'] = 'google'
# check if the user is already on the Database
user_id = getUserIdDB(login_session['email'])
if user_id == 'None':
user_id = createUserDB(login_session)
login_session['user_id'] = user_id
flash('You are now connected ad %s' % login_session['username'])
return redirect(url_for('showRestaurants'))
def test_exchange_code_and_file_for_token(self):
http = HttpMockSequence([
({
'status': '200'
}, """{ "access_token":"asdfghjkl",
"expires_in":3600 }"""),
])
credentials = credentials_from_clientsecrets_and_code(
datafile('client_secrets.json'), self.scope, self.code, http=http)
self.assertEquals(credentials.access_token, 'asdfghjkl')
self.assertNotEqual(None, credentials.token_expiry)
def test_exchange_code_and_cached_file_for_token(self):
http = HttpMockSequence([
({'status': '200'}, '{ "access_token":"asdfghjkl"}'),
])
cache_mock = CacheMock()
load_and_cache('client_secrets.json', 'some_secrets', cache_mock)
credentials = credentials_from_clientsecrets_and_code(
'some_secrets', self.scope,
self.code, http=http, cache=cache_mock)
self.assertEquals(credentials.access_token, 'asdfghjkl')
def test_exchange_code_and_file_for_token(self):
http = HttpMockSequence([
({'status': '200'},
"""{ "access_token":"asdfghjkl",
"expires_in":3600 }"""),
])
credentials = credentials_from_clientsecrets_and_code(
datafile('client_secrets.json'), self.scope,
self.code, http=http)
self.assertEquals(credentials.access_token, 'asdfghjkl')
self.assertNotEqual(None, credentials.token_expiry)
def test_exchange_code_and_cached_file_for_token(self):
http = HttpMockSequence([
({'status': '200'}, b'{ "access_token":"asdfghjkl"}'),
])
cache_mock = CacheMock()
load_and_cache('client_secrets.json', 'some_secrets', cache_mock)
credentials = credentials_from_clientsecrets_and_code(
'some_secrets', self.scope,
self.code, http=http, cache=cache_mock)
self.assertEqual(credentials.access_token, 'asdfghjkl')
def test_exchange_code_and_file_for_token_fail(self):
http = HttpMockSequence([
({'status': '400'}, b'{"error":"invalid_request"}'),
])
try:
credentials = credentials_from_clientsecrets_and_code(
datafile('client_secrets.json'), self.scope,
self.code, http=http)
self.fail('should raise exception if exchange doesn\'t get 200')
except FlowExchangeError:
pass
def store_credentials_from_web(self, auth_code):
credentials = client.credentials_from_clientsecrets_and_code(
self._config['client_secret']['web'],
self._config['scopes'],
auth_code)
store = file.Storage(self.cred_path())
with open(self.cred_path(),'w') as ofh:
ofh.write(credentials.to_json())
self._credentials = credentials
def login(request):
auth_code = request.POST['auth_code']
client_secrets_file = "client_secret.json"
scopes = ["https://www.googleapis.com/auth/youtube.readonly"]
credentials = client.credentials_from_clientsecrets_and_code(
client_secrets_file,
scopes,
auth_code)
request.session['sessionCookie'] = credentials
return HttpResponse('200')
def gconnect():
'''Google sigin metohd
(Receive auth_code by HTTPS POST)'''
#Validate state token
if request.args.get('state') != login_session['state']:
response = make_response(json.dumps('Invalid state parameter.'), 401)
response.headers['Content-Type'] = 'application/json'
print 'failed to get state'
return response
# Obtain authorization code
auth_code = request.data
# If this request does not have `X-Requested-With` header, this could be a CSRF
if not request.headers.get('X-Requested-With'):
app.abort(403)
# Set path to the Web application client_secret_*.json file you downloaded from the
# Google API Console: https://console.developers.google.com/apis/credentials
clientSecretFile = 'client_secret.json'
# Exchange auth code for access token, refresh token, and ID token
credentials = client.credentials_from_clientsecrets_and_code(
clientSecretFile,
['https://www.googleapis.com/auth/drive.appdata', 'profile', 'email'],
auth_code)
userinfo_url = "https://www.googleapis.com/oauth2/v1/userinfo"
params = {'access_token': credentials.access_token, 'alt': 'json'}
answer = requests.get(userinfo_url, params=params)
data = answer.json()
login_session['credentials'] = credentials
# Get profile info from ID token
login_session['userid'] = credentials.id_token['sub']
login_session['email'] = credentials.id_token['email']
login_session['username'] = data['name']
login_session['picture'] = data['picture']
user = GetUserID(login_session['email'])
if user is None:
CreateUser(login_session)
else:
print user
flash("you are now logged in as %s" % login_session['username'])
print "signed in %s" % login_session['username']
response = make_response(json.dumps("Logged in"), 200)
response.headers['Content-Type'] = 'application/json'
return response
def storeauthcode():
# If this request does not have `X-Requested-With` header,
# this could be a CSRF
if not request.headers.get('X-Requested-With'):
abort(403)
# if request.args.get('state') != login_session['state']:
# print('session: different')
# response = make_response(json.dumps('Invalid state parameter.'), 401)
# response.headers['Content-Type'] = 'application/json'
# return response
# print('session: same')
# Obtain authorization code
auth_code = request.data
# Set path to the Web application client_secret_*.json file
# you downloaded from the
# Google API Console:
# https://console.developers.google.com/apis/credentials
CLIENT_SECRET_FILE = 'client_secret.json'
# Exchange auth code for access token, refresh token, and ID token
url_cred_retrieve = 'https://www.googleapis.com/auth/drive.appdata'
credentials = credentials_from_clientsecrets_and_code(
CLIENT_SECRET_FILE, [url_cred_retrieve, 'profile', 'email'], auth_code)
# Get profile info from ID token
login_session['access_token'] = credentials.access_token
login_session['name'] = credentials.id_token['name']
login_session['email'] = credentials.id_token['email']
# See if a user exists, if it doesn't make a new one
userId = getUserID(login_session['email'])
if userId is None:
userId = createUser(login_session)
user = getUserInfo(userId)
print('User logged in: \n' + '\t Name: ' + user.name + '\n' +
'\tE-mail: ' + user.email + '\n')
response = make_response(json.dumps('OAuth code stored.'), 200)
response.headers['Content-Type'] = 'application/json'
return response
def make_query():
if request.method == "POST":
if not request.headers.get('X-Requested-With'):
Response(
"""
Necessary Header: X-Requested-With header not present
""",
status=403,
)
r = request.get_json()
auth_code = r['response']['code']
query = r['query']
if auth_code:
# Exchange auth code for access token, refresh token, and ID token
credentials = client.credentials_from_clientsecrets_and_code(
CLIENT_SECRET_FILE, [
'https://www.googleapis.com/auth/drive',
'https://www.googleapis.com/auth/spreadsheets',
'https://www.googleapis.com/auth/documents', 'profile',
'email'
], auth_code)
# Call Google API
http_auth = credentials.authorize(httplib2.Http())
sheet_service = build('sheets', 'v4',
credentials=credentials).spreadsheets()
drive_service = build('drive', 'v3', http=http_auth)
doc_service = build('docs', 'v1',
credentials=credentials).documents()
try:
res = debug(drive_service, doc_service, sheet_service,
query['query'])
except HttpError as e:
return Response(e._get_reason(), e.resp.status)
except Exception as e:
return Response("Unknown server-side error", 400)
return Response(res)
elif query:
return Response('Your query request will not be performed due to '
'an authorization error. Please contact the '
'developer.')
else:
return Response('There has been an unspecified authorization '
'error, please contact the developer')
else:
return redirect('/')
def test_exchange_code_and_file_for_token(self):
http = HttpMockSequence(
[
(
{"status": "200"},
b"""{ "access_token":"asdfghjkl",
"expires_in":3600 }""",
)
]
)
credentials = credentials_from_clientsecrets_and_code(
datafile("client_secrets.json"), self.scope, self.code, http=http
)
self.assertEqual(credentials.access_token, "asdfghjkl")
self.assertNotEqual(None, credentials.token_expiry)
def gSignIn():
# Verify that the state token sent from the login
# page is the same as the state token stored in
# login_session
if request.args.get('state') != login_session['state']:
response = make_response(json.dumps('Invalid state parameter'), 401)
response.headers['Content-Type'] = 'application/json'
return response
# Store google authorization code and use it
# to get user credentials
auth_code = request.data
credentials = client.credentials_from_clientsecrets_and_code(
CLIENT_SECRET_FILE,
['profile', 'email'],
auth_code
)
# Get user info from google with stored credentials
userinfo_url = "https://www.googleapis.com/oauth2/v1/userinfo"
params = {'access_token': credentials.access_token, 'alt': 'json'}
answer = requests.get(userinfo_url, params=params)
data = json.loads(answer.text)
# Get user info from returned data and store in login_session
login_session['username'] = data['name']
login_session['email'] = data['email']
login_session['picture'] = data['picture']
# Get user id from database
# If None returned, add new user to datbase
# from data stored in login_session
user_id = getUserId(login_session['email'])
if not user_id:
user_id = createUser(login_session)
login_session['user_id'] = user_id
# Formats output to be returned as 'result' in login.html
output = ''
output += '<h2>Welcome, '
output += login_session['username']
output += '!</h2>'
output += '<img src="'
output += login_session['picture']
output += '" style="width: 100px; height: 100px; border-radius: 100%;">'
return output
def token(self):
#----------------------------------------------------------------------
# (Receive auth_code by HTTPS POST)
auth_code = request.data
# If this request does not have `X-Requested-With` header, this could be a CSRF
if not request.headers.get('X-Requested-With'):
abort(403)
# Exchange auth code for access token, refresh token, and ID token
credentials = client.credentials_from_clientsecrets_and_code(
self.client_secrets_file,
self.scopes,
auth_code)
# Get profile info from ID token
user_id = credentials.id_token['sub']
email = credentials.id_token['email']
authorized = False
if user_id:
credfile = os.path.join(self.credfolder, user_id)
storage = Storage(credfile)
# do the new credentials not have a refresh token? do we already have credentials?
# if so, just update the access token and expiry from new credentials into stored and resave
storedcred = storage.get()
if not credentials.refresh_token and storedcred:
storedcred.access_token = credentials.access_token
storedcred.token_expiry = credentials.token_expiry
credentials = storedcred
credentials.set_store(storage)
storage.put(credentials)
session['_ga_google_user_id'] = user_id
session['_ga_google_email'] = email
# refresh
http = httplib2.Http()
credentials.refresh(http)
# take care of login specifics
authorized = self.logincallback(email)
if self.logdebug: self.logdebug( 'oauth2callback() session = {}'.format(session) )
return jsonify( {'authorized':authorized, 'redirect':url_for(self.startendpoint)} )
def gconnect():
state_token = request.args.get('state')
if state_token != login_session['state']:
return json_response('Invalid State Parameter', 401)
auth_code = request.data
print('auth_code %s' % str(auth_code))
# Exchange auth code for access token, refresh token, and ID token
credentials = client.credentials_from_clientsecrets_and_code(
CLIENT_SECRET_FILE,
['profile', 'email'],
auth_code)
# Store the access token in the session for later use.
login_session['credentials'] = credentials.to_json()
google_id = credentials.id_token['sub']
login_session['google_id'] = google_id
# Call Google API
http = credentials.authorize(httplib2.Http())
service = build('plus', 'v1', http=http)
people_resource = service.people()
people_document = people_resource.get(userId='me').execute()
# Get profile info from ID token
name = people_document['displayName']
email = credentials.id_token['email']
picture_url = people_document['image']['url']
# Get the user
user = getUserByGoogleId(login_session['google_id'])
# Create the user if they don't exist in our system yet
if not user:
user = createUser(google_id, name, email, picture_url)
# Load their data into the session
login_session['username'] = name
login_session['email'] = email
login_session['picture'] = picture_url
flash('Logged in as %s' % name)
return redirect('/')
def googleLogin():
# Verify state token
if request.args.get('google_state_token') != \
login_session['google_state_token']:
return makeJSONResponse('Invalid state token', 401)
authorizationCode = request.data
# Get credentials
CLIENT_SECRET_FILE = getGoogleClientSecret()
try:
credentials = client.credentials_from_clientsecrets_and_code(
CLIENT_SECRET_FILE,
['https://www.googleapis.com/auth/drive.appdata',
'profile', 'email'],
authorizationCode)
except client.FlowExchangeError:
return makeJSONResponse('Failed to exchange authorization code', 401)
http_auth = credentials.authorize(httplib2.Http())
drive_service = discovery.build('drive', 'v3', http=http_auth)
appfolder = drive_service.files().get(fileId='appfolder').execute
# Get user info
oauth_id = credentials.id_token['sub']
email = credentials.id_token['email']
url = 'https://www.googleapis.com/oauth2/v1/userinfo?alt=json&access_token=%s' \
% credentials.access_token
response = requests.get(url)
data = json.loads(response.text)
name = data['name']
# Check if user already exists
matchingUser = session.query(User).filter(User.oauth_id == oauth_id) \
.first()
if matchingUser is None:
newUser = User(oauth_id = oauth_id, name = name, email = email)
session.add(newUser)
session.commit()
login_session['user_id'] = newUser.id
else:
login_session['user_id'] = matchingUser.id
login_session['login_type'] = 'google'
login_session['google_access_token'] = credentials.access_token
return makeJSONResponse('Logged in through Google', 200)
def action(self, action, d):
base = "http://localhost:8080" if tools.on_dev_server() else BASE
if action == 'login':
scope = "email profile"
flow = User.get_auth_flow(scope=scope)
flow.params['access_type'] = 'offline'
flow.params['include_granted_scopes'] = 'true'
auth_uri = flow.step1_get_authorize_url(state=scope)
self.json_out({'auth_uri': auth_uri}, success=True, debug=True)
elif action == 'oauth2callback':
error = self.request.get('error')
code = self.request.get('code')
scope = self.request.get('scope')
state_scopes = self.request.get('state')
if code:
CLIENT_SECRET_FILE = os.path.join(os.path.dirname(__file__), 'client_secrets.json')
credentials = client.credentials_from_clientsecrets_and_code(
CLIENT_SECRET_FILE,
scope.split(' '),
code,
redirect_uri=base + "/api/auth/oauth2callback")
user = self.user
if not user:
email = credentials.id_token['email']
user = User.GetByEmail(email)
if not user:
# Create account
user = User.Create(email=email)
if user:
user.save_credentials(credentials)
user.put()
self.session['user'] = user
elif error:
logging.error(error)
self.redirect("/app/settings")
def code():
# If session doesn't include `id`, the user is not signed in
if 'id' not in session:
return make_response('Not authenticated', 401)
user_id = session.get('id', None)
# POST should include `code`
code = request.form.get('code', '')
# Exchange the `code` with credential information
credentials = client.credentials_from_clientsecrets_and_code(
'client_secrets.json', scope='', code=code)
# If the credential is `None`
if credentials is None:
# Means it failed to obtain the credential object
return make_response('Invalid authorization code.', 401)
# Extract user id from `id_token`'s content
sub = credentials.id_token['sub']
# If the requesting user id doesn't match with the signed-in user id
if user_id != sub:
# Reject
return make_response("User doesn't match", 401)
# Obtain Datastore entry by user id
store = CredentialStore.get_by_id(sub)
# If the store is `None`, the user hasn't previously signed-in
if store is None:
return make_response('Authorization before authentication.', 401)
# You could optionally authenticate if it makes sense.
# Just chose not to do so here because Google recommendation is
# to separate AuthN and AuthZ.
# Serialize the credential object and save
store.credentials = credentials.to_json()
store.put()
return make_response('', 200)
def code_auth(code):
credentials = credentials_from_clientsecrets_and_code(
'client_secrets.json', SCOPES, code)
storage = Storage('credentials_file')
storage.put(credentials)
print credentials.to_json()
def gconnect():
if request.args.get('state') != login_session['state']:
response = make_response(json.dumps('Invalid state parameter'), 401)
response.headers['Content-Type'] = 'application/json'
return response
code = request.data
try:
# oauth_flow = flow_from_clientsecrets('client_secret.json',
# scope='')
# oauth_flow.redirect_uri = 'postmessage'
# # Exchange one time one time secret from client to get access code fpr servver
# credentials = oauth_flow.step2_exchange(code)
credentials = client.credentials_from_clientsecrets_and_code(
'client_secret.json',
['https://www.googleapis.com/auth/drive.appdata', 'profile', 'email'],
code)
except FlowExchangeError:
response = make_response(json.dumps('Failed to upgrade the authorization code'),
401)
response.headers['Content-Type'] = 'application/json'
return response
# Check that access token is valid
# access_token = credentials.access_token
# url = ('https://www.googleapis.com/oauth2/v1/tokeninfo?accesstoken=%s'
# % access_token)
# h = httplib2.Http()
# rb = h.request(url,'GET')[1].decode('latin1')
# result = json.loads(rb)
# # If there was an error in the access token info, abort.
# if result.get('error') is not None:
# response = make_response(json.dumps(result.get('error')), 500)
# response.headers['Content-Type'] = 'application/json'
http_auth = credentials.authorize(httplib2.Http())
# Verify tht the access token is ised fpr yje intended client
gplus_id = credentials.id_token['sub']
# if result['user_id'] != gplus_id:
# response = make_response(
# json.dumps("Token's user ID doesnt match given USER ID"), 401
# )
# response.headers['Content-Type'] = 'application/json'
# return response
# Check to see if user is already logged in
stored_credentials = login_session.get('credentials')
stored_gplus_id = login_session.get('gplus_id')
if (stored_credentials is not None
and gplus_id == stored_gplus_id):
response = make_response(json.dumps('Current user is already connected.'),
200)
response.headers['Content-Type'] = 'application/json'
# Store the access toen in the session for later use
login_session['credentials'] = credentials.access_token
login_session['gplus_id'] = gplus_id
# Get User info
userinfo_url = 'https://www.googleapis.com/oauth2/v1/userinfo'
params = {"access_token": credentials.access_token, 'alt':'json'}
answer = requests.get(userinfo_url, params=params)
data = json.loads(answer.text)
login_session['username'] = data['name']
login_session['picture'] = data['picture']
login_session['email'] = data['email']
output = """
<h1> Welcome, %(username)s</h1>
<img src="%(picture)s" style="width:300px; height:300px; border-radius:150px">
""" % {"username": login_session['username'], "picture": login_session['picture']}
flash("You are now logged in as %s" % login_session["username"])
user_id = getUserId(login_session['email'])
if not user_id:
user_id = createUser(login_session)
login_session['user_id'] = user_id
return output
LIENT_SECRET_FILE
from apiclient import discovery
import httplib2
from oauth2client import client
import os
auth_code = "nLLIpv_yDHecvUC_uzrR2rw02MYS3Ly3jeeKECW878s"
CLIENT_SECRET_FILE = str(os.getcwd()) + "/client_secret.json"
credentials = client.credentials_from_clientsecrets_and_code(
CLIENT_SECRET_FILE,
['https://www.googleapis.com/auth/gmail.readonly'],
auth_code)
#http = credentials.authorize(httplib2.Http())
#gmail_service = discovery.build('gmail', 'v1', http=http)
