def authcallback():
"""Handles the interaction with Globus Auth."""
# If we're coming back from Globus Auth in an error state, the error
# will be in the "error" query string parameter.
if 'error' in request.args:
flash("You could not be logged into the portal: " +
request.args.get('error_description', request.args['error']))
return redirect(url_for('home'))
# Set up our Globus Auth/OAuth2 state
redirect_uri = url_for('authcallback', _external=True)
client = load_portal_client()
client.oauth2_start_flow(redirect_uri,
refresh_tokens=True,
requested_scopes=app.config['USER_SCOPES'])
# If there's no "code" query string parameter, we're in this route
# starting a Globus Auth login flow.
if 'code' not in request.args:
additional_authorize_params = ({
'signup': 1
} if request.args.get('signup') else {})
auth_uri = client.oauth2_get_authorize_url(
additional_params=additional_authorize_params)
return redirect(auth_uri)
else:
# If we do have a "code" param, we're coming back from Globus Auth
# and can start the process of exchanging an auth code for a token.
code = request.args.get('code')
tokens = client.oauth2_exchange_code_for_tokens(code)
id_token = tokens.decode_id_token(client)
session.update(
tokens=tokens.by_resource_server,
is_authenticated=True,
name=id_token.get('name', ''),
email=id_token.get('email', ''),
institution=id_token.get('organization', ''),
primary_username=id_token.get('preferred_username'),
primary_identity=id_token.get('sub'),
)
profile = database.load_profile(session['primary_identity'])
if profile:
name, email, institution = profile
session['name'] = name
session['email'] = email
session['institution'] = institution
else:
return redirect(url_for('profile', next=url_for('transfer')))
return redirect(url_for('transfer'))
def profile():
"""User profile information. Assocated with a Globus Auth identity."""
if request.method == 'GET':
identity_id = session.get('primary_identity')
profile = database.load_profile(identity_id)
if profile:
name, email, institution, source_endpoint = profile
session['name'] = name
session['email'] = email
session['institution'] = institution
session['source_endpoint'] = source_endpoint
else:
flash('Please complete any missing profile fields and press Save.')
if request.args.get('next'):
session['next'] = get_safe_redirect()
return render_template('profile.jinja2')
elif request.method == 'POST':
print("inside profile post")
name = session['name'] = request.form['name']
email = session['email'] = request.form['email']
institution = session['institution'] = request.form['institution']
source_endpoint = session['source_endpoint'] = int(
request.form['endpoint'])
database.save_profile(identity_id=session['primary_identity'],
name=name,
email=email,
institution=institution,
source_endpoint=int(source_endpoint))
flash('Thank you! Your profile has been successfully updated.')
if 'next' in session:
redirect_to = session['next']
session.pop('next')
else:
redirect_to = url_for('profile')
return redirect(redirect_to)
def authcallback():
"""Handles the interaction with Agave Auth."""
# If we're coming back from Agave Auth in an error state, the error
# will be in the "error" query string parameter.
if 'error' in request.args:
flash("You could not be logged into the portal: " +
request.args.get('error_description', request.args['error']))
return redirect(url_for('home'))
redirect_uri = url_for('authcallback', _external=True)
client = load_portal_client(redirect_uri)
auth_uri = client.step1_get_authorize_url()
print 'auth uri', auth_uri
# If there's no "code" query string parameter, we're in this route
# starting a Agave Auth login flow.
if 'code' not in request.args:
auth_uri = client.step1_get_authorize_url()
return redirect(auth_uri)
else:
# If we do have a "code" param, we're coming back from Agave Auth
# and can start the process of exchanging an auth code for a token.
code = request.args.get('code')
print 'code', code
tokens = client.step2_exchange(code)
tokens.revoke_uri = app.config['REVOKE_URL']
token_json = tokens.to_json()
print 'token json', token_json
# user_profile = get_profile(tokens.access_token)
user_profile = get_result(app.config['PROFILE_URL_BASE'], 'me',
tokens.access_token)
if user_profile[0]:
print 'username', user_profile[1]['username']
else:
flash("User profile was not retrieved. Error:" + user_profile[1])
session.update(tokens=tokens.to_json(),
is_authenticated=True,
name=user_profile[1]['full_name'],
email=user_profile[1]['email'],
institution='',
primary_identity=user_profile[1]['username'])
profile = database.load_profile(session['primary_identity'])
if profile:
name, email, institution = profile
session['name'] = name
session['email'] = email
session['institution'] = institution
# handle_permission(session['primary_identity'])
else:
# take the user profile and save it into the database
database.save_profile(identity_id=session['primary_identity'],
name=session['name'],
email=session['email'],
institution=session['institution'])
# set up the permission for new user
handle_permission(session['primary_identity'])
return redirect(url_for('profile', next=url_for('submit_job')))
return redirect(url_for('submit_job'))
