def _handle_callback(self, auth, get_vars): data = self.callback(get_vars) if not data: abort(401) error = data.get("error") if error: if isinstance(error, str): code, msg = 401, error else: code = error.get("code", 401) msg = error.get("message", "Unknown error") abort(code, msg) if auth.db: # map returned fields into auth_user fields user = {} for key, value in self.maps.items(): value, parts = data, value.split(".") for part in parts: value = value[int(part) if part.isdigit() else part] user[key] = value user["sso_id"] = "%s:%s" % (self.name, user["sso_id"]) if not "username" in user: user["username"] = user["sso_id"] # store or retrieve the user data = auth.get_or_register_user(user) else: # WIP Allow login without DB if not "id" in data: data["id"] = data.get("username") or data.get("email") user_id = data.get("id") auth.store_user_in_session(user_id) redirect(URL("index"))
def handle_request(self, auth, path, get_vars, post_vars): if path == 'login': # WIP client_id = request.get('client_id') info = {} # retrieve the user info upon login code = jwt.encode(info, self.secret + client_id, algorithm='HS256') elif path == 'callback': db = self.auth.db code = get_vars.get('code'), client_id = get_vars.get('client_id'), client_secret = get_vars.get('client_secret'), redirect_uri = get_vars.get('callback_url'), grant_type = get_vars.get('grant_type') if (not grant_type == 'authorization_code' or not hashlib.sha1(client_secret).hexdigest() == client_id or not db(db.oauth2.client_secret == client_secret).count()): abort(404) info = jwt.decode(code, self.secret + client_id, algorithms=['HS256']) access_token = jwt.encode(info, self.secret, algorithm='HS256') return dict(access_token=access_token) elif path == 'profile': access_token = request.environ.get('HTTP_AUTHORIZATION', '')[7:] info = jwt.decode(access_token, self.secret, algorithms=['HS256']) return info else: abort(404)
def handle_request(self, auth, path, get_vars, post_vars): if path == "login": redirect(self.get_login_url()) elif path == "callback": self._handle_callback(auth, get_vars) else: abort(404)
def handle_request(self, auth, path, get_vars, post_vars): if path == "login": # WIP client_id = request.get("client_id") info = {} # retrieve the user info upon login code = jwt.encode(info, self.secret + client_id, algorithm="HS256") elif path == "callback": db = self.auth.db code = (get_vars.get("code"), ) client_id = (get_vars.get("client_id"), ) client_secret = (get_vars.get("client_secret"), ) redirect_uri = (get_vars.get("callback_url"), ) grant_type = get_vars.get("grant_type") if (not grant_type == "authorization_code" or not hashlib.sha1(client_secret).hexdigest() == client_id or not db(db.oauth2.client_secret == client_secret).count()): abort(404) info = jwt.decode(code, self.secret + client_id, algorithms=["HS256"]) access_token = jwt.encode(info, self.secret, algorithm="HS256") return dict(access_token=access_token) elif path == "profile": access_token = request.environ.get("HTTP_AUTHORIZATION", "")[7:] info = jwt.decode(access_token, self.secret, algorithms=self.algorithms) return info else: abort(404)
def handle_request(self, auth, path, get_vars, post_vars): if path == "login": self.next = request.query.get('next') or URL('index') redirect(self.get_login_url()) elif path == "callback": self._handle_callback(auth, get_vars) else: abort(404)
def handle_request(self, auth, path, get_vars, post_vars): if path == "login": auth.session["_next"] = request.query.get("next") or URL("index") redirect(self.get_login_url()) elif path == "callback": self._handle_callback(auth, get_vars) else: abort(404)
def _handle_callback(self, auth, get_vars): data = self.callback(get_vars) if not data or 'error' in data: abort(401) if auth.db: # map returned fields into auth_user fields user = {} for key, value in self.maps.items(): value, parts = data, value.split('.') for part in parts: value = value[int(part) if part.isdigit() else part] user[key] = value user['sso_id'] = '%s:%s' % (self.name, user['sso_id']) # store or retrieve the user data = auth.get_or_register_user(user) else: # WIP Allow login without DB if not 'id' in data: data['id'] = data.get('username') or data.get('email') auth.session['user'] = data redirect(URL('index'))
def _handle_callback(self, auth, get_vars): data = self.callback(get_vars) if not data or "error" in data: abort(401) if auth.db: # map returned fields into auth_user fields user = {} for key, value in self.maps.items(): value, parts = data, value.split(".") for part in parts: value = value[int(part) if part.isdigit() else part] user[key] = value user["sso_id"] = "%s:%s" % (self.name, user["sso_id"]) # store or retrieve the user data = auth.get_or_register_user(user) else: # WIP Allow login without DB if not "id" in data: data["id"] = data.get("username") or data.get("email") auth.session["user"] = data redirect(URL("index"))