def setup_oauth():
"""Setup oauth for the apps domain.
Returns:
A json message indicating success or a flask abort with 403 for oauth
exceptions.
"""
oauth_code = flask.request.form.get('oauth_code', None)
if oauth_code is None:
flask.abort(403, ufo.get_json_message('noOauthCodeError'))
config = ufo.get_user_config()
flow = oauth.getOauthFlow()
credentials = None
domain = flask.request.form.get('domain', None)
try:
credentials = flow.step2_exchange(oauth_code)
except oauth2client.client.FlowExchangeError as e:
flask.abort(403, e.message)
apiClient = credentials.authorize(httplib2.Http())
plusApi = discovery.build(serviceName='plus', version='v1', http=apiClient)
adminApi = discovery.build(serviceName='admin',
version='directory_v1',
http=apiClient)
profileResult = None
try:
profileResult = plusApi.people().get(userId='me').execute()
except Exception as e:
ufo.app.logger.error(e, exc_info=True)
flask.abort(403, ufo.get_json_message('domainInvalidError'))
if domain is None or domain != profileResult.get('domain', None):
flask.abort(403, ufo.get_json_message('domainInvalidError'))
user_id = profileResult['id']
userResult = None
try:
userResult = adminApi.users().get(userKey=user_id).execute()
except Exception as e:
ufo.app.logger.error(e, exc_info=True)
flask.abort(403, ufo.get_json_message('nonAdminAccessError'))
if not userResult.get('isAdmin', False):
flask.abort(403, ufo.get_json_message('nonAdminAccessError'))
config.credentials = credentials.to_json()
config.domain = domain
flask.session['domain'] = domain
config.save()
response_dict = {'domain': domain, 'credentials': config.credentials}
response_json = json.dumps((response_dict))
return flask.Response(ufo.XSSI_PREFIX + response_json,
headers=ufo.JSON_HEADERS)
def setup_oauth():
"""Setup oauth for the apps domain.
Returns:
A json message indicating success or a flask abort with 403 for oauth
exceptions.
"""
oauth_code = flask.request.form.get('oauth_code', None)
if oauth_code is None:
flask.abort(403, ufo.get_json_message('noOauthCodeError'))
config = ufo.get_user_config()
flow = oauth.getOauthFlow()
credentials = None
domain = flask.request.form.get('domain', None)
try:
credentials = flow.step2_exchange(oauth_code)
except oauth2client.client.FlowExchangeError as e:
flask.abort(403, e.message)
apiClient = credentials.authorize(httplib2.Http())
plusApi = discovery.build(serviceName='plus', version='v1', http=apiClient)
adminApi = discovery.build(serviceName='admin', version='directory_v1',
http = apiClient)
profileResult = None
try:
profileResult = plusApi.people().get(userId='me').execute()
except Exception as e:
ufo.app.logger.error(e, exc_info=True)
flask.abort(403, ufo.get_json_message('domainInvalidError'))
if domain is None or domain != profileResult.get('domain', None):
flask.abort(403, ufo.get_json_message('domainInvalidError'))
user_id = profileResult['id']
userResult = None
try:
userResult = adminApi.users().get(userKey=user_id).execute()
except Exception as e:
ufo.app.logger.error(e, exc_info=True)
flask.abort(403, ufo.get_json_message('nonAdminAccessError'))
if not userResult.get('isAdmin', False):
flask.abort(403, ufo.get_json_message('nonAdminAccessError'))
config.credentials = credentials.to_json()
config.domain = domain
flask.session['domain'] = domain
config.save()
response_dict = {'domain': domain, 'credentials': config.credentials}
response_json = json.dumps((response_dict))
return flask.Response(ufo.XSSI_PREFIX + response_json,
headers=ufo.JSON_HEADERS)
def make_oauth_configration_resources_dict():
"""Make the resources for the oauth configuration component.
Returns:
A dict of the resources for the oauth configuration component.
"""
config = get_user_config()
return {
'config': config.to_dict(),
'oauth_url': oauth.getOauthFlow().step1_get_authorize_url(),
}
def make_oauth_configration_resources_dict():
"""Make the resources for the oauth configuration component.
Returns:
A dict of the resources for the oauth configuration component.
"""
config = get_user_config()
return {
'config': config.to_dict(),
'oauth_url': oauth.getOauthFlow().step1_get_authorize_url(),
}
def setup():
"""Handle showing the user the setup page and processing the response.
Returns:
On get: a rendered setup page template with appropriate resources passed
in. On post: a rendered setup page template with the error set in event of
a known error, a 403 flask.abort in the event of a FlowExchangeError
during oauth, or a redirect back to get the setup page on success.
"""
config = ufo.get_user_config()
flow = oauth.getOauthFlow()
oauth_url = flow.step1_get_authorize_url()
oauth_resources_dict = _get_oauth_configration_resources_dict(
config, oauth_url)
if flask.request.method == 'GET':
return flask.render_template(
'setup.html',
oauth_url=oauth_url,
oauth_configuration_resources=json.dumps(oauth_resources_dict))
credentials = None
domain = flask.request.form.get('domain', None)
if flask.request.form.get('oauth_code', None):
try:
credentials = flow.step2_exchange(flask.request.form['oauth_code'])
except oauth2client.client.FlowExchangeError as e:
flask.abort(403) # TODO better error
apiClient = credentials.authorize(httplib2.Http())
plusApi = discovery.build(serviceName='plus',
version='v1',
http=apiClient)
adminApi = discovery.build(serviceName='admin',
version='directory_v1',
http=apiClient)
try:
profileResult = plusApi.people().get(userId='me').execute()
if domain is None or domain != profileResult.get('domain', None):
return flask.render_template(
'setup.html',
error=DOMAIN_INVALID_TEXT,
oauth_configuration_resources=json.dumps(
oauth_resources_dict))
user_id = profileResult['id']
userResult = adminApi.users().get(userKey=user_id).execute()
if not userResult.get('isAdmin', False):
return flask.render_template(
'setup.html',
error=NON_ADMIN_TEXT,
oauth_configuration_resources=json.dumps(
oauth_resources_dict))
except Exception as e:
ufo.app.logger.error(e, exc_info=True)
return flask.render_template(
'setup.html',
error=str(e),
oauth_configuration_resources=json.dumps(oauth_resources_dict))
if not config.isConfigured:
admin_email = flask.request.form.get('admin_email', None)
admin_password = flask.request.form.get('admin_password', None)
if admin_email is None or admin_password is None:
return flask.render_template(
'setup.html',
error=NO_ADMINISTRATOR,
oauth_configuration_resources=json.dumps(oauth_resources_dict))
admin_user = models.AdminUser(email=admin_email)
admin_user.set_password(admin_password)
admin_user.save()
# if credentials were set above, moved down here to give us a chance to error
# out of admin user and password, could be moved inline with proper form
# validation for that (we also don't want to create a user if another step
# is going to fail)
if credentials is not None:
config.credentials = credentials.to_json()
config.domain = domain
flask.session['domain'] = domain
config.isConfigured = True
config.should_show_recaptcha = False
config.save()
return flask.redirect(flask.url_for('setup'))
def setup():
"""Handle showing the user the setup page and processing the response.
Returns:
On get: a rendered setup page template with appropriate resources passed
in. On post: a rendered setup page template with the error set in event of
a known error, a 403 flask.abort in the event of a FlowExchangeError
during oauth, or a redirect back to get the setup page on success.
"""
config = ufo.get_user_config()
flow = oauth.getOauthFlow()
oauth_url = flow.step1_get_authorize_url()
oauth_resources_dict = _get_oauth_configration_resources_dict(config,
oauth_url)
if flask.request.method == 'GET':
return flask.render_template(
'setup.html',
oauth_url=oauth_url,
oauth_configuration_resources=json.dumps(oauth_resources_dict))
credentials = None
domain = flask.request.form.get('domain', None)
if flask.request.form.get('oauth_code', None):
try:
credentials = flow.step2_exchange(flask.request.form['oauth_code'])
except oauth2client.client.FlowExchangeError as e:
flask.abort(403) # TODO better error
apiClient = credentials.authorize(httplib2.Http())
plusApi = discovery.build(serviceName='plus',
version='v1',
http=apiClient)
adminApi = discovery.build(serviceName='admin',
version='directory_v1',
http = apiClient)
try:
profileResult = plusApi.people().get(userId='me').execute()
if domain is None or domain != profileResult.get('domain', None):
return flask.render_template(
'setup.html', error=DOMAIN_INVALID_TEXT,
oauth_configuration_resources=json.dumps(oauth_resources_dict))
user_id = profileResult['id']
userResult = adminApi.users().get(userKey=user_id).execute()
if not userResult.get('isAdmin', False):
return flask.render_template(
'setup.html', error=NON_ADMIN_TEXT,
oauth_configuration_resources=json.dumps(oauth_resources_dict))
except Exception as e:
ufo.app.logger.error(e, exc_info=True)
return flask.render_template(
'setup.html', error=str(e),
oauth_configuration_resources=json.dumps(oauth_resources_dict))
if not config.isConfigured:
admin_email = flask.request.form.get('admin_email', None)
admin_password = flask.request.form.get('admin_password', None)
if admin_email is None or admin_password is None:
return flask.render_template(
'setup.html', error=NO_ADMINISTRATOR,
oauth_configuration_resources=json.dumps(oauth_resources_dict))
admin_user = models.AdminUser(email=admin_email)
admin_user.set_password(admin_password)
admin_user.save()
# if credentials were set above, moved down here to give us a chance to error
# out of admin user and password, could be moved inline with proper form
# validation for that (we also don't want to create a user if another step
# is going to fail)
if credentials is not None:
config.credentials = credentials.to_json()
config.domain = domain
flask.session['domain'] = domain
config.isConfigured = True
config.should_show_recaptcha = False
config.save()
return flask.redirect(flask.url_for('setup'))
