/
authshim.py
123 lines (100 loc) · 3.46 KB
/
authshim.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
from flask import Flask, render_template, request, jsonify, redirect
import requests
import random
from urlparse import urlparse
app = Flask(__name__)
from OpenSSL import SSL
context = SSL.Context(SSL.SSLv23_METHOD)
context.use_privatekey_file('server.key')
context.use_certificate_file('server.crt')
CLIENT_ID = "5fmnuoxq79novlted3hvo7jcc51a5zi6"
CLIENT_SECRET = "waPXTZ4x1BI2C9PPGGNQ9D6cOWcIyiWn"
CLIENTS = {
CLIENT_ID: {
"client_id": CLIENT_ID,
"client_secret": CLIENT_SECRET,
"allowed_redirects": ["http://www.testapp.com:5001/",
"file:///home/rcoh/fp/pages-shim/index.html", "http://rcoh.github.io/oauth-shim/"],
"service": "box"
}
}
STATE_CACHE = {}
SERVICES = {
"box": {
"url": "https://www.box.com/api/oauth2/authorize",
"params": {"response_type": "code"}
}
}
@app.route("/debug")
def hello():
return render_template('hello.html', redir_url = "https://inklocal.com:5000/authed", client_id =
CLIENT_ID)
@app.route("/oauth2/<servicename>/auth")
def do_auth(servicename):
client_id = request.args.get('client_id')
final_redirect_uri = request.args.get('redirect_uri')
# TODO handle lack of client_id
client_info = CLIENTS.get(client_id)
if not client_info:
return "no client", 500
# verify redirect
# TODO more flexibility
if not final_redirect_uri in client_info['allowed_redirects']:
return "bad redirect: " + final_redirect_uri, 500
service_obj = SERVICES[client_info['service']]
redirect_uri = service_obj["url"]
# lol fix
state = str(random.randint(0, 10000))
STATE_CACHE[state] = {
"reply_state": request.args.get('state'),
"redirect_uri": final_redirect_uri,
"client": client_info
}
params = {
"redirect_uri": "https://www.authshim.com:5000/redirect",
"client_id": client_id,
"state": state
}
params.update(service_obj['params'])
return redirect(add_params(redirect_uri, params))
def add_params(url, params):
import urllib
import urlparse
url_parts = list(urlparse.urlparse(url))
query = dict(urlparse.parse_qsl(url_parts[4]))
query.update(params)
url_parts[4] = urllib.urlencode(query)
return urlparse.urlunparse(url_parts)
@app.route("/redirect")
def redir():
incoming_state = request.args.get('state')
state = STATE_CACHE[incoming_state]
client = state['client']
if client["service"] == "box":
token = doauth_box(state['client'])
# LOL should return everything
return render_template("auth_complete.html", auth_token = token, redirect_origin =
state['redirect_uri'])
@app.route("/corsproxy/<url>", methods=['GET', 'OPTIONS'])
def proxy(url):
if request.method == 'OPTIONS':
response = app.make_default_options_response()
else:
response = redirect(url)
response.headers['Access-Control-Allow-Origin'] = "*"
return response
def doauth_box(client):
params = {
"grant_type": "authorization_code",
"code": request.args.get('code', ''),
"client_id": client['client_id'],
"client_secret": client['client_secret']
}
resp = requests.post("https://www.box.com/api/oauth2/token", data = params)
json_res = resp.json()
print json_res
access_token = json_res['access_token']
return access_token
if __name__ == "__main__":
app.debug = True
app.run(ssl_context = context)