def oauth_view(request):
oauth = OAuth(update_token=_update_token)
oauth.register(name='dlfp')
dlfp = oauth.create_client('dlfp')
token = dlfp.authorize_access_token(request)
resp = dlfp.get('me', token=token)
profile = resp.json()
login = profile['login']
dbToken = OAuth2Token.objects.filter(username=login).first()
if not dbToken:
dbToken = OAuth2Token(
name='dlfp',
uuid=uuid.uuid4(),
username=login,
)
dbToken.token_type = token['token_type']
dbToken.access_token = token['access_token']
dbToken.refresh_token = token['refresh_token']
dbToken.expires_at = token['expires_at']
dbToken.save()
context = {'uuid': dbToken.uuid}
return render(request, 'boardauth/oauth.html', context)
def test_oauth2_authorize_code_verifier(self):
request = self.factory.get('/login')
request.session = self.factory.session
oauth = OAuth()
client = oauth.register(
'dev',
client_id='dev',
api_base_url='https://i.b/api',
access_token_url='https://i.b/token',
authorize_url='https://i.b/authorize',
client_kwargs={'code_challenge_method': 'S256'},
)
state = 'foo'
code_verifier = 'bar'
rv = client.authorize_redirect(request,
'https://a.b/c',
state=state,
code_verifier=code_verifier)
self.assertEqual(rv.status_code, 302)
url = rv.get('Location')
self.assertIn('state=', url)
self.assertIn('code_challenge=', url)
with mock.patch('requests.sessions.Session.send') as send:
send.return_value = mock_send_value(get_bearer_token())
request2 = self.factory.get('/authorize?state={}'.format(state))
request2.session = request.session
token = client.authorize_access_token(request2)
self.assertEqual(token['access_token'], 'a')
def test_oauth1_authorize(self):
request = self.factory.get('/login')
request.session = self.factory.session
oauth = OAuth()
client = oauth.register(
'dev',
client_id='dev',
client_secret='dev',
request_token_url='https://i.b/reqeust-token',
api_base_url='https://i.b/api',
access_token_url='https://i.b/token',
authorize_url='https://i.b/authorize',
)
with mock.patch('requests.sessions.Session.send') as send:
send.return_value = mock_send_value(
'oauth_token=foo&oauth_verifier=baz')
resp = client.authorize_redirect(request)
self.assertEqual(resp.status_code, 302)
url = resp.get('Location')
self.assertIn('oauth_token=foo', url)
request2 = self.factory.get(url)
request2.session = request.session
with mock.patch('requests.sessions.Session.send') as send:
send.return_value = mock_send_value(
'oauth_token=a&oauth_token_secret=b')
token = client.authorize_access_token(request2)
self.assertEqual(token['oauth_token'], 'a')
def test_oauth2_authorize(self):
request = self.factory.get('/login')
request.session = self.factory.session
oauth = OAuth()
client = oauth.register(
'dev',
client_id='dev',
client_secret='dev',
api_base_url='https://i.b/api',
access_token_url='https://i.b/token',
authorize_url='https://i.b/authorize',
)
rv = client.authorize_redirect(request, 'https://a.b/c')
self.assertEqual(rv.status_code, 302)
url = rv.get('Location')
self.assertIn('state=', url)
state = dict(url_decode(urlparse.urlparse(url).query))['state']
with mock.patch('requests.sessions.Session.send') as send:
send.return_value = mock_send_value(get_bearer_token())
request2 = self.factory.get('/authorize?state={}'.format(state))
request2.session = request.session
token = client.authorize_access_token(request2)
self.assertEqual(token['access_token'], 'a')
def test_oauth2_authorize_code_challenge(self):
request = self.factory.get('/login')
request.session = self.factory.session
oauth = OAuth()
client = oauth.register(
'dev',
client_id='dev',
api_base_url='https://i.b/api',
access_token_url='https://i.b/token',
authorize_url='https://i.b/authorize',
client_kwargs={'code_challenge_method': 'S256'},
)
rv = client.authorize_redirect(request, 'https://a.b/c')
self.assertEqual(rv.status_code, 302)
url = rv.get('Location')
self.assertIn('state=', url)
self.assertIn('code_challenge=', url)
state = dict(url_decode(urlparse.urlparse(url).query))['state']
state_data = request.session[f'_state_dev_{state}']['data']
verifier = state_data['code_verifier']
def fake_send(sess, req, **kwargs):
self.assertIn('code_verifier={}'.format(verifier), req.body)
return mock_send_value(get_bearer_token())
with mock.patch('requests.sessions.Session.send', fake_send):
request2 = self.factory.get('/authorize?state={}'.format(state))
request2.session = request.session
token = client.authorize_access_token(request2)
self.assertEqual(token['access_token'], 'a')
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
self._client_name = settings.OIDC_BACKEND_CLIENT_NAME
oauth = OAuth()
oauth.register(self._client_name)
self._oidc_client = getattr(oauth, self._client_name)
def test_register_remote_app(self):
oauth = OAuth()
self.assertRaises(AttributeError, lambda: oauth.dev)
oauth.register('dev',
client_id='dev',
client_secret='dev',
request_token_url='https://i.b/reqeust-token',
api_base_url='https://i.b/api',
access_token_url='https://i.b/token',
authorize_url='https://i.b/authorize')
self.assertEqual(oauth.dev.name, 'dev')
self.assertEqual(oauth.dev.client_id, 'dev')
def test_register_with_overwrite(self):
oauth = OAuth()
oauth.register('dev_overwrite',
overwrite=True,
client_id='dev',
client_secret='dev',
request_token_url='https://i.b/reqeust-token',
api_base_url='https://i.b/api',
access_token_url='https://i.b/token',
access_token_params={'foo': 'foo'},
authorize_url='https://i.b/authorize')
self.assertEqual(oauth.dev_overwrite.client_id, 'dev-client-id')
self.assertEqual(oauth.dev_overwrite.access_token_params['foo'],
'foo-1')
def post_dlfp(request):
user_uuid = request.COOKIES['uuid']
oauth = OAuth(update_token=_update_token)
oauth.register(name='dlfp')
dlfp = oauth.create_client('dlfp')
token = OAuth2Token.objects.filter(uuid=user_uuid).first()
message = request.POST[
'board[message]'] if 'board[message]' in request.POST else request.POST[
'message']
resp = dlfp.post('board',
json={'message': message},
token=token.to_token())
return HttpResponse(resp)
def test_oauth2_authorize_access_denied(self):
oauth = OAuth()
client = oauth.register(
'dev',
client_id='dev',
client_secret='dev',
api_base_url='https://i.b/api',
access_token_url='https://i.b/token',
authorize_url='https://i.b/authorize',
)
with mock.patch('requests.sessions.Session.send'):
request = self.factory.get('/?error=access_denied&error_description=Not+Allowed')
request.session = self.factory.session
self.assertRaises(OAuthError, client.authorize_access_token, request)
class OAuthSettings:
def __init__(self):
self.base_url = 'https://uspdigital.usp.br/wsusuario/oauth'
self.oauth = OAuth()
def create(self):
base_url = self.base_url
callback_id = getattr(settings, 'OAUTH_CALLBACK_ID')
self.oauth.register(
name='usp',
request_token_url=base_url + '/request_token',
access_token_url=base_url + '/access_token',
authorize_url=base_url +
'/authorize?callback_id={}'.format(callback_id),
api_base_url='https://uspdigital.usp.br/'
)
return self.oauth
def test_openid_authorize(self):
request = self.factory.get('/login')
request.session = self.factory.session
key = jwk.dumps('secret', 'oct', kid='f')
oauth = OAuth()
client = oauth.register(
'dev',
client_id='dev',
jwks={'keys': [key]},
api_base_url='https://i.b/api',
access_token_url='https://i.b/token',
authorize_url='https://i.b/authorize',
client_kwargs={'scope': 'openid profile'},
)
resp = client.authorize_redirect(request, 'https://b.com/bar')
self.assertEqual(resp.status_code, 302)
url = resp.get('Location')
self.assertIn('nonce=', url)
query_data = dict(url_decode(urlparse.urlparse(url).query))
token = get_bearer_token()
token['id_token'] = generate_id_token(
token,
{'sub': '123'},
key,
alg='HS256',
iss='https://i.b',
aud='dev',
exp=3600,
nonce=query_data['nonce'],
)
state = query_data['state']
with mock.patch('requests.sessions.Session.send') as send:
send.return_value = mock_send_value(token)
request2 = self.factory.get(
'/authorize?state={}&code=foo'.format(state))
request2.session = request.session
token = client.authorize_access_token(request2)
self.assertEqual(token['access_token'], 'a')
self.assertIn('userinfo', token)
self.assertEqual(token['userinfo']['sub'], '123')
def test_oauth2_access_token_with_post(self):
oauth = OAuth()
client = oauth.register(
'dev',
client_id='dev',
client_secret='dev',
api_base_url='https://i.b/api',
access_token_url='https://i.b/token',
authorize_url='https://i.b/authorize',
)
payload = {'code': 'a', 'state': 'b'}
with mock.patch('requests.sessions.Session.send') as send:
send.return_value = mock_send_value(get_bearer_token())
request = self.factory.post('/token', data=payload)
request.session = self.factory.session
request.session['_state_dev_b'] = {'data': {}}
token = client.authorize_access_token(request)
self.assertEqual(token['access_token'], 'a')
def test_with_fetch_token_in_oauth(self):
def fetch_token(name, request):
return {'access_token': name, 'token_type': 'bearer'}
oauth = OAuth(fetch_token=fetch_token)
client = oauth.register('dev',
client_id='dev',
client_secret='dev',
api_base_url='https://i.b/api',
access_token_url='https://i.b/token',
authorize_url='https://i.b/authorize')
def fake_send(sess, req, **kwargs):
self.assertEqual(sess.token['access_token'], 'dev')
return mock_send_value(get_bearer_token())
with mock.patch('requests.sessions.Session.send', fake_send):
request = self.factory.get('/login')
client.get('/user', request=request)
def test_openid_authorize(self):
request = self.factory.get('/login')
request.session = self.factory.session
oauth = OAuth()
client = oauth.register(
'dev',
client_id='dev',
api_base_url='https://i.b/api',
access_token_url='https://i.b/token',
authorize_url='https://i.b/authorize',
client_kwargs={'scope': 'openid profile'},
)
resp = client.authorize_redirect(request, 'https://b.com/bar')
self.assertEqual(resp.status_code, 302)
nonce = request.session['_dev_authlib_nonce_']
self.assertIsNotNone(nonce)
url = resp.get('Location')
self.assertIn('nonce={}'.format(nonce), url)
def test_request_without_token(self):
oauth = OAuth()
client = oauth.register('dev',
client_id='dev',
client_secret='dev',
api_base_url='https://i.b/api',
access_token_url='https://i.b/token',
authorize_url='https://i.b/authorize')
def fake_send(sess, req, **kwargs):
auth = req.headers.get('Authorization')
self.assertIsNone(auth)
resp = mock.MagicMock()
resp.text = 'hi'
resp.status_code = 200
return resp
with mock.patch('requests.sessions.Session.send', fake_send):
resp = client.get('/api/user', withhold_token=True)
self.assertEqual(resp.text, 'hi')
self.assertRaises(OAuthError, client.get, 'https://i.b/api/user')
def register_oauth():
"""Register the ``jwql`` application with the ``auth.mast``
authentication service.
Returns
-------
oauth : Object
An object containing methods to authenticate a user, provided
by the ``auth.mast`` service.
"""
# Get configuration parameters
for key in ['client_id', 'client_secret', 'auth_mast']:
check_config_for_key(key)
client_id = get_config()['client_id']
client_secret = get_config()['client_secret']
auth_mast = get_config()['auth_mast']
# Register with auth.mast
oauth = OAuth()
client_kwargs = {
'scope': 'mast:user:info',
'token_endpoint_auth_method': 'client_secret_basic',
'token_placement': 'header'
}
oauth.register(
'mast_auth',
client_id='{}'.format(client_id),
client_secret='{}'.format(client_secret),
access_token_url='https://{}/oauth/token'.format(auth_mast),
access_token_params=None,
refresh_token_url=None,
authorize_url='https://{}/oauth/authorize'.format(auth_mast),
api_base_url='https://{}/1.1/'.format(auth_mast),
client_kwargs=client_kwargs)
return oauth
ExamRegistrationForm,
CourseEditForm,
CourseSudoForm,
CourseUserEditForm,
TimeSlotFormSet,
ExamSlotFormSet,
CourseUserCreateForm,
CourseUserImportForm,
ExamEditForm,
ExamCheckinForm,
ExamEditSignupForm,
)
from .models import (Course, CourseUser, Exam, ExamRegistration, GithubToken,
User, ExamSlot)
oauth = OAuth()
oauth.register(
'github',
access_token_url='https://github.com/login/oauth/access_token',
access_token_params=None,
authorize_url='https://github.com/login/oauth/authorize',
authorize_params=None,
api_base_url='https://api.github.com/',
client_kwargs={'scope': 'repo:invite'},
)
def course_auth(request, course_code, instructor=False, use_sudo=True):
"""
Checks whether a user is enrolled in the course. If so, a 2-tuple
(course, course_user) is returned, and otherwise, a PermissionDenied
from django.conf import settings
from django.http import HttpResponseRedirect
from django.contrib import auth
from django.contrib.auth import logout as auth_logout
from django.contrib.auth.views import LogoutView
from django.utils.decorators import method_decorator
from django.views.decorators.cache import never_cache
from django.views import View
from django.urls import reverse
from authlib.integrations.django_client import OAuth
from tendenci.apps.event_logs.models import EventLog
from tendenci.apps.site_settings.utils import get_setting
oauth = OAuth()
remote_app_name = settings.OAUTH2_REMOTE_APP_NAME
oauth.register(
name=remote_app_name,
client_id=settings.OAUTH2_CLIENT_ID,
client_secret=settings.OAUTH2_CLIENT_SECRET,
userinfo_endpoint=settings.OAUTH2_USERINFO_ENDPOINT,
access_token_url=settings.OAUTH2_ACCESS_TOKEN_URL,
access_token_params=settings.OAUTH2_ACCESS_TOKEN_PARAMS,
authorize_url=settings.OAUTH2_AUTHORIZE_URL,
authorize_params=settings.OAUTH2_AUTHORIZE_PARAMS,
api_base_url=settings.OAUTH2_API_BASE_URL,
client_kwargs=settings.OAUTH2_CLIENT_KWARGS,
)
def test_register_from_settings(self):
oauth = OAuth()
oauth.register('dev')
self.assertEqual(oauth.dev.client_id, 'dev-key')
self.assertEqual(oauth.dev.client_secret, 'dev-secret')
import json
from django.shortcuts import redirect
from django.urls import reverse
from rest_framework.views import APIView
from rest_framework.permissions import IsAuthenticated
from authlib.integrations.django_client import OAuth
from django.conf import settings
from core.views.utils import generate_uri
oauth = OAuth()
oauth.register(
name='blizzard',
server_metadata_url=settings.BLIZZARD_CONF_URL,
client_kwargs={
'scope': ''
}
)
class AuthLoginBlizzard(APIView):
permission_classes = [IsAuthenticated]
def get(self, request):
redirect_uri = generate_uri(request, reverse('blizzard_auth'))
return oauth.blizzard.authorize_redirect(request, redirect_uri)
class AuthCompleteBlizzard(APIView):
permission_classes = [IsAuthenticated]
from authlib.integrations.django_client import OAuth, DjangoRemoteApp
from typing import Dict
def normalize_userinfo(_client, data: Dict[str, str]) -> Dict[str, str]:
return {
"id": data["id"],
"username": data["username"] + "." + data["discriminator"],
"email": data["email"],
}
oauth = OAuth()
oauth.register(
"discord",
api_base_url="https://discord.com/api/",
access_token_url="https://discord.com/api/oauth2/token",
authorize_url="https://discord.com/api/oauth2/authorize",
userinfo_endpoint="https://discord.com/api/users/%40me",
userinfo_compliance_fix=normalize_userinfo,
client_kwargs={
"token_endpoint_auth_method": "client_secret_post",
"scope": "identify email guilds",
},
)
def get_discord_client() -> DjangoRemoteApp:
"""
Get a Discord OAuth2 client
"""
def __init__(self, get_response=None):
super().__init__(get_response)
self.oauth = OAuth()
class OAuthMiddleware(MiddlewareMixin):
def __init__(self, get_response=None):
super().__init__(get_response)
self.oauth = OAuth()
def process_request(self, request):
if settings.OAUTH_URL_WHITELISTS is not None:
for w in settings.OAUTH_URL_WHITELISTS:
if request.path.startswith(w):
return self.get_response(request)
def update_token(token, refresh_token, access_token):
request.session['token'] = token
return None
sso_client = self.oauth.register(settings.OAUTH_CLIENT_NAME,
overwrite=True,
**settings.OAUTH_CLIENT,
update_token=update_token)
if request.path.startswith('/oauth/callback'):
self.clear_session(request)
request.session['token'] = sso_client.authorize_access_token(
request)
if self.get_current_user(sso_client, request) is not None:
redirect_uri = request.session.pop('redirect_uri', None)
if redirect_uri is not None:
return redirect(redirect_uri)
return redirect(views.index)
if request.session.get('token', None) is not None:
current_user = self.get_current_user(sso_client, request)
if current_user is not None:
return self.get_response(request)
# remember redirect URI for redirecting to the original URL.
request.session['redirect_uri'] = request.path
return sso_client.authorize_redirect(
request, settings.OAUTH_CLIENT['redirect_uri'])
# fetch current login user info
# 1. check if it's in cache
# 2. fetch from remote API when it's not in cache
@staticmethod
def get_current_user(sso_client, request):
token = request.session.get('token', None)
if token is None or 'access_token' not in token:
return None
if not OAuth2Token.from_dict(
token).is_expired() and 'user' in request.session:
return request.session['user']
try:
res = sso_client.get(settings.OAUTH_CLIENT['userinfo_endpoint'],
token=OAuth2Token(token))
if res.ok:
request.session['user'] = res.json()
return res.json()
except OAuthError as e:
print(e)
return None
@staticmethod
def clear_session(request):
try:
del request.session['user']
del request.session['token']
except KeyError:
pass
def __del__(self):
print('destroyed')
from django.shortcuts import redirect
from django.urls import reverse
from django.contrib.auth import authenticate, login as django_login
from authlib.integrations.django_client import OAuth
from django.conf import settings
host = getattr(settings, 'ENVOY_HOST', 'envoy.com')
oauth = OAuth()
oauth.register(name='envoy',
access_token_url=f'https://app.{host}/a/auth/v0/token',
authorize_url=f'https://dashboard.{host}/a/auth/v0/authorize',
client_kwargs={'scope': 'public'})
def login(request):
redirect_uri = request.build_absolute_uri(reverse('authorize'))
return oauth.envoy.authorize_redirect(request, redirect_uri)
def authorize(request):
oauth_token = oauth.envoy.authorize_access_token(request)
# Authenticates user using EnvoyAuthBackend
user = authenticate(oauth_token=oauth_token)
# TODO: handle failure
if user is not None:
# saves user_id in Session
django_login(request, user)
return redirect('/')
STATICFILES_DIRS = [
os.path.join(BASE_DIR, 'static/'),
# STATIC_ROOT,
# ("css", os.path.join(STATIC_ROOT, "static")),
# ("js", os.path.join(STATIC_ROOT, "js")),
]
# EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
# LOGIN_REDIRECT_URL = 'homeAfterLogin'
# LOGOUT_REDIRECT_URL = 'home'
MEDIA_ROOT = os.path.join(BASE_DIR, 'media')
MEDIA_URL = '/media/'
# TODO:change to your own setting
# used for sending email
EMAIL_HOST = "smtp.163.com" # server
EMAIL_PORT = 25 # port number
EMAIL_HOST_USER = "******" # the account
EMAIL_HOST_PASSWORD = "******" # password: the password used for Authorization of sending email, not the
# login
EMAIL_USE_TLS = False # use transport layer security or not
EMAIL_FROM = "*****@*****.**" # which account send the email
# ACCOUNT_ACTIVATION_DAYS = 7 # One-week activation window; you may, of course, use a different value. currently
# didnt use
SESSION_EXPIRE_AT_BROWSER_CLOSE = True
# register the apps
oauth = OAuth()
import json, re, requests, time
from urllib.parse import urlparse
from datetime import datetime
from django.http import Http404
from django.urls import reverse
from django.http import JsonResponse
from django.db.models import Count
from django.shortcuts import render, redirect
from authlib.integrations.django_client import OAuth
from .models import User, Tweets
from .utils import sevenspan, getlinks
oauth = OAuth()
oauth.register(
name='twitter',
api_base_url='https://api.twitter.com/1.1/',
request_token_url='https://api.twitter.com/oauth/request_token',
access_token_url='https://api.twitter.com/oauth/access_token',
authorize_url='https://api.twitter.com/oauth/authenticate',
fetch_token=lambda: session.get(token),
)
def home(request):
newuser = request.session.get('user')
if newuser:
newuser, created = User.objects.get_or_create(handleid=newuser['id'], name=newuser['screen_name'])
return render(request, 'tweetie/home.html', context={'user': newuser})
'client_kwargs': {
'scope': 'email public_profile'
},
'userinfo_endpoint': USERINFO_ENDPOINT,
'userinfo_compliance_fix': normalize_userinfo,
}
# facebook_oauth = OAuth()
# facebook_oauth.register(
# name='facebook',
# fetch_token = lambda request: getattr(request, token_name,None),
# client_cls = RemoteApp,
# )
CONF_URL = 'https://accounts.google.com/.well-known/openid-configuration'
oauth = OAuth()
oauth.register(name='google',
server_metadata_url=CONF_URL,
client_kwargs={'scope': 'openid email profile'})
oauth.register(
name='facebook',
overwrite=True,
fetch_token=lambda request: getattr(request, token_name, None),
)
def loginFacebook(request):
facebook = oauth.create_client('facebook')
redirect_uri = request.build_absolute_uri(reverse('authfacebook'))
return facebook.authorize_redirect(request, redirect_uri)
p.velocities = velocity_json
p.project_settings = attrs.get('project_settings',
p.project_settings)
p.mode = attrs.get('mode', p.mode)
p.save()
else:
logger.warning('projects_dict is None')
logger.info('parse_tms has finished')
response_message = ''
if len(new_projects) > 0:
response_message += "New projects found and parsed: {}.".format(
', '.join(new_projects))
else:
response_message += 'No new projects detected - please ensure there are done tasks assigned to you.'
if len(updated_projects) > 0:
response_message += " Updated existing projects: {}.".format(
', '.join(updated_projects))
logger.info('parse_tms response: {}'.format(response_message))
return response_message
PROD_HOST_URL = getattr(settings, "PROD_HOST_URL", "http://localhost:8000")
atlassian_redirect_uri = PROD_HOST_URL + '/atlassian_callback'
logger.debug('atlassian_redirect_uri: "{}"'.format(atlassian_redirect_uri))
oauth = OAuth(fetch_token=fetch_oauth_token, update_token=update_oauth_token)
oauth.register(name='atlassian')
logger.debug('oauth registered: {}'.format(oauth.atlassian))
logger.info('models import finished.')
from authlib.integrations.django_client import OAuth
from authlib.oidc.discovery import get_well_known_url
from django.conf import settings
from nens_auth_client.cognito import CognitoOAuthClient
# Create the global OAuth registry
oauth_registry = OAuth()
def get_oauth_client():
client = oauth_registry.create_client("cognito")
if client is not None:
return client
url = get_well_known_url(settings.NENS_AUTH_ISSUER, external=True)
oauth_registry.register(
name="cognito",
client_id=settings.NENS_AUTH_CLIENT_ID,
client_secret=settings.NENS_AUTH_CLIENT_SECRET,
server_metadata_url=url,
client_kwargs={"scope": " ".join(settings.NENS_AUTH_SCOPE)},
client_cls=CognitoOAuthClient,
)
return oauth_registry.create_client("cognito")