def _process(self):
# QRCode (Version 6 with error correction L can contain up to 106 bytes)
qr = qrcode.QRCode(
version=6,
error_correction=qrcode.constants.ERROR_CORRECT_M,
box_size=4,
border=1
)
checkin_app = OAuthApplication.find_one(system_app_type=SystemAppType.checkin)
qr_data = {
"event_id": self.event.id,
"title": self.event.title,
"date": self.event.start_dt.isoformat(),
"version": 1,
"server": {
"base_url": config.BASE_URL,
"consumer_key": checkin_app.client_id,
"auth_url": url_for('oauth.oauth_authorize', _external=True),
"token_url": url_for('oauth.oauth_token', _external=True)
}
}
json_qr_data = json.dumps(qr_data)
qr.add_data(json_qr_data)
qr.make(fit=True)
qr_img = qr.make_image()
output = BytesIO()
qr_img.save(output)
output.seek(0)
return send_file('config.png', output, 'image/png')
def _process_args(self):
try:
UUID(hex=request.args['client_id'])
except ValueError:
raise NoResultFound
self.application = OAuthApplication.find_one(
client_id=request.args['client_id'])
def save_token(token_data, request, *args, **kwargs):
# For the implicit flow
# Check issue: https://github.com/lepture/flask-oauthlib/issues/209
if request.grant_type == 'authorization_code':
user = request.user
elif request.grant_type is None: # implicit flow
user = session.user
else:
raise ValueError('Invalid grant_type')
requested_scopes = set(token_data['scope'].split())
token = OAuthToken.find_first(OAuthApplication.client_id == request.client.client_id,
OAuthToken.user == user,
_join=OAuthApplication)
if token is None:
application = OAuthApplication.find_one(client_id=request.client.client_id)
token = OAuthToken(application=application, user=user)
db.session.add(token)
token.access_token = token_data['access_token']
token.scopes = requested_scopes
elif requested_scopes - token.scopes:
logger.info('Added scopes to {}: {}'.format(token, requested_scopes - token.scopes))
# use the new access_token when extending scopes
token.access_token = token_data['access_token']
token.scopes |= requested_scopes
else:
token_data['access_token'] = token.access_token
token_data.pop('refresh_token', None) # we don't support refresh tokens so far
token_data.pop('expires_in', None) # our tokens currently do not expire
return token
def save_token(token_data, request, *args, **kwargs):
# For the implicit flow
# Check issue: https://github.com/lepture/flask-oauthlib/issues/209
if request.grant_type == 'authorization_code':
user = request.user
elif request.grant_type is None: # implicit flow
user = session.user
else:
raise ValueError('Invalid grant_type')
requested_scopes = set(token_data['scope'].split())
token = OAuthToken.find_first(
OAuthApplication.client_id == request.client.client_id,
OAuthToken.user == user,
_join=OAuthApplication)
if token is None:
application = OAuthApplication.find_one(
client_id=request.client.client_id)
token = OAuthToken(application=application, user=user)
db.session.add(token)
token.access_token = token_data['access_token']
token.scopes = requested_scopes
elif requested_scopes - token.scopes:
logger.info('Added scopes to %s: %s', token,
requested_scopes - token.scopes)
# use the new access_token when extending scopes
token.access_token = token_data['access_token']
token.scopes |= requested_scopes
else:
token_data['access_token'] = token.access_token
token_data.pop('refresh_token',
None) # we don't support refresh tokens so far
token_data.pop('expires_in', None) # our tokens currently do not expire
return token
def celery_cmd(args):
# remove the celery shell command
next(funcs for group, funcs, _ in command_classes
if group == 'Main').remove('shell')
del CeleryCommand.commands['shell']
if args and args[0] == 'flower':
# Somehow flower hangs when executing it using CeleryCommand() so we simply exec it directly.
# It doesn't really need the celery config anyway (besides the broker url)
try:
import flower # noqa: F401
except ImportError:
print(cformat('%{red!}Flower is not installed'))
sys.exit(1)
app = OAuthApplication.find_one(system_app_type=SystemAppType.flower)
if not app.redirect_uris:
print(
cformat(
'%{yellow!}Authentication will fail unless you configure the redirect url for the {} OAuth '
'application in the administration area.').format(
app.name))
print(
cformat('%{green!}Only Indico admins will have access to flower.'))
print(
cformat(
'%{yellow}Note that revoking admin privileges will not revoke Flower access.'
))
print(cformat('%{yellow}To force re-authentication, restart Flower.'))
auth_args = [
'--auth=^Indico Admin$',
'--auth_provider=indico.core.celery.flower.FlowerAuthHandler'
]
auth_env = {
'INDICO_FLOWER_CLIENT_ID':
app.client_id,
'INDICO_FLOWER_CLIENT_SECRET':
app.client_secret,
'INDICO_FLOWER_AUTHORIZE_URL':
url_for('oauth.oauth_authorize', _external=True),
'INDICO_FLOWER_TOKEN_URL':
url_for('oauth.oauth_token', _external=True),
'INDICO_FLOWER_USER_URL':
url_for('users.authenticated_user', _external=True)
}
if config.FLOWER_URL:
auth_env['INDICO_FLOWER_URL'] = config.FLOWER_URL
args = ['celery', '-b', config.CELERY_BROKER] + args + auth_args
env = dict(os.environ, **auth_env)
os.execvpe('celery', args, env)
elif args and args[0] == 'shell':
print(cformat('%{red!}Please use `indico shell`.'))
sys.exit(1)
else:
CeleryCommand(celery).execute_from_commandline(['indico celery'] +
args)
def celery_cmd(args):
# remove the celery shell command
next(funcs for group, funcs, _ in command_classes if group == 'Main').remove('shell')
del CeleryCommand.commands['shell']
if args and args[0] == 'flower':
# Somehow flower hangs when executing it using CeleryCommand() so we simply exec it directly.
# It doesn't really need the celery config anyway (besides the broker url)
try:
import flower
except ImportError:
print cformat('%{red!}Flower is not installed')
sys.exit(1)
app = OAuthApplication.find_one(system_app_type=SystemAppType.flower)
if not app.redirect_uris:
print cformat('%{yellow!}Authentication will fail unless you configure the redirect url for the {} OAuth '
'application in the administration area.').format(app.name)
print cformat('%{green!}Only Indico admins will have access to flower.')
print cformat('%{yellow}Note that revoking admin privileges will not revoke Flower access.')
print cformat('%{yellow}To force re-authentication, restart Flower.')
auth_args = ['--auth=^Indico Admin$', '--auth_provider=indico.core.celery.flower.FlowerAuthHandler']
auth_env = {'INDICO_FLOWER_CLIENT_ID': app.client_id,
'INDICO_FLOWER_CLIENT_SECRET': app.client_secret,
'INDICO_FLOWER_AUTHORIZE_URL': url_for('oauth.oauth_authorize', _external=True),
'INDICO_FLOWER_TOKEN_URL': url_for('oauth.oauth_token', _external=True),
'INDICO_FLOWER_USER_URL': url_for('users.authenticated_user', _external=True)}
if config.FLOWER_URL:
auth_env['INDICO_FLOWER_URL'] = config.FLOWER_URL
args = ['celery', '-b', config.CELERY_BROKER] + args + auth_args
env = dict(os.environ, **auth_env)
os.execvpe('celery', args, env)
elif args and args[0] == 'shell':
print cformat('%{red!}Please use `indico shell`.')
sys.exit(1)
else:
CeleryCommand(celery).execute_from_commandline(['indico celery'] + args)
def _checkParams(self):
try:
UUID(hex=request.args['client_id'])
except ValueError:
raise NoResultFound
self.application = OAuthApplication.find_one(client_id=request.args['client_id'])
