def home(): """homepage of the app gui: shows the group name as title along with an input field for emails shows number of users in group, if specified in flag (see SHOW_USERS) view: sends a POST request to slack to get the number of users entering a valid email results in a POST request to /invite """ # get number of users if flag is True if show_users: url = 'https://' + slack_group + '.slack.com/api/users.list' data = { 'token': token, } r = request_post(url, data) data = json_load(r.text) users = len(data['members']) else: users = '' # render the template 'homepage.tpl' return template( 'homepage', show_users=show_users, users=users, bg_color=bg_color, group_name=group_name, )
def slack_invite(email): return request_post('https://%s.slack.com/api/users.admin.invite' % (env['SLACK_TEAM_NAME']), data={ "token": env['SLACK_API_TOKEN'], "email": email, "set_active": True, })
def slack_invite(email): return request_post( 'https://%s.slack.com/api/users.admin.invite' % (env['SLACK_TEAM_NAME']), data={ "token": env['SLACK_API_TOKEN'], "email": email, "set_active": True, } )
def check_access_token(self, request): if not self.is_refreshable_url(request): debug(f"{request.path} is not refreshable") return debug(f"{request.path} is refreshable") if constants.SESSION_REFRESH_TOKEN not in request.session: return expiration = request.session[constants.SESSION_ACCESS_EXPIRES_AT] now = time() if expiration > now: # The id_token is still valid, so we don't have to do anything. debug('access token is still valid (%s > %s)', strftime('%d/%m/%Y, %H:%M:%S', gmtime(expiration)), strftime('%d/%m/%Y, %H:%M:%S', gmtime(now))) return debug('access token has expired') # The access_token has expired, so we have to refresh silently. # Build the parameters. params = { 'grant_type': 'refresh_token', 'client_id': settings.OIDC_RP_CLIENT_ID, 'client_secret': settings.OIDC_RP_CLIENT_SECRET, 'refresh_token': request.session[constants.SESSION_REFRESH_TOKEN], } resp = request_post(request.session[constants.SESSION_OP_TOKEN_URL], data=params) if not resp: error(resp.text) raise MiddlewareException(resp.text) result = resp.json() access_token = result['access_token'] expires_in = result['expires_in'] # in secs id_token = result.get('id_token', request.session[constants.SESSION_ID_TOKEN]) refresh_token = result.get( 'refresh_token', request.session[constants.SESSION_REFRESH_TOKEN]) if id_token != request.session[constants.SESSION_ID_TOKEN]: # blacklist old token BlacklistedToken.blacklist( request.session[constants.SESSION_ID_TOKEN]) now = time() request.session[constants.SESSION_ID_TOKEN] = id_token request.session[constants.SESSION_ACCESS_TOKEN] = access_token request.session[constants.SESSION_ACCESS_EXPIRES_AT] = now + expires_in request.session[constants.SESSION_REFRESH_TOKEN] = refresh_token request.session.save()
def invite(): """invite REST endpoint for sending invites to slack from homepage retrieves email id from form, and sends it to slack uses the slack web API along with supplied token to authenticate user returns response as json to hompeage to be displayed to the user """ # retrieve email field from form email = request.POST.allitems()[0][1] # send invite request to slack url = 'https://' + slack_group + '.slack.com/api/users.admin.invite' data = { 'email': email, 'token': token, 'set_active': True, } # set response as json, and return response response.content_type = 'application/json' return request_post(url, data).text
def authenticate(self, request, use_pkce: bool, code: str, state: Optional[str], nonce: Optional[str], code_verifier: Optional[str], **kwargs) -> AbstractBaseUser: """Authenticates users using OpenID Connect Authorization code flow.""" if not request: return None try: if use_pkce: if any(( not code, not code_verifier, )): raise SuspiciousOperation( 'code and code_verifier values are required') else: if any(( not code, not state, not nonce, )): raise SuspiciousOperation( 'code, state and nonce values are required') params = { 'grant_type': 'authorization_code', 'client_id': settings.OIDC_RP_CLIENT_ID, 'client_secret': settings.OIDC_RP_CLIENT_SECRET, 'redirect_uri': request.build_absolute_uri( reverse(constants.OIDC_URL_CALLBACK_NAME)), 'code': code, } if use_pkce: params['code_verifier'] = code_verifier resp = request_post( request.session[constants.SESSION_OP_TOKEN_URL], data=params) if resp.status_code != 200: raise SuspiciousOperation(f"{resp.status_code} {resp.text}") result = resp.json() id_token = result['id_token'] access_token = result['access_token'] expires_in = result.get('expires_in') # in secs, could be missing refresh_token = result.get( 'refresh_token' ) if 'offline_access' in settings.OIDC_RP_SCOPES else None id_claims = self.validate_and_decode_id_token( id_token, nonce, request.session[constants.SESSION_OP_JWKS]) self.validate_claims(id_claims) now = time() if expires_in: expires_at = now + expires_in else: expires_at = id_claims.get( 'exp', now + settings.OIDC_MIDDLEWARE_SESSION_TIMEOUT_SECONDS) request.session[constants.SESSION_ID_TOKEN] = id_token request.session[constants.SESSION_ACCESS_TOKEN] = access_token request.session[constants.SESSION_ACCESS_EXPIRES_AT] = expires_at request.session[ constants. SESSION_EXPIRES_AT] = now + settings.OIDC_MIDDLEWARE_SESSION_TIMEOUT_SECONDS if refresh_token: request.session[ constants.SESSION_REFRESH_TOKEN] = refresh_token user = self.get_or_create_user(request, id_claims, access_token) return user except Exception as e: warning(e, str(e)) return None finally: # be sure the session is in sync request.session.save()