def handle_stackexchange(self, data): self.send_response(302) c = Client(auth_endpoint='https://stackexchange.com/oauth', client_id=config['stackexchange.client_id'], redirect_uri='http://localhost/login/stackexchange') self.send_header('Location', c.auth_uri()) self.end_headers()
def authenticate(self, code=None, provider_key=None): """ Django API function, authenticating a user Authentication method required of a Django authentication backend. If successful, this method will retrieve an access token from the provider. :note: A method ``fetch_user`` is expected as a static function on the custom user class. This is responsible for retrieiving the actual user instance required by the Django backend. It will receive the ``provider_key`` and an instance of a sanction client (which should contain the access token) :param code: The code returned by the OAuth 2.0 provider once the user has given your application authorization. :param provider_key: The key for the provider sending authorization data. This should match the keys used in your settings file for ``SANCTION_PROVIDERS``. """ model = get_user_model() provider = settings.SANCTION_PROVIDERS[provider_key] c = SanctionClient(token_endpoint=provider['token_endpoint'], resource_endpoint=provider['resource_endpoint'], auth_endpoint=provider['auth_endpoint'], client_id=provider['client_id'], client_secret=provider['client_secret'], redirect_uri=provider['redirect_uri']) c.request_token(code=code, parser=provider.get('parser', None)) return model.fetch_user(provider_key, c)
def handle_foursquare(self, data): self.send_response(302) c = Client(auth_endpoint="https://foursquare.com/oauth2/authenticate", client_id=config["foursquare.client_id"], redirect_uri="http://localhost:8080/login/foursquare") self.send_header("Location", c.auth_uri()) self.end_headers()
def handle_stackexchange_login(self, data): self.send_response(200) self.send_header("Content-type", "text/html") self.log_message(self.path) self.end_headers() c = Client(StackExchange, get_config()) cred = c.flow.authorization_received(data) d = c.request("/me", body=urlencode({ "site": "stackoverflow" })) self.wfile.write("<!DOCTYPE html>") self.wfile.write("<head><meta charset=\"utf-8\"/></head><body>") self.wfile.write("Access token: %s<br>" % cred.access_token) self.wfile.write("Type: %s<br>" % cred.token_type) self.wfile.write("Expires in: %d<br>" % cred.expires_in) # stackexchange gzips all data h = StringIO(d) gzip_data = GzipFile(fileobj=h) d = gzip_data.read() gzip_data.close() self.wfile.write(d) self.wfile.write("</body></html>")
def handle_foursquare(self, data): self.send_response(302) c = Client(auth_endpoint='https://foursquare.com/oauth2/authenticate', client_id=config['foursquare.client_id'], redirect_uri='http://localhost/login/foursquare') self.send_header('Location', c.auth_uri()) self.end_headers()
def handle_github(self, data): self.send_response(302) c = Client(auth_endpoint='https://github.com/login/oauth/authorize', client_id=config['github.client_id'], redirect_uri='http://localhost/login/github') self.send_header('Location', c.auth_uri()) self.end_headers()
def handle_instagram(self, data): self.send_response(302) c = Client(auth_endpoint='https://api.instagram.com/oauth/authorize/', client_id=config['instagram.client_id'], redirect_uri='http://localhost/login/instagram') self.send_header('Location', c.auth_uri()) self.end_headers()
def process_request(self, request): if not request.user.is_anonymous(): try: provider = filter(lambda p: p["name"] == request.user.provider_key, (settings.OAUTH2_PROVIDERS[k] for k in settings.OAUTH2_PROVIDERS))[-1] c = Client(token_endpoint=provider["token_endpoint"], resource_endpoint=provider["resource_endpoint"], auth_endpoint=provider["auth_endpoint"], redirect_uri=provider.get("redirect_uri", None), client_id=provider["client_id"], client_secret=provider["client_secret"]) c.access_token = request.user.access_token c.expires = request.user.expires setattr(request.user, "resource", c) # play nice with other authentication backends except IndexError: raise KeyError("Provider %s doesn't exist" % request.user.provider_key) except AttributeError: # current user isn't a django_sanction user pass
def handle_facebook_login(self, data): self.send_response(200) self.send_header("Content-type", "text/html") self.log_message(self.path) self.end_headers() c = Client( token_endpoint="https://graph.facebook.com/oauth/access_token", resource_endpoint="https://graph.facebook.com", redirect_uri="http://localhost:8080/login/facebook", client_id=config["facebook.client_id"], client_secret=config["facebook.client_secret"]) c.request_token(data=data, parser = lambda data: dict(parse_qsl(data))) d = c.request("/me") self.wfile.write("Access token: %s<br>" % c.access_token) self.wfile.write("First name: %s<br>" % d["first_name"]) self.wfile.write("Last name: %s<br>" % d["last_name"]) self.wfile.write("Email: %s<br>" % d["email"]) # to see a wall post in action, uncomment this try: d = c.request("/me/feed", data=urlencode({ "message": "test post from py-sanction" })) self.wfile.write( "I posted a message to your wall (in sandbox mode, nobody else will see it)") except: self.wfile.write( "Unable to post to your wall")
def handle_bitly(self, data): self.send_response(302) c = Client(auth_endpoint="https://bitly.com/oauth/authorize", client_id=config["bitly.client_id"], redirect_uri="http://localhost:8080/login/bitly") self.send_header("Location", c.auth_uri()) self.end_headers()
def test_inst(self): from urlparse import urlparse from urlparse import parse_qsl from sanction.client import Client c = get_config() client = Client(TestAdapterImpl, c) uri = client.flow.authorization_uri() o = urlparse(uri) qs = dict(parse_qsl(o.query)) self.assertEquals(qs["scope"], c["testadapterimpl.scope"]) self.assertEquals(qs["redirect_uri"], c["testadapterimpl.redirect_uri"]) self.assertEquals(qs["response_type"], "code") self.assertEquals(qs["client_id"], c["testadapterimpl.client_id"]) start_server() cred = client.flow.authorization_received({ "code": "test" }) self.assertTrue(isinstance(cred, BearerCredentials)) start_server() r = client.request("/me")
def handle_stackexchange(self, data): self.send_response(302) c = Client(auth_endpoint="https://stackexchange.com/oauth", client_id=config["stackexchange.client_id"], redirect_uri="http://localhost/login/stackexchange") self.send_header("Location", c.auth_uri()) self.end_headers()
def handle_github(self, data): self.send_response(302) c = Client(auth_endpoint="https://github.com/login/oauth/authorize", client_id=config["github.client_id"], redirect_uri="http://localhost/login/github") self.send_header("Location", c.auth_uri()) self.end_headers()
def handle_facebook_login(self, data): c = Client( token_endpoint='https://graph.facebook.com/oauth/access_token', resource_endpoint='https://graph.facebook.com', redirect_uri='http://localhost/login/facebook', client_id=config['facebook.client_id'], client_secret=config['facebook.client_secret']) c.request_token(code=data['code'], parser=lambda data: dict(parse_qsl(data))) self.dump_client(c) d = c.request('/me') self.dump_response(d) try: d = c.request('/me/feed', data=urlencode({ 'message': 'test post from py-sanction' })) self.wfile.write( 'I posted a message to your wall (in sandbox mode, nobody ' 'else will see it)'.encode(ENCODING_UTF8)) except: self.wfile.write( 'Unable to post to your wall')
def handle_foursquare_login(self, data): def token_transport(url, access_token, data=None, method=None): parts = urlsplit(url) query = dict(parse_qsl(parts.query)) query.update({ 'oauth_token': access_token }) url = urlunsplit((parts.scheme, parts.netloc, parts.path, urlencode(query), parts.fragment)) try: req = Request(url, data=data, method=method) except TypeError: req = Request(url, data=data) req.get_method = lambda: method return req c = Client( token_endpoint='https://foursquare.com/oauth2/access_token', resource_endpoint='https://api.foursquare.com/v2', redirect_uri='http://localhost/login/foursquare', client_id=config['foursquare.client_id'], client_secret=config['foursquare.client_secret'], token_transport=token_transport ) c.request_token(code=data['code']) self.dump_client(c) d = c.request('/users/24700343') self.dump_response(d)
def handle_instagram(self, data): self.send_response(302) c = Client(auth_endpoint="https://api.instagram.com/oauth/authorize/", client_id=config["instagram.client_id"], redirect_uri="http://localhost:8080/login/instagram") self.send_header("Location", c.auth_uri()) self.end_headers()
def handle_foursquare_login(self, data): self.send_response(200) self.send_header("Content-type", "text/html") self.log_message(self.path) self.end_headers() c = Client( token_endpoint="https://foursquare.com/oauth2/access_token", resource_endpoint="https://api.foursquare.com/v2", redirect_uri="http://localhost:8080/login/foursquare", client_id=config["foursquare.client_id"], client_secret=config["foursquare.client_secret"], ) c.access_token_key = "oauth_token" c.request_token(data=data) d = c.request("/users/24700343") self.wfile.write("Access token: %s<br>" % c.access_token) self.wfile.write("First name: %s<br>" % d["response"]["user"]["firstName"]) self.wfile.write("Last name: %s<br>" % d["response"]["user"]["lastName"]) self.wfile.write("Email: %s<br>" % d["response"]["user"]["contact"]["email"])
def handle_deviantart(self, data): self.send_response(302) c = Client( auth_endpoint='https://www.deviantart.com/oauth2/draft15/authorize', client_id=config['deviantart.client_id'], redirect_uri=config['deviantart.redirect_uri']) self.send_header('Location', c.auth_uri()) self.end_headers()
def handle_google(self, data): self.send_response(302) c = Client(auth_endpoint='https://accounts.google.com/o/oauth2/auth', client_id=config['google.client_id'], redirect_uri='http://localhost/login/google') self.send_header('Location', c.auth_uri( scope=config['google.scope'].split(','), access_type='offline')) self.end_headers()
def handle_google(self, data): self.send_response(302) c = Client(auth_endpoint="https://accounts.google.com/o/oauth2/auth", client_id=config["google.client_id"], redirect_uri="http://localhost/login/google") self.send_header("Location", c.auth_uri( scope=config["google.scope"].split(","), access_type="offline")) self.end_headers()
def test_request_token(self): c = Client(token_endpoint=token_endpoint) try: c.request_token() self.fail() except: pass
def callback(): client = Client(token_endpoint='https://api.sandbox.slcedu.org/api/oauth/token', resource_endpoint='https://api.sandbox.slcedu.org/api/rest/v1', client_id=client_id, client_secret=shared_secret, redirect_uri='http://slcgoals.cloudapp.net/callback') client.request_token(code=request.args['code']) access_token = client.access_token login_user(load_user(access_token)) return redirect('/')
def handle_facebook(self, data): self.send_response(302) c = Client(auth_endpoint="https://www.facebook.com/dialog/oauth", client_id=config["facebook.client_id"], redirect_uri="http://localhost/login/facebook") self.send_header("Location", c.auth_uri( scope=config["facebook.scope"].split(","), scope_delim=",")) self.end_headers()
def handle_facebook(self, data): self.send_response(302) c = Client(auth_endpoint='https://www.facebook.com/dialog/oauth', client_id=config['facebook.client_id'], redirect_uri='http://localhost/login/facebook') self.send_header('Location', c.auth_uri( scope=config['facebook.scope'].split(','), scope_delim=',')) self.end_headers()
def test_request_token(self): # i don't want to bother mocking an oauth2 server, so i'm just going # to test failure cases and rely on manual testing for correct ones c = Client() try: c.request_token({ "error": "something bad happened" }) self.fail("shouldn't hit here") except IOError: pass
def get_oauth2_starter_url(provider_name, csrf_token): """returns redirect url for the oauth2 protocol for a given provider""" from sanction.client import Client providers = get_enabled_login_providers() params = providers[provider_name] client_id = getattr(askbot_settings, provider_name.replace("-", "_").upper() + "_KEY") redirect_uri = site_url(reverse("user_complete_oauth2_signin")) client = Client(auth_endpoint=params["auth_endpoint"], client_id=client_id, redirect_uri=redirect_uri) return client.auth_uri(state=csrf_token, **params.get("extra_auth_params", {}))
def handle_instagram_login(self, data): c = Client(token_endpoint='https://api.instagram.com/oauth/access_token', resource_endpoint='https://api.instagram.com/v1', redirect_uri='http://localhost/login/instagram', client_id=config['instagram.client_id'], client_secret=config['instagram.client_secret']) c.request_token(code=data['code']) self.dump_client(c) data = c.request('/users/self')['data'] self.dump_response(data)
def handle_instagram_login(self, data): c = Client(token_endpoint="https://api.instagram.com/oauth/access_token", resource_endpoint="https://api.instagram.com/v1", redirect_uri="http://localhost/login/instagram", client_id=config["instagram.client_id"], client_secret=config["instagram.client_secret"]) c.request_token(code=data["code"]) self.dump_client(c) data = c.request("/users/self")["data"] self.dump_response(data)
def test_get_auth_uri(self): c = Client(auth_endpoint = auth_endpoint, client_id = client_id) uri = c.auth_uri() o = urlparse(uri) self.assertEquals(o.netloc, "example.com") d = dict(parse_qsl(o.query)) self.assertEquals(d["response_type"], "code") self.assertEquals(d["client_id"], client_id)
def resource(self): provider = settings.SANCTION_PROVIDERS[self.name] c = SanctionClient(auth_endpoint=provider['auth_endpoint'], token_endpoint=provider['token_endpoint'], resource_endpoint=provider['resource_endpoint'], client_id=provider['client_id'], client_secret=provider['client_secret']) c.refresh_token = self.refresh_token c.access_token = self.access_token c.token_expires = self.token_expires return c
def handle_deviantart_login(self, data): c = Client( token_endpoint='https://www.deviantart.com/oauth2/draft15/token', resource_endpoint='https://www.deviantart.com/api/draft15', redirect_uri=config['deviantart.redirect_uri'], client_id=config['deviantart.client_id'], client_secret=config['deviantart.client_secret']) c.request_token(code=data['code']) self.dump_client(c) data = c.request('/user/whoami') self.dump_response(data)
def get_oauth2_starter_url(provider_name, csrf_token): """returns redirect url for the oauth2 protocol for a given provider""" from sanction.client import Client providers = get_enabled_login_providers() params = providers[provider_name] client_id = getattr(askbot_settings, provider_name.upper() + '_KEY') redirect_uri = site_url(reverse('user_complete_oauth2_signin')) client = Client(auth_endpoint=params['auth_endpoint'], client_id=client_id, redirect_uri=redirect_uri) return client.auth_uri(state=csrf_token)
def make_client_from_auth_session(auth): c = Client( auth_endpoint = auth.auth_endpoint, token_endpoint= auth.token_endpoint, resource_endpoint =auth.resource_endpoint, client_id = auth.client_id, client_secret = auth.client_secret, redirect_uri = auth.redirect_uri) return c
def _redirect(request, provider): p = settings.SANCTION_PROVIDERS[provider] c = SanctionClient(auth_endpoint=p['auth_endpoint'], client_id=p['client_id'], redirect_uri=p['redirect_uri']) kwargs = p.get('auth_params', {}) response = redirect( c.auth_uri(p['scope'] if 'scope' in p else None, **kwargs)) # inject the state query param if getattr(settings, 'SANCTION_USE_CSRF', True): CsrfViewMiddleware().process_view(request, response, [], {}) url = list(urlparse(response['location'])) urlp = dict(parse_qsl(url[4])) urlp.update({'state': csrf.get_token(request)}) url[4] = urlencode(urlp) response['location'] = urlunparse(url) return response
def shoe(): if 'shoe_client' in session: c = session['shoe_client'] else: c = Client( auth_endpoint=AUTH_URL, token_endpoint=TOKEN_URL, resource_endpoint=API_BASE, redirect_uri=REDIRECT_URL, client_id=CLIENT_ID, client_secret=CLIENT_KEY ) if hasattr(c, 'refresh_token'): c.request_token(grant_type="refresh_token", refresh_token=c.refresh_token) # XXX: Refactor this to be only when we're expired or something. session['shoe_client'] = c return c