def auth_complete(self, *args, **kwargs): """Completes login process, must return user instance""" access_token = None if self.data.get('error'): error = self.data.get('error_description') or self.data['error'] raise AuthFailed(self, error) client_id, client_secret = self.get_key_and_secret() try: shop_url = self.request.GET.get('shop') self.shopifyAPI.Session.setup( api_key=setting('SHOPIFY_APP_API_KEY'), secret=setting('SHOPIFY_SHARED_SECRET')) shopify_session = self.shopifyAPI.Session(shop_url, self.request.REQUEST) access_token = shopify_session.token except self.shopifyAPI.ValidationException as e: raise AuthCanceled(self) except HTTPError as e: if e.code == 400: raise AuthCanceled(self) else: raise if not access_token: raise AuthFailed(self, 'Authentication Failed') return self.do_auth(access_token, shop_url, shopify_session.url, *args, **kwargs)
def auth_complete(self, *args, **kwargs): if not self.application_auth(): return HttpResponse(self.auth_html()) access_token = None expires = None if 'signed_request' in self.data: response = load_signed_request( self.data.get('signed_request'), backend_setting(self, self.SETTINGS_SECRET_NAME)) if response is not None: access_token = response.get('access_token') or\ response.get('oauth_token') or\ self.data.get('access_token') if 'expires' in response: expires = response['expires'] if access_token: return self.do_auth(access_token, expires=expires, *args, **kwargs) else: if self.data.get('error') == 'access_denied': raise AuthCanceled(self) else: raise AuthException(self)
def process_error(self, data): if self.data.get('error'): error = self.data.get('error_description') or self.data['error'] if self.data['error'] == 'access_denied': raise AuthCanceled(self, error) else: raise AuthFailed(self, error)
def auth_complete(self, *args, **kwargs): """Complete auth process""" logger.debug('auth_complete ARGS=%s, KWARGS=%s' % (args, kwargs)) response = self.consumer().complete(dict(self.data.items()), self.build_absolute_uri()) logger.debug('response and status %s / %s' % (response, response.status)) if not response: logger.debug('will throw AuthException') raise AuthException(self, 'OpenID relying party endpoint') elif response.status == SUCCESS: kwargs.update({ 'auth': self, 'response': response, self.AUTH_BACKEND.name: True }) return authenticate(*args, **kwargs) elif response.status == FAILURE: logger.debug('will throw AuthFailed(%s)' % response.message) raise AuthFailed(self, response.message) elif response.status == CANCEL: logger.debug('will throw AuthCanceled') raise AuthCanceled(self) else: logger.debug('will throw AuthUnknownError(%s)' % response.status) raise AuthUnknownError(self, response.status)
def auth_complete(self, *args, **kwargs): """Return user, might be logged in""" # Multiple unauthorized tokens are supported (see #521) name = self.AUTH_BACKEND.name + "unauthorized_token_name" token = None unauthed_tokens = self.request.session.get(name) or [] if not unauthed_tokens: raise AuthTokenError(self, "Missing unauthorized token") for unauthed_token in unauthed_tokens: token = unauthed_token if not isinstance(unauthed_token, dict): token = parse_qs(unauthed_token) if token.get("oauth_token") == self.data.get("oauth_token"): unauthed_tokens = list( set(unauthed_tokens) - set([unauthed_token])) self.request.session[name] = unauthed_tokens self.request.session.modified = True break else: raise AuthTokenError(self, "Incorrect tokens") try: access_token = self.access_token(token) except HTTPError as e: if e.code == 400: raise AuthCanceled(self) else: raise return self.do_auth(access_token, *args, **kwargs)
def auth_complete(self, *args, **kwargs): """Return user, might be logged in""" # Multiple unauthorized tokens are supported (see #521) name = self.AUTH_BACKEND.name + 'unauthorized_token_name' token = None unauthed_tokens = self.request.session.get(name) or [] if not unauthed_tokens: raise AuthTokenError(self, 'Missing unauthorized token') for unauthed_token in unauthed_tokens: token = Token.from_string(unauthed_token) if token.key == self.data.get('oauth_token', 'no-token'): unauthed_tokens = list( set(unauthed_tokens) - set([unauthed_token])) self.request.session[name] = unauthed_tokens self.request.session.modified = True break else: raise AuthTokenError(self, 'Incorrect tokens') try: access_token = self.access_token(token) except HTTPError, e: if e.code == 400: raise AuthCanceled(self) else: raise
def auth_complete(self, *args, **kwargs): """Completes loging process, must return user instance""" self.process_error(self.data) params = self.auth_complete_params(self.validate_state()) try: response = requests.post(self.ACCESS_TOKEN_URL, data=params, headers=self.auth_headers()) response.raise_for_status() except requests.exceptions.HTTPError as e: if e.code == 400: raise AuthCanceled(self) else: raise else: try: response = response.json() except (ValueError, KeyError): raise AuthUnknownError(self) response.pop('data') self.process_error(response) return self.do_auth(response['access_token'], response=response, *args, **kwargs)
def auth_complete(self, *args, **kwargs): """Performs check of authentication in VK, returns User if succeeded""" app_cookie = 'vk_app_' + self.APP_ID if not 'id' in self.request.GET or \ not app_cookie in self.request.COOKIES: raise AuthCanceled(self) cookie_dict = dict( item.split('=') for item in self.request.COOKIES[app_cookie].split('&')) check_str = ''.join(item + '=' + cookie_dict[item] for item in ['expire', 'mid', 'secret', 'sid']) hash = md5(check_str + setting('VK_API_SECRET')).hexdigest() if hash != cookie_dict['sig'] or int(cookie_dict['expire']) < time(): raise AuthFailed('VK authentication failed: invalid hash') else: kwargs.update({ 'auth': self, 'response': self.user_data(cookie_dict['mid']), self.AUTH_BACKEND.name: True }) return authenticate(*args, **kwargs)
def process_error(self, data): error = self.request.GET.get('error', '') if error: if error == 'access_denied': raise AuthCanceled(self) else: raise AuthUnknownError(self, 'Jawbone error was %s' % error) return super(JawboneAuth, self).process_error(data)
def auth_complete(self, *args, **kwargs): """Complete auth process. Check LinkedIn error response.""" oauth_problem = self.request.GET.get('oauth_problem') if oauth_problem: if oauth_problem == 'user_refused': raise AuthCanceled(self, '') else: raise AuthUnknownError(self, 'LinkedIn error was %s' % oauth_problem) return super(LinkedinAuth, self).auth_complete(*args, **kwargs)
def access_token(self, token): """Return request for access token value""" request = self.oauth_request(token, self.ACCESS_TOKEN_URL) try: response = self.fetch_response(request) except HTTPError, e: # Evernote returns a 401 error when AuthCanceled if e.code == 401: raise AuthCanceled(self) else: raise
def auth_complete(self, *args, **kwargs): """Completes loging process, must return user instance""" access_token = None expires = None if 'code' in self.data: state = self.validate_state() url = ACCESS_TOKEN + urlencode({ 'client_id': backend_setting(self, self.SETTINGS_KEY_NAME), 'redirect_uri': self.get_redirect_uri(state), 'client_secret': backend_setting(self, self.SETTINGS_SECRET_NAME), 'code': self.data['code'] }) try: payload = dsa_urlopen(url) except HTTPError: raise AuthFailed( self, 'There was an error authenticating ' 'the app') response = payload.read() parsed_response = simplejson.loads(response) print 'parsed_response', parsed_response access_token = parsed_response['access_token'] if 'expires' in parsed_response: expires = parsed_response['expires'] if 'signed_request' in self.data: response = load_signed_request( self.data.get('signed_request'), backend_setting(self, self.SETTINGS_SECRET_NAME)) if response is not None: access_token = response.get('access_token') or\ response.get('oauth_token') or\ self.data.get('access_token') if 'expires' in response: expires = response['expires'] if access_token: return self.do_auth(access_token, expires=expires, *args, **kwargs) else: if self.data.get('error') == 'access_denied': raise AuthCanceled(self) else: raise AuthException(self)
class ShopifyAuth(BaseOAuth2): """Shopify OAuth authentication mechanism""" AUTH_BACKEND = ShopifyBackend SETTINGS_KEY_NAME = 'SHOPIFY_APP_API_KEY' SETTINGS_SECRET_NAME = 'SHOPIFY_SHARED_SECRET' # Look at http://api.shopify.com/authentication.html#scopes SCOPE_VAR_NAME = 'SHOPIFY_SCOPE' def __init__(self, request, redirect): super(ShopifyAuth, self).__init__(request, redirect) fp, pathname, description = imp.find_module('shopify') self.shopifyAPI = imp.load_module('shopify', fp, pathname, description) def auth_url(self): self.shopifyAPI.Session.setup(api_key=setting('SHOPIFY_APP_API_KEY'), secret=setting('SHOPIFY_SHARED_SECRET')) scope = self.get_scope() state = self.state_token() self.request.session[self.AUTH_BACKEND.name + '_state'] = state redirect_uri = self.get_redirect_uri(state) permission_url = self.shopifyAPI.Session.create_permission_url( self.request.GET.get('shop').strip(), scope=scope, redirect_uri=redirect_uri) return permission_url def auth_complete(self, *args, **kwargs): """Completes login process, must return user instance""" access_token = None if self.data.get('error'): error = self.data.get('error_description') or self.data['error'] raise AuthFailed(self, error) client_id, client_secret = self.get_key_and_secret() try: shop_url = self.request.GET.get('shop') self.shopifyAPI.Session.setup( api_key=setting('SHOPIFY_APP_API_KEY'), secret=setting('SHOPIFY_SHARED_SECRET')) shopify_session = self.shopifyAPI.Session(shop_url, self.request.REQUEST) access_token = shopify_session.token except self.shopifyAPI.ValidationException, e: raise AuthCanceled(self) except HTTPError, e: if e.code == 400: raise AuthCanceled(self) else: raise
def auth_complete(self, *args, **kwargs): """Completes loging process, must return user instance""" self.process_error(self.data) params = self.auth_complete_params(self.validate_state()) request = Request(self.ACCESS_TOKEN_URL, data=urlencode(params), headers=self.auth_headers()) try: response = simplejson.loads(dsa_urlopen(request).read()) except HTTPError, e: if e.code == 400: raise AuthCanceled(self) else: raise
def do_auth(self, jwt_token, *args, **kwargs): dummy, client_secret = self.get_key_and_secret() # Decode the jwt token, using the Application Signature from settings try: decoded = self.jwt.decode(jwt_token, client_secret) except self.jwt.DecodeError: raise AuthCanceled(self) # Wrong signature, fail authentication kwargs.update({ 'auth': self, 'response': { 'token': decoded, }, self.AUTH_BACKEND.name: True }) return authenticate(*args, **kwargs)
def auth_complete(self, *args, **kwargs): """Yammer API is a little strange""" if 'error' in self.data: logging.error("%s: %s:\n%s" % (self.data('error'), self.data('error_reason'), self.data('error_description'))) raise AuthCanceled(self) # now we need to clean up the data params data = dict(self.data.copy()) redirect_state = data.get('redirect_state') if redirect_state and '?' in redirect_state: redirect_state, extra = redirect_state.split('?', 1) extra = parse_qs(extra) data['redirect_state'] = redirect_state if 'code' in extra: data['code'] = extra['code'][0] self.data = MergeDict(data) return super(YammerOAuth2, self).auth_complete(*args, **kwargs)
def auth_complete(self, *args, **kwargs): """Complete auth process""" response = self.consumer().complete(dict(self.data.items()), self.build_absolute_uri()) if not response: raise AuthException(self, 'OpenID relying party endpoint') elif response.status == SUCCESS: kwargs.update({ 'auth': self, 'response': response, self.AUTH_BACKEND.name: True }) return authenticate(*args, **kwargs) elif response.status == FAILURE: raise AuthFailed(self, response.message) elif response.status == CANCEL: raise AuthCanceled(self) else: raise AuthUnknownError(self, response.status)
def auth_complete(self, *args, **kwargs): """Completes loging process, must return user instance""" self.process_error(self.data) params = self.auth_complete_params(self.validate_state()) request = Request(self.ACCESS_TOKEN_URL, data=urlencode(params), headers=self.auth_headers()) try: response = json.loads(dsa_urlopen(request).read()) except HTTPError as e: if e.code == 400: raise AuthCanceled(self) else: raise except (ValueError, KeyError): raise AuthUnknownError(self) self.process_error(response) return self.do_auth(response['access_token'], response=response, *args, **kwargs)
def access_token(self, token): """Return request for access token value""" request = self.oauth_request(token, self.ACCESS_TOKEN_URL) try: response = self.fetch_response(request) except HTTPError as e: # Evernote returns a 401 error when AuthCanceled if e.code == 401: raise AuthCanceled(self) else: raise params = parse_qs(response) # evernote sents a empty secret token, this way it doesn't fires up the # exception response = response.replace('oauth_token_secret=', 'oauth_token_secret=None') token = Token.from_string(response) token.user_info = params return token
def auth_complete(self, *args, **kwargs): """Completes login process, must return user instance""" if 'error' in self.data: raise AuthCanceled(self) else: return super(ReadabilityAuth, self).auth_complete(*args, **kwargs)
def auth_complete(self, *args, **kwargs): try: return super(MailruOAuth2, self).auth_complete(*args, **kwargs) except HTTPError: # Mail.ru returns HTTPError 400 if cancelled raise AuthCanceled(self)
def auth_complete(self, *args, **kwargs): """Completes login process, must return user instance""" if 'denied' in self.data: raise AuthCanceled(self) else: return super(DoubanAuth, self).auth_complete(*args, **kwargs)