def google_authorized():
resp = google.authorized_response()
if resp is None:
return auth_user()
session['google_token'] = (resp['access_token'], '')
me = google.get('userinfo')
return auth_user(me.data['email'])
def google_authorized():
resp = google.authorized_response()
if resp is None:
return auth_user()
session['google_token'] = (resp['access_token'], '')
me = google.get('userinfo')
return auth_user(me.data['email'])
def google_authorized():
token_id = superdesk.app.redis.get(KEY_GOOGLE_PROVIDER_ID)
if token_id is not None:
token_id = token_id.decode()
superdesk.app.redis.delete(KEY_GOOGLE_PROVIDER_ID)
token = oauth.google.authorize_access_token()
if not token:
return render_template(AUTHORIZED_TEMPLATE, data={}) if token_id else auth_user()
user = oauth.google.parse_id_token(token)
if token_id:
# token_id is used to link token with provider, we need to store the token
# in this case, to be able to use it and refresh later without user interaction
oauth2_token_service = superdesk.get_resource_service("oauth2_token")
if token.get("refresh_token"):
oauth2_token_service.post([token2dict(token_id, user["email"], token)])
else:
# we have no refresh_token, that probably means that's it not the first time that we log in
# with OAuth (refresh token is only returned on first token exchange). We should already have
# a token in database, let's check it.
current_token = oauth2_token_service.find_one(req=None, _id=token_id)
if current_token:
if current_token["access_token"] != token["access_token"]:
# we have a new access_token, we update it, but we want to keep existing refresh_token
token_dict = token2dict(token_id, user["email"], token)
oauth2_token_service.update(
token_id,
{"access_token": token_dict["access_token"], "expires_at": token_dict["expires_at"]},
current_token,
)
else:
message = l_(
"No refresh token received, that probably means that it's not the first time login is "
"requested. Please remove granted permission to Superdesk in Google settings (under "
'"security/Third-party apps with account access") then try to log-in again'
)
logger.warning(message)
return render_template(ERROR_TEMPLATE, message=message)
# token_id is actually the provider id
ingest_providers_service = superdesk.get_resource_service("ingest_providers")
provider = ingest_providers_service.find_one(req=None, _id=token_id)
if provider is None:
logger.warning(f"No provider is corresponding to the id used with the token {token_id!r}")
else:
ingest_providers_service.update(
provider[config.ID_FIELD], updates={"config.email": user["email"]}, original=provider
)
return render_template(AUTHORIZED_TEMPLATE, data={})
else:
# no token_id, OAuth is only used for log-in
return auth_user(user["email"], {"needs_activation": False})
def google_authorized():
token_id = token_url_id_queue.pop() if token_url_id_queue else None
token = oauth.google.authorize_access_token()
if not token:
return render_template(TEMPLATE,
data={}) if token_id else auth_user()
user = oauth.google.parse_id_token(token)
if token_id:
# token_id is used to link token with provider, we need to store the token
# in this case, to be able to use it and refresh later without user interaction
oauth2_token_service = superdesk.get_resource_service(
"oauth2_token")
if token.get("refresh_token"):
oauth2_token_service.post(
[token2dict(token_id, user["email"], token)])
else:
# we have no refresh_token, that probably means that's it not the first time that we log in
# with OAuth (refresh token is only returned on first token exchange). We should already have
# a token in database, let's check it.
current_token = oauth2_token_service.find_one(req=None,
_id=token_id)
if current_token:
if current_token["access_token"] != token["access_token"]:
# we have a new access_token, we update it, but we want to keep existing refresh_token
token_dict = token2dict(token_id, user["email"], token)
oauth2_token_service.update(
token_id,
{
"access_token": token_dict["access_token"],
"expires_at": token_dict["expires_at"]
},
current_token,
)
else:
logger.warning(
"No refresh token received, that probably means that it's not the first time login is "
"requested. Please remove granted permission to Superdesk in Google settings (under "
'"security/Third-party apps with account access") then try to log-in again'
)
return render_template(TEMPLATE, data={})
else:
# no token_id, OAuth is only used for log-in
return auth_user(user["email"], {"needs_activation": False})
def index():
req = prepare_flask_request(request)
auth = init_saml_auth(req)
errors = []
if 'slo' in request.args:
name_id = None
session_index = None
if SESSION_NAME_ID in session:
name_id = session[SESSION_NAME_ID]
if SESSION_SESSION_ID in session:
session_index = session[SESSION_SESSION_ID]
return redirect(
auth.logout(name_id=name_id, session_index=session_index))
elif 'acs' in request.args or request.form:
auth.process_response()
errors = auth.get_errors()
if len(errors) == 0:
session[SESSION_NAME_ID] = auth.get_nameid()
session[SESSION_SESSION_ID] = auth.get_session_index()
session[SESSION_USERDATA_KEY] = auth.get_attributes()
else:
logger.error('SAML %s reason=%s', errors,
auth.get_last_error_reason())
return jsonify({
'req': req,
'errors': errors,
'error_reason': auth.get_last_error_reason(),
})
elif 'sls' in request.args:
def dscb():
session.clear()
url = auth.process_slo(delete_session_cb=dscb)
errors = auth.get_errors()
if len(errors) == 0:
if url is not None:
return redirect(url)
if session.get(SESSION_NAME_ID):
return auth_user(session[SESSION_NAME_ID],
get_userdata(session[SESSION_USERDATA_KEY]))
return redirect(auth.login())
def index():
req = prepare_flask_request(request)
auth = init_saml_auth(req)
errors = []
if 'slo' in request.args:
name_id = None
session_index = None
if 'samlNameId' in session:
name_id = session['samlNameId']
if 'samlSessionIndex' in session:
session_index = session['samlSessionIndex']
return redirect(auth.logout(name_id=name_id, session_index=session_index))
elif 'acs' in request.args or request.form:
auth.process_response()
errors = auth.get_errors()
if len(errors) == 0:
session['samlUserdata'] = auth.get_attributes()
session['samlNameId'] = auth.get_nameid()
session['samlSessionIndex'] = auth.get_session_index()
else:
logger.error('SAML %s reason=%s', errors, auth.get_last_error_reason())
return jsonify({
'req': req,
'errors': errors,
'error_reason': auth.get_last_error_reason(),
})
elif 'sls' in request.args:
def dscb():
session.clear()
url = auth.process_slo(delete_session_cb=dscb)
errors = auth.get_errors()
if len(errors) == 0:
if url is not None:
return redirect(url)
if session.get('samlNameId'):
return auth_user(session['samlNameId'])
return redirect(auth.login())