def headless_theatre_view(env, get_vars, post_vars, csrf_clerk, session, user):
page_data = basic_page_data('theatre-headless')
status = '200 OK'
given_password = post_vars.get('theatre_password', [''])[0]
theatre_password = get_property('theatre_password', None)
if (user is not None or given_password == theatre_password
or patreon.validate_session(env)):
page_data['chat_uri'] = turbo_views['chat-headless'].path
page_data['youtube_stream_id'] = get_property('theatre_stream_id')
response_body = templates.render('youtube_embed', page_data)
else:
callback_view = turbo_views['patreon-theatre-callback']
redirect_uri = callback_view.uri
oauth = turbo_session.OAuth2Session(config.patreon.client_id,
redirect_uri=redirect_uri,
scope=config.patreon.scope)
authorization_url, state = oauth.authorization_url(
config.patreon.authorize_url,
turbo_session.generate_state(env, csrf_clerk))
page_data['patreon_authorization_uri'] = authorization_url
page_data['form_action'] = turbo_views['theatre-headless'].path
page_data['login_uri'] = util.build_url(
turbo_views['login'].path,
query={'redirect_to': turbo_views['theatre'].path})
response_body = templates.render('theatre_auth', page_data)
response_headers = util.basic_response_header(response_body)
return response_body, response_headers, status
def account_view(env, get_vars, post_vars, csrf_clerk, session, user):
page_data = basic_page_data('account')
# Reset app_password if requested
if post_vars.get('reset_app_password', [0])[0] == '1':
csrf_token = post_vars.get('csrf_token', [''])[0]
if csrf_clerk.validate(session, csrf_token):
# silently failing on an invalid token is fine here
user.reset_app_password()
status = '200 OK'
page_data['nav'] = turbo_nav.generate_html('account', user, expanded=True)
page_data['form_action'] = turbo_views['account'].path
page_data['username'] = user.username
page_data['avatar_src'] = user.account.get('avatar', '')
page_data['app_password'] = user.app_password_plain
page_data['csrf_token'] = csrf_clerk.register(session)
discord_member = discord.get_member(user.discord_id)
discord_user = discord.get_user(discord_member)
redirect_uri = turbo_views['discord-callback'].uri
oauth = turbo_session.OAuth2Session(config.discord.client_id,
redirect_uri=redirect_uri,
scope=config.discord.scope)
authorization_url, state = oauth.authorization_url(
config.discord.authorize_url,
turbo_session.generate_state(env, csrf_clerk))
page_data['discord_username'] = discord.render_username(discord_user)
page_data['discord_roles'] = discord.render_roles(discord_member)
page_data['discord_avatar_src'] = discord.get_avatar_url(discord_user)
page_data['authorization_url'] = authorization_url
response_body = templates.render('account', page_data)
response_headers = util.basic_response_header(response_body)
return response_body, response_headers, status
def discord_callback_view(env, get_vars, post_vars, csrf_clerk, session, user):
redirect_uri = turbo_views['discord-callback'].uri
authorization_response = redirect_uri + '?' + env['QUERY_STRING']
discord_user_url = config.discord.api_endpoint + '/users/@me'
access_level = User.get_access_level(user)
try:
oauth = turbo_session.OAuth2Session(config.discord.client_id,
redirect_uri=redirect_uri,
scope=config.discord.scope)
oauth_state = turbo_session.retrieve_oauth_state(
get_vars.get('state', [''])[0])
if oauth_state and csrf_clerk.validate('oauth-authorization',
oauth_state[0]):
token = oauth.fetch_token(
config.discord.token_url,
authorization_response=authorization_response,
client_secret=config.discord.client_secret)
discord_user = oauth.get(discord_user_url).json()
if discord_user is not None and discord_user.get('id') is not None:
# If people link their discord to another account,
# the old one should lose its turbo role
discord_id = int(discord_user['id'])
if user.discord_id and user.discord_id != discord_id:
if not discord.remove_turbo_role(user.discord_id):
return error_view(
'Unexpected error',
'Failed to reassign TURBO status to '
'a different Discord account. '
'Please try again.')
user.set_discord_id(discord_id)
discord.add_turbo_role(discord_id, token)
redirect_to = str(oauth_state[1])
if redirect_to.startswith('/'):
redirect_to = util.build_url(redirect_to)
status = '307 Temporary Redirect'
response_body = ''
response_headers = [('Location', redirect_to)]
else:
return error_view('Unexpected error',
'Failed to retrieve Discord user details.',
access_level=access_level)
else:
return error_view('CSRF Verfication failed',
'Failed to authorize Discord account due to a '
'CSRF verfication error, try again.',
access_level=access_level)
except OAuth2Error as error:
# Might indicate a "deny" on granting access to the app
logger.info(f'OAuth 2.0 Error occured: {error}',
exc_info=config.debug_mode)
return error_view('OAuth Error',
'Failed to authorize Discord account, try again.',
access_level=access_level)
else:
# Normal function return without errors
return response_body, response_headers, status
def decorated_function(env, csrf_clerk):
get_vars = util.retrieve_get_vars(env)
post_vars = util.retrieve_post_vars(env)
session = turbo_session.get_session(env)
account = turbo_session.retrieve_oauth_account(session)
# Start OAuth
cookie_set = int(get_vars.get('cookie_set', [0])[0])
# Failed to set cookie, tell user to enable cookies
if(account is None and min_access_level >= ACL.turbo and
cookie_set == 1):
return error_view('Login Error',
'Failed to create session. Try to enable '
' cookies for this site.')
elif(account is None and min_access_level >= ACL.turbo):
# Show Auth Error in headless mode
if(headless):
return error_view('Auth Error', 'You are not logged in.',
nav, headless=True)
redirect_uri = turbo_views['oauth-callback'].uri
oauth = turbo_session.OAuth2Session(
config.mastodon.client_id,
redirect_uri=redirect_uri,
scope=config.mastodon.scope)
authorization_url, state = oauth.authorization_url(
config.mastodon.authorize_url,
turbo_session.generate_state(env, csrf_clerk)
)
status = '307 Temporary Redirect'
response_body = ''
response_headers = [('Location', str(authorization_url))]
# Redirect to url without cookie_set parameter
elif(cookie_set == 1):
status = '307 Temporary Redirect'
response_body = ''
response_headers = [
('Location', util.build_url(env['PATH_INFO']))
]
# Display View
else:
user = User.create(account)
access_level = User.get_access_level(user)
if access_level < min_access_level:
return error_view('Missing Privileges',
'You do not have the required '
'permissions to access this.',
access_level=access_level)
response_body, response_headers, status = func(
env, get_vars, post_vars, csrf_clerk, session, user
)
return response_body, response_headers, status
def oauth_callback_view(env, csrf_clerk):
get_vars = util.retrieve_get_vars(env)
redirect_uri = turbo_views['oauth-callback'].uri
authorization_response = redirect_uri + '?' + env['QUERY_STRING']
try:
oauth = turbo_session.OAuth2Session(
config.mastodon.client_id,
redirect_uri=redirect_uri,
scope=config.mastodon.scope
)
oauth_state = turbo_session.retrieve_oauth_state(
get_vars.get('state', [''])[0]
)
if(oauth_state and
csrf_clerk.validate('oauth-authorization', oauth_state[0])):
token = oauth.fetch_token(
config.mastodon.token_url,
authorization_response=authorization_response,
client_secret=config.mastodon.client_secret
)
session_token = turbo_session.create_session(token)
if(session_token is not None):
redirect_to = str(oauth_state[1])
if redirect_to.startswith('/'):
redirect_to = util.build_url(redirect_to,
query={'cookie_set': 1})
status = '307 Temporary Redirect'
response_body = ''
response_headers = [
util.set_cookie_header('TB_SESSION', session_token),
('Location', redirect_to)
]
else:
return error_view('Internal Error',
'Failed to create session.')
else:
return error_view('CSRF Verfication failed',
'Failed to authorize account due to a CSRF '
'verfication error, try again.')
except OAuth2Error as error:
# Might indicate a "deny" on granting access to the app
util.print_exception('OAuth 2.0 Error occured: ', error)
return error_view('OAuth Error',
'Failed to authorize account, try again.')
else:
# Normal function return without errors
return response_body, response_headers, status
def main_view(env, csrf_clerk):
page_data = basic_page_data('main')
response_body = 'Template Render Error.'
response_headers = util.basic_response_header(response_body)
status = '200 OK'
session = turbo_session.get_session(env)
account = turbo_session.retrieve_oauth_account(session)
# Couldn't auth based on session. Start fresh OAuth 2.0 handshake
if(account is None):
if(session is not None):
redirect_uri = turbo_views['oauth-callback'].uri
oauth = turbo_session.OAuth2Session(
config.mastodon.client_id,
redirect_uri=redirect_uri,
scope=config.mastodon.scope
)
authorization_url, state = oauth.authorization_url(
config.mastodon.authorize_url,
turbo_session.generate_state(env, csrf_clerk)
)
status = '307 Temporary Redirect'
response_body = ''
response_headers = [('Location', str(authorization_url))]
# Not yet authenticated and no old session
else:
page_data['nav'] = turbo_nav.generate_html('main')
page_data['login_uri'] = turbo_views['login'].path
response_body = templates.render('main', page_data)
response_headers = util.basic_response_header(response_body)
# Display Account Information
else:
status = '307 Temporary Redirect'
response_body = ''
response_headers = [
('Location', turbo_views['account'].uri)
]
return response_body, response_headers, status
def patreon_theatre_callback_view(env, csrf_clerk):
redirect_uri = turbo_views['patreon-theatre-callback'].uri
authorization_response = redirect_uri + '?' + env['QUERY_STRING']
get_vars = util.retrieve_get_vars(env)
try:
oauth = turbo_session.OAuth2Session(config.patreon.client_id,
redirect_uri=redirect_uri,
scope=config.patreon.scope)
oauth_state = turbo_session.retrieve_oauth_state(
get_vars.get('state', [''])[0])
if oauth_state and csrf_clerk.validate('oauth-authorization',
oauth_state[0]):
oauth.fetch_token(config.patreon.token_url,
authorization_response=authorization_response,
client_secret=config.patreon.client_secret)
patreon_user = patreon.get_current_user(oauth)
if patreon_user is not None and len(patreon_user) > 0:
memberships = patreon_user[0].get('memberships', [])
session_token = None
for item in memberships:
cents = item.get('currently_entitled_amount_cents', 0)
campaign_id = item.get('campaign', [{}])[0].get('id', '')
if (cents >= config.patreon.theatre_cents
and campaign_id == config.patreon.campaign_id):
session_token = patreon.create_session()
if session_token is None:
dollars = str(config.patreon.theatre_cents // 100)
return error_view(
'Insufficient pledge',
'We could not verify that you are '
'pledging $' + dollars + ' to the '
'Video Games AWESOME Patreon.')
redirect_to = turbo_views['theatre'].uri
status = '307 Temporary Redirect'
response_body = ''
response_headers = [
util.set_cookie_header('TB_PATREON_SESSION',
session_token,
max_age=config.expiration_interval),
('Location', redirect_to)
]
else:
return error_view('Unexpected error',
'Failed to retrieve Patreon user details.')
else:
return error_view(
'CSRF Verfication failed',
'Failed to authorize Patreon account due to a '
'CSRF verfication error, try again.')
except OAuth2Error as error:
# Might indicate a "deny" on granting access to the app
logger.info(f'OAuth 2.0 Error occured: {error}',
exc_info=config.debug_mode)
return error_view('OAuth Error',
'Failed to authorize Patreon account, try again.')
else:
# Normal function return without errors
return response_body, response_headers, status
