def _connect(self,
adhocracy_user,
domain,
domain_user,
provider_name,
velruse_email,
email_verified=False,
redirect_url=None):
"""
Connect existing adhocracy user to velruse.
"""
if not Velruse.find(domain, domain_user):
velruse_user = Velruse.connect(adhocracy_user, domain, domain_user,
velruse_email, email_verified)
model.meta.Session.commit()
h.flash(
_("You successfully connected to %s." %
provider_name.capitalize()), 'success')
if redirect_url is None:
redirect(h.user.post_login_url(adhocracy_user))
else:
redirect(redirect_url)
return velruse_user
else:
h.flash(
_("Your %s account is already connected." %
provider_name.capitalize()), 'error')
redirect(h.user.post_login_url(adhocracy_user))
return None
def _connect(self, adhocracy_user, domain, domain_user,
provider_name,
velruse_email, email_verified=False,
redirect_url=None):
"""
Connect existing adhocracy user to velruse.
"""
if not Velruse.find(domain, domain_user):
velruse_user = Velruse.connect(adhocracy_user, domain, domain_user,
velruse_email, email_verified)
model.meta.Session.commit()
h.flash(_("You successfully connected to %s."
% provider_name.capitalize()),
'success')
if redirect_url is None:
redirect(h.user.post_login_url(adhocracy_user))
else:
redirect(redirect_url)
return velruse_user
else:
h.flash(_("Your %s account is already connected."
% provider_name.capitalize()),
'error')
redirect(h.user.post_login_url(adhocracy_user))
return None
def revoke(self, redirect_url=None):
v_id = request.params.get('id', None)
if v_id is None:
abort(401, "id of velruse account not specified")
v = Velruse.by_id(v_id)
if v is None:
self._failure(_("You are trying to disconnect from a provider"
" you are disconnected from already."))
return None
elif not (v.user == c.user or can.user.manage()):
abort(403, _("You're not authorized to change %s's settings.")
% c.user.id)
else:
v.delete_forever()
model.meta.Session.commit()
h.flash(_("You successfully disconnected from %(provider)s.")
% {'provider': v.domain},
'success')
if redirect_url is None:
redirect(h.entity_url(c.user, member='settings/login'))
else:
redirect(redirect_url)
def revoke(self, redirect_url=None):
v_id = request.params.get('id', None)
if v_id is None:
abort(401, "id of velruse account not specified")
v = Velruse.by_id(v_id)
if v is None:
self._failure(
_("You are trying to disconnect from a provider"
" you are disconnected from already."))
return None
elif not (v.user == c.user or can.user.manage()):
abort(
403,
_("You're not authorized to change %s's settings.") %
c.user.id)
else:
v.delete_forever()
model.meta.Session.commit()
h.flash(
_("You successfully disconnected from %(provider)s.") %
{'provider': v.domain}, 'success')
if redirect_url is None:
redirect(h.entity_url(c.user, member='settings/login'))
else:
redirect(redirect_url)
def _create(self,
user_name,
email,
domain,
domain_user,
email_verified=False,
display_name=None,
redirect_url=None):
"""
Create a user based on data gathered from velruse.
"""
model.meta.Session.begin(subtransactions=True)
try:
user = User.find_by_email(email)
if user is None:
user = model.User.create(user_name,
email,
locale=c.locale,
display_name=display_name)
if email_verified:
user.set_email_verified()
v = Velruse(unicode(domain), unicode(domain_user), user)
model.meta.Session.add(v)
model.meta.Session.commit()
event.emit(event.T_USER_CREATE, user)
return user, v
except Exception as e:
model.meta.Session.rollback()
raise e
def logged_in(self):
"""
Recieves authentication messages from the velruse service.
It will log in users or connect their adhocracy account
to an existing velruse account.
It also creates adhocracy accounts if it thinks the user has none.
We expect the ssi service to provide a *verified* email address.
If none is provided, this function will crash.
"""
redirect_url = session.get('came_from', h.base_url('/login'))
token = request.params['token']
payload = {'format': 'json', 'token': token}
rsp = get(h.velruse_url('/auth_info'),
params=payload,
timeout=1,
verify=config.get_bool('velruse.verify_ssl'))
if rsp.status_code >= 400:
return self._failure(_('Internal server error:'
'velruse service not available.'),
redirect_url=redirect_url)
auth_info = loads(rsp.content)
log.debug('received auth_info from velruse:\n' +
'<pre>' + dumps(auth_info, indent=4) + '</pre>')
if 'error' in auth_info:
error = auth_info['error']
if error == 'user_denied':
return self._failure(_('Login failed: ') +
_('You have to give Adhocracy permission '
'to connect to your Facebook account.'),
auth_info,
redirect_url=redirect_url)
else:
return self._failure(_('Login failed: ') + auth_info['error'],
auth_info, redirect_url=redirect_url)
provider_name = auth_info['provider_name']
if provider_name not in allowed_login_types():
self._failure(_("Logging in with %s "
"is not allowed on this installation.")
% provider_name.capitalize(),
auth_info, redirect_url=redirect_url)
else:
try:
profile = auth_info['profile']
email = profile['verifiedEmail'] # FIXME: this is not always available. we should catch that earlier above.
display_name = profile['displayName']
preferred_name = profile['preferredUsername'].replace('.', '_')
user_name = unused_user_name(preferred_name)
accounts = profile['accounts']
except KeyError:
log.error('could not parse velruse response:\n' +
'<pre>' + dumps(auth_info, indent=4) + '</pre>')
self._failure(_("Error"))
if c.user is not None:
adhocracy_user = c.user
velruse_user = Velruse.by_user_and_domain_first(
adhocracy_user,
accounts[0]['domain'])
if velruse_user is not None:
self._failure(_("This %(provider)s account"
" is already connected.")
% {'provider': provider_name.capitalize()},
redirect_url=redirect_url)
else:
velruse_user = Velruse.find_any(accounts)
if velruse_user is not None:
adhocracy_user = velruse_user.user
else:
adhocracy_user = None
if velruse_user is not None:
domain = velruse_user.domain
domain_user = velruse_user.domain_user
else:
domain = accounts[0]['domain']
domain_user = accounts[0]['userid'] # FIXME: this is not always available. we should catch that earlier above.
if not domain or not domain_user:
log.error('domain and/or domain_user not found:\n' +
'<pre>\n' +
str(domain, domain_user) + '\n' +
dumps(auth_info, indent=4) + '\n' +
'</pre>')
self._failure(_("Error"), redirect_url=redirect_url)
try:
# login right away
if adhocracy_user is not None and velruse_user is not None:
update_email_trust(adhocracy_user, email)
self._login(adhocracy_user, redirect_url=redirect_url)
# create new user in both Velruse and User and login
elif adhocracy_user is None and velruse_user is None:
new_user = self._create(user_name,
email,
domain,
domain_user,
email_verified=True,
display_name=display_name,
redirect_url=redirect_url)
adhocracy_user, velruse_user = new_user
self._login(adhocracy_user, redirect_url=redirect_url)
# create new user in Velruse for a logged in user
elif adhocracy_user is not None and velruse_user is None:
self._connect(adhocracy_user, domain, domain_user,
provider_name,
email, email_verified=True,
redirect_url=redirect_url)
# error case
else:
raise DatabaseInconsistent('velruse user is not associated'
' with any adhocracy user')
# if users are deleted and we try to create them again
# we get an IntegrityError
except IntegrityError:
self._failure(_("Your %(provider)s account is locked.")
% {'provider': provider_name.capitalize()})
def logged_in(self):
"""
Recieves authentication messages from the velruse service.
It will log in users or connect their adhocracy account
to an existing velruse account.
It also creates adhocracy accounts if it thinks the user has none.
We expect the ssi service to provide a *verified* email address.
If none is provided, this function will crash.
"""
redirect_url = session.get('came_from', h.base_url('/login'))
token = request.params['token']
payload = {'format': 'json', 'token': token}
rsp = get(h.velruse_url('/auth_info'),
params=payload,
timeout=1,
verify=config.get_bool('velruse.verify_ssl'))
if rsp.status_code >= 400:
return self._failure(_('Internal server error:'
'velruse service not available.'),
redirect_url=redirect_url)
auth_info = loads(rsp.content)
log.debug('received auth_info from velruse:\n' + '<pre>' +
dumps(auth_info, indent=4) + '</pre>')
if 'error' in auth_info:
error = auth_info['error']
if error == 'user_denied':
return self._failure(_('Login failed: ') +
_('You have to give Adhocracy permission '
'to connect to your Facebook account.'),
auth_info,
redirect_url=redirect_url)
else:
return self._failure(_('Login failed: ') + auth_info['error'],
auth_info,
redirect_url=redirect_url)
provider_name = auth_info['provider_name']
if provider_name not in allowed_login_types():
self._failure(_("Logging in with %s "
"is not allowed on this installation.") %
provider_name.capitalize(),
auth_info,
redirect_url=redirect_url)
else:
try:
profile = auth_info['profile']
email = profile[
'verifiedEmail'] # FIXME: this is not always available. we should catch that earlier above.
display_name = profile['displayName']
preferred_name = profile['preferredUsername'].replace('.', '_')
user_name = unused_user_name(preferred_name)
accounts = profile['accounts']
except KeyError:
log.error('could not parse velruse response:\n' + '<pre>' +
dumps(auth_info, indent=4) + '</pre>')
self._failure(_("Error"))
if c.user is not None:
adhocracy_user = c.user
velruse_user = Velruse.by_user_and_domain_first(
adhocracy_user, accounts[0]['domain'])
if velruse_user is not None:
self._failure(_("This %(provider)s account"
" is already connected.") %
{'provider': provider_name.capitalize()},
redirect_url=redirect_url)
else:
velruse_user = Velruse.find_any(accounts)
if velruse_user is not None:
adhocracy_user = velruse_user.user
else:
adhocracy_user = None
if velruse_user is not None:
domain = velruse_user.domain
domain_user = velruse_user.domain_user
else:
domain = accounts[0]['domain']
domain_user = accounts[0][
'userid'] # FIXME: this is not always available. we should catch that earlier above.
if not domain or not domain_user:
log.error('domain and/or domain_user not found:\n' +
'<pre>\n' + str(domain, domain_user) + '\n' +
dumps(auth_info, indent=4) + '\n' + '</pre>')
self._failure(_("Error"), redirect_url=redirect_url)
try:
# login right away
if adhocracy_user is not None and velruse_user is not None:
update_email_trust(adhocracy_user, email)
self._login(adhocracy_user, redirect_url=redirect_url)
# create new user in both Velruse and User and login
elif adhocracy_user is None and velruse_user is None:
new_user = self._create(user_name,
email,
domain,
domain_user,
email_verified=True,
display_name=display_name,
redirect_url=redirect_url)
adhocracy_user, velruse_user = new_user
self._login(adhocracy_user, redirect_url=redirect_url)
# create new user in Velruse for a logged in user
elif adhocracy_user is not None and velruse_user is None:
self._connect(adhocracy_user,
domain,
domain_user,
provider_name,
email,
email_verified=True,
redirect_url=redirect_url)
# error case
else:
raise DatabaseInconsistent('velruse user is not associated'
' with any adhocracy user')
# if users are deleted and we try to create them again
# we get an IntegrityError
except IntegrityError:
self._failure(
_("Your %(provider)s account is locked.") %
{'provider': provider_name.capitalize()})
def is_user_connected_to_facebook():
return Velruse.by_user_and_domain(c.user, u'facebook.com') != []
def facebook_account():
return Velruse.by_user_and_domain_first(c.user, u'facebook.com')
def is_user_connected_to_facebook():
return Velruse.by_user_and_domain(c.user, u'facebook.com') != []
def logged_in(self):
"""
Recieves authentication messages from the velruse service.
It will log in users or connect their adhocracy account
to an existing velruse account.
It also creates adhocracy accounts if it thinks the user has none.
We expect the ssi service to provide a *verified* email address.
If none is provided, this function will crash.
"""
token = request.params['token']
payload = {'format': 'json', 'token': token}
rsp = get(h.velruse_url('/auth_info'),
params=payload,
timeout=1)
if rsp.status_code >= 400:
return self._failure(_('Internal server error:'
'velruse service not available.'))
auth_info = loads(rsp.content)
log.debug('received auth_info from velruse:\n' +
'<pre>' + dumps(auth_info, indent=4) + '</pre>')
if 'error' in auth_info:
error = auth_info['error']
if error == 'user_denied':
return self._failure(_('Login failed: ') +
_('You have to give Adhocracy permission '
'to connect to your Facebook account.'),
auth_info)
else:
return self._failure(_('Login failed: ') + auth_info['error'],
auth_info)
provider_name = auth_info['provider_name']
if provider_name not in allowed_login_types():
self._failure(_("Logging in with %s "
"is not allowed on this installation.")
% provider_name.capitalize(),
auth_info)
else:
profile = auth_info['profile']
email = profile['verifiedEmail']
display_name = profile['displayName']
preferred_name = profile['preferredUsername'].replace('.', '_')
user_name = unused_user_name(preferred_name)
accounts = profile['accounts']
if c.user:
adhocracy_user = c.user
velruse_user = Velruse.by_user_and_domain_first(
adhocracy_user,
accounts[0]['domain'])
else:
velruse_user = Velruse.find_any(accounts)
adhocracy_user = velruse_user.user if velruse_user else None
if velruse_user:
domain = velruse_user.domain
domain_user = velruse_user.domain_user
else:
domain = accounts[0]['domain']
domain_user = accounts[0]['userid']
try:
# login right away
if adhocracy_user and velruse_user:
update_email_trust(adhocracy_user, email)
self._login(adhocracy_user)
# create new user in both Velruse and User and login
elif not adhocracy_user and not velruse_user:
new_user = self._create(user_name,
email,
domain,
domain_user,
email_verified=True,
display_name=display_name)
adhocracy_user, velruse_user = new_user
self._login(adhocracy_user)
# create new user in Velruse for a logged in user
elif adhocracy_user and not velruse_user:
self._connect(adhocracy_user, domain, domain_user,
provider_name,
email, email_verified=True)
# error case
elif not adhocracy_user and velruse_user:
raise DatabaseInconsistent('velruse user is not associated'
' with any adhocracy user')
else:
raise Exception
# if users are deleted and we try to create them again
# we get an IntegrityError
except IntegrityError:
self._failure(_("Error"))