def auth0_callback_view(self): # pragma: no cover
"""This callback is called after a successful Auth0 login.
Args:
code(str): Auth0's authentication code.
"""
# Check for errors
error = request.args.get('error')
if error:
error_code = request.args.get('error_description')
return redirect(
url_for('regular.unauthorized', error_code=error_code))
from auth0.v3.authentication import GetToken
from auth0.v3.authentication import Users
import json
# Retrieve AUTH0 settings from the local settings file
AUTH0_DOMAIN = current_app.config.get('AUTH0_DOMAIN', '')
AUTH0_CLIENT_ID = current_app.config.get('AUTH0_CLIENT_ID', '')
AUTH0_CLIENT_SECRET = current_app.config.get('AUTH0_CLIENT_SECRET', '')
AUTH0_CALLBACK_URL = url_for('user.auth0_callback', _external=True)
auth0_users = Users(AUTH0_DOMAIN)
# Retrieve Auth0 code from the URL query parameters
code = request.args.get('code')
# Decode Auth0 code and extract the Auth0 Token
get_token = GetToken(AUTH0_DOMAIN)
token = get_token.authorization_code(AUTH0_CLIENT_ID,
AUTH0_CLIENT_SECRET, code,
AUTH0_CALLBACK_URL)
# Retrieve user_info from AUTH0 token
user_info_str = auth0_users.userinfo(token['access_token'])
user_info = json.loads(user_info_str)
email = user_info['email']
email_verified = user_info['email_verified']
# Retrieve User record by email
user, user_email = self.db_manager.get_user_and_user_email_by_email(
email)
if not user:
# Create new user if needed
user = self.db_manager.add_user(
email=email,
active=True,
first_name=user_info.get('given_name', ''),
last_name=user_info.get('family_name', ''),
)
self.db_manager.commit()
# Retrieve next URL from 'state' query param
state = request.args.get('state', '/')
safe_next_url = self.make_safe_url(state)
# Log user in
return self._do_login_user(user, safe_next_url)
def role_updating():
role_id = request.json['id']
role_name = request.json['name']
role_desc = request.json['desc']
get_token = GetToken(DOMAIN)
token = get_token.client_credentials(M2M_ID, M2M_SEC,
'{}/api/v2/'.format(AUTH0_DOMAIN))
mgmt_api_token = token['access_token']
auth0 = Auth0(DOMAIN, mgmt_api_token)
roles = auth0.roles
try:
resp = roles.update(id=role_id,
body={
'name': role_name,
'description': role_desc
})
except exceptions.Auth0Error:
return {
'resp': {
'error': 'Role id, {0}, doesn\'t exist'.format(role_id)
}
}
return {
'resp': {
'id': resp['id'],
'name': resp['name'],
'desc': resp['description']
}
}
def get_mgmt_token():
get_token = GetToken(AUTH0_DOMAIN)
token = get_token.client_credentials(
NON_INTERACTIVE_CLIENT_ID, NON_INTERACTIVE_CLIENT_SECRET,
'https://{}/api/v2/'.format(AUTH0_DOMAIN))
return token['access_token']
def callback_handling():
code = request.args.get('code')
get_token = GetToken(const['AUTH0_DOMAIN'])
auth0_users = Users(const['AUTH0_DOMAIN'])
token = get_token.authorization_code(const['AUTH0_CLIENT_ID'],
const['AUTH0_CLIENT_SECRET'], code,
const['AUTH0_CALLBACK_URL'])
user_info = auth0_users.userinfo(token['access_token'])
session['profile'] = json.loads(user_info)
print('USER INFO')
# check if user in db
user = User.query.filter_by(email=session['profile']['email']).first()
print('CHECK')
if user is None:
print('new user being added to db')
userid = session['profile']["sub"]
userid = userid[userid.index('|') + 1:len(userid)]
new_user = User(userid, session['profile']['email'],
session['profile']['nickname'],
session['profile']['picture'])
db.session.add(new_user)
db.session.commit()
else:
print('old user')
return redirect('/dashboard')
def callback_handling():
code = request.args.get(CODE_KEY)
get_token = GetToken(AUTH0_DOMAIN)
auth0_users = Users(AUTH0_DOMAIN)
token = get_token.authorization_code(AUTH0_CLIENT_ID, AUTH0_CLIENT_SECRET,
code, AUTH0_CALLBACK_URL)
user_info = auth0_users.userinfo(token['access_token'])
session[PROFILE_KEY] = json.loads(user_info)
# return user_info
# extract data to register user on DB in order top track question set progress
first_name = session['profile']['given_name']
surname = session['profile']['family_name']
try:
email = session['profile']['email']
except Exception as e:
# log exception arup waad has email in nickname for some reason...
email = session['profile']['nickname']
if len(parseaddr(email)[1]) == 0:
return 'unable to log you in, invalid email supplied'
user = db.session.query(User).filter_by(first_name=first_name,
surname=surname,
email=email).first()
# if user doesnt exist in db, add them
if (user is None):
user = User(first_name=first_name, surname=surname, email=email)
db.session.add(user)
db.session.commit()
# add user id from DB to the session
session['user_id'] = user.id
return redirect('/index')
def user_creation():
user_email = request.json['email']
user_name = request.json['name']
user_username = request.json['username']
user_first = user_name.split()[0]
user_last = user_name.split()[1]
user_password = request.json['password']
get_token = GetToken(DOMAIN)
token = get_token.client_credentials(M2M_ID, M2M_SEC,
'{}/api/v2/'.format(AUTH0_DOMAIN))
mgmt_api_token = token['access_token']
auth0 = Auth0(DOMAIN, mgmt_api_token)
users = auth0.users
try:
resp = users.create({
'email': user_email,
'name': user_name,
'given_name': user_first,
'family_name': user_last,
'username': user_username,
'connection': 'LoginSystem',
'password': user_password
})
except exceptions.Auth0Error:
return {'resp': {'error': 'User already exists'}}
return {'resp': resp}
def __init__(self, service_url, loop=asyncio.get_event_loop()):
self.service_url = service_url
domain = os.getenv('REACT_APP_PORTAL_AUTH_DOMAIN')
self.c_id = os.getenv('REACT_APP_PORTAL_AUTH_CLIENT_ID')
self.secret = os.getenv('REACT_APP_PORTAL_AUTH_CLIENT_SECRET')
self.identifier = os.getenv('REACT_APP_PORTAL_AUTH_IDENTIFIER')
try:
self.getter = GetToken(domain)
token = self.getter.client_credentials(client_id=self.c_id,
client_secret=self.secret,
audience=self.identifier)
self.token = token['access_token']
self.expires = token['expires_in']
expiration_time = '{}d {}h:{}m:{}s'.format(self.expires // 86400,
(self.expires %
86400) // 3600,
(self.expires %
3600) // 60,
self.expires % 60)
self.renewal_time_hours = .5 * (self.expires // 3600)
logger.info("Token expires in {}".format(expiration_time))
self.headers = {
"Content-Type": "application/json",
"authorization": "Bearer " + self.token
}
self.session = aiohttp.ClientSession(loop=loop)
asyncio.ensure_future(self.renewal(
self.renewal_time_hours * 60 * 60))
except Exception as e:
logger.error("Unable to connect to Maana {}".format(service_url))
pass
def create_client(jupyterhub_endpoint):
DOMAIN = os.environ["AUTH0_DOMAIN"]
CLIENT_ID = os.environ["AUTH0_CLIENT_ID"]
CLIENT_SECRET = os.environ["AUTH0_CLIENT_SECRET"]
get_token = GetToken(DOMAIN)
token = get_token.client_credentials(CLIENT_ID, CLIENT_SECRET,
"https://{}/api/v2/".format(DOMAIN))
mgmt_api_token = token["access_token"]
auth0 = Auth0(DOMAIN, mgmt_api_token)
credentials = auth0.clients.create({
"name":
f"QHub - {jupyterhub_endpoint}",
"description":
f"QHub - {jupyterhub_endpoint}",
"callbacks": [f"https://{jupyterhub_endpoint}/hub/oauth_callback"],
"app_type":
"regular_web",
})
return {
"auth0_subdomain": ".".join(DOMAIN.split(".")[:-2]),
"client_id": credentials["client_id"],
"client_secret": credentials["client_secret"],
"scope": ["openid", "email", "profile"],
"oauth_callback_url":
f"https://{jupyterhub_endpoint}/hub/oauth_callback",
}
def get_auth0():
"""
Retrieve instantiated auth0 client.
This also uses the cache so we're not re-instantiating for every update.
"""
auth0_api_access_token = cache.get('auth0_api_access_token')
if not auth0_api_access_token:
client = GetToken(api_settings.AUTH0_DOMAIN, )
response = client.client_credentials(
api_settings.AUTH0_CLIENT_ID,
api_settings.AUTH0_CLIENT_SECRET,
api_settings.AUTH0_AUDIENCE,
)
cache.set(
'auth0_api_access_token',
response['access_token'],
timeout=response['expires_in'],
)
auth0_api_access_token = response['access_token']
auth0 = Auth0(
api_settings.AUTH0_DOMAIN,
auth0_api_access_token,
)
return auth0
def get_auth0_client(config):
get_token = GetToken(config['domain'])
token = get_token.client_credentials(config['non_interactive_client_id'],
config['non_interactive_client_secret'],
'https://{}/api/v2/'.format(config['domain']))
mgmt_api_token = token['access_token']
return Auth0(config['domain'], mgmt_api_token)
def get_token(self):
audience = settings.AUTH0_MANAGEMENT_API_AUDIENCE
get_token = GetToken(self.domain)
token = get_token.client_credentials(self.client_id,
self.client_secret, audience)
mgmt_api_token = token['access_token']
return mgmt_api_token
def auth0(self):
if not hasattr(self, '_auth0'):
gt = GetToken(self.domain)
creds = gt.client_credentials(self.client_id, self.client_secret,
f'https://{self.domain}/api/v2/')
self._auth0 = Auth0(self.domain, creds['access_token'])
return self._auth0
def callback_handling():
code = request.args.get('code')
get_token = GetToken('manishsethis.auth0.com')
auth0_users = Users('manishsethis.auth0.com')
token = get_token.authorization_code(os.environ['CLIENT_ID'], os.environ['CLIENT_SECRET'], code, 'http://localhost:5000/callback')
user_info = auth0_users.userinfo(token['access_token'])
session['profile'] = json.loads(user_info)
return redirect('/dashboard')
def get_auth0_token():
get_token = GetToken(settings.AUTH0_DOMAIN)
token = get_token.client_credentials(
settings.AUTH0_CLIENT_ID,
settings.AUTH0_CLIENT_SECRET,
f'https://{settings.AUTH0_DOMAIN}/api/v2/',
)
return token
def __init__(self):
get_token = GetToken(domain)
self.token = get_token.client_credentials(client_id, client_secret,
API_ENDPOINT)
self.mgmt_api_token = self.token['access_token']
self.session = RequestSession(API_ENDPOINT)
headers = {'Bearer': self.mgmt_api_token}
self.session.headers.update(headers)
def get_auth0_token():
client = GetToken(settings.AUTH0_DOMAIN)
token = client.client_credentials(
settings.AUTH0_API_ID,
settings.AUTH0_API_SECRET,
settings.AUTH0_AUDIENCE,
)
return token['access_token']
def get_auth0_inst(domain, client_id, client_secret):
"""
Return an authenticated Auth0 instance
"""
gt = GetToken(domain)
creds = gt.client_credentials(client_id, client_secret, f"https://{domain}/api/v2/")
auth0_inst = Auth0(domain, creds["access_token"])
return auth0_inst
def get_token():
gt = GetToken(current_app.config['AUTH0_DOMAIN'])
token = gt.client_credentials(
current_app.config['AUTH0_CLIENT_ID'],
current_app.config['AUTH0_CLIENT_SECRET'],
'https://{}/api/v2/'.format(current_app.config['AUTH0_DOMAIN']))
mgmt_api_token = token['access_token']
return mgmt_api_token
def callback_handling():
code = request.args.get(constants.CODE_KEY)
get_token = GetToken(AUTH0_DOMAIN)
auth0_users = Users(AUTH0_DOMAIN)
token = get_token.authorization_code(AUTH0_CLIENT_ID,
AUTH0_CLIENT_SECRET, code, AUTH0_CALLBACK_URL)
user_info = auth0_users.userinfo(token['access_token'])
session[constants.PROFILE_KEY] = json.loads(user_info)
return redirect('/dashboard')
def get_management_api_client():
get_token = GetToken(Config.AUTH0_DOMAIN)
token = get_token.client_credentials(
Config.AUTH0_NON_INTERACTIVE_CLIENT_ID,
Config.AUTH0_NON_INTERACTIVE_CLIENT_SECRET,
Config.AUTH0_BASE_URL + '/api/v2/')
mgmt_api_token = token['access_token']
auth0 = Auth0(Config.AUTH0_DOMAIN, mgmt_api_token)
return auth0
def auth0(self):
"""
Return an authenticated Auth0 instance
"""
if not hasattr(self, "_auth0"):
gt = GetToken(self.domain)
creds = gt.client_credentials(self.client_id, self.client_secret,
f"https://{self.domain}/api/v2/")
self._auth0 = Auth0(self.domain, creds["access_token"])
return self._auth0
def get_tokens(code, request):
'''Given an auth code, by making an Auth0 API call, returns an access_token
and id_token.
'''
get_token = GetToken(DOMAIN)
# exchange the Authorization Code for tokens: access_token, id_token
tokens = get_token.authorization_code(CLIENT_ID, CLIENT_SECRET, code,
get_callback_url(request))
# tokens is a dict including access_token and id_token
return tokens
def create_client(jupyterhub_endpoint, project_name, reuse_existing=True):
for variable in {"AUTH0_DOMAIN", "AUTH0_CLIENT_ID", "AUTH0_CLIENT_SECRET"}:
if variable not in os.environ:
raise ValueError(
f"Required environment variable={variable} not defined")
get_token = GetToken(os.environ["AUTH0_DOMAIN"])
token = get_token.client_credentials(
os.environ["AUTH0_CLIENT_ID"],
os.environ["AUTH0_CLIENT_SECRET"],
f'https://{os.environ["AUTH0_DOMAIN"]}/api/v2/',
)
mgmt_api_token = token["access_token"]
auth0 = Auth0(os.environ["AUTH0_DOMAIN"], mgmt_api_token)
oauth_callback_url = (
f"https://{jupyterhub_endpoint}/auth/realms/qhub/broker/auth0/endpoint"
)
for client in auth0.clients.all(
fields=["name", "client_id", "client_secret", "callbacks"],
include_fields=True):
if client["name"] == project_name and reuse_existing:
if oauth_callback_url not in client["callbacks"]:
logger.info(
f"updating existing application={project_name} client_id={client['client_id']} adding callback url={oauth_callback_url}"
)
auth0.clients.update(
client["client_id"],
{"callbacks": client["callbacks"] + [oauth_callback_url]},
)
return {
"auth0_subdomain":
".".join(os.environ["AUTH0_DOMAIN"].split(".")[:-2]),
"client_id":
client["client_id"],
"client_secret":
client["client_secret"],
}
client = auth0.clients.create({
"name": project_name,
"description": f"QHub - {project_name} - {jupyterhub_endpoint}",
"callbacks": [oauth_callback_url],
"app_type": "regular_web",
})
return {
"auth0_subdomain":
".".join(os.environ["AUTH0_DOMAIN"].split(".")[:-2]),
"client_id": client["client_id"],
"client_secret": client["client_secret"],
}
def get_management_api_token():
domain = auth0_api_settings.MANAGEMENT_API['AUTH0_DOMAIN']
client_id = auth0_api_settings.MANAGEMENT_API['AUTH0_CLIENT_ID']
client_secret = auth0_api_settings.MANAGEMENT_API['AUTH0_CLIENT_SECRET']
get_token = GetToken(domain)
token = get_token.client_credentials(
client_id, client_secret,
'https://{domain}/api/v2/'.format(domain=domain))
return token['access_token']
def get_token(self):
get_token = GetToken(self.domain)
token = get_token.client_credentials(
settings.AUTH0_CLIENT_ID,
settings.AUTH0_CLIENT_SECRET,
f"https://{self.domain}/api/v2/",
)
mgmt_api_token = token["access_token"]
return mgmt_api_token
def auth_auth0(endpoint, client_id, client_secret, realm, username, password):
client = GetToken(endpoint)
try:
resp = client.login(client_id, client_secret, username, password, None,
realm, None)
if resp:
auth_success(username)
else:
auth_failure("Invalid credentials for username " + username)
except Auth0Error, e:
auth_failure('Auth0 error: ' + e.message)
def callback_handling():
code = request.args.get('code')
get_token = GetToken('abdul4343.eu.auth0.com')
auth0_users = Users('abdul4343.eu.auth0.com')
token = get_token.authorization_code(
'xYbqBYbjcd2rS6o9Xb0HrLwQWHXu8jH1',
'rZHMb64rreOI6j0umN8_ZHpcer4VuJbdVCUO3hEdB795kEadyp7GhNdw2Fy5lEFO',
code, 'http://192.168.0.6:5000/callback')
user_info = auth0_users.userinfo(token['access_token'])
#session['profile'] = json.loads(user_info)
print(json.loads(user_info))
return json.loads(user_info)
def create_access_token(cls):
domain = settings.AUTH0_DOMAIN
client_id = settings.AUTH0_CLIENT_ID
client_secret = settings.AUTH0_CLIENT_SECRET
api_audience = settings.API_AUDIENCE
get_token = GetToken(domain)
token = get_token.client_credentials(client_id, client_secret,
api_audience)
cls.objects.create(access_token=token['access_token'], )
def get_mgmt_api_token() -> str:
"""
Handle Auth0 callback in AUTHLIB mode
:return:
"""
# https://github.com/auth0/auth0-python#management-sdk-usage
get_token = GetToken(config[AUTH0_DOMAIN])
token = get_token.client_credentials(
config[NON_INTERACTIVE_CLIENT_ID],
config[NON_INTERACTIVE_CLIENT_SECRET],
auth0_url('/api/v2/')
)
return token['access_token']
def callback_handling():
code = request.args.get(CODE_KEY)
get_token = GetToken(AUTH0_DOMAIN)
auth0_users = Users(AUTH0_DOMAIN)
token = get_token.authorization_code(AUTH0_CLIENT_ID, AUTH0_CLIENT_SECRET,
code, AUTH0_CALLBACK_URL)
user_info = auth0_users.userinfo(token['access_token'])
session[PROFILE_KEY] = json.loads(user_info)
# return user_info
# extract data to register user on DB in order top track question set progress
register_user()
return redirect('/index')
def get_auth0():
auth0_api_access_token = cache.get('auth0_api_access_token')
if not auth0_api_access_token:
client = GetToken(settings.AUTH0_DOMAIN)
response = client.client_credentials(
settings.AUTH0_CLIENT_ID,
settings.AUTH0_CLIENT_SECRET,
settings.AUTH0_AUDIENCE,
)
cache.set(
'auth0_api_access_token',
response['access_token'],
timeout=response['expires_in'],
)
auth0_api_access_token = response['access_token']
auth0 = Auth0(
settings.AUTH0_DOMAIN,
auth0_api_access_token,
)
return auth0
