コード例 #1
0
def google(request):
    """
        구글 소셜 로그인 시 사용

        ---
    """
    CLIENT_ID = '832271626552-bpmo24c8a7e1s2lfhs1jfl0ena583jt1.apps.googleusercontent.com'
    token = request.POST.get('id_token')
    try:
        # Specify the CLIENT_ID of the app that accesses the backend:

        idinfo = id_token.verify_oauth2_token(token, requests.Request(),
                                              CLIENT_ID)
        # Or, if multiple clients access the backend server:
        # idinfo = id_token.verify_oauth2_token(token, requests.Request())
        # if idinfo['aud'] not in [CLIENT_ID_1, CLIENT_ID_2, CLIENT_ID_3]:
        #     raise ValueError('Could not verify audience.')
        if idinfo['iss'] not in [
                'accounts.google.com', 'https://accounts.google.com'
        ]:
            raise ValueError('Wrong issuer.')
        # If auth request is from a G Suite domain:
        # if idinfo['hd'] != GSUITE_DOMAIN_NAME:
        #     raise ValueError('Wrong hosted domain.')
        # ID token is valid. Get the user's Google Account ID from the decoded token.
        userid = idinfo['sub']
        username = idinfo['email']
        account = User.objects.filter(username=username)
        if account:
            serializer = UserSerializer(account[0])
            return Response(serializer.data)
        nickname = idinfo['email']
        email = idinfo['email']
        pic_name = random.randrange(1, 13, 1)
        pic_name = f'accounts/pic_names/{pic_name}.jpg'
        user = User.objects.create_user(username,
                                        email=email,
                                        nickname=nickname,
                                        pic_name=pic_name,
                                        social=True,
                                        password=None)
        user.set_unusable_password()
        user.save()
        serializer = UserSerializer(user)
        return Response(serializer.data)
    except ValueError:
        # Invalid token
        return Response(status=status.HTTP_101_SWITCHING_PROTOCOLS)
コード例 #2
0
def login(request):
    if request.data.get("google_id_token") is not None:
        auth_method = "google"
        google_id_token = request.data["google_id_token"]
    elif request.data.get("email") is not None and request.data.get("password") is not None:
        auth_method = "email"
        email = request.data.get("email")
        password = request.data.get("password")
    else:
        return Response(status=status.HTTP_400_BAD_REQUEST)

    try:
        full_name = ""
        profile_image_url = None
        if auth_method == "google":
            try:
                id_info = id_token.verify_oauth2_token(
                    google_id_token, googlerequests.Request(),
                    "3890518873-9igg3o5c5c45a3cnq3fku68jrvc5ricj.apps.googleusercontent.com")
            except ValueError as value_error:
                print(value_error)
                return Response(data=str(value_error), status=status.HTTP_401_UNAUTHORIZED)
            print(id_info)

            if id_info['iss'] not in ['accounts.google.com', 'https://accounts.google.com']:
                return Response(status=status.HTTP_403_FORBIDDEN, data='Wrong issuer {}'.format(id_info['iss']))

            if id_info.get('hd') != "deepen.ai" and id_info.get('hd') != "deepenai.com" \
                    and id_info["email"] != "*****@*****.**" \
                    and id_info["email"] != "*****@*****.**":
                return Response(status=status.HTTP_403_FORBIDDEN, data='Unauthorized user {}'.format(id_info))
            user_id = id_info["sub"]
            email = id_info["email"]
            full_name = id_info["name"]
            profile_image_url = id_info["picture"]

        else:
            user = UserModel.objects(email=email, password=password)
            if len(user) == 0:
                return Response(status=status.HTTP_403_FORBIDDEN, data='Unauthorized user {}'.format(email))
            user_id = user[0]["user_id"]
            email = user[0]["email"]

        return create_jwt_token(user_id, email, full_name=full_name, profile_image_url=profile_image_url)
    except:
        print "Unexpected error:", sys.exc_info()
        traceback.print_tb(sys.exc_info()[2])
        return Response(data=str(sys.exc_info()), status=status.HTTP_500_INTERNAL_SERVER_ERROR)
コード例 #3
0
def verify_creds(flow: google_auth_oauthlib.flow.Flow, google_info,
                 settings: Settings) -> dict:
    creds = flow.credentials

    req = requests.Request()
    id_info = id_token.verify_oauth2_token(creds._id_token, req,
                                           google_info["web"]["client_id"])

    if "hd" not in id_info or id_info["hd"] != settings.top_domain:
        raise HTTPException(
            status_code=403,
            detail=
            f"Not an authorized domain {id_info.get('hd', '')},{settings.top_domain}",
        )

    return id_info
コード例 #4
0
def check_bot_authenticity(token, audience):
    if not token:
        raise ValueError("Invalid token")

    if not audience:
        raise ValueError(f"Invalid audience")

    id_info = id_token.verify_token(
        token,
        requests.Request(),
        audience=audience,
        certs_url=PUBLIC_CERT_URL_PREFIX + CHAT_ISSUER,
    )

    if id_info["iss"] != CHAT_ISSUER:
        raise ValueError("Wrong issuer")
コード例 #5
0
def sign_in():
    body = json.loads(request.data)
    id_token = body.get('id_token')
    try:
        id_info = id_token.verify_oauth2_token(id_token, requests.Request(),
                                               client_id)
        username = id_info['sub']
        user = users_dao.create_user(username)
        data = json.dumps({
            "session_token": user.session_token,
            "session_expiration": str(user.session_expiration),
            "update_token": user.update_token
        })
        return success_response(data, 201)
    except Exception:
        return failure_response("User invalid")
コード例 #6
0
def read_jwt_token(req):
    """Extract the information from a JWT token."""
    if os.getenv('FLASK_ENV', '') == 'development':
        return {'sub': '1234'}
    if not settings:
        initialize()
    app.logger.info('Checking auth for "%s"' % req.headers['Authorization'])
    jwt = req.headers['Authorization'].split(' ').pop()
    auth_request = requests.Request()
    app.logger.info('Checking JWT "%s"' % jwt)
    id_info = id_token.verify_oauth2_token(jwt, auth_request,
                                           settings['client_id'])
    if id_info['iss'] not in ['accounts.google.com', 'https://accounts.google.com']:
        raise AssertionError(
            'Got a token for the wrong issuer! (%s)' % id_info['iss'])
    return id_info
コード例 #7
0
def oauthroute():
    token = oauth.fetch_token('https://accounts.google.com/o/oauth2/token',
                              authorization_response=request.url,
                              client_secret=client_secret)
    req = requests.Request()

    id_info = id_token.verify_oauth2_token(token['id_token'], req, client_id)

    entity = datastore.entity.Entity(
        key=client.key(constants.users, id_info['sub']))
    entity.update({"Email": id_info["email"]})
    client.put(entity)

    print(id_info)
    return "Your JWT is: %s <br> <br> <br> Your unique ID is: %s" % (
        token['id_token'], id_info['sub'])
コード例 #8
0
def verify_token(token):
    try:
        id_info = id_token.verify_oauth2_token(token, requests.Request(),
                                               os.environ.get('CLIENT_ID'))

        if id_info['iss'] not in [
                'accounts.google.com', 'https://accounts.google.com'
        ]:
            raise ValueError('Non-Google wrong issuer.')

        # ID token is valid.
        return id_info

    except ValueError:
        # Invalid token
        pass
コード例 #9
0
ファイル: gcs.py プロジェクト: jwfh/pypicloud
    def _generate_url(self, package):
        """ Generate a signed url to the GCS file """
        blob = self._get_gcs_blob(package)

        if self.use_iam_signer:
            # Workaround for https://github.com/googleapis/google-auth-library-python/issues/50
            signing_credentials = compute_engine.IDTokenCredentials(
                requests.Request(), ""
            )
        else:
            signing_credentials = None
        return blob.generate_signed_url(
            expiration=timedelta(seconds=self.expire_after),
            credentials=signing_credentials,
            version="v4",
        )
コード例 #10
0
def validate_token(token):
    """validates a token received from the client against Google's servers. on
    success, returns the EXTERNAL user id. on failure, returns None."""
    try:
        idinfo = id_token.verify_oauth2_token(token, requests.Request(),
                                              CLIENT_ID)
    except ValueError as e:
        print(e)
        return None

    if idinfo['iss'] not in [
            'accounts.google.com', 'https://accounts.google.com'
    ]:
        return None

    return idinfo
コード例 #11
0
def getUserDetails(data):
    data = request.get_json()
    CLIENT_ID = '471977914473-cn7u1rs5sopnfdh3a3u6bt17ecpp50t3.apps.googleusercontent.com'
    tokenResponse = id_token.verify_oauth2_token(data['token'],
                                                 requests.Request(), CLIENT_ID)

    userDetails = {
        "name": tokenResponse['name'],
        "email": tokenResponse['email'],
        "user_uuid": tokenResponse['sub'],
        "email_verified": tokenResponse['email_verified']
    }

    response = googleUserDetails(userDetails)

    return response
コード例 #12
0
def verify_auth(id_token):
    error_message = None
    claims = None
    firebase_request_adapter = requests.Request()
    if id_token:
        try:
            claims = google.oauth2.id_token.verify_firebase_token(
                id_token, firebase_request_adapter)
            if 'email' not in claims:
                return {}, "USER EMAIL NOT FOUND"
            if 'name' not in claims:
                claims['name'] = claims['email'].split('@')[0]
        except ValueError as exc:
            error_message = str(exc)

    return claims, error_message
コード例 #13
0
ファイル: api.py プロジェクト: daidaidarwa/nkust-club
def auth():
    token = request.json['id_token']
    try:
        id_info = id_token.verify_oauth2_token(token, requests.Request(),
                                               GOOGLE_OAUTH2_CLIENT_ID)
        if id_info['iss'] not in [
                'accounts.google.com', 'https://accounts.google.com'
        ]:
            raise ValueError('Wrong issuer.')
    except ValueError:
        # Invalid token
        raise ValueError('Invalid token')

    access_token = create_access_token(token)
    refresh_token = create_refresh_token(token)
    return jsonify({'access_token': access_token}), 200
コード例 #14
0
    def wrapper(*args, **kwargs):

        try:
            token = request.headers.get('Authorization')
            if not token:
                return {"error": "not authenticated"}, 401

            token = token.replace('Bearer ', '')
            t = id_token.verify_oauth2_token(
                token,
                requests.Request(),
            )
        except ValueError:
            return {"error": "not authenticated"}, 401

        return func(*args, **kwargs)
コード例 #15
0
def get_delegated_credentials(credentials, subject, scopes):
    try:
        request = requests.Request()
        credentials.refresh(request)

        signer = iam.Signer(request, credentials, config.GMAIL_SERVICE_ACCOUNT)
        creds = service_account.Credentials(
            signer=signer,
            service_account_email=config.GMAIL_SERVICE_ACCOUNT,
            token_uri=TOKEN_URI,
            scopes=scopes,
            subject=subject)
    except Exception:
        raise

    return creds
コード例 #16
0
 def credential(self):
     if not self._cred:
         client_info = self._client_info['installed']
         token_uri = client_info['token_uri']
         client_id = client_info['client_id']
         client_secret = client_info['client_secret']
         cred = credentials.Credentials(None,
                                        refresh_token=self._refresh_token,
                                        token_uri=token_uri,
                                        client_id=client_id,
                                        client_secret=client_secret)
         cred.refresh(g_requests.Request())
         self._cred = cred
     elif not self._cred.valid:
         self.refresh()
     return self._cred
コード例 #17
0
    def veriauth_google(token):
        """ Verifies the allegedly authenticated Google user by submitted token. If the
        authentication is truthful, the user's email address is returned. """
        # Verify the oauth token with Google
        idinfo = id_token.verify_oauth2_token(token, requests.Request(),
                                              oauth.__GOOGLE_SECRET)

        # Ensure that the cerificate issuer is Google, to prevent forgery
        if idinfo['iss'] not in [
                'accounts.google.com', 'https://accounts.google.com'
        ]:
            raise InvalidISSError("Invalid ISS")

        # ID token is valid. Get the user's Google Account ID from the decoded
        # token
        return idinfo['email'], idinfo['name']
コード例 #18
0
    def post(self, request):
        """
        Log a user in. It expects in the request body the token received from google auth service.
        """
        token = json.loads(request.body.decode('utf-8')).get('token')
        if token is None:
            return HttpResponse('Token is not provided', status=400)

        try:
            id_info = id_token.verify_oauth2_token(token, requests.Request(), settings.GOOGLE_CLIENT_ID)
        except ValueError:
            return HttpResponse('Bad token', status=400)
        if id_info['iss'] not in ['accounts.google.com', 'https://accounts.google.com']:
            raise ValueError('Wrong issuer.')
        login_or_create_administrator(request, id_info)
        return HttpResponse('/admin')
コード例 #19
0
def google(token):
    from google.oauth2 import id_token
    from google.auth.transport import requests as grequests

    try:
        # Specify the CLIENT_ID of the app that accesses the backend:
        idinfo = id_token.verify_oauth2_token(token, grequests.Request())

        # Or, if multiple clients access the backend server:
        # idinfo = id_token.verify_oauth2_token(token, requests.Request())
        # if idinfo['aud'] not in [CLIENT_ID_1, CLIENT_ID_2, CLIENT_ID_3]:
        #     raise ValueError('Could not verify audience.')
        return idinfo
    except ValueError:
        # Invalid token
        return False
コード例 #20
0
def verify(headers):
    try:
        if "Authorization" not in headers:
            return -1
        bearer = headers["Authorization"]
        space_index = bearer.index(" ")
        prior = bearer[:space_index]
        if prior != "Bearer":
            raise ValueError
        jwt = bearer[space_index + 1:]
        req = requests.Request()
        id_info = id_token.verify_oauth2_token(
            str(jwt), req, client_id)
        return id_info["sub"]
    except ValueError:
        return -1
コード例 #21
0
 def SetUp(self):
     self.creds = c_google_auth.UserCredWithReauth(
         token='token',
         refresh_token='refresh_token',
         id_token='id_token',
         token_uri='token_uri',
         client_id='client_id',
         client_secret='client_secret',
         scopes=['scope1', 'scope2'],
         quota_project_id='quota_project_id')
     self.http_request = mock.MagicMock(spec=requests.Request())
     self.get_rapt_token_mock = self.StartObjectPatch(
         oauth2client_reauth, 'GetRaptToken')
     self.now = datetime.datetime(2020, 1, 1)
     self.StartObjectPatch(_helpers, 'utcnow').return_value = self.now
     self.expected_expiry = datetime.datetime(2020, 1, 1, 1)
コード例 #22
0
ファイル: main.py プロジェクト: chrononyan/examtool-web
def get_email(request):
    if getenv("ENV") == "dev":
        return DEV_EMAIL

    token = request.json["token"]

    # validate token
    id_info = id_token.verify_oauth2_token(token, requests.Request(),
                                           CLIENT_ID)

    if id_info["iss"] not in [
            "accounts.google.com", "https://accounts.google.com"
    ]:
        raise ValueError("Wrong issuer.")

    return id_info["email"]
コード例 #23
0
ファイル: file.py プロジェクト: Grashalmbeisser/viur-core
    def download(self,
                 blobKey,
                 fileName="",
                 download="",
                 sig="",
                 *args,
                 **kwargs):
        """
		Download a file.
		:param blobKey: The unique blob key of the file.
		:type blobKey: str
		:param fileName: Optional filename to provide in the header.
		:type fileName: str
		:param download: Set header to attachment retrival, set explictly to "1" if download is wanted.
		:type download: str
		"""
        global credentials, bucket
        if not sig:
            raise errors.PreconditionFailed()
        # First, validate the signature, otherwise we don't need to proceed any further
        if not utils.hmacVerify(blobKey.encode("ASCII"), sig):
            raise errors.Forbidden()
        # Split the blobKey into the individual fields it should contain
        dlPath, validUntil = urlsafe_b64decode(blobKey).decode("UTF-8").split(
            "\0")
        if validUntil != "0" and datetime.strptime(
                validUntil, "%Y%m%d%H%M") < datetime.now():
            raise errors.Gone()
        # Create a signed url and redirect the user
        if isinstance(credentials, ServiceAccountCredentials
                      ):  # We run locally with an service-account.json
            blob = bucket.get_blob(dlPath)
            if not blob:
                raise errors.NotFound()
            signed_url = blob.generate_signed_url(datetime.now() +
                                                  timedelta(seconds=60))
        else:  # We are inside the appengine
            auth_request = requests.Request()
            signed_blob_path = bucket.blob(dlPath)
            expires_at_ms = datetime.now() + timedelta(seconds=60)
            signing_credentials = compute_engine.IDTokenCredentials(
                auth_request,
                "",
                service_account_email=credentials.service_account_email)
            signed_url = signed_blob_path.generate_signed_url(
                expires_at_ms, credentials=signing_credentials, version="v4")
        raise errors.Redirect(signed_url)
コード例 #24
0
ファイル: main.py プロジェクト: mccarrom/Portfolio
def addDeleteLoadsFromBoats(boat_id, load_id):
    req = requests.Request()
    try:
        authorizationHeader = request.headers['authorization']
        authorizationHeader = authorizationHeader[7:]
        id_info = id_token.verify_oauth2_token( authorizationHeader, req, client_id)
        boat_key = client.key(constants.boats, int(boat_id))
        boat = client.get(key=boat_key)
        load_key = client.key(constants.loads, int(load_id))
        load = client.get(key=load_key)

        if request.method == 'PUT':
            if boat and boat["owner"] == id_info.get('sub'):
                if 'loads' in boat.keys():
                    boat['loads'].append(load.key.id)
                else:
                    boat['loads'] = [load.key.id]
                client.put(boat)
                load['carrier'] = [boat.id]
                client.put(load)
                return('',204)
            elif boat and boat["owner"] != id_info.get('sub'):
                return_message = {"Error" : "You cannot load cargo onto boats you do not own"}
                return(json.dumps(return_message), 403)
            else:
                return_message = {"Error" : "No boat with this boat_id exists"}
                return(json.dumps(return_message), 404)

        if request.method == 'DELETE':
            if boat and boat["owner"] == id_info.get('sub'):
                if 'loads' in boat.keys():
                    boat['loads'].remove(int(load_id))
                    client.put(boat)
                load['carrier'].remove(int(boat_id))
                client.put(load)
                return('',204)
            elif boat and boat["owner"] != id_info.get('sub'):
                return_message = {"Error" : "You cannot load cargo onto boats you do not own"}
                return(json.dumps(return_message), 403)
            else:
                return_message = {"Error" : "No boat with this boat_id exists"}
                return(json.dumps(return_message), 404)

    except KeyError:
        return ("Missing JWT", 401)
    except ValueError:
        return("Invalid JWT", 401)
コード例 #25
0
ファイル: grpc_proxy.py プロジェクト: xxq1125/quic-proxy
    def _create_channel(self):
        # Make sure grpc was successfully imported
        assert available()

        if not self._secure:
            return grpc.insecure_channel(self._host)

        # Authenticate the host.
        #
        # You're allowed to override the root certs and server if necessary. For
        # example, if you're running your proxy on localhost, you'll need to set
        # GRPC_PROXY_TLS_ROOTS to the "roots.crt" file specifying the certificate
        # for the root CA that your localhost server has used to certify itself, and
        # the GRPC_PROXY_TLS_OVERRIDE to the name that your server is using to
        # identify itself. For example, the ROOTS env var might be
        # "/path/to/roots.crt" while the OVERRIDE env var might be "test_server," if
        # this is what's used by the server you're running.
        #
        # If you're connecting to a real server with real SSL, none of this should
        # be used.
        if not certifi:
            self._debug_info.append('CERTIFI IS NOT PRESENT;' +
                                    ' gRPC HTTPS CONNECTIONS MAY FAIL')
        root_certs = None
        roots = os.environ.get('LUCI_GRPC_PROXY_TLS_ROOTS')
        if roots:
            self._debug_info.append('Overridden root CA: %s' % roots)
            with open(roots) as f:
                root_certs = f.read()
        else:
            self._debug_info.append('Using default root CAs from certifi')
        overd = os.environ.get('LUCI_GRPC_PROXY_TLS_OVERRIDE')
        options = ()
        if overd:
            options = (('grpc.ssl_target_name_override', overd), )
        ssl_creds = grpc.ssl_channel_credentials(root_certificates=root_certs)

        # Authenticate the user.
        scopes = ('https://www.googleapis.com/auth/cloud-source-tools', )
        self._debug_info.append('Scopes are: %r' % scopes)
        user_creds, _ = google_auth.default(scopes=scopes)

        # Create the channel.
        request = google_auth_transport_requests.Request()
        self._debug_info.append('Options are: %r' % options)
        return google_auth_transport_grpc.secure_authorized_channel(
            user_creds, request, self._host, ssl_creds, options=options)
コード例 #26
0
def login():
    """
    Handles all the login cases.
    GET: Shows the view containing OAuth providers for logging in.
    POST: Creates a new login session, thereby signing in the user.
    DELETE: Deletes the login session, thereby signing out the user.
    :return: the appropriate template.
    """
    if request.method == "GET":
        state = get_csrf_token()
        session['state'] = state
        return render_template('login/new.html', state=state)

    if request.method == "POST":
        if not valid_state():
            return json.dumps({'success': False}), 401, {
                'ContentType': 'application/json'
            }

        token = request.form['token']
        client_id = \
            json.loads(open('../secrets/app_secrets.json', 'r').read())['web'][
                'google']["client_id"]
        try:
            idinfo = id_token.verify_oauth2_token(token, requests.Request(),
                                                  client_id)
            session['idinfo'] = idinfo
            if idinfo['iss'] not in [
                    'accounts.google.com', 'https://accounts.google.com'
            ]:
                raise ValueError('Wrong issuer.')
        except ValueError:
            print("Raised error")
            session.pop('idinfo')
            return json.dumps({'success': False}), 401, {
                'ContentType': 'application/json'
            }
        create_user()
        return json.dumps({'success': True}), 200, {
            'ContentType': 'application/json'
        }

    elif request.method == "DELETE":
        session.pop("idinfo")
        return json.dumps({'success': True}), 200, {
            'ContentType': 'application/json'
        }
コード例 #27
0
def login():
    print('---This is a test---')
    token = request.form['idtoken']
    print(token)
    try:
        idinfo = id_token.verify_oauth2_token(token, requests.Request(),
                                              GOOGLE_CLIENT_ID)
        session['idinfo'] = idinfo

        # here I will try to populate the users database by logging in
        print('------Inside Login------')
        print(idinfo)
        db = mysql.connect(user=db_user,
                           password=db_pass,
                           host=db_host,
                           database=db_name)
        cursor = db.cursor()

        # This is to make sure user does not exist in the data base
        possible_user = idinfo['email']
        # query = (f"select * from Users where email is {idinfo['email']}")
        query = ("SELECT * from Users where email=%s")
        values = (possible_user, )
        cursor.execute(query, values)
        response = cursor.fetchall()
        if len(response) == 0:
            try:
                cursor.execute(
                    'INSERT INTO Users(email, firstName, lastName, urlToProfilePic ) VALUES (%s,%s,%s,%s)',
                    (idinfo['email'], idinfo['given_name'],
                     idinfo['family_name'], idinfo['picture']))
                db.commit()
            except Exception as e:
                print(e)
                print('there was an error')

        # Selecting Users to make sure data base works
        cursor.execute("select * from Users;")
        print('---------- DATABASE Users INITIALIZED ----------')
        [print(x) for x in cursor]
        db.close()

        return idinfo

    except ValueError:
        print('Invalid token')
        return 'invalid token'
コード例 #28
0
ファイル: views.py プロジェクト: gaurmohit/hbook
def check_user(request):
    if request.method != "POST": raise Http404
    token = request.POST.get("id_token", "#")
    try:
        # Specify the CLIENT_ID of the app that accesses the backend:
        idinfo = id_token.verify_oauth2_token(
            token, requests.Request(),
            "596099888829-6vvcos64bnlgs0nrltala1id8g1k40hb.apps.googleusercontent.com"
        )

        # Or, if multiple clients access the backend server:
        # idinfo = id_token.verify_oauth2_token(token, requests.Request())
        # if idinfo['aud'] not in [CLIENT_ID_1, CLIENT_ID_2, CLIENT_ID_3]:
        #     raise ValueError('Could not verify audience.')

        if idinfo['iss'] not in [
                'accounts.google.com', 'https://accounts.google.com'
        ]:
            raise ValueError('Wrong issuer.')

        # If auth request is from a G Suite domain:
        # if idinfo['hd'] != GSUITE_DOMAIN_NAME:
        #     raise ValueError('Wrong hosted domain.')

        # ID token is valid. Get the user's Google Account ID from the decoded token.
        userid = idinfo['sub']
        print("got the user id", userid, idinfo['email'])

        if is_logged(request):
            if request.session.get('email', '#') != idinfo['email']:
                log_out(request)
                request.session['email'] = idinfo['email']
                if Users.objects.filter(email=idinfo['email']).count() < 1:
                    usr = Users()
                    usr.email = idinfo['email']
                    usr.gid = userid
                    usr.save()
                error = "Okay"
            else:
                error = "Already Logged"
        else:
            request.session['email'] = idinfo['email']
            error = "Okay"
    except ValueError:
        # Invalid token
        pass
    return HttpResponse(error)
コード例 #29
0
ファイル: files.py プロジェクト: seandavi/cmgd_web
def BAD_generate_download_signed_url_v4(name: str):
    """Generates a v4 signed URL for downloading a blob.

    Note that this method requires a service account key file. You can not use
    this if you are using Application Default Credentials from Google Compute
    Engine or from the Google Cloud SDK.
    """
    # bucket_name = 'your-bucket-name'
    # blob_name = 'your-object-name'
    import os

    KEYFILE = os.getenv("GOOGLE_APPLICATION_CREDENTIALS")
    PROJECT = 'curatedmetagenomics'
    print(KEYFILE)

    import google.auth
    from google.oauth2 import service_account
    from google.auth.transport import requests
    from google.auth import compute_engine

    credentials, project = google.auth.default()

    bucket_name='data-curatedmetagenomics'
    storage_client = storage.Client(project, credentials)
    bucket = storage_client.bucket(bucket_name)
    blob = bucket.blob(name)

    auth_request = requests.Request()

    signing_credentials = compute_engine.IDTokenCredentials(
        auth_request, "",
        service_account_email=credentials.service_account_email)

    url = blob.generate_signed_url(
        credentials = signing_credentials,
        version="v4",
        # This URL is valid for 15 minutes
        expiration=datetime.timedelta(minutes=15),
        # Allow GET requests using this URL.
        method="GET",
    )

    print("Generated GET signed URL:")
    print(url)
    print("You can use this URL with any user agent, for example:")
    print("curl '{}'".format(url))
    return url
コード例 #30
0
def authorize_token(token):
    try:
        decoded_token = id_token.verify_oauth2_token(
            token, requests_google.Request(),
            "195081855240-jjsqpn2t0oucb8ets7li98p8vodja8jd.apps.googleusercontent.com"
        )
        print(decoded_token)
        if (decoded_token.get(
                'aud'
        ) == "195081855240-jjsqpn2t0oucb8ets7li98p8vodja8jd.apps.googleusercontent.com"
                and decoded_token.get('iss') == "accounts.google.com"):
            print('epicsauce')
            return decoded_token
        else:
            return False
    except:
        return False