コード例 #1
0
ファイル: auth.py プロジェクト: Artanis/icecrate2 
  def login(self, token):
    client = self.make_session(token=token)

    resp = client.get(config.get("oauth.google", "user_info"))
    info = json.loads(resp.content.decode('utf-8'))


    # StackOverflow suggests UUIDs aren't very secure for session
    # identifiers, but offered recommendations that use os.urandom(),
    # same as the UUID module's fully random identifiers, such as uuid4.
    # ¯\_('')_/¯
    new_session = UserSession(id=uuid.uuid4().hex, info=info, token=token)

    self.__sessions[new_session.id] = new_session

    # Session ID for server-side authentication
    bottle.response.set_cookie(
      name=config.get("session", "session_id"),
      value=new_session.id,
      secret=config.get("session", "cookie_secret"),
      path="/",
      httponly=True,
      secure=True,
      expires=new_session.token['expires_at'])

    return
コード例 #2
0
ファイル: auth.py プロジェクト: Artanis/icecrate2 
def handle_login():
  global oauth_state

  google = oauth.OAuth2Session(
    client_id    = config.get("oauth.google", "client_id"),
    redirect_uri = config.get("oauth.google", "redirect_to"),
    scope        = config.get("oauth.google", "scopes"))

  auth_uri, state = google.authorization_url(
    config.get("oauth.google", "auth_uri"))
    # approval_prompt='force')

  oauth_state = state

  bottle.redirect(auth_uri)
コード例 #3
0
ファイル: auth.py プロジェクト: Artanis/icecrate2 
def handle_process():
  global oauth_state

  google = oauth.OAuth2Session(
    client_id=config.get("oauth.google", "client_id"),
    redirect_uri=config.get("oauth.google", "redirect_to"),
    state=oauth_state)

  token = google.fetch_token(
    config.get("oauth.google", "token_uri"),
    client_secret=config.get("oauth.google", "client_secret"),
    code=bottle.request.GET.get('code'))

  sessions.login(token)

  bottle.redirect("/")
コード例 #4
0
ファイル: bootstrap.py プロジェクト: Artanis/icecrate2 
def design_docs_setup():
  """Pushes the CouchDB design docs to the database.

  These documents are required.

  """
  os.chdir(os.path.join(os.path.dirname(__file__), "couchdb_design"))
  spawn(['couchapp', 'push', '.', config.get('database', 'couchapp_dest')])
コード例 #5
0
ファイル: auth.py プロジェクト: Artanis/icecrate2 
  def make_session(self, *, token=None, session_id=None):
    if token is None:
      if session_id is not None:
        token = self.__sessions[session_id].token
      else:
        return None

    return oauth.OAuth2Session(
      # standard session open
      client_id=config.get("oauth.google", "client_id"),
      token=token)
コード例 #6
0
ファイル: auth.py プロジェクト: Artanis/icecrate2 
  def wrapper(*args, **kwargs):
    session_id = bottle.request.get_cookie(
      config.get("session", "session_id"),
      secret=config.get("session", "cookie_secret"))

    if session_id is None:
      # not logged in (no cookie)
      bottle.response.status = '401 Unauthorized'
      return

    session = None
    if not kwargs.get('user_session'):
      # Get the session state if we don't have one already.
      session = sessions.user_session(session_id=session_id)

    if session is None:
      # not logged in (no session matching provided ID)
      bottle.redirect("/")
      return

    kwargs['user_session'] = session

    return fn(*args, **kwargs)
コード例 #7
0
ファイル: ssl.py プロジェクト: Artanis/icecrate2 
  def run(self, handler):
    from wsgiref.simple_server import make_server, WSGIRequestHandler
    import ssl

    if self.quiet:
      class QuietHandler(WSGIRequestHandler):
        def log_request(*args, **kw): pass
      self.options['handler_class'] = QuietHandler

    srv = make_server(self.host, self.port, handler, **self.options)
    srv.socket = ssl.wrap_socket (
     srv.socket,
     certfile=config.get("https", "certificate"),  # path to certificate
     server_side=True)
    srv.serve_forever()
コード例 #8
0
ファイル: database.py プロジェクト: Artanis/icecrate2 
def connect():
    server = couchdb.Server(config.get("database", "netloc"))

    server.resource.credentials = (config.get("database", "app_user"), config.get("database", "app_passwd"))

    return server
コード例 #9
0
ファイル: bootstrap.py プロジェクト: Artanis/icecrate2 
def database_setup():
  """Bootstrap CouchDB Database.

  Requires couchdb admin.

  1. Creates a new user (default: icecrate).
  2. Creates the app database (default: icecrate).
  3. Sets up the _security object (only admin and
     icecrate can access).

  """
  admin_user = input("CouchDB Admin (blank for admin party): ")
  admin_pass = getpass("Password (blank for admin party): ")

  # It's uncommon, but this can be changed.
  user_db_name = input("CouchDB users database (_users): ")
  if not user_db_name:
    user_db_name = "_users"

  server = couchdb.Server(config.get("database", "netloc"))

  # We might be in Admin Party mode.
  if admin_user:
    # Sign in with admin.
    server.resource.credentials = (admin_user, admin_pass)

  # App user
  usersdb = server[user_db_name]

  user_id = "org.couchdb.user:{user}".format(user=config.get("database", "app_user"))

  print("checking database user... ", end="")
  if user_id not in usersdb:
    print("missing.\ncreating database user... ", end="")
    usersdb.save({
      "_id": user_id,
      "type": "user",
      "name": config.get("database", "app_user"),
      "password": config.get("database", "app_passwd"),
      "roles": []})
  print("ok.")

  # setting up database
  print("checking database... ", end="")
  if config.get("database", "app_db") not in server:
    print("missing.\ncreating database... ", end="")
    server.create(config.get("database", "app_db"))

  appdb = server[config.get("database", "app_db")]
  print("ok.")

  print("checking _security object... ", end="")
  security = appdb.security
  security_is_dirty = False

  if "admins" not in security:
    print("empty.\nsetting up _security... ", end="")
    security['admins'] = {}
    security_is_dirty = True

  if "names" not in security.get("admins"):
    security['admins']['names'] = []
    security_is_dirty = True

  if config.get("database", "app_user") not in security['admins']['names']:
    security['admins']['names'].append(config.get("database", "app_user"))
    security_is_dirty = True

  if "roles" not in security.get("admins"):
    security['admins']['roles'] = ["admins"]
    _security_is_dirty = True

  if security_is_dirty:
    appdb.security = security

  print("ok.")
コード例 #10
0
ファイル: main.py プロジェクト: Artanis/icecrate2 
def main():
  ssl_server = ssl.SSLWSGIRefServer(
    host=config.get("host", "addr"), port=config.get("host", "port"))
  bottle.run(ssl.use_https(app), server=ssl_server)