def auth_complete(self, *args, **kwargs):
"""Completes login process, must return user instance"""
access_token = None
if self.data.get('error'):
error = self.data.get('error_description') or self.data['error']
raise AuthFailed(self, error)
client_id, client_secret = self.get_key_and_secret()
try:
shop_url = self.request.GET.get('shop')
self.shopifyAPI.Session.setup(
api_key=setting('SHOPIFY_APP_API_KEY'),
secret=setting('SHOPIFY_SHARED_SECRET'))
shopify_session = self.shopifyAPI.Session(shop_url,
self.request.REQUEST)
access_token = shopify_session.token
except self.shopifyAPI.ValidationException as e:
raise AuthCanceled(self)
except HTTPError as e:
if e.code == 400:
raise AuthCanceled(self)
else:
raise
if not access_token:
raise AuthFailed(self, 'Authentication Failed')
return self.do_auth(access_token, shop_url, shopify_session.url, *args,
**kwargs)
def auth_complete(self, *args, **kwargs):
if not self.application_auth():
return HttpResponse(self.auth_html())
access_token = None
expires = None
if 'signed_request' in self.data:
response = load_signed_request(
self.data.get('signed_request'),
backend_setting(self, self.SETTINGS_SECRET_NAME))
if response is not None:
access_token = response.get('access_token') or\
response.get('oauth_token') or\
self.data.get('access_token')
if 'expires' in response:
expires = response['expires']
if access_token:
return self.do_auth(access_token, expires=expires, *args, **kwargs)
else:
if self.data.get('error') == 'access_denied':
raise AuthCanceled(self)
else:
raise AuthException(self)
def process_error(self, data):
if self.data.get('error'):
error = self.data.get('error_description') or self.data['error']
if self.data['error'] == 'access_denied':
raise AuthCanceled(self, error)
else:
raise AuthFailed(self, error)
def auth_complete(self, *args, **kwargs):
"""Complete auth process"""
logger.debug('auth_complete ARGS=%s, KWARGS=%s' % (args, kwargs))
response = self.consumer().complete(dict(self.data.items()),
self.build_absolute_uri())
logger.debug('response and status %s / %s' % (response, response.status))
if not response:
logger.debug('will throw AuthException')
raise AuthException(self, 'OpenID relying party endpoint')
elif response.status == SUCCESS:
kwargs.update({
'auth': self,
'response': response,
self.AUTH_BACKEND.name: True
})
return authenticate(*args, **kwargs)
elif response.status == FAILURE:
logger.debug('will throw AuthFailed(%s)' % response.message)
raise AuthFailed(self, response.message)
elif response.status == CANCEL:
logger.debug('will throw AuthCanceled')
raise AuthCanceled(self)
else:
logger.debug('will throw AuthUnknownError(%s)' % response.status)
raise AuthUnknownError(self, response.status)
def auth_complete(self, *args, **kwargs):
"""Return user, might be logged in"""
# Multiple unauthorized tokens are supported (see #521)
name = self.AUTH_BACKEND.name + "unauthorized_token_name"
token = None
unauthed_tokens = self.request.session.get(name) or []
if not unauthed_tokens:
raise AuthTokenError(self, "Missing unauthorized token")
for unauthed_token in unauthed_tokens:
token = unauthed_token
if not isinstance(unauthed_token, dict):
token = parse_qs(unauthed_token)
if token.get("oauth_token") == self.data.get("oauth_token"):
unauthed_tokens = list(
set(unauthed_tokens) - set([unauthed_token]))
self.request.session[name] = unauthed_tokens
self.request.session.modified = True
break
else:
raise AuthTokenError(self, "Incorrect tokens")
try:
access_token = self.access_token(token)
except HTTPError as e:
if e.code == 400:
raise AuthCanceled(self)
else:
raise
return self.do_auth(access_token, *args, **kwargs)
def auth_complete(self, *args, **kwargs):
"""Return user, might be logged in"""
# Multiple unauthorized tokens are supported (see #521)
name = self.AUTH_BACKEND.name + 'unauthorized_token_name'
token = None
unauthed_tokens = self.request.session.get(name) or []
if not unauthed_tokens:
raise AuthTokenError(self, 'Missing unauthorized token')
for unauthed_token in unauthed_tokens:
token = Token.from_string(unauthed_token)
if token.key == self.data.get('oauth_token', 'no-token'):
unauthed_tokens = list(
set(unauthed_tokens) - set([unauthed_token]))
self.request.session[name] = unauthed_tokens
self.request.session.modified = True
break
else:
raise AuthTokenError(self, 'Incorrect tokens')
try:
access_token = self.access_token(token)
except HTTPError, e:
if e.code == 400:
raise AuthCanceled(self)
else:
raise
def auth_complete(self, *args, **kwargs):
"""Completes loging process, must return user instance"""
self.process_error(self.data)
params = self.auth_complete_params(self.validate_state())
try:
response = requests.post(self.ACCESS_TOKEN_URL,
data=params,
headers=self.auth_headers())
response.raise_for_status()
except requests.exceptions.HTTPError as e:
if e.code == 400:
raise AuthCanceled(self)
else:
raise
else:
try:
response = response.json()
except (ValueError, KeyError):
raise AuthUnknownError(self)
response.pop('data')
self.process_error(response)
return self.do_auth(response['access_token'],
response=response,
*args,
**kwargs)
def auth_complete(self, *args, **kwargs):
"""Performs check of authentication in VK, returns User if
succeeded"""
app_cookie = 'vk_app_' + self.APP_ID
if not 'id' in self.request.GET or \
not app_cookie in self.request.COOKIES:
raise AuthCanceled(self)
cookie_dict = dict(
item.split('=')
for item in self.request.COOKIES[app_cookie].split('&'))
check_str = ''.join(item + '=' + cookie_dict[item]
for item in ['expire', 'mid', 'secret', 'sid'])
hash = md5(check_str + setting('VK_API_SECRET')).hexdigest()
if hash != cookie_dict['sig'] or int(cookie_dict['expire']) < time():
raise AuthFailed('VK authentication failed: invalid hash')
else:
kwargs.update({
'auth': self,
'response': self.user_data(cookie_dict['mid']),
self.AUTH_BACKEND.name: True
})
return authenticate(*args, **kwargs)
def process_error(self, data):
error = self.request.GET.get('error', '')
if error:
if error == 'access_denied':
raise AuthCanceled(self)
else:
raise AuthUnknownError(self, 'Jawbone error was %s' % error)
return super(JawboneAuth, self).process_error(data)
def auth_complete(self, *args, **kwargs):
"""Complete auth process. Check LinkedIn error response."""
oauth_problem = self.request.GET.get('oauth_problem')
if oauth_problem:
if oauth_problem == 'user_refused':
raise AuthCanceled(self, '')
else:
raise AuthUnknownError(self,
'LinkedIn error was %s' % oauth_problem)
return super(LinkedinAuth, self).auth_complete(*args, **kwargs)
def access_token(self, token):
"""Return request for access token value"""
request = self.oauth_request(token, self.ACCESS_TOKEN_URL)
try:
response = self.fetch_response(request)
except HTTPError, e:
# Evernote returns a 401 error when AuthCanceled
if e.code == 401:
raise AuthCanceled(self)
else:
raise
def auth_complete(self, *args, **kwargs):
"""Completes loging process, must return user instance"""
access_token = None
expires = None
if 'code' in self.data:
state = self.validate_state()
url = ACCESS_TOKEN + urlencode({
'client_id':
backend_setting(self, self.SETTINGS_KEY_NAME),
'redirect_uri':
self.get_redirect_uri(state),
'client_secret':
backend_setting(self, self.SETTINGS_SECRET_NAME),
'code':
self.data['code']
})
try:
payload = dsa_urlopen(url)
except HTTPError:
raise AuthFailed(
self, 'There was an error authenticating '
'the app')
response = payload.read()
parsed_response = simplejson.loads(response)
print 'parsed_response', parsed_response
access_token = parsed_response['access_token']
if 'expires' in parsed_response:
expires = parsed_response['expires']
if 'signed_request' in self.data:
response = load_signed_request(
self.data.get('signed_request'),
backend_setting(self, self.SETTINGS_SECRET_NAME))
if response is not None:
access_token = response.get('access_token') or\
response.get('oauth_token') or\
self.data.get('access_token')
if 'expires' in response:
expires = response['expires']
if access_token:
return self.do_auth(access_token, expires=expires, *args, **kwargs)
else:
if self.data.get('error') == 'access_denied':
raise AuthCanceled(self)
else:
raise AuthException(self)
class ShopifyAuth(BaseOAuth2):
"""Shopify OAuth authentication mechanism"""
AUTH_BACKEND = ShopifyBackend
SETTINGS_KEY_NAME = 'SHOPIFY_APP_API_KEY'
SETTINGS_SECRET_NAME = 'SHOPIFY_SHARED_SECRET'
# Look at http://api.shopify.com/authentication.html#scopes
SCOPE_VAR_NAME = 'SHOPIFY_SCOPE'
def __init__(self, request, redirect):
super(ShopifyAuth, self).__init__(request, redirect)
fp, pathname, description = imp.find_module('shopify')
self.shopifyAPI = imp.load_module('shopify', fp, pathname, description)
def auth_url(self):
self.shopifyAPI.Session.setup(api_key=setting('SHOPIFY_APP_API_KEY'),
secret=setting('SHOPIFY_SHARED_SECRET'))
scope = self.get_scope()
state = self.state_token()
self.request.session[self.AUTH_BACKEND.name + '_state'] = state
redirect_uri = self.get_redirect_uri(state)
permission_url = self.shopifyAPI.Session.create_permission_url(
self.request.GET.get('shop').strip(),
scope=scope,
redirect_uri=redirect_uri)
return permission_url
def auth_complete(self, *args, **kwargs):
"""Completes login process, must return user instance"""
access_token = None
if self.data.get('error'):
error = self.data.get('error_description') or self.data['error']
raise AuthFailed(self, error)
client_id, client_secret = self.get_key_and_secret()
try:
shop_url = self.request.GET.get('shop')
self.shopifyAPI.Session.setup(
api_key=setting('SHOPIFY_APP_API_KEY'),
secret=setting('SHOPIFY_SHARED_SECRET'))
shopify_session = self.shopifyAPI.Session(shop_url,
self.request.REQUEST)
access_token = shopify_session.token
except self.shopifyAPI.ValidationException, e:
raise AuthCanceled(self)
except HTTPError, e:
if e.code == 400:
raise AuthCanceled(self)
else:
raise
def auth_complete(self, *args, **kwargs):
"""Completes loging process, must return user instance"""
self.process_error(self.data)
params = self.auth_complete_params(self.validate_state())
request = Request(self.ACCESS_TOKEN_URL, data=urlencode(params),
headers=self.auth_headers())
try:
response = simplejson.loads(dsa_urlopen(request).read())
except HTTPError, e:
if e.code == 400:
raise AuthCanceled(self)
else:
raise
def do_auth(self, jwt_token, *args, **kwargs):
dummy, client_secret = self.get_key_and_secret()
# Decode the jwt token, using the Application Signature from settings
try:
decoded = self.jwt.decode(jwt_token, client_secret)
except self.jwt.DecodeError:
raise AuthCanceled(self) # Wrong signature, fail authentication
kwargs.update({
'auth': self,
'response': {
'token': decoded,
},
self.AUTH_BACKEND.name: True
})
return authenticate(*args, **kwargs)
def auth_complete(self, *args, **kwargs):
"""Yammer API is a little strange"""
if 'error' in self.data:
logging.error("%s: %s:\n%s" %
(self.data('error'), self.data('error_reason'),
self.data('error_description')))
raise AuthCanceled(self)
# now we need to clean up the data params
data = dict(self.data.copy())
redirect_state = data.get('redirect_state')
if redirect_state and '?' in redirect_state:
redirect_state, extra = redirect_state.split('?', 1)
extra = parse_qs(extra)
data['redirect_state'] = redirect_state
if 'code' in extra:
data['code'] = extra['code'][0]
self.data = MergeDict(data)
return super(YammerOAuth2, self).auth_complete(*args, **kwargs)
def auth_complete(self, *args, **kwargs):
"""Complete auth process"""
response = self.consumer().complete(dict(self.data.items()),
self.build_absolute_uri())
if not response:
raise AuthException(self, 'OpenID relying party endpoint')
elif response.status == SUCCESS:
kwargs.update({
'auth': self,
'response': response,
self.AUTH_BACKEND.name: True
})
return authenticate(*args, **kwargs)
elif response.status == FAILURE:
raise AuthFailed(self, response.message)
elif response.status == CANCEL:
raise AuthCanceled(self)
else:
raise AuthUnknownError(self, response.status)
def auth_complete(self, *args, **kwargs):
"""Completes loging process, must return user instance"""
self.process_error(self.data)
params = self.auth_complete_params(self.validate_state())
request = Request(self.ACCESS_TOKEN_URL, data=urlencode(params),
headers=self.auth_headers())
try:
response = json.loads(dsa_urlopen(request).read())
except HTTPError as e:
if e.code == 400:
raise AuthCanceled(self)
else:
raise
except (ValueError, KeyError):
raise AuthUnknownError(self)
self.process_error(response)
return self.do_auth(response['access_token'], response=response,
*args, **kwargs)
def access_token(self, token):
"""Return request for access token value"""
request = self.oauth_request(token, self.ACCESS_TOKEN_URL)
try:
response = self.fetch_response(request)
except HTTPError as e:
# Evernote returns a 401 error when AuthCanceled
if e.code == 401:
raise AuthCanceled(self)
else:
raise
params = parse_qs(response)
# evernote sents a empty secret token, this way it doesn't fires up the
# exception
response = response.replace('oauth_token_secret=',
'oauth_token_secret=None')
token = Token.from_string(response)
token.user_info = params
return token
def auth_complete(self, *args, **kwargs):
"""Completes login process, must return user instance"""
if 'error' in self.data:
raise AuthCanceled(self)
else:
return super(ReadabilityAuth, self).auth_complete(*args, **kwargs)
def auth_complete(self, *args, **kwargs):
try:
return super(MailruOAuth2, self).auth_complete(*args, **kwargs)
except HTTPError: # Mail.ru returns HTTPError 400 if cancelled
raise AuthCanceled(self)
def auth_complete(self, *args, **kwargs):
"""Completes login process, must return user instance"""
if 'denied' in self.data:
raise AuthCanceled(self)
else:
return super(DoubanAuth, self).auth_complete(*args, **kwargs)
