def auth_complete(self, *args, **kwargs): """Completes login process, must return user instance""" access_token = None if self.data.get('error'): error = self.data.get('error_description') or self.data['error'] raise AuthFailed(self, error) client_id, client_secret = self.get_key_and_secret() try: shop_url = self.request.GET.get('shop') self.shopifyAPI.Session.setup( api_key=setting('SHOPIFY_APP_API_KEY'), secret=setting('SHOPIFY_SHARED_SECRET')) shopify_session = self.shopifyAPI.Session(shop_url, self.request.REQUEST) access_token = shopify_session.token except self.shopifyAPI.ValidationException as e: raise AuthCanceled(self) except HTTPError as e: if e.code == 400: raise AuthCanceled(self) else: raise if not access_token: raise AuthFailed(self, 'Authentication Failed') return self.do_auth(access_token, shop_url, shopify_session.url, *args, **kwargs)
def auth_complete(self, *args, **kwargs): """Completes login process, must return user instance""" if self.data.get('error'): error = self.data.get('error_description') or self.data['error'] raise AuthFailed(self, error) token = kwargs.get('request').POST.get('jwt', {}) if not token: raise AuthFailed(self, 'Authentication Failed') return self.do_auth(token, *args, **kwargs)
def create_user(backend, details, response, uid, username, user=None, *args, **kwargs): """Create user. Depends on get_username pipeline.""" if user: return {'user': user} if not username: return None # Avoid hitting field max length email = details.get('email') original_email = None if not email: message = _("""your social account needs to have a verified email address in order to proceed.""") raise AuthFailed(backend, message) if email and UserSocialAuth.email_max_length() < len(email): original_email = email email = '' return { 'user': UserSocialAuth.create_user(username=username, email=email, sync_emailaddress=False), 'original_email': original_email, 'is_new': True }
def auth_complete(self, *args, **kwargs): """Completes loging process, must return user instance""" if not 'assertion' in self.data: raise AuthMissingParameter(self, 'assertion') data = urlencode({ 'assertion': self.data['assertion'], 'audience': self.request.get_host() }) try: response = simplejson.load( dsa_urlopen(BROWSER_ID_SERVER, data=data)) except ValueError: log('error', 'Could not load user data from BrowserID.', exc_info=True) else: if response.get('status') == 'failure': log('debug', 'Authentication failed.') raise AuthFailed(self) kwargs.update({ 'auth': self, 'response': response, self.AUTH_BACKEND.name: True }) return authenticate(*args, **kwargs)
def auth_complete(self, *args, **kwargs): """Complete auth process""" logger.debug('auth_complete ARGS=%s, KWARGS=%s' % (args, kwargs)) response = self.consumer().complete(dict(self.data.items()), self.build_absolute_uri()) logger.debug('response and status %s / %s' % (response, response.status)) if not response: logger.debug('will throw AuthException') raise AuthException(self, 'OpenID relying party endpoint') elif response.status == SUCCESS: kwargs.update({ 'auth': self, 'response': response, self.AUTH_BACKEND.name: True }) return authenticate(*args, **kwargs) elif response.status == FAILURE: logger.debug('will throw AuthFailed(%s)' % response.message) raise AuthFailed(self, response.message) elif response.status == CANCEL: logger.debug('will throw AuthCanceled') raise AuthCanceled(self) else: logger.debug('will throw AuthUnknownError(%s)' % response.status) raise AuthUnknownError(self, response.status)
def process_error(self, data): if self.data.get('error'): error = self.data.get('error_description') or self.data['error'] if self.data['error'] == 'access_denied': raise AuthCanceled(self, error) else: raise AuthFailed(self, error)
def user_data(self, access_token, *args, **kwargs): """Loads user data from service""" req = Request(GITHUB_USER_DATA_URL, headers={"Authorization": "token %s" % access_token}) try: data = json.load(dsa_urlopen(req)) except ValueError: data = None # if we have a github organization defined, test that the current users # is a member of that organization. if data and self.GITHUB_ORGANIZATION: req = Request( GITHUB_ORGANIZATION_MEMBER_OF_URL.format( org=self.GITHUB_ORGANIZATION, username=data.get("login")), headers={"Authorization": "token %s" % access_token}, ) try: response = dsa_urlopen(req) except HTTPError: data = None else: # if the user is a member of the organization, response code # will be 204, see http://bit.ly/ZS6vFl if response.code != 204: raise AuthFailed("User doesn't belong to the " "organization") return data
def user_data(self, access_token, *args, **kwargs): """Loads user data from service""" url = GITHUB_USER_DATA_URL + '?' + urlencode({ 'access_token': access_token }) try: data = simplejson.load(dsa_urlopen(url)) except ValueError: data = None # if we have a github organization defined, test that the current users # is a member of that organization. if data and self.GITHUB_ORGANIZATION: member_url = GITHUB_ORGANIZATION_MEMBER_OF_URL.format( org=self.GITHUB_ORGANIZATION, username=data.get('login') ) + '?' + urlencode({ 'access_token': access_token }) try: response = dsa_urlopen(member_url) except HTTPError: data = None else: # if the user is a member of the organization, response code # will be 204, see http://bit.ly/ZS6vFl if response.code != 204: raise AuthFailed('User doesn\'t belong to the ' 'organization') return data
def auth_complete(self, *args, **kwargs): """Performs check of authentication in VK, returns User if succeeded""" app_cookie = 'vk_app_' + self.APP_ID if not 'id' in self.request.GET or \ not app_cookie in self.request.COOKIES: raise AuthCanceled(self) cookie_dict = dict( item.split('=') for item in self.request.COOKIES[app_cookie].split('&')) check_str = ''.join(item + '=' + cookie_dict[item] for item in ['expire', 'mid', 'secret', 'sid']) hash = md5(check_str + setting('VK_API_SECRET')).hexdigest() if hash != cookie_dict['sig'] or int(cookie_dict['expire']) < time(): raise AuthFailed('VK authentication failed: invalid hash') else: kwargs.update({ 'auth': self, 'response': self.user_data(cookie_dict['mid']), self.AUTH_BACKEND.name: True }) return authenticate(*args, **kwargs)
def odnoklassniki_api(data, api_url, public_key, client_secret, request_type='oauth'): ''' Calls Odnoklassniki REST API method http://dev.odnoklassniki.ru/wiki/display/ok/Odnoklassniki+Rest+API ''' data.update({'application_key': public_key, 'format': 'JSON'}) if request_type == 'oauth': data['sig'] = odnoklassniki_oauth_sig(data, client_secret) elif request_type == 'iframe_session': data['sig'] = odnoklassniki_iframe_sig(data, data['session_secret_key']) elif request_type == 'iframe_nosession': data['sig'] = odnoklassniki_iframe_sig(data, client_secret) else: msg = 'Unknown request type {0}. How should it be signed?' raise AuthFailed(msg.format(request_type)) params = urlencode(data) request = Request('{0}fb.do?{1}'.format(api_url, params)) try: return simplejson.loads(dsa_urlopen(request).read()) except (TypeError, KeyError, IOError, ValueError, IndexError): log('error', 'Could not load data from Odnoklassniki.', exc_info=True, extra=dict(data=params)) return None
def check_credentials(details, user=None, *args, **kwargs): """Check that user is a lateral-thoughts member.""" if user: return None email = details.get('email') if not email or not email.endswith(settings.AGORA_ORGANIZATION_DOMAIN): raise AuthFailed( kwargs['backend'], 'You must connect with your %s account.' % settings.AGORA_ORGANIZATION_NAME) return None
def auth_complete(self, *args, **kwargs): """Completes loging process, must return user instance""" access_token = None expires = None if 'code' in self.data: state = self.validate_state() url = ACCESS_TOKEN + urlencode({ 'client_id': backend_setting(self, self.SETTINGS_KEY_NAME), 'redirect_uri': self.get_redirect_uri(state), 'client_secret': backend_setting(self, self.SETTINGS_SECRET_NAME), 'code': self.data['code'] }) try: payload = dsa_urlopen(url) except HTTPError: raise AuthFailed( self, 'There was an error authenticating ' 'the app') response = payload.read() parsed_response = simplejson.loads(response) print 'parsed_response', parsed_response access_token = parsed_response['access_token'] if 'expires' in parsed_response: expires = parsed_response['expires'] if 'signed_request' in self.data: response = load_signed_request( self.data.get('signed_request'), backend_setting(self, self.SETTINGS_SECRET_NAME)) if response is not None: access_token = response.get('access_token') or\ response.get('oauth_token') or\ self.data.get('access_token') if 'expires' in response: expires = response['expires'] if access_token: return self.do_auth(access_token, expires=expires, *args, **kwargs) else: if self.data.get('error') == 'access_denied': raise AuthCanceled(self) else: raise AuthException(self)
def check_credentials(details, user=None, *args, **kwargs): """Check that user is a lateral-thoughts member.""" if user: return None email = details.get('email') if not email or not email.endswith("@lateral-thoughts.com"): raise AuthFailed( kwargs['backend'], 'You must connect with your Lateral Thoughts account.') return None
def validate_whitelists(backend, email): """ Validates allowed domains and emails against the following settings: GOOGLE_WHITE_LISTED_DOMAINS GOOGLE_WHITE_LISTED_EMAILS All domains and emails are allowed if setting is an empty list. """ emails = setting('GOOGLE_WHITE_LISTED_EMAILS', []) domains = setting('GOOGLE_WHITE_LISTED_DOMAINS', []) if emails and email in emails: return # you're good if domains and email.split('@', 1)[1] not in domains: raise AuthFailed(backend, 'Domain not allowed')
def auth_complete(self, request, user, *args, **kwargs): form = OdnoklassnikiIframeForm(auth=self, data=request.GET) if not form.is_valid(): raise AuthFailed('Cannot authorize: malformed parameters') else: response = form.get_response() extra_user_data = backend_setting( self, 'ODNOKLASSNIKI_APP_EXTRA_USER_DATA_LIST', ()) base_fields = ('uid', 'first_name', 'last_name', 'name') fields = base_fields + extra_user_data data = { 'method': 'users.getInfo', 'uids': '{0}'.format(response['logged_user_id']), 'fields': ','.join(fields), } client_key, client_secret, public_key = self.get_settings() details = odnoklassniki_api(data, response['api_server'], public_key, client_secret, 'iframe_nosession') if len(details) == 1 and 'uid' in details[0]: details = details[0] auth_data_fields = backend_setting( self, 'ODNOKLASSNIKI_APP_EXTRA_AUTH_DATA_LIST', ('api_server', 'apiconnection', 'session_key', 'session_secret_key', 'authorized')) for field in auth_data_fields: details[field] = response[field] details['extra_data_list'] = fields + auth_data_fields kwargs.update({ 'auth': self, 'response': details, self.AUTH_BACKEND.name: True }) else: raise AuthFailed('Cannot get user details: API error') return authenticate(*args, **kwargs)
def auth_complete(self, *args, **kwargs): """Complete auth process""" response = self.consumer().complete(dict(self.data.items()), self.build_absolute_uri()) if not response: raise AuthException(self, 'OpenID relying party endpoint') elif response.status == SUCCESS: kwargs.update({ 'auth': self, 'response': response, self.AUTH_BACKEND.name: True }) return authenticate(*args, **kwargs) elif response.status == FAILURE: raise AuthFailed(self, response.message) elif response.status == CANCEL: raise AuthCanceled(self) else: raise AuthUnknownError(self, response.status)
def process_error(self, data): if data.get('error'): error = self.data.get('error_description') or self.data['error'] raise AuthFailed(self, error)
def process_error(self, data): error = data.get("error_description") or data.get("error") if error: raise AuthFailed(self, error)
self.shopifyAPI.Session.setup( api_key=setting('SHOPIFY_APP_API_KEY'), secret=setting('SHOPIFY_SHARED_SECRET')) shopify_session = self.shopifyAPI.Session(shop_url, self.request.REQUEST) access_token = shopify_session.token except self.shopifyAPI.ValidationException, e: raise AuthCanceled(self) except HTTPError, e: if e.code == 400: raise AuthCanceled(self) else: raise if not access_token: raise AuthFailed(self, 'Authentication Failed') return self.do_auth(access_token, shop_url, shopify_session.url, *args, **kwargs) def do_auth(self, access_token, shop_url, website, *args, **kwargs): kwargs.update({ 'auth': self, 'response': { 'shop': shop_url, 'website': 'http://%s' % website, 'access_token': access_token }, self.AUTH_BACKEND.name: True }) return authenticate(*args, **kwargs)
def _user_id(self, response): match = STEAM_ID.search(response.identity_url) if match is None: raise AuthFailed(self, 'Missing Steam Id') return match.group(1)