def auth_meta_mw(resp): """ Callback for meta.wikimedia.org to send us authentication results. This is responsible for fetching existing users or creating new ones. If a new user is created, they get the default role of GUEST and an email or username to match their details from the OAuth provider. """ if resp is None: flash('You need to grant the app permissions in order to login.', 'error') return redirect(url_for('login')) session['access_token'] = ( resp['oauth_token'], resp['oauth_token_secret'] ) try: identify_token_encoded = meta_mw.post( app.config['META_MW_BASE_URL'] + app.config['META_MW_IDENTIFY_URI'], ).data identify_token = process_mw_jwt(identify_token_encoded) username = identify_token['username'] userid = identify_token['sub'] db_session = db.get_session() user = None try: user = db_session.query(UserStore).filter_by(meta_mw_id=userid).one() except NoResultFound: user = UserStore( username=username, meta_mw_id=userid, role=UserRole.GUEST, ) db_session.add(user) db_session.commit() except MultipleResultsFound: db_session.close() return 'Multiple users found with your id!!! Contact Administrator' user.login(db_session) try: if login_user(user): user.detach_from(db_session) redirect_to = session.get('next') or url_for('home_index') redirect_to = urllib2.unquote(redirect_to) return redirect(redirect_to) finally: db_session.close() except Exception, e: flash('Access to this application was revoked. Please re-login!') app.logger.exception(str(e)) return redirect(url_for('login'))
def auth_meta_mw(): """ Callback for meta.wikimedia.org to send us authentication results. This is responsible for fetching existing users or creating new ones. If a new user is created, they get the default role of GUEST and an email or username to match their details from the OAuth provider. """ try: handshaker = make_handshaker_mw() raw_req_token = session['request_token'] request_token = RequestToken(key=raw_req_token[0], secret=raw_req_token[1]) access_token = handshaker.complete(request_token, request.query_string) session['access_token'] = access_token identity = handshaker.identify(access_token) username = identity['username'] userid = identity['sub'] db_session = db.get_session() user = None try: user = db_session.query(UserStore).filter_by( meta_mw_id=userid).one() except NoResultFound: try: user = UserStore( username=username, meta_mw_id=userid, role=UserRole.GUEST, ) db_session.add(user) db_session.commit() except: db_session.rollback() raise except MultipleResultsFound: flash('Multiple users found with your id!!! Contact Administrator', 'error') return redirect(url_for('login')) user.login(db_session) if login_user(user): user.detach_from(db_session) del session['request_token'] except Exception: flash('You need to grant the app permissions in order to login.', 'error') app.logger.exception(traceback.format_exc()) return redirect(url_for('login')) redirect_to = session.get('next') or url_for('home_index') return redirect(urllib2.unquote(redirect_to))
def auth_google(resp): """ Callback for Google to send us authentication results. This is responsible for fetching existing users or creating new ones. If a new user is created, they get the default role of GUEST and an email or username to match their details from the OAuth provider. """ if resp is None and request.args.get('error') == 'access_denied': flash('You need to grant the app permissions in order to login.', 'error') return redirect(url_for('login')) access_token = resp['access_token'] or request.args.get('code') if access_token: session['access_token'] = access_token, '' r = requests.get(app.config['GOOGLE_USERINFO_URI'], headers={'Authorization': 'OAuth ' + access_token}) if r.ok: userinfo = json.loads(r.text) email = userinfo['email'] id = userinfo['id'] db_session = db.get_session() user = None try: user = db_session.query(UserStore).filter_by( google_id=id).one() except NoResultFound: try: user = UserStore( email=email, google_id=id, role=UserRole.GUEST, ) db_session.add(user) db_session.commit() except: db_session.rollback() raise except MultipleResultsFound: return 'Multiple users found with your id!!! Contact Administrator' user.login(db_session) if login_user(user): user.detach_from(db_session) redirect_to = session.get('next') or url_for('home_index') redirect_to = urllib2.unquote(redirect_to) return redirect(redirect_to) flash('Was not allowed to authenticate you with Google.', 'error') return redirect(url_for('login'))
def auth_google(resp): """ Callback for Google to send us authentication results. This is responsible for fetching existing users or creating new ones. If a new user is created, they get the default role of GUEST and an email or username to match their details from the OAuth provider. """ if resp is None and request.args.get('error') == 'access_denied': flash('You need to grant the app permissions in order to login.', 'error') return redirect(url_for('login')) access_token = resp['access_token'] or request.args.get('code') if access_token: session['access_token'] = access_token, '' r = requests.get(app.config['GOOGLE_USERINFO_URI'], headers={ 'Authorization': 'OAuth ' + access_token }) if r.ok: userinfo = json.loads(r.text) email = userinfo['email'] id = userinfo['id'] db_session = db.get_session() user = None try: user = db_session.query(UserStore).filter_by(google_id=id).one() except NoResultFound: try: user = UserStore( email=email, google_id=id, role=UserRole.GUEST, ) db_session.add(user) db_session.commit() except Exception: db_session.rollback() raise except MultipleResultsFound: return 'Multiple users found with your id!!! Contact Administrator' user.login(db_session) if login_user(user): user.detach_from(db_session) redirect_to = session.get('next') or url_for('home_index') redirect_to = urllib2.unquote(redirect_to) return redirect(redirect_to) flash('Was not allowed to authenticate you with Google.', 'error') return redirect(url_for('login'))
def auth_meta_mw(): """ Callback for meta.wikimedia.org to send us authentication results. This is responsible for fetching existing users or creating new ones. If a new user is created, they get the default role of GUEST and an email or username to match their details from the OAuth provider. """ try: handshaker = make_handshaker_mw() raw_req_token = session['request_token'] request_token = RequestToken(key=raw_req_token[0], secret=raw_req_token[1]) access_token = handshaker.complete(request_token, request.query_string) session['access_token'] = access_token identity = handshaker.identify(access_token) username = identity['username'] userid = identity['sub'] db_session = db.get_session() user = None try: user = db_session.query(UserStore).filter_by(meta_mw_id=userid).one() except NoResultFound: try: user = UserStore( username=username, meta_mw_id=userid, role=UserRole.GUEST, ) db_session.add(user) db_session.commit() except Exception: db_session.rollback() raise except MultipleResultsFound: flash('Multiple users found with your id!!! Contact Administrator', 'error') return redirect(url_for('login')) user.login(db_session) if login_user(user): user.detach_from(db_session) del session['request_token'] except Exception: flash('You need to grant the app permissions in order to login.', 'error') app.logger.exception(traceback.format_exc()) return redirect(url_for('login')) redirect_to = session.get('next') or url_for('home_index') return redirect(urllib2.unquote(redirect_to))