def oauth_callback():
require(settings.OAUTH)
err = Unauthorized(gettext("Authentication has failed."))
state = cache.get_complex(_oauth_session(request.args.get("state")))
if state is None:
raise err
try:
oauth.provider.framework.set_session_data(request, "state",
state.get("state"))
uri = state.get("redirect_uri")
token = oauth.provider.authorize_access_token(redirect_uri=uri)
except AuthlibBaseError as err:
log.warning("Failed OAuth: %r", err)
raise err
if token is None or isinstance(token, AuthlibBaseError):
log.warning("Failed OAuth: %r", token)
raise err
role = handle_oauth(oauth.provider, token)
if role is None:
raise err
db.session.commit()
update_role(role)
log.debug("Logged in: %r", role)
request.authz = Authz.from_role(role)
next_path = get_url_path(state.get("next_url"))
next_url = ui_url("oauth", next=next_path)
next_url = "%s#token=%s" % (next_url, request.authz.to_token())
session.clear()
return redirect(next_url)
def oauth_callback():
require(settings.OAUTH)
try:
token = oauth.provider.authorize_access_token()
except AuthlibBaseError as err:
log.warning("Failed OAuth: %r", err)
raise Unauthorized(gettext("Authentication has failed."))
if token is None or isinstance(token, AuthlibBaseError):
log.warning("Failed OAuth: %r", token)
raise Unauthorized(gettext("Authentication has failed."))
role = handle_oauth(oauth.provider, token)
if role is None:
log.error("No OAuth handler was installed.")
raise Unauthorized(gettext("Authentication has failed."))
if role.is_blocked:
raise Unauthorized(gettext("Your account is blocked."))
db.session.commit()
update_role(role)
log.info("Logged in: %r", role)
request.authz = Authz.from_role(role)
token = request.authz.to_token(role=role)
token = token.decode('utf-8')
next_path = get_url_path(request.args.get('state'))
next_url = ui_url(settings.OAUTH_UI_CALLBACK, next=next_path)
next_url = '%s#token=%s' % (next_url, token)
return redirect(next_url)
def oauth_callback():
require(settings.OAUTH)
err = Unauthorized(gettext("Authentication has failed."))
state = cache.get_complex(_oauth_session(request.args.get("state")))
if state is None:
raise err
try:
oauth.provider.framework.set_session_data(request, "state", state.get("state"))
uri = state.get("redirect_uri")
oauth_token = oauth.provider.authorize_access_token(redirect_uri=uri)
except AuthlibBaseError as err:
log.warning("Failed OAuth: %r", err)
raise err
if oauth_token is None or isinstance(oauth_token, AuthlibBaseError):
log.warning("Failed OAuth: %r", oauth_token)
raise err
role = handle_oauth(oauth.provider, oauth_token)
if role is None:
raise err
# Determine session duration based on OAuth settings
expire = oauth_token.get("expires_in", Authz.EXPIRE)
expire = oauth_token.get("refresh_expires_in", expire)
db.session.commit()
update_role(role)
log.debug("Logged in: %r", role)
request.authz = Authz.from_role(role, expire=expire)
token = request.authz.to_token()
# Store id_token to generate logout URL later
id_token = oauth_token.get("id_token")
if id_token is not None:
cache.set(_token_session(token), id_token, expires=expire)
next_path = get_url_path(state.get("next_url"))
next_url = ui_url("oauth", next=next_path)
next_url = "%s#token=%s" % (next_url, token)
session.clear()
return redirect(next_url)