def oauth_view(request): oauth = OAuth(update_token=_update_token) oauth.register(name='dlfp') dlfp = oauth.create_client('dlfp') token = dlfp.authorize_access_token(request) resp = dlfp.get('me', token=token) profile = resp.json() login = profile['login'] dbToken = OAuth2Token.objects.filter(username=login).first() if not dbToken: dbToken = OAuth2Token( name='dlfp', uuid=uuid.uuid4(), username=login, ) dbToken.token_type = token['token_type'] dbToken.access_token = token['access_token'] dbToken.refresh_token = token['refresh_token'] dbToken.expires_at = token['expires_at'] dbToken.save() context = {'uuid': dbToken.uuid} return render(request, 'boardauth/oauth.html', context)
def test_oauth2_authorize_code_verifier(self): request = self.factory.get('/login') request.session = self.factory.session oauth = OAuth() client = oauth.register( 'dev', client_id='dev', api_base_url='https://i.b/api', access_token_url='https://i.b/token', authorize_url='https://i.b/authorize', client_kwargs={'code_challenge_method': 'S256'}, ) state = 'foo' code_verifier = 'bar' rv = client.authorize_redirect(request, 'https://a.b/c', state=state, code_verifier=code_verifier) self.assertEqual(rv.status_code, 302) url = rv.get('Location') self.assertIn('state=', url) self.assertIn('code_challenge=', url) with mock.patch('requests.sessions.Session.send') as send: send.return_value = mock_send_value(get_bearer_token()) request2 = self.factory.get('/authorize?state={}'.format(state)) request2.session = request.session token = client.authorize_access_token(request2) self.assertEqual(token['access_token'], 'a')
def test_oauth1_authorize(self): request = self.factory.get('/login') request.session = self.factory.session oauth = OAuth() client = oauth.register( 'dev', client_id='dev', client_secret='dev', request_token_url='https://i.b/reqeust-token', api_base_url='https://i.b/api', access_token_url='https://i.b/token', authorize_url='https://i.b/authorize', ) with mock.patch('requests.sessions.Session.send') as send: send.return_value = mock_send_value( 'oauth_token=foo&oauth_verifier=baz') resp = client.authorize_redirect(request) self.assertEqual(resp.status_code, 302) url = resp.get('Location') self.assertIn('oauth_token=foo', url) request2 = self.factory.get(url) request2.session = request.session with mock.patch('requests.sessions.Session.send') as send: send.return_value = mock_send_value( 'oauth_token=a&oauth_token_secret=b') token = client.authorize_access_token(request2) self.assertEqual(token['oauth_token'], 'a')
def test_oauth2_authorize(self): request = self.factory.get('/login') request.session = self.factory.session oauth = OAuth() client = oauth.register( 'dev', client_id='dev', client_secret='dev', api_base_url='https://i.b/api', access_token_url='https://i.b/token', authorize_url='https://i.b/authorize', ) rv = client.authorize_redirect(request, 'https://a.b/c') self.assertEqual(rv.status_code, 302) url = rv.get('Location') self.assertIn('state=', url) state = dict(url_decode(urlparse.urlparse(url).query))['state'] with mock.patch('requests.sessions.Session.send') as send: send.return_value = mock_send_value(get_bearer_token()) request2 = self.factory.get('/authorize?state={}'.format(state)) request2.session = request.session token = client.authorize_access_token(request2) self.assertEqual(token['access_token'], 'a')
def test_oauth2_authorize_code_challenge(self): request = self.factory.get('/login') request.session = self.factory.session oauth = OAuth() client = oauth.register( 'dev', client_id='dev', api_base_url='https://i.b/api', access_token_url='https://i.b/token', authorize_url='https://i.b/authorize', client_kwargs={'code_challenge_method': 'S256'}, ) rv = client.authorize_redirect(request, 'https://a.b/c') self.assertEqual(rv.status_code, 302) url = rv.get('Location') self.assertIn('state=', url) self.assertIn('code_challenge=', url) state = dict(url_decode(urlparse.urlparse(url).query))['state'] state_data = request.session[f'_state_dev_{state}']['data'] verifier = state_data['code_verifier'] def fake_send(sess, req, **kwargs): self.assertIn('code_verifier={}'.format(verifier), req.body) return mock_send_value(get_bearer_token()) with mock.patch('requests.sessions.Session.send', fake_send): request2 = self.factory.get('/authorize?state={}'.format(state)) request2.session = request.session token = client.authorize_access_token(request2) self.assertEqual(token['access_token'], 'a')
def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) self._client_name = settings.OIDC_BACKEND_CLIENT_NAME oauth = OAuth() oauth.register(self._client_name) self._oidc_client = getattr(oauth, self._client_name)
def test_register_remote_app(self): oauth = OAuth() self.assertRaises(AttributeError, lambda: oauth.dev) oauth.register('dev', client_id='dev', client_secret='dev', request_token_url='https://i.b/reqeust-token', api_base_url='https://i.b/api', access_token_url='https://i.b/token', authorize_url='https://i.b/authorize') self.assertEqual(oauth.dev.name, 'dev') self.assertEqual(oauth.dev.client_id, 'dev')
def test_register_with_overwrite(self): oauth = OAuth() oauth.register('dev_overwrite', overwrite=True, client_id='dev', client_secret='dev', request_token_url='https://i.b/reqeust-token', api_base_url='https://i.b/api', access_token_url='https://i.b/token', access_token_params={'foo': 'foo'}, authorize_url='https://i.b/authorize') self.assertEqual(oauth.dev_overwrite.client_id, 'dev-client-id') self.assertEqual(oauth.dev_overwrite.access_token_params['foo'], 'foo-1')
def post_dlfp(request): user_uuid = request.COOKIES['uuid'] oauth = OAuth(update_token=_update_token) oauth.register(name='dlfp') dlfp = oauth.create_client('dlfp') token = OAuth2Token.objects.filter(uuid=user_uuid).first() message = request.POST[ 'board[message]'] if 'board[message]' in request.POST else request.POST[ 'message'] resp = dlfp.post('board', json={'message': message}, token=token.to_token()) return HttpResponse(resp)
def test_oauth2_authorize_access_denied(self): oauth = OAuth() client = oauth.register( 'dev', client_id='dev', client_secret='dev', api_base_url='https://i.b/api', access_token_url='https://i.b/token', authorize_url='https://i.b/authorize', ) with mock.patch('requests.sessions.Session.send'): request = self.factory.get('/?error=access_denied&error_description=Not+Allowed') request.session = self.factory.session self.assertRaises(OAuthError, client.authorize_access_token, request)
class OAuthSettings: def __init__(self): self.base_url = 'https://uspdigital.usp.br/wsusuario/oauth' self.oauth = OAuth() def create(self): base_url = self.base_url callback_id = getattr(settings, 'OAUTH_CALLBACK_ID') self.oauth.register( name='usp', request_token_url=base_url + '/request_token', access_token_url=base_url + '/access_token', authorize_url=base_url + '/authorize?callback_id={}'.format(callback_id), api_base_url='https://uspdigital.usp.br/' ) return self.oauth
def test_openid_authorize(self): request = self.factory.get('/login') request.session = self.factory.session key = jwk.dumps('secret', 'oct', kid='f') oauth = OAuth() client = oauth.register( 'dev', client_id='dev', jwks={'keys': [key]}, api_base_url='https://i.b/api', access_token_url='https://i.b/token', authorize_url='https://i.b/authorize', client_kwargs={'scope': 'openid profile'}, ) resp = client.authorize_redirect(request, 'https://b.com/bar') self.assertEqual(resp.status_code, 302) url = resp.get('Location') self.assertIn('nonce=', url) query_data = dict(url_decode(urlparse.urlparse(url).query)) token = get_bearer_token() token['id_token'] = generate_id_token( token, {'sub': '123'}, key, alg='HS256', iss='https://i.b', aud='dev', exp=3600, nonce=query_data['nonce'], ) state = query_data['state'] with mock.patch('requests.sessions.Session.send') as send: send.return_value = mock_send_value(token) request2 = self.factory.get( '/authorize?state={}&code=foo'.format(state)) request2.session = request.session token = client.authorize_access_token(request2) self.assertEqual(token['access_token'], 'a') self.assertIn('userinfo', token) self.assertEqual(token['userinfo']['sub'], '123')
def test_oauth2_access_token_with_post(self): oauth = OAuth() client = oauth.register( 'dev', client_id='dev', client_secret='dev', api_base_url='https://i.b/api', access_token_url='https://i.b/token', authorize_url='https://i.b/authorize', ) payload = {'code': 'a', 'state': 'b'} with mock.patch('requests.sessions.Session.send') as send: send.return_value = mock_send_value(get_bearer_token()) request = self.factory.post('/token', data=payload) request.session = self.factory.session request.session['_state_dev_b'] = {'data': {}} token = client.authorize_access_token(request) self.assertEqual(token['access_token'], 'a')
def test_with_fetch_token_in_oauth(self): def fetch_token(name, request): return {'access_token': name, 'token_type': 'bearer'} oauth = OAuth(fetch_token=fetch_token) client = oauth.register('dev', client_id='dev', client_secret='dev', api_base_url='https://i.b/api', access_token_url='https://i.b/token', authorize_url='https://i.b/authorize') def fake_send(sess, req, **kwargs): self.assertEqual(sess.token['access_token'], 'dev') return mock_send_value(get_bearer_token()) with mock.patch('requests.sessions.Session.send', fake_send): request = self.factory.get('/login') client.get('/user', request=request)
def test_openid_authorize(self): request = self.factory.get('/login') request.session = self.factory.session oauth = OAuth() client = oauth.register( 'dev', client_id='dev', api_base_url='https://i.b/api', access_token_url='https://i.b/token', authorize_url='https://i.b/authorize', client_kwargs={'scope': 'openid profile'}, ) resp = client.authorize_redirect(request, 'https://b.com/bar') self.assertEqual(resp.status_code, 302) nonce = request.session['_dev_authlib_nonce_'] self.assertIsNotNone(nonce) url = resp.get('Location') self.assertIn('nonce={}'.format(nonce), url)
def test_request_without_token(self): oauth = OAuth() client = oauth.register('dev', client_id='dev', client_secret='dev', api_base_url='https://i.b/api', access_token_url='https://i.b/token', authorize_url='https://i.b/authorize') def fake_send(sess, req, **kwargs): auth = req.headers.get('Authorization') self.assertIsNone(auth) resp = mock.MagicMock() resp.text = 'hi' resp.status_code = 200 return resp with mock.patch('requests.sessions.Session.send', fake_send): resp = client.get('/api/user', withhold_token=True) self.assertEqual(resp.text, 'hi') self.assertRaises(OAuthError, client.get, 'https://i.b/api/user')
def register_oauth(): """Register the ``jwql`` application with the ``auth.mast`` authentication service. Returns ------- oauth : Object An object containing methods to authenticate a user, provided by the ``auth.mast`` service. """ # Get configuration parameters for key in ['client_id', 'client_secret', 'auth_mast']: check_config_for_key(key) client_id = get_config()['client_id'] client_secret = get_config()['client_secret'] auth_mast = get_config()['auth_mast'] # Register with auth.mast oauth = OAuth() client_kwargs = { 'scope': 'mast:user:info', 'token_endpoint_auth_method': 'client_secret_basic', 'token_placement': 'header' } oauth.register( 'mast_auth', client_id='{}'.format(client_id), client_secret='{}'.format(client_secret), access_token_url='https://{}/oauth/token'.format(auth_mast), access_token_params=None, refresh_token_url=None, authorize_url='https://{}/oauth/authorize'.format(auth_mast), api_base_url='https://{}/1.1/'.format(auth_mast), client_kwargs=client_kwargs) return oauth
ExamRegistrationForm, CourseEditForm, CourseSudoForm, CourseUserEditForm, TimeSlotFormSet, ExamSlotFormSet, CourseUserCreateForm, CourseUserImportForm, ExamEditForm, ExamCheckinForm, ExamEditSignupForm, ) from .models import (Course, CourseUser, Exam, ExamRegistration, GithubToken, User, ExamSlot) oauth = OAuth() oauth.register( 'github', access_token_url='https://github.com/login/oauth/access_token', access_token_params=None, authorize_url='https://github.com/login/oauth/authorize', authorize_params=None, api_base_url='https://api.github.com/', client_kwargs={'scope': 'repo:invite'}, ) def course_auth(request, course_code, instructor=False, use_sudo=True): """ Checks whether a user is enrolled in the course. If so, a 2-tuple (course, course_user) is returned, and otherwise, a PermissionDenied
from django.conf import settings from django.http import HttpResponseRedirect from django.contrib import auth from django.contrib.auth import logout as auth_logout from django.contrib.auth.views import LogoutView from django.utils.decorators import method_decorator from django.views.decorators.cache import never_cache from django.views import View from django.urls import reverse from authlib.integrations.django_client import OAuth from tendenci.apps.event_logs.models import EventLog from tendenci.apps.site_settings.utils import get_setting oauth = OAuth() remote_app_name = settings.OAUTH2_REMOTE_APP_NAME oauth.register( name=remote_app_name, client_id=settings.OAUTH2_CLIENT_ID, client_secret=settings.OAUTH2_CLIENT_SECRET, userinfo_endpoint=settings.OAUTH2_USERINFO_ENDPOINT, access_token_url=settings.OAUTH2_ACCESS_TOKEN_URL, access_token_params=settings.OAUTH2_ACCESS_TOKEN_PARAMS, authorize_url=settings.OAUTH2_AUTHORIZE_URL, authorize_params=settings.OAUTH2_AUTHORIZE_PARAMS, api_base_url=settings.OAUTH2_API_BASE_URL, client_kwargs=settings.OAUTH2_CLIENT_KWARGS, )
def test_register_from_settings(self): oauth = OAuth() oauth.register('dev') self.assertEqual(oauth.dev.client_id, 'dev-key') self.assertEqual(oauth.dev.client_secret, 'dev-secret')
import json from django.shortcuts import redirect from django.urls import reverse from rest_framework.views import APIView from rest_framework.permissions import IsAuthenticated from authlib.integrations.django_client import OAuth from django.conf import settings from core.views.utils import generate_uri oauth = OAuth() oauth.register( name='blizzard', server_metadata_url=settings.BLIZZARD_CONF_URL, client_kwargs={ 'scope': '' } ) class AuthLoginBlizzard(APIView): permission_classes = [IsAuthenticated] def get(self, request): redirect_uri = generate_uri(request, reverse('blizzard_auth')) return oauth.blizzard.authorize_redirect(request, redirect_uri) class AuthCompleteBlizzard(APIView): permission_classes = [IsAuthenticated]
from authlib.integrations.django_client import OAuth, DjangoRemoteApp from typing import Dict def normalize_userinfo(_client, data: Dict[str, str]) -> Dict[str, str]: return { "id": data["id"], "username": data["username"] + "." + data["discriminator"], "email": data["email"], } oauth = OAuth() oauth.register( "discord", api_base_url="https://discord.com/api/", access_token_url="https://discord.com/api/oauth2/token", authorize_url="https://discord.com/api/oauth2/authorize", userinfo_endpoint="https://discord.com/api/users/%40me", userinfo_compliance_fix=normalize_userinfo, client_kwargs={ "token_endpoint_auth_method": "client_secret_post", "scope": "identify email guilds", }, ) def get_discord_client() -> DjangoRemoteApp: """ Get a Discord OAuth2 client """
def __init__(self, get_response=None): super().__init__(get_response) self.oauth = OAuth()
class OAuthMiddleware(MiddlewareMixin): def __init__(self, get_response=None): super().__init__(get_response) self.oauth = OAuth() def process_request(self, request): if settings.OAUTH_URL_WHITELISTS is not None: for w in settings.OAUTH_URL_WHITELISTS: if request.path.startswith(w): return self.get_response(request) def update_token(token, refresh_token, access_token): request.session['token'] = token return None sso_client = self.oauth.register(settings.OAUTH_CLIENT_NAME, overwrite=True, **settings.OAUTH_CLIENT, update_token=update_token) if request.path.startswith('/oauth/callback'): self.clear_session(request) request.session['token'] = sso_client.authorize_access_token( request) if self.get_current_user(sso_client, request) is not None: redirect_uri = request.session.pop('redirect_uri', None) if redirect_uri is not None: return redirect(redirect_uri) return redirect(views.index) if request.session.get('token', None) is not None: current_user = self.get_current_user(sso_client, request) if current_user is not None: return self.get_response(request) # remember redirect URI for redirecting to the original URL. request.session['redirect_uri'] = request.path return sso_client.authorize_redirect( request, settings.OAUTH_CLIENT['redirect_uri']) # fetch current login user info # 1. check if it's in cache # 2. fetch from remote API when it's not in cache @staticmethod def get_current_user(sso_client, request): token = request.session.get('token', None) if token is None or 'access_token' not in token: return None if not OAuth2Token.from_dict( token).is_expired() and 'user' in request.session: return request.session['user'] try: res = sso_client.get(settings.OAUTH_CLIENT['userinfo_endpoint'], token=OAuth2Token(token)) if res.ok: request.session['user'] = res.json() return res.json() except OAuthError as e: print(e) return None @staticmethod def clear_session(request): try: del request.session['user'] del request.session['token'] except KeyError: pass def __del__(self): print('destroyed')
from django.shortcuts import redirect from django.urls import reverse from django.contrib.auth import authenticate, login as django_login from authlib.integrations.django_client import OAuth from django.conf import settings host = getattr(settings, 'ENVOY_HOST', 'envoy.com') oauth = OAuth() oauth.register(name='envoy', access_token_url=f'https://app.{host}/a/auth/v0/token', authorize_url=f'https://dashboard.{host}/a/auth/v0/authorize', client_kwargs={'scope': 'public'}) def login(request): redirect_uri = request.build_absolute_uri(reverse('authorize')) return oauth.envoy.authorize_redirect(request, redirect_uri) def authorize(request): oauth_token = oauth.envoy.authorize_access_token(request) # Authenticates user using EnvoyAuthBackend user = authenticate(oauth_token=oauth_token) # TODO: handle failure if user is not None: # saves user_id in Session django_login(request, user) return redirect('/')
STATICFILES_DIRS = [ os.path.join(BASE_DIR, 'static/'), # STATIC_ROOT, # ("css", os.path.join(STATIC_ROOT, "static")), # ("js", os.path.join(STATIC_ROOT, "js")), ] # EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend' # LOGIN_REDIRECT_URL = 'homeAfterLogin' # LOGOUT_REDIRECT_URL = 'home' MEDIA_ROOT = os.path.join(BASE_DIR, 'media') MEDIA_URL = '/media/' # TODO:change to your own setting # used for sending email EMAIL_HOST = "smtp.163.com" # server EMAIL_PORT = 25 # port number EMAIL_HOST_USER = "******" # the account EMAIL_HOST_PASSWORD = "******" # password: the password used for Authorization of sending email, not the # login EMAIL_USE_TLS = False # use transport layer security or not EMAIL_FROM = "*****@*****.**" # which account send the email # ACCOUNT_ACTIVATION_DAYS = 7 # One-week activation window; you may, of course, use a different value. currently # didnt use SESSION_EXPIRE_AT_BROWSER_CLOSE = True # register the apps oauth = OAuth()
import json, re, requests, time from urllib.parse import urlparse from datetime import datetime from django.http import Http404 from django.urls import reverse from django.http import JsonResponse from django.db.models import Count from django.shortcuts import render, redirect from authlib.integrations.django_client import OAuth from .models import User, Tweets from .utils import sevenspan, getlinks oauth = OAuth() oauth.register( name='twitter', api_base_url='https://api.twitter.com/1.1/', request_token_url='https://api.twitter.com/oauth/request_token', access_token_url='https://api.twitter.com/oauth/access_token', authorize_url='https://api.twitter.com/oauth/authenticate', fetch_token=lambda: session.get(token), ) def home(request): newuser = request.session.get('user') if newuser: newuser, created = User.objects.get_or_create(handleid=newuser['id'], name=newuser['screen_name']) return render(request, 'tweetie/home.html', context={'user': newuser})
'client_kwargs': { 'scope': 'email public_profile' }, 'userinfo_endpoint': USERINFO_ENDPOINT, 'userinfo_compliance_fix': normalize_userinfo, } # facebook_oauth = OAuth() # facebook_oauth.register( # name='facebook', # fetch_token = lambda request: getattr(request, token_name,None), # client_cls = RemoteApp, # ) CONF_URL = 'https://accounts.google.com/.well-known/openid-configuration' oauth = OAuth() oauth.register(name='google', server_metadata_url=CONF_URL, client_kwargs={'scope': 'openid email profile'}) oauth.register( name='facebook', overwrite=True, fetch_token=lambda request: getattr(request, token_name, None), ) def loginFacebook(request): facebook = oauth.create_client('facebook') redirect_uri = request.build_absolute_uri(reverse('authfacebook')) return facebook.authorize_redirect(request, redirect_uri)
p.velocities = velocity_json p.project_settings = attrs.get('project_settings', p.project_settings) p.mode = attrs.get('mode', p.mode) p.save() else: logger.warning('projects_dict is None') logger.info('parse_tms has finished') response_message = '' if len(new_projects) > 0: response_message += "New projects found and parsed: {}.".format( ', '.join(new_projects)) else: response_message += 'No new projects detected - please ensure there are done tasks assigned to you.' if len(updated_projects) > 0: response_message += " Updated existing projects: {}.".format( ', '.join(updated_projects)) logger.info('parse_tms response: {}'.format(response_message)) return response_message PROD_HOST_URL = getattr(settings, "PROD_HOST_URL", "http://localhost:8000") atlassian_redirect_uri = PROD_HOST_URL + '/atlassian_callback' logger.debug('atlassian_redirect_uri: "{}"'.format(atlassian_redirect_uri)) oauth = OAuth(fetch_token=fetch_oauth_token, update_token=update_oauth_token) oauth.register(name='atlassian') logger.debug('oauth registered: {}'.format(oauth.atlassian)) logger.info('models import finished.')
from authlib.integrations.django_client import OAuth from authlib.oidc.discovery import get_well_known_url from django.conf import settings from nens_auth_client.cognito import CognitoOAuthClient # Create the global OAuth registry oauth_registry = OAuth() def get_oauth_client(): client = oauth_registry.create_client("cognito") if client is not None: return client url = get_well_known_url(settings.NENS_AUTH_ISSUER, external=True) oauth_registry.register( name="cognito", client_id=settings.NENS_AUTH_CLIENT_ID, client_secret=settings.NENS_AUTH_CLIENT_SECRET, server_metadata_url=url, client_kwargs={"scope": " ".join(settings.NENS_AUTH_SCOPE)}, client_cls=CognitoOAuthClient, ) return oauth_registry.create_client("cognito")