def oauth_callback():
"""OAuth handshake callback."""
glam_names = utils.get_glam_names(glam_list)
if 'request_token' not in flask.session:
flask.flash(u'OAuth callback failed. Are cookies disabled?')
return flask.redirect(flask.url_for('index'))
try:
access_token = mwoauth.complete(
app.config['OAUTH_MWURI'], consumer_token,
mwoauth.RequestToken(**flask.session['request_token']),
flask.request.query_string)
flask.session['access_token_key'], flask.session[
'access_token_secret'] = access_token.key, access_token.secret
identity = mwoauth.identify(app.config['OAUTH_MWURI'], consumer_token,
access_token)
except Exception as e:
app.logger.exception('Infobliss: ' + str(e))
else:
flask.session['access_token'] = dict(
zip(access_token._fields, access_token))
flask.session['username'] = identity['username']
username = flask.session.get('username', None)
return flask.render_template('index.html',
username=username,
glam_list=glam_names)
def oauth_callback(req):
"""OAuth handshake callback."""
serialized_token = req.session.get(REQUEST_TOKEN_KEY, None)
if serialized_token is None:
messages.error(req, _("Session invalid."))
return shortcuts.redirect(
urlresolvers.reverse('labsauth:oauth_initiate'))
# Convert from unicode stored in session to bytes expected by mwoauth
serialized_token = utils.tuple_to_bytes(serialized_token)
consumer_token = mwoauth.ConsumerToken(settings.OAUTH_CONSUMER_KEY,
settings.OAUTH_CONSUMER_SECRET)
request_token = mwoauth.RequestToken(*serialized_token)
access_token = mwoauth.complete(settings.OAUTH_MWURL, consumer_token,
request_token, req.META['QUERY_STRING'])
# Convert to unicode for session storage
req.session[ACCESS_TOKEN_KEY] = utils.tuple_to_unicode(access_token)
req.user.set_accesstoken(access_token)
sul_user = mwoauth.identify(settings.OAUTH_MWURL, consumer_token,
access_token)
req.user.sulname = sul_user['username']
req.user.sulemail = sul_user['email']
req.user.realname = sul_user['realname']
req.user.save()
messages.info(
req,
_("Authenticated as OAuth user {user}".format(
user=sul_user['username'])))
return shortcuts.redirect(req.session.get(NEXT_PAGE, '/'))
def oauth_callback():
"""OAuth handshake callback."""
if 'request_token' not in flask.session:
flask.flash(u'OAuth callback failed. Are cookies disabled?')
return flask.redirect(flask.url_for('index'))
consumer_token = mwoauth.ConsumerToken(app.config['CONSUMER_KEY'],
app.config['CONSUMER_SECRET'])
try:
access_token = mwoauth.complete(
app.config['OAUTH_MWURI'], consumer_token,
mwoauth.RequestToken(**flask.session['request_token']),
flask.request.query_string)
identity = mwoauth.identify(app.config['OAUTH_MWURI'], consumer_token,
access_token)
except Exception:
app.logger.exception('OAuth authentication failed')
else:
flask.session['request_token_secret'] = dict(
zip(access_token._fields, access_token))['secret']
flask.session['request_token_key'] = dict(
zip(access_token._fields, access_token))['key']
flask.session['username'] = identity['username']
return flask.redirect(flask.url_for('index'))
def oauth_callback():
if "request_token" not in flask.session:
flask.flash(u"OAuth callback failed. Are cookies disabled?")
return flask.redirect(flask.url_for("index"))
consumer_token = mwoauth.ConsumerToken(app.config["CONSUMER_KEY"],
app.config["CONSUMER_SECRET"])
try:
access_token = mwoauth.complete(
app.config["OAUTH_MWURI"], consumer_token,
mwoauth.RequestToken(**flask.session["request_token"]),
flask.request.query_string)
identity = mwoauth.identify(app.config["OAUTH_MWURI"], consumer_token,
access_token)
except Exception:
app.logger.exception("OAuth authentication failed")
else:
flask.session["access_token"] = dict(
zip(access_token._fields, access_token))
flask.session["username"] = identity["username"]
return flask.redirect(flask.url_for("index"))
def oauth_authorized():
request_token_key = request.args.get('oauth_token', 'None')
keyed_token_name = _str(request_token_key) + '_request_token'
keyed_next_name = _str(request_token_key) + '_next'
if keyed_token_name not in session:
raise Exception(
"OAuth callback failed. Can't find keyed token in session. Are cookies disabled?"
)
access_token = handshaker.complete(
mwoauth.RequestToken(**session[keyed_token_name]),
request.query_string)
session['mwoauth_access_token'] = \
dict(zip(access_token._fields, access_token))
next_url = "/"
try:
next_url = url_for(session[keyed_next_name])
except BuildError:
pass
del session[keyed_next_name]
del session[keyed_token_name]
username = get_current_user(False)
flash(u'You were signed in, %s!' % username)
return redirect(next_url)
def oauth_callback():
"""OAuth handshake callback."""
if "request_token" not in flask.session:
flask.flash(u"OAuth callback failed. Are cookies disabled?")
return flask.redirect(flask.url_for("index"))
try:
log.warning(flask.request.query_string.decode("ascii"))
access_token = mwoauth.complete(
app.config["OAUTH_MWURI"],
consumer_token,
mwoauth.RequestToken(**flask.session["request_token"]),
flask.request.query_string,
)
identity = mwoauth.identify(app.config["OAUTH_MWURI"], consumer_token,
access_token)
except Exception:
log.exception("OAuth authentication failed")
else:
flask.session["access_token"] = dict(
zip(access_token._fields, access_token))
flask.session["username"] = identity["username"]
return flask.redirect(flask.url_for("index"))
def oauth_callback():
"""OAuth handshake callback."""
if 'request_token' not in flask.session:
flask.flash(u'OAuth callback failed. Are cookies disabled?')
return flask.redirect(flask.url_for('index'))
consumer_token = mwoauth.ConsumerToken(app.config['CONSUMER_KEY'],
app.config['CONSUMER_SECRET'])
try:
access_token = mwoauth.complete(
app.config['OAUTH_MWURI'], consumer_token,
mwoauth.RequestToken(**flask.session['request_token']),
flask.request.query_string)
identity = mwoauth.identify(app.config['OAUTH_MWURI'], consumer_token,
access_token)
except Exception as e:
app.logger.exception('OAuth authentication failed')
else:
flask.session['access_token'] = dict(
zip(access_token._fields, access_token))
print('//////// ACCESS_TOKEN')
print(access_token)
flask.session['username'] = identity['username']
next_url = flask.request.args.get('next_url') or flask.url_for(
'get_random_edit')
return flask.redirect(next_url)
def oauth_callback():
"""OAuth handshake callback."""
if 'request_token' not in session:
flash(gettext('OAuth callback failed. Are cookies disabled?'))
return redirect(url_for('main.home'))
consumer_token = mwoauth.ConsumerToken(app.config['CONSUMER_KEY'],
app.config['CONSUMER_SECRET'])
try:
access_token = mwoauth.complete(
app.config['OAUTH_MWURI'], consumer_token,
mwoauth.RequestToken(**session['request_token']),
request.query_string)
identity = mwoauth.identify(app.config['OAUTH_MWURI'], consumer_token,
access_token)
except Exception:
app.logger.exception('OAuth authentication failed')
else:
session['access_token'] = dict(zip(access_token._fields, access_token))
session['username'] = identity['username']
flash(gettext('Welcome %(username)s!', username=session['username']),
'success')
if session.get('next_url'):
next_url = session.get('next_url')
session.pop('next_url', None)
return redirect(next_url)
else:
return redirect(url_for('main.home'))
def oauth_callback():
"""OAuth handshake callback."""
if 'request_token' not in flask.session:
flask.flash(u'OAuth callback failed. Are cookies disabled?')
return flask.redirect(flask.url_for('index'))
consumer_token = mwoauth.ConsumerToken(app.config['CONSUMER_KEY'],
app.config['CONSUMER_SECRET'])
try:
access_token = mwoauth.complete(
app.config['OAUTH_MWURI'], consumer_token,
mwoauth.RequestToken(**flask.session['request_token']),
flask.request.query_string)
identity = mwoauth.identify(app.config['OAUTH_MWURI'], consumer_token,
access_token)
except Exception:
app.logger.exception('OAuth authentication failed')
else:
flask.session['request_token_secret'] = dict(
zip(access_token._fields, access_token))['secret']
flask.session['request_token_key'] = dict(
zip(access_token._fields, access_token))['key']
flask.session['username'] = identity['username']
tconn = tconnect()
with tconn.cursor() as cur:
sql = 'select settings from users where username=%s'
cur.execute(sql, (getusername(), ))
data = cur.fetchall()
if len(data) == 0:
with tconn.cursor() as cur:
sql = 'insert into users(username, settings) values (%s, %s)'
cur.execute(sql, (getusername(), getdefaultsettings(True)))
tconn.commit()
return flask.redirect(flask.url_for('index'))
def oauth_callback():
if "request_token" not in flask.session:
app.logger.exception("OAuth callback failed. Are cookies disabled?")
return flask.redirect(flask.url_for("index"))
try:
access_token = mwoauth.complete(app.config["OAUTH_MWURI"], consumer_token, mwoauth.RequestToken(**flask.session["request_token"]), flask.request.query_string)
identity = mwoauth.identify(app.config["OAUTH_MWURI"], consumer_token, access_token)
except Exception:
app.logger.exception("OAuth authentication failed.")
else:
flask.session["access_token"] = dict(zip(access_token._fields, access_token))
flask.session["username"] = identity["username"]
# Check for at least 2K edits
query_params = {
"action": "query",
"list": "users",
"ususers": identity["username"],
"usprop": "editcount",
"format": "json"
}
response = requests.get("https://en.wikipedia.org/w/api.php", params=query_params)
print(response.content)
if response.json()["query"]["users"][0]["editcount"] < 2000:
flask.flash("Your edit count needs to be at least 2000 to use this tool.")
flask.session.clear()
return flask.render_template("error.html", text="Your edit count needs to be at least 2000 to use this tool!")
return flask.redirect(flask.url_for("index"))
def oauth_callback():
access_token = mwoauth.complete(
'https://www.wikidata.org/w/index.php',
consumer_token,
mwoauth.RequestToken(**flask.session.pop('oauth_request_token')),
flask.request.query_string,
user_agent=user_agent)
flask.session['oauth_access_token'] = dict(
zip(access_token._fields, access_token))
return flask.redirect(flask.session['oauth_redirect_target'])
def oauth_callback() -> werkzeug.Response:
request_token = mwoauth.RequestToken(
**flask.session.pop('oauth_request_token'))
access_token = mwoauth.complete(index_php,
consumer_token,
request_token,
flask.request.query_string,
user_agent=user_agent)
flask.session['oauth_access_token'] = dict(
zip(access_token._fields, access_token))
return flask.redirect(flask.url_for('index'))
def callback():
logger = logging.getLogger('auth.callback')
if 'access_token' in session or 'username' in session:
logger.warn(
f"User '{session['username']}' appears to be already logged in...")
if 'request_token' not in session:
logger.warn('OAuth callback failed. Are cookies disabled?')
return get_auth_redirect_request()
consumer_token = mwoauth.ConsumerToken(
current_app.config['CONSUMER_KEY'],
current_app.config['CONSUMER_SECRET'])
try:
access_token = mwoauth.complete(
current_app.config['OAUTH_MWURI'], consumer_token,
mwoauth.RequestToken(**session['request_token']),
request.query_string)
identity = mwoauth.identify(current_app.config['OAUTH_MWURI'],
consumer_token, access_token)
except Exception:
logger.exception('OAuth authentication failed')
# TODO should potentially do something more informative for the user here (even a 404 might be clearer?)
return get_auth_redirect_request()
else:
session['access_token'] = dict(zip(access_token._fields, access_token))
username = identity['username']
session['username'] = username
session.permanent = True # ideally, this will keep the user logged-in
logger.info(
f"Session created for user '{username}'; (new session? = {session.new})"
)
response = get_auth_redirect_request()
# note: could set an additional cookie here, using response.set_cookie?
# otherwise: figure out what cookie mwoauth is setting and check for it on the front-end?
# currently, planning to use the existence of the username cookie
response.set_cookie(
"username",
username,
)
# I *believe* this is a manual form of what the Flask session implementation is doing
#import jwt
#response.set_cookie(
# 'user_secret',
# jwt.encode({
# 'access_token': dict(zip(access_token._fields, access_token)),
# 'username': username,
# }, current_app.config['SECRET_KEY'], algorithm="HS256")
#)
return response
def test_if_needs_oauth_redirect_not_logged_in(monkeypatch):
monkeypatch.setitem(lexeme_forms.app.config, 'oauth', {})
monkeypatch.setattr(lexeme_forms,
'consumer_token',
mwoauth.ConsumerToken('test key', 'test secret'),
raising=False)
monkeypatch.setattr(
mwoauth, 'initiate', lambda mw_uri, consumer_token, user_agent:
('test redirect', mwoauth.RequestToken('test key', 'test secret')))
with lexeme_forms.app.test_request_context() as context:
response = lexeme_forms.if_needs_oauth_redirect()
assert response is not None
assert str(response.status_code).startswith('3')
def check_auth(self, user_id, login_type, login_dict):
"""Authenticate user with mediawiki
This will receive OAuth comsumer and request tokens and identify
the user. Initiating and handling the OAuth callback will be done
in the clients"""
logger.info("Request to auth user %s", user_id)
consumer_token = mwoauth.ConsumerToken(self.config.consumer_key,
self.config.consumer_secret)
try:
access_token = mwoauth.complete(
self.config.oauth_mwuri, consumer_token,
mwoauth.RequestToken(login_dict['request_key'],
login_dict['request_secret']),
login_dict['oauth_query'])
identity = yield mwoauth.identify(self.config.oauth_mwuri,
consumer_token, access_token)
except Exception as e:
logger.exception('OAuth authentication failed, %s', e)
yield defer.returnValue(None)
if user_id.startswith("@"):
localpart = user_id.split(":", 1)[0][1:]
else:
localpart = user_id
user_id = UserID(localpart,
self.account_handler.hs.hostname).to_string()
if localpart.title() != identity["username"]:
logger.error(("username from mediawiki differs from provided %s !="
" %s"), localpart, identity["username"])
yield defer.returnValue(None)
logger.info("User %s authenticated", user_id)
if not (yield self.account_handler.check_user_exists(user_id)):
logger.info("User %s does not exist yet, creating...", user_id)
user_id, access_token = (yield self.account_handler.register(
localpart=localpart))
# registration = True
logger.info("Registration based on MW_OAuth was successful for %s",
user_id)
else:
logger.info("User %s already exists, registration skipped",
user_id)
yield defer.returnValue((user_id, None))
def oauth_callback():
request_token_key = request.args.get('oauth_token', 'None')
keyed_token_name = _str(request_token_key) + '_request_token'
keyed_next_name = _str(request_token_key) + '_next'
if keyed_token_name not in session:
err_msg = "OAuth callback failed. Can't find keyed token. Are cookies disabled?"
err_msg = err_msg + '\n Go <a href="https://bodh.toolforge.org">Bodh</a>'
return err_msg
access_token = handshaker.complete(
mwoauth.RequestToken(**session[keyed_token_name]),
request.query_string)
session['mwoauth_access_token'] = \
dict(zip(access_token._fields, access_token))
del session[keyed_next_name]
del session[keyed_token_name]
get_current_user(False)
return redirect( app.config["APP_REDIRECT_URI"] )
def oauth_callback():
consumer_token = mwoauth.ConsumerToken(config['OAUTH_TOKEN'],
config['OAUTH_SECRET'])
access_token = mwoauth.complete(
config['OAUTH_URI'], consumer_token,
mwoauth.RequestToken(**session['request_token']), request.query_string)
identity = mwoauth.identify(config['OAUTH_URI'], consumer_token,
access_token)
user = db_insert_if_not_exist(User(sul_id=identity['sub'],
username=identity['username']),
sul_id=identity['sub'])
session['user_id'] = user.id
session['username'] = user.username
session['access_token'] = dict(zip(access_token._fields, access_token))
return redirect(session.pop('return_url', url_for('main.home')))
def oauth_callback():
"""OAuth handshake callback."""
if 'request_token' not in flask.session:
flask.flash(u'OAuth callback failed. Are cookies disabled?')
return flask.redirect(flask.url_for('index'))
consumer_token = mwoauth.ConsumerToken(app.config['CONSUMER_KEY'],
app.config['CONSUMER_SECRET'])
try:
access_token = mwoauth.complete(
app.config['OAUTH_MWURI'], consumer_token,
mwoauth.RequestToken(**flask.session['request_token']),
flask.request.query_string)
identity = mwoauth.identify(app.config['OAUTH_MWURI'], consumer_token,
access_token)
except Exception:
app.logger.exception('OAuth authentication failed')
else:
flask.session['access_token'] = dict(
zip(access_token._fields, access_token))
flask.session['username'] = identity['username']
regdate = registration_date(flask.session['username'])
if regdate:
delta = datetime.datetime.now() - regdate
if delta.days >= 365:
return flask.redirect(flask.url_for('index'))
else:
return flask.render_template(
'error.html',
error={
'msg':
'Ցավոք, Դուք չունեք բավարար վիքիստաժ։ Խնդրում եմ '
'կրկին փորձել ' + str(365 - delta.days) + ' օր '
'հետո։'
})
return flask.render_template(
'error.html',
error={
'msg':
'Չստացվեց գտնել Ձեր գրանցման ամսաթիվը։ Խնդրում եմ կրկին '
'փորձել կամ դիմել ԱշոտՏՆՂ մասնակցին, եթե խնդիրը '
'շարունակվում է։։'
})
def oauth_callback():
oauth_request_token = flask.session.pop('oauth_request_token', None)
if oauth_request_token is None:
return flask.render_template(
'oauth-callback-without-request-token.html',
already_logged_in='oauth_access_token' in flask.session,
query_string=flask.request.query_string.decode(
flask.request.url_charset))
access_token = mwoauth.complete(
'https://www.wikidata.org/w/index.php',
consumer_token,
mwoauth.RequestToken(**oauth_request_token),
flask.request.query_string,
user_agent=user_agent)
flask.session['oauth_access_token'] = dict(
zip(access_token._fields, access_token))
flask.session.pop('_csrf_token', None)
return flask.redirect(flask.url_for('index'))
def oauth_callback() -> Union[werkzeug.Response, str]:
oauth_request_token = flask.session.pop('oauth_request_token', None)
if oauth_request_token is None:
already_logged_in = 'oauth_access_token' in flask.session
query_string = flask.request.query_string\
.decode(flask.request.url_charset)
return flask.render_template('no-oauth-request-token.html',
already_logged_in=already_logged_in,
query_string=query_string)
request_token = mwoauth.RequestToken(**oauth_request_token)
access_token = mwoauth.complete(index_php,
consumer_token,
request_token,
flask.request.query_string,
user_agent=user_agent)
flask.session['oauth_access_token'] = dict(zip(access_token._fields,
access_token))
flask.session.pop('csrf_token', None)
redirect_target = flask.session.pop('oauth_redirect_target', None)
return flask.redirect(redirect_target or flask.url_for('index'))
def oauth_callback():
if 'request_token' not in session:
flash('OAuth callback failed, do you have your cookies disabled?')
return redirect('/')
consumer_token = create_consumer_token()
try:
access_token = mwoauth.complete(
app.config["OAUTH_MWURI"], consumer_token,
mwoauth.RequestToken(**session['request_token']),
request.query_string)
identity = mwoauth.identify(app.config["OAUTH_MWURI"], consumer_token,
access_token)
except:
flash('OAuth callback caused an exception, aborting')
app.logger.exception('OAuth callback failed')
else:
session['access_token'] = dict(zip(access_token._fields, access_token))
session['username'] = identity['username']
return redirect('/')
if return_url and return_url.startswith(full_url('index')):
flask.session['oauth_redirect_target'] = return_url
return flask.redirect(redirect)
@app.route('/oauth/callback')
def oauth_callback(){% if cookiecutter.set_up_mypy == "True" %} -> Union[werkzeug.Response, str]{% endif %}:
oauth_request_token = flask.session.pop('oauth_request_token', None)
if oauth_request_token is None:
already_logged_in = 'oauth_access_token' in flask.session
query_string = flask.request.query_string\
.decode(flask.request.url_charset)
return flask.render_template('error-oauth-callback.html',
already_logged_in=already_logged_in,
query_string=query_string)
request_token = mwoauth.RequestToken(**oauth_request_token)
access_token = mwoauth.complete(index_php,
consumer_token,
request_token,
flask.request.query_string,
user_agent=user_agent)
flask.session['oauth_access_token'] = dict(zip(access_token._fields,
access_token))
flask.session.pop('csrf_token', None)
redirect_target = flask.session.pop('oauth_redirect_target', None)
return flask.redirect(redirect_target or flask.url_for('index'))
@app.route('/logout')
def logout(){% if cookiecutter.set_up_mypy == "True" %} -> werkzeug.Response{% endif %}:
flask.session.pop('oauth_access_token', None)
csrf_error=csrf_error)
@app.route('/login')
def login(){% if cookiecutter.set_up_mypy == "True" %} -> werkzeug.Response{% endif %}:
redirect, request_token = mwoauth.initiate(index_php,
consumer_token,
user_agent=user_agent)
flask.session['oauth_request_token'] = dict(zip(request_token._fields,
request_token))
return flask.redirect(redirect)
@app.route('/oauth/callback')
def oauth_callback(){% if cookiecutter.set_up_mypy == "True" %} -> werkzeug.Response{% endif %}:
request_token = mwoauth.RequestToken(
**flask.session.pop('oauth_request_token'))
access_token = mwoauth.complete(index_php,
consumer_token,
request_token,
flask.request.query_string,
user_agent=user_agent)
flask.session['oauth_access_token'] = dict(zip(access_token._fields,
access_token))
return flask.redirect(flask.url_for('index'))
def full_url(endpoint{% if cookiecutter.set_up_mypy == "True" %}: str{% endif %}, **kwargs){% if cookiecutter.set_up_mypy == "True" %} -> str{% endif %}:
scheme = flask.request.headers.get('X-Forwarded-Proto', 'http')
return flask.url_for(endpoint, _external=True, _scheme=scheme, **kwargs)
def oauth_callback():
request_token = mwoauth.RequestToken(**flask.session.pop('oauth_request_token'))
access_token = mwoauth.complete('https://commons.wikimedia.org/w/index.php', consumer_token, request_token, flask.request.query_string, user_agent=user_agent)
flask.session['oauth_access_token'] = dict(zip(access_token._fields, access_token))
return flask.redirect(flask.url_for('index'))
def oauth_callback():
consumer_token = mwoauth.ConsumerToken(app.config['CONSUMER_KEY'], app.config['CONSUMER_SECRET'])
request_token = mwoauth.RequestToken(**flask.session.pop('oauth_request_token'))
access_token = mwoauth.complete('https://meta.wikimedia.org/w/index.php', consumer_token, request_token, flask.request.query_string, user_agent=user_agent)
flask.session['oauth_access_token'] = dict(zip(access_token._fields, access_token))
return flask.redirect(flask.url_for('index_page'))
