async def authenticate(self, handler, data=None): consumer_token = ConsumerToken( self.client_id, self.client_secret, ) handshaker = Handshaker(self.mw_index_url, consumer_token) request_token = dejsonify( handler.get_secure_cookie(AUTH_REQUEST_COOKIE_NAME)) handler.clear_cookie(AUTH_REQUEST_COOKIE_NAME) access_token = await wrap_future( self.executor.submit(handshaker.complete, request_token, handler.request.query)) identity = await wrap_future( self.executor.submit(handshaker.identify, access_token)) if identity and 'username' in identity: # this shouldn't be necessary anymore, # but keep for backward-compatibility return { 'name': identity['username'].replace(' ', '_'), 'auth_state': { 'ACCESS_TOKEN_KEY': access_token.key, 'ACCESS_TOKEN_SECRET': access_token.secret, 'MEDIAWIKI_USER_IDENTITY': identity, }, } else: self.log.error("No username found in %s", identity)
def get(self): consumer_token = ConsumerToken(self.authenticator.client_id, self.authenticator.client_secret) handshaker = Handshaker(self.authenticator.mw_index_url, consumer_token) request_token = dejsonify( self.get_secure_cookie(AUTH_REQUEST_COOKIE_NAME)) self.clear_cookie(AUTH_REQUEST_COOKIE_NAME) access_token = yield self.executor.submit(handshaker.complete, request_token, self.request.query) identity = handshaker.identify(access_token) if identity and 'username' in identity: # FIXME: Figure out total set of chars that can be present # in MW's usernames, and set of chars valid in jupyterhub # usernames, and do a proper mapping username = identity['username'].replace(' ', '_') user = self.find_user(username) if user is None: user = orm.User(name=username, id=identity['sub']) self.db.add(user) self.db.commit() self.set_login_cookie(user) self.redirect(url_path_join(self.hub.server.base_url, 'home')) else: # todo: custom error page? raise web.HTTPError(403)
def login(): handshaker = Handshaker("https://meta.wikimedia.org/w/index.php", oauth_token) redirect_url, request_token = handshaker.initiate() session['request_token'] = request_token session['return_to_url'] = request.args.get('next', '/') return redirect(redirect_url)
def authenticate(self, handler): code = handler.get_argument('code', False) if not code: raise web.HTTPError(400, "oauth callback made without a token") consumer_token = ConsumerToken( self.client_id, self.client_secret, ) handshaker = Handshaker(self.mw_index_url, consumer_token) request_token = dejsonify( handler.get_secure_cookie(AUTH_REQUEST_COOKIE_NAME)) handler.clear_cookie(AUTH_REQUEST_COOKIE_NAME) access_token = yield self.executor.submit(handshaker.complete, request_token, handler.request.query) identity = yield self.executor.submit(handshaker.identify, access_token) if identity and 'username' in identity: # this shouldn't be necessary anymore, # but keep for backward-compatibility return identity['username'].replace(' ', '_') else: self.log.error("No username found in %s", identity)
def wd_oauth_handshake_1(): consumer_token = ConsumerToken(oauth_config.consumer_key, oauth_config.consumer_secret) # Construct handshaker with wiki URI and consumer handshaker = Handshaker("https://www.mediawiki.org/w/index.php", consumer_token) # # Step 1: Initialize -- ask MediaWiki for a temporary key/secret for user mw_redirect, request_token = handshaker.initiate() return mw_redirect
def complete_login(request, consumer_token, cookie, rdb_session, root_path, api_log): # TODO: Remove or standardize the DEBUG option if DEBUG: identity = {'sub': 6024474, 'username': '******'} else: handshaker = Handshaker(WIKI_OAUTH_URL, consumer_token) with api_log.debug('load_login_cookie') as act: try: rt_key = cookie['request_token_key'] rt_secret = cookie['request_token_secret'] except KeyError: # in some rare cases, stale cookies are left behind # and users have to click login again act.failure('clearing stale cookie, redirecting to {}', root_path) cookie.set_expires() return redirect(root_path) req_token = RequestToken(rt_key, rt_secret) access_token = handshaker.complete(req_token, request.query_string) identity = handshaker.identify(access_token) userid = identity['sub'] username = identity['username'] user = rdb_session.query(User).filter(User.id == userid).first() now = datetime.datetime.utcnow() if user is None: user = User(id=userid, username=username, last_active_date=now) rdb_session.add(user) else: user.last_active_date = now # These would be useful when we have oauth beyond simple ID, but # they should be stored in the database along with expiration times. # ID tokens only last 100 seconds or so # cookie['access_token_key'] = access_token.key # cookie['access_token_secret'] = access_token.secret # identity['confirmed_email'] = True/False might be interesting # for contactability through the username. Might want to assert # that it is True. cookie['userid'] = identity['sub'] cookie['username'] = identity['username'] return_to_url = cookie.get('return_to_url') # TODO: Clean up if not DEBUG: del cookie['request_token_key'] del cookie['request_token_secret'] del cookie['return_to_url'] else: return_to_url = '/' return redirect(return_to_url)
def login(request, consumer_token, cookie, root_path): handshaker = Handshaker(WIKI_OAUTH_URL, consumer_token) redirect_url, request_token = handshaker.initiate() cookie['request_token_key'] = request_token.key cookie['request_token_secret'] = request_token.secret cookie['return_to_url'] = request.args.get('next', root_path) return redirect(redirect_url)
def wd_oauth(request): if request.method == 'POST': body_unicode = request.body.decode('utf-8') body = json.loads(body_unicode) consumer_token = ConsumerToken(oauth_config.consumer_key, oauth_config.consumer_secret) print(consumer_token) mw_uri = "https://www.mediawiki.org/w/index.php" callbackURI = "http://54.166.140.4" + body[ 'current_path'] + '/authorized' print(callbackURI) handshaker = Handshaker(mw_uri=mw_uri, consumer_token=consumer_token, callback=callbackURI) mw_redirect, request_token = handshaker.initiate(callback=callbackURI) response_data = {'wikimediaURL': mw_redirect} return JsonResponse(response_data)
def oauth_callback(): handshaker = Handshaker("https://meta.wikimedia.org/w/index.php", oauth_token) access_token = handshaker.complete(session['request_token'], request.query_string) session['acces_token'] = access_token identity = handshaker.identify(access_token) wiki_uid = identity['sub'] user = g.conn.session.query(User).filter(User.wiki_uid == wiki_uid).first() if user is None: user = User(username=identity['username'], wiki_uid=wiki_uid) g.conn.session.add(user) g.conn.session.commit() session['user_id'] = user.id return_to_url = session.get('return_to_url') del session['request_token'] del session['return_to_url'] return redirect(return_to_url)
async def get(self): consumer_token = ConsumerToken( self.authenticator.client_id, self.authenticator.client_secret, ) handshaker = Handshaker(self.authenticator.mw_index_url, consumer_token) redirect, request_token = await wrap_future( self.authenticator.executor.submit(handshaker.initiate)) self.set_secure_cookie(AUTH_REQUEST_COOKIE_NAME, jsonify(request_token), expires_days=1, path=url_path_join(self.base_url, 'hub', 'oauth_callback'), httponly=True) self.log.info('oauth redirect: %r', redirect) self.redirect(redirect)
def complete_login(request, consumer_token, cookie): handshaker = Handshaker(WIKI_OAUTH_URL, consumer_token) req_token = RequestToken(cookie['request_token_key'], cookie['request_token_secret']) access_token = handshaker.complete(req_token, request.query_string) identity = handshaker.identify(access_token) userid = identity['sub'] username = identity['username'] cookie['userid'] = userid cookie['username'] = username # Is this OK to put in a cookie? cookie['oauth_access_key'] = access_token.key cookie['oauth_access_secret'] = access_token.secret return_to_url = cookie.get('return_to_url', '/') return redirect(return_to_url)
def complete_login(request, consumer_token, cookie, rdb_session): handshaker = Handshaker(WIKI_OAUTH_URL, consumer_token) req_token = RequestToken(cookie['request_token_key'], cookie['request_token_secret']) access_token = handshaker.complete(req_token, request.query_string) identity = handshaker.identify(access_token) userid = identity['sub'] username = identity['username'] user = rdb_session.query(User).filter(User.id == userid).first() now = datetime.datetime.utcnow() if user is None: user = User(id=userid, username=username, last_login_date=now) rdb_session.add(user) else: user.last_login_date = now # These would be useful when we have oauth beyond simple ID, but # they should be stored in the database along with expiration times. # ID tokens only last 100 seconds or so # cookie['access_token_key'] = access_token.key # cookie['access_token_secret'] = access_token.secret # identity['confirmed_email'] = True/False might be interesting # for contactability through the username. Might want to assert # that it is True. cookie['userid'] = identity['sub'] cookie['username'] = identity['username'] return_to_url = cookie.get('return_to_url') del cookie['request_token_key'] del cookie['request_token_secret'] del cookie['return_to_url'] return redirect(return_to_url)
from mwoauth import ConsumerToken, Handshaker import requests from requests_oauthlib import OAuth1 from six.moves import input # For compatibility between python 2 and 3 # Consruct a "consumer" from the key/secret provided by MediaWiki import config # You'll need to provide this consumer_token = ConsumerToken(config.consumer_key, config.consumer_secret) # Construct handshaker with wiki URI and consumer handshaker = Handshaker("https://en.wikipedia.org/w/index.php", consumer_token) # Step 1: Initialize -- ask MediaWiki for a temporary key/secret for user redirect, request_token = handshaker.initiate() # Step 2: Authorize -- send user to MediaWiki to confirm authorization print("Point your browser to: %s" % redirect) # response_qs = input("Response query string: ") # Step 3: Complete -- obtain authorized key/secret for "resource owner" access_token = handshaker.complete(request_token, response_qs) # Construct an auth object with the consumer and access tokens auth1 = OAuth1(consumer_token.key, client_secret=consumer_token.secret, resource_owner_key=access_token.key, resource_owner_secret=access_token.secret) # Now, accessing the API on behalf of a user
def make_handshaker_mw(): return Handshaker( app.config['META_MW_BASE_URL'] + app.config['META_MW_BASE_INDEX'], mw_oauth_token, )
def __init__(self, user=None, pwd=None, mediawiki_api_url=None, mediawiki_index_url=None, mediawiki_rest_url=None, token_renew_period=1800, use_clientlogin=False, consumer_key=None, consumer_secret=None, access_token=None, access_secret=None, client_id=None, client_secret=None, callback_url='oob', user_agent=None, debug=False): """ This class handles several types of login procedures. Either use user and pwd authentication or OAuth. Wikidata clientlogin can also be used. If using one method, do NOT pass parameters for another method. :param user: the username which should be used for the login :type user: str :param pwd: the password which should be used for the login :type pwd: str :param token_renew_period: Seconds after which a new token should be requested from the Wikidata server :type token_renew_period: int :param use_clientlogin: use authmanager based login method instead of standard login. For 3rd party data consumer, e.g. web clients :type use_clientlogin: bool :param consumer_key: The consumer key for OAuth :type consumer_key: str :param consumer_secret: The consumer secret for OAuth :type consumer_secret: str :param access_token: The access token for OAuth :type access_token: str :param access_secret: The access secret for OAuth :type access_secret: str :param callback_url: URL which should be used as the callback URL :type callback_url: str :param user_agent: UA string to use for API requests. :type user_agent: str :return: None """ self.mediawiki_api_url = config[ 'MEDIAWIKI_API_URL'] if mediawiki_api_url is None else mediawiki_api_url self.mediawiki_index_url = config[ 'MEDIAWIKI_INDEX_URL'] if mediawiki_index_url is None else mediawiki_index_url self.mediawiki_rest_url = config[ 'MEDIAWIKI_REST_URL'] if mediawiki_rest_url is None else mediawiki_rest_url if debug: print(self.mediawiki_api_url) self.session = requests.Session() self.edit_token = '' self.instantiation_time = time.time() self.token_renew_period = token_renew_period self.consumer_key = consumer_key self.consumer_secret = consumer_secret self.access_token = access_token self.access_secret = access_secret self.client_id = client_id self.client_secret = client_secret self.response_qs = None self.callback_url = callback_url if user_agent: self.user_agent = user_agent else: # if a user is given append " (User:USER)" to the UA string and update that value in CONFIG if user and user.casefold( ) not in config['USER_AGENT_DEFAULT'].casefold(): config['USER_AGENT_DEFAULT'] += " (User:{})".format(user) self.user_agent = config['USER_AGENT_DEFAULT'] self.session.headers.update({'User-Agent': self.user_agent}) if self.consumer_key and self.consumer_secret: if self.access_token and self.access_secret: # OAuth procedure, based on https://www.mediawiki.org/wiki/OAuth/Owner-only_consumers#Python auth = OAuth1(self.consumer_key, client_secret=self.consumer_secret, resource_owner_key=self.access_token, resource_owner_secret=self.access_secret) self.session.auth = auth self.generate_edit_credentials() else: # Oauth procedure, based on https://www.mediawiki.org/wiki/OAuth/For_Developers # Consruct a "consumer" from the key/secret provided by MediaWiki self.consumer_token = ConsumerToken(self.consumer_key, self.consumer_secret) # Construct handshaker with wiki URI and consumer self.handshaker = Handshaker(self.mediawiki_index_url, self.consumer_token, callback=self.callback_url, user_agent=self.user_agent) # Step 1: Initialize -- ask MediaWiki for a temp key/secret for user # redirect -> authorization -> callback url self.redirect, self.request_token = self.handshaker.initiate( callback=self.callback_url) elif self.client_id and self.client_secret: oauth = OAuth2Session(client=BackendApplicationClient( client_id=self.client_id)) token = oauth.fetch_token(token_url=self.mediawiki_rest_url + '/oauth2/access_token', client_id=self.client_id, client_secret=self.client_secret) auth = OAuth2(token=token) self.session.auth = auth self.generate_edit_credentials() else: params_login = { 'action': 'query', 'meta': 'tokens', 'type': 'login', 'format': 'json' } # get login token login_token = self.session.post( self.mediawiki_api_url, data=params_login).json()['query']['tokens']['logintoken'] if use_clientlogin: params = { 'action': 'clientlogin', 'username': user, 'password': pwd, 'logintoken': login_token, 'loginreturnurl': 'https://example.org/', 'format': 'json' } login_result = self.session.post(self.mediawiki_api_url, data=params).json() if debug: print(login_result) if 'clientlogin' in login_result: if login_result['clientlogin']['status'] != 'PASS': clientlogin = login_result['clientlogin'] raise LoginError( "Login failed ({}). Message: '{}'".format( clientlogin['messagecode'], clientlogin['message'])) elif debug: print("Successfully logged in as", login_result['clientlogin']['username']) else: error = login_result['error'] raise LoginError("Login failed ({}). Message: '{}'".format( error['code'], error['info'])) else: params = { 'action': 'login', 'lgname': user, 'lgpassword': pwd, 'lgtoken': login_token, 'format': 'json' } login_result = self.session.post(self.mediawiki_api_url, data=params).json() if debug: print(login_result) if login_result['login']['result'] != 'Success': raise LoginError("Login failed. Reason: '{}'".format( login_result['login']['result'])) elif debug: print("Successfully logged in as", login_result['login']['lgusername']) if 'warnings' in login_result: print("MediaWiki login warnings messages:") for message in login_result['warnings']: print("* {}: {}".format( message, login_result['warnings'][message]['*'])) self.generate_edit_credentials()
from requests_oauthlib import OAuth1 from config import consumer_key, consumer_secret, api_url, redis_pw, redis_host from redis import Redis from celery.result import AsyncResult import youtube_dl import guess_language from redisession import RedisSessionInterface sys.path.append( os.path.dirname(os.path.realpath(__file__)) + "/../../../backend/") import worker # NOQA consumer_token = ConsumerToken(consumer_key, consumer_secret) handshaker = Handshaker(api_url, consumer_token) redisconnection = Redis(host=redis_host, db=3, password=redis_pw) app = Flask(__name__) app.session_interface = RedisSessionInterface(redisconnection) @app.errorhandler(Exception) def all_exception_handler(error): """Handle an exception and show the traceback to error page.""" return 'Please notify [[commons:User:Zhuyifei1999]]: ' + \ traceback.format_exc(), 500
def requests_handshaker(): consumer_key = config.OAUTH_CONSUMER_KEY consumer_secret = config.OAUTH_CONSUMER_SECRET consumer_token = ConsumerToken(consumer_key, consumer_secret) return Handshaker("https://meta.wikimedia.org/w/index.php", consumer_token)
def _get_handshaker(): consumer_token = ConsumerToken(settings.TWLIGHT_OAUTH_CONSUMER_KEY, settings.TWLIGHT_OAUTH_CONSUMER_SECRET) handshaker = Handshaker(settings.TWLIGHT_OAUTH_PROVIDER_URL, consumer_token) return handshaker
def __init__(self, user=None, pwd=None, mediawiki_api_url='https://www.wikidata.org/w/api.php', token_renew_period=1800, use_clientlogin=False, consumer_key=None, consumer_secret=None, callback_url='oob', user_agent=None): """ This class handles several types of login procedures. Either use user and pwd authentication or OAuth. Wikidata clientlogin can also be used. If using one method, do NOT pass parameters for another method. :param user: the username which should be used for the login :param pwd: the password which should be used for the login :param token_renew_period: Seconds after which a new token should be requested from the Wikidata server :type token_renew_period: int :param use_clientlogin: use authmanager based login method instead of standard login. For 3rd party data consumer, e.g. web clients :type use_clientlogin: bool :param consumer_key: The consumer key for OAuth :type consumer_key: str :param consumer_secret: The consumer secret for OAuth :type consumer_secret: str :param callback_url: URL which should be used as the callback URL :type callback_url: str :param user_agent: UA string to use for API requests. :type user_agent: str :return: None """ self.base_url = mediawiki_api_url print(self.base_url) self.s = requests.Session() self.edit_token = '' self.instantiation_time = time.time() self.token_renew_period = token_renew_period self.mw_url = "https://www.mediawiki.org/w/index.php" self.consumer_key = consumer_key self.consumer_secret = consumer_secret self.response_qs = None self.callback_url = callback_url if user_agent: self.user_agent = user_agent else: # if a user is given append " (User:USER)" to the UA string and update that value in CONFIG if user and user.lower() not in config['USER_AGENT_DEFAULT'].lower(): config['USER_AGENT_DEFAULT'] += " (User:{})".format(user) self.user_agent = config['USER_AGENT_DEFAULT'] self.s.headers.update({ 'User-Agent': self.user_agent }) if self.consumer_key and self.consumer_secret: # Oauth procedure, based on https://www.mediawiki.org/wiki/OAuth/For_Developers # Consruct a "consumer" from the key/secret provided by MediaWiki self.consumer_token = ConsumerToken(self.consumer_key, self.consumer_secret) # Construct handshaker with wiki URI and consumer self.handshaker = Handshaker(self.mw_url, self.consumer_token, callback=self.callback_url, user_agent=self.user_agent) # Step 1: Initialize -- ask MediaWiki for a temp key/secret for user # redirect -> authorization -> callback url self.redirect, self.request_token = self.handshaker.initiate(callback=self.callback_url) elif use_clientlogin: params = { 'action': 'query', 'format': 'json', 'meta': 'authmanagerinfo', 'amisecuritysensitiveoperation': '', 'amirequestsfor': 'login' } self.s.get(self.base_url, params=params) params2 = { 'action': 'query', 'format': 'json', 'meta': 'tokens', 'type': 'login' } login_token = self.s.get(self.base_url, params=params2).json()['query']['tokens']['logintoken'] data = { 'action': 'clientlogin', 'format': 'json', 'username': user, 'password': pwd, 'logintoken': login_token, 'loginreturnurl': 'http://example.org/' } login_result = self.s.post(self.base_url, data=data).json() print(login_result) if login_result['clientlogin']['status'] == 'FAIL': raise ValueError('Login FAILED') self.generate_edit_credentials() else: params = { 'action': 'login', 'lgname': user, 'lgpassword': pwd, 'format': 'json' } # get login token login_token = self.s.post(self.base_url, data=params).json()['login']['token'] # do the login using the login token params.update({'lgtoken': login_token}) r = self.s.post(self.base_url, data=params).json() if r['login']['result'] != 'Success': print('login failed:', r['login']['reason']) raise ValueError('login FAILED!!') else: print('Successfully logged in as', r['login']['lgusername']) self.generate_edit_credentials()
def __init__(self): self.consumer_token = ConsumerToken(oauth_config.consumer_key, oauth_config.consumer_secret) self.handshaker = Handshaker("https://www.mediawiki.org/w/index.php", self.consumer_token) self.request_token = '' self.response_qs = '' self.access_token = ''