def authenticate(token_id: str):
"""Finalize the authentication process. It will be shown on web browser.
:param token_id: token id created by :func:`create_access_token()`
:type token_id: :class:`str`
:status 400: when authentication is failed
:status 404: when the given ``token_id`` doesn't exist
:status 403: when the ``token_id`` is already finalized
:status 200: when authentication is successfully done
"""
token_store = get_token_store()
team = get_team()
token_expire = app.config['TOKEN_EXPIRE']
if not isinstance(token_expire, datetime.timedelta):
raise RuntimeError(
'TOKEN_EXPIRE configuration must be an instance of '
'datetime.timedelta, not {!r}'.format(token_expire)
)
try:
state = token_store.get(token_id)
current_app.logger.debug(
'stored AuthenticationContinuation.state: %r',
state
)
except TypeError:
raise NotFound()
if not isinstance(state, tuple) or state[0] != 'auth-state':
raise Forbidden()
requested_redirect_url = url_for(
'authenticate',
token_id=token_id,
_external=True
)
try:
identity = team.authenticate(
state[1],
requested_redirect_url,
request.environ
)
except AuthenticationError as e:
current_app.logger.debug(e, exc_info=1)
raise BadRequest()
expires_at = datetime.datetime.now(datetime.timezone.utc) + token_expire
token_store.set(token_id, ('token', Token(identity, expires_at)),
timeout=int(token_expire.total_seconds()))
return '<!DOCTYPE html>\n' + html.html(
html.head(
html.meta(charset='utf-8'),
html.title('Geofront: Authentication success')
),
html.body(
html.h1(html.dfn('Geofront:'), ' Authentication success'),
html.p('You may close the browser, and go back to the CLI.')
)
)
def oauth2_callback():
"""Finalize the authentication process. It will be shown on web browser.
:status 400: when authentication is failed
:status 404: when the given ``token_id`` doesn't exist
:status 403: when the ``token_id`` is already finalized
:status 200: when authentication is successfully done
"""
token_id = request.args.get('token_id', '')
token_store = get_token_store()
team = get_team()
token_expire = app.config['TOKEN_EXPIRE']
if not isinstance(token_expire, datetime.timedelta):
raise RuntimeError('TOKEN_EXPIRE configuration must be an instance of '
'datetime.timedelta, not {!r}'.format(token_expire))
try:
state = token_store.get(token_id)
current_app.logger.debug('stored AuthenticationContinuation.state: %r',
state)
except TypeError:
raise NotFound()
if not isinstance(state, tuple) or state[0] != 'auth-state':
raise Forbidden()
if getattr(team, 'allow_callback_url_params', True):
requested_redirect_url = url_for('authenticate',
token_id=token_id,
_external=True)
else:
requested_redirect_url = url_for('oauth2_callback',
token_id=token_id,
_external=True)
try:
identity = team.authenticate(state[1], requested_redirect_url,
request.environ)
except AuthenticationError as e:
current_app.logger.debug(e, exc_info=1)
raise BadRequest()
expires_at = datetime.datetime.now(datetime.timezone.utc) + token_expire
token_store.set(token_id, ('token', Token(identity, expires_at)),
timeout=int(token_expire.total_seconds()))
return '<!DOCTYPE html>\n' + html.html(
html.head(html.meta(charset='utf-8'),
html.title('Geofront: Authentication success')),
html.body(
html.h1(html.dfn('Geofront:'), ' Authentication success'),
html.p('You may close the browser, and go back to the CLI.')))
def render_html(self, title, body, stylesheets=None, scripts=None, end=()):
if stylesheets is None:
stylesheets = self.STYLESHEETS
if scripts is None:
scripts = self.SCRIPTS
return html.html(
lang='en',
*[
html.head(
html.title(title), *[
html.link(rel='stylesheet', href=href)
for href in stylesheets
]),
html.body(*(body +
tuple(html.script(src=src)
for src in scripts) + end)),
])
def authenticate(token_id: str):
"""Finalize the authentication process. It will be shown on web browser.
:param token_id: token id created by :func:`create_access_token()`
:type token_id: :class:`str`
:status 400: when authentication is failed
:status 404: when the given ``token_id`` doesn't exist
:status 403: when the ``token_id`` is already finalized
:status 200: when authentication is successfully done
"""
token_store = get_token_store()
team = get_team()
token_expire = app.config['TOKEN_EXPIRE']
if not isinstance(token_expire, datetime.timedelta):
raise RuntimeError('TOKEN_EXPIRE configuration must be an instance of '
'datetime.timedelta, not {!r}'.format(token_expire))
try:
auth_nonce = token_store.get(token_id)
current_app.logger.debug('stored auth_nonce: %r', auth_nonce)
except TypeError:
raise NotFound()
if not isinstance(auth_nonce, str):
raise Forbidden()
requested_redirect_url = url_for('authenticate',
token_id=token_id,
_external=True)
try:
identity = team.authenticate(auth_nonce, requested_redirect_url,
request.environ)
except AuthenticationError:
raise BadRequest()
expires_at = datetime.datetime.now(datetime.timezone.utc) + token_expire
token_store.set(token_id,
Token(identity, expires_at),
timeout=int(token_expire.total_seconds()))
return '<!DOCTYPE html>\n' + html.html(
html.head(html.meta(charset='utf-8'),
html.title('Geofront: Authentication success')),
html.body(
html.h1(html.dfn('Geofront:'), ' Authentication success'),
html.p('You may close the browser, and go back to the CLI.')))
def authenticate(token_id: str):
"""Finalize the authentication process. It will be shown on web browser.
:param token_id: token id created by :func:`create_access_token()`
:type token_id: :class:`str`
:status 400: when authentication is failed
:status 404: when the given ``token_id`` doesn't exist
:status 403: when the ``token_id`` is already finalized
:status 200: when authentication is successfully done
"""
token_store = get_token_store()
team = get_team()
token_expire = app.config["TOKEN_EXPIRE"]
if not isinstance(token_expire, datetime.timedelta):
raise RuntimeError(
"TOKEN_EXPIRE configuration must be an instance of " "datetime.timedelta, not {!r}".format(token_expire)
)
try:
auth_nonce = token_store.get(token_id)
current_app.logger.debug("stored auth_nonce: %r", auth_nonce)
except TypeError:
raise NotFound()
if not isinstance(auth_nonce, str):
raise Forbidden()
requested_redirect_url = url_for("authenticate", token_id=token_id, _external=True)
try:
identity = team.authenticate(auth_nonce, requested_redirect_url, request.environ)
except AuthenticationError:
raise BadRequest()
expires_at = datetime.datetime.now(datetime.timezone.utc) + token_expire
token_store.set(token_id, Token(identity, expires_at), timeout=int(token_expire.total_seconds()))
return "<!DOCTYPE html>\n" + html.html(
html.head(html.meta(charset="utf-8"), html.title("Geofront: Authentication success")),
html.body(
html.h1(html.dfn("Geofront:"), " Authentication success"),
html.p("You may close the browser, and go back to the CLI."),
),
)