Exemplo n.º 1
0
def callback():
    resp = oauth_provider.authorized_response()
    if resp is None or isinstance(resp, OAuthException):
        # FIXME: notify the user, somehow.
        return redirect(url_for('ui'))

    session['oauth'] = resp
    session['roles'] = [system_role(Role.SYSTEM_USER)]
    if 'googleapis.com' in oauth_provider.base_url:
        me = oauth_provider.get('userinfo')
        user_id = 'google:%s' % me.data.get('id')
        role = Role.load_or_create(user_id, Role.USER, me.data.get('name'),
                                   email=me.data.get('email'))
    elif 'occrp.org' in oauth_provider.base_url or \
            'investigativedashboard.org' in oauth_provider.base_url:
        me = oauth_provider.get('api/2/accounts/profile/')
        user_id = 'idashboard:user:%s' % me.data.get('id')
        role = Role.load_or_create(user_id, Role.USER,
                                   me.data.get('display_name'),
                                   email=me.data.get('email'),
                                   is_admin=me.data.get('is_admin'))
        for group in me.data.get('groups', []):
            group_id = 'idashboard:%s' % group.get('id')
            group_role = Role.load_or_create(group_id, Role.GROUP,
                                             group.get('name'))
            session['roles'].append(group_role.id)
    else:
        raise RuntimeError("Unknown OAuth URL: %r" % oauth_provider.base_url)
    session['roles'].append(role.id)
    session['user'] = role.id
    db.session.commit()
    return redirect(url_for('ui'))
Exemplo n.º 2
0
def load_role():
    request.auth_roles = set([system_role(Role.SYSTEM_GUEST)])
    request.auth_role = None
    request.logged_in = False

    auth_header = request.headers.get('Authorization')

    if session.get('user'):
        request.auth_roles.update(session.get('roles', []))
        request.auth_role = Role.by_id(session.get('user'))
        request.logged_in = True
    elif auth_header is not None:
        if not auth_header.lower().startswith('apikey'):
            return
        api_key = auth_header.split(' ', 1).pop()
        role = Role.by_api_key(api_key)
        if role is None:
            return
        request.auth_role = role
        request.auth_roles.update([system_role(Role.SYSTEM_USER), role.id])
        request.logged_in = True