def oauth_init():
if not settings.OAUTH:
abort(404)
callback_url = url_for('.oauth_callback')
state = get_best_next_url(request.args.get('next'), request.referrer)
return oauth.provider.authorize(callback=callback_url, state=state)
def oauth_callback():
if not settings.OAUTH:
abort(404)
resp = oauth.provider.authorized_response()
if resp is None or isinstance(resp, OAuthException):
log.warning("Failed OAuth: %r", resp)
return Unauthorized("Authentication has failed.")
response = signals.handle_oauth_session.send(provider=oauth.provider,
oauth=resp)
for (_, role) in response:
if role is None:
continue
db.session.commit()
update_role(role)
log.info("Logged in: %r", role)
request.authz = Authz.from_role(role)
record_audit(Audit.ACT_LOGIN)
token = request.authz.to_token(role=role)
token = token.decode('utf-8')
state = request.args.get('state')
next_url = get_best_next_url(state, request.referrer)
next_url, _ = urldefrag(next_url)
next_url = '%s#token=%s' % (next_url, token)
return redirect(next_url)
log.error("No OAuth handler for %r was installed.", oauth.provider.name)
return Unauthorized("Authentication has failed.")
def oauth_callback():
if not settings.OAUTH:
abort(404)
resp = oauth.provider.authorized_response()
if resp is None or isinstance(resp, OAuthException):
log.warning("Failed OAuth: %r", resp)
return Unauthorized("Authentication has failed.")
response = signals.handle_oauth_session.send(provider=oauth.provider,
oauth=resp)
db.session.commit()
for (_, role) in response:
if role is None:
continue
log.info("Logged in: %r", role)
next_url = get_best_next_url(request.args.get('state'),
request.referrer)
next_url, _ = urldefrag(next_url)
next_url = '%s#token=%s' % (next_url, create_token(role))
return redirect(next_url)
log.error("No OAuth handler for %r was installed.", oauth.provider.name)
return Unauthorized("Authentication has failed.")
def test_get_best_next_url_all_unsafe(self):
self.assertEqual(UI_URL, get_best_next_url(self.fake.url(), self.fake.url())) # noqa
def test_get_best_next_url_unsafe_safe(self):
self.assertEqual(
UI_URL + 'next', get_best_next_url(self.fake.url(), '/next'))
def test_get_best_next_url_blank(self):
self.assertEqual(UI_URL, get_best_next_url(''))
def test_get_best_next_url_blank(self):
self.assertEqual(UI_URL, get_best_next_url(''))
def test_get_best_next_url_all_unsafe(self):
self.assertEqual(UI_URL, get_best_next_url(self.fake.url(), self.fake.url())) # noqa
def test_get_best_next_url_unsafe_safe(self):
self.assertEqual(UI_URL + 'next', get_best_next_url(self.fake.url(), '/next'))