def callback(oauth_token):
next_url = request.args.get("next")
if oauth_token is None:
flash("Authorization failed [err=gh-oauth-login-failed]", "danger")
return redirect(url_for("users.login"))
# Get Github username
url = "https://api.github.com/user"
r = requests.get(url, headers={"Authorization": "token " + oauth_token})
username = r.json()["login"]
# Get user by github username
userByGithub = User.query.filter(
func.lower(User.github_username) == func.lower(username)).first()
# If logged in, connect
if current_user and current_user.is_authenticated:
if userByGithub is None:
current_user.github_username = username
db.session.commit()
flash("Linked github to account", "success")
return redirect(url_for("homepage.home"))
else:
flash("Github account is already associated with another user",
"danger")
return redirect(url_for("homepage.home"))
# If not logged in, log in
else:
if userByGithub is None:
flash("Unable to find an account for that Github user", "danger")
return redirect(url_for("users.claim_forums"))
elif login_user_set_active(userByGithub, remember=True):
addAuditLog(
AuditSeverity.USER, userByGithub,
"Logged in using GitHub OAuth",
url_for("users.profile", username=userByGithub.username))
db.session.commit()
if not current_user.password:
return redirect(
next_url or url_for("users.set_password", optional=True))
else:
return redirect(next_url or url_for("homepage.home"))
else:
flash("Authorization failed [err=gh-login-failed]", "danger")
return redirect(url_for("users.login"))
def claim_forums():
username = request.args.get("username")
if username is None:
username = ""
else:
method = request.args.get("method")
if not check_username(username):
flash(
"Invalid username - must only contain A-Za-z0-9._. Consider contacting an admin",
"danger")
return redirect(url_for("users.claim_forums"))
user = User.query.filter_by(forums_username=username).first()
if user and user.rank.atLeast(UserRank.NEW_MEMBER):
flash("User has already been claimed", "danger")
return redirect(url_for("users.claim_forums"))
elif method == "github":
if user is None or user.github_username is None:
flash("Unable to get GitHub username for user", "danger")
return redirect(
url_for("users.claim_forums", username=username))
else:
return redirect(url_for("github.start"))
if "forum_token" in session:
token = session["forum_token"]
else:
token = randomString(12)
session["forum_token"] = token
if request.method == "POST":
ctype = request.form.get("claim_type")
username = request.form.get("username")
if not check_username(username):
flash(
"Invalid username - must only contain A-Za-z0-9._. Consider contacting an admin",
"danger")
elif ctype == "github":
task = checkForumAccount.delay(username)
return redirect(
url_for("tasks.check",
id=task.id,
r=url_for("users.claim_forums",
username=username,
method="github")))
elif ctype == "forum":
user = User.query.filter_by(forums_username=username).first()
if user is not None and user.rank.atLeast(UserRank.NEW_MEMBER):
flash("That user has already been claimed!", "danger")
return redirect(url_for("users.claim_forums"))
# Get signature
sig = None
try:
profile = getProfile("https://forum.minetest.net", username)
sig = profile.signature if profile else None
except IOError as e:
if hasattr(e, 'message'):
message = e.message
else:
message = str(e)
flash("Error whilst attempting to access forums: " + message,
"danger")
return redirect(
url_for("users.claim_forums", username=username))
if profile is None:
flash("Unable to get forum signature - does the user exist?",
"danger")
return redirect(
url_for("users.claim_forums", username=username))
# Look for key
if sig and token in sig:
# Try getting again to fix crash
user = User.query.filter_by(forums_username=username).first()
if user is None:
user = User(username)
user.forums_username = username
db.session.add(user)
db.session.commit()
ret = login_user_set_active(user, remember=True)
if ret is None:
flash("Unable to login as user", "danger")
return redirect(
url_for("users.claim_forums", username=username))
return ret
else:
flash("Could not find the key in your signature!", "danger")
return redirect(
url_for("users.claim_forums", username=username))
else:
flash("Unknown claim type", "danger")
return render_template("users/claim_forums.html",
username=username,
key="cdb_" + token)