def oauth_view(request):
oauth = OAuth(update_token=_update_token)
oauth.register(name='dlfp')
dlfp = oauth.create_client('dlfp')
token = dlfp.authorize_access_token(request)
resp = dlfp.get('me', token=token)
profile = resp.json()
login = profile['login']
dbToken = OAuth2Token.objects.filter(username=login).first()
if not dbToken:
dbToken = OAuth2Token(
name='dlfp',
uuid=uuid.uuid4(),
username=login,
)
dbToken.token_type = token['token_type']
dbToken.access_token = token['access_token']
dbToken.refresh_token = token['refresh_token']
dbToken.expires_at = token['expires_at']
dbToken.save()
context = {'uuid': dbToken.uuid}
return render(request, 'boardauth/oauth.html', context)
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
self._client_name = settings.OIDC_BACKEND_CLIENT_NAME
oauth = OAuth()
oauth.register(self._client_name)
self._oidc_client = getattr(oauth, self._client_name)
def test_register_remote_app(self):
oauth = OAuth()
self.assertRaises(AttributeError, lambda: oauth.dev)
oauth.register('dev',
client_id='dev',
client_secret='dev',
request_token_url='https://i.b/reqeust-token',
api_base_url='https://i.b/api',
access_token_url='https://i.b/token',
authorize_url='https://i.b/authorize')
self.assertEqual(oauth.dev.name, 'dev')
self.assertEqual(oauth.dev.client_id, 'dev')
def post_dlfp(request):
user_uuid = request.COOKIES['uuid']
oauth = OAuth(update_token=_update_token)
oauth.register(name='dlfp')
dlfp = oauth.create_client('dlfp')
token = OAuth2Token.objects.filter(uuid=user_uuid).first()
message = request.POST[
'board[message]'] if 'board[message]' in request.POST else request.POST[
'message']
resp = dlfp.post('board',
json={'message': message},
token=token.to_token())
return HttpResponse(resp)
def test_register_with_overwrite(self):
oauth = OAuth()
oauth.register('dev_overwrite',
overwrite=True,
client_id='dev',
client_secret='dev',
request_token_url='https://i.b/reqeust-token',
api_base_url='https://i.b/api',
access_token_url='https://i.b/token',
access_token_params={'foo': 'foo'},
authorize_url='https://i.b/authorize')
self.assertEqual(oauth.dev_overwrite.client_id, 'dev-client-id')
self.assertEqual(oauth.dev_overwrite.access_token_params['foo'],
'foo-1')
def test_oauth2_authorize_code_verifier(self):
request = self.factory.get('/login')
request.session = self.factory.session
oauth = OAuth()
client = oauth.register(
'dev',
client_id='dev',
api_base_url='https://i.b/api',
access_token_url='https://i.b/token',
authorize_url='https://i.b/authorize',
client_kwargs={'code_challenge_method': 'S256'},
)
state = 'foo'
code_verifier = 'bar'
rv = client.authorize_redirect(request,
'https://a.b/c',
state=state,
code_verifier=code_verifier)
self.assertEqual(rv.status_code, 302)
url = rv.get('Location')
self.assertIn('state=', url)
self.assertIn('code_challenge=', url)
with mock.patch('requests.sessions.Session.send') as send:
send.return_value = mock_send_value(get_bearer_token())
request2 = self.factory.get('/authorize?state={}'.format(state))
request2.session = request.session
token = client.authorize_access_token(request2)
self.assertEqual(token['access_token'], 'a')
def test_oauth1_authorize(self):
request = self.factory.get('/login')
request.session = self.factory.session
oauth = OAuth()
client = oauth.register(
'dev',
client_id='dev',
client_secret='dev',
request_token_url='https://i.b/reqeust-token',
api_base_url='https://i.b/api',
access_token_url='https://i.b/token',
authorize_url='https://i.b/authorize',
)
with mock.patch('requests.sessions.Session.send') as send:
send.return_value = mock_send_value(
'oauth_token=foo&oauth_verifier=baz')
resp = client.authorize_redirect(request)
self.assertEqual(resp.status_code, 302)
url = resp.get('Location')
self.assertIn('oauth_token=foo', url)
request2 = self.factory.get(url)
request2.session = request.session
with mock.patch('requests.sessions.Session.send') as send:
send.return_value = mock_send_value(
'oauth_token=a&oauth_token_secret=b')
token = client.authorize_access_token(request2)
self.assertEqual(token['oauth_token'], 'a')
def test_oauth2_authorize(self):
request = self.factory.get('/login')
request.session = self.factory.session
oauth = OAuth()
client = oauth.register(
'dev',
client_id='dev',
client_secret='dev',
api_base_url='https://i.b/api',
access_token_url='https://i.b/token',
authorize_url='https://i.b/authorize',
)
rv = client.authorize_redirect(request, 'https://a.b/c')
self.assertEqual(rv.status_code, 302)
url = rv.get('Location')
self.assertIn('state=', url)
state = dict(url_decode(urlparse.urlparse(url).query))['state']
with mock.patch('requests.sessions.Session.send') as send:
send.return_value = mock_send_value(get_bearer_token())
request2 = self.factory.get('/authorize?state={}'.format(state))
request2.session = request.session
token = client.authorize_access_token(request2)
self.assertEqual(token['access_token'], 'a')
def test_oauth2_authorize_code_challenge(self):
request = self.factory.get('/login')
request.session = self.factory.session
oauth = OAuth()
client = oauth.register(
'dev',
client_id='dev',
api_base_url='https://i.b/api',
access_token_url='https://i.b/token',
authorize_url='https://i.b/authorize',
client_kwargs={'code_challenge_method': 'S256'},
)
rv = client.authorize_redirect(request, 'https://a.b/c')
self.assertEqual(rv.status_code, 302)
url = rv.get('Location')
self.assertIn('state=', url)
self.assertIn('code_challenge=', url)
state = dict(url_decode(urlparse.urlparse(url).query))['state']
state_data = request.session[f'_state_dev_{state}']['data']
verifier = state_data['code_verifier']
def fake_send(sess, req, **kwargs):
self.assertIn('code_verifier={}'.format(verifier), req.body)
return mock_send_value(get_bearer_token())
with mock.patch('requests.sessions.Session.send', fake_send):
request2 = self.factory.get('/authorize?state={}'.format(state))
request2.session = request.session
token = client.authorize_access_token(request2)
self.assertEqual(token['access_token'], 'a')
class OAuthSettings:
def __init__(self):
self.base_url = 'https://uspdigital.usp.br/wsusuario/oauth'
self.oauth = OAuth()
def create(self):
base_url = self.base_url
callback_id = getattr(settings, 'OAUTH_CALLBACK_ID')
self.oauth.register(
name='usp',
request_token_url=base_url + '/request_token',
access_token_url=base_url + '/access_token',
authorize_url=base_url +
'/authorize?callback_id={}'.format(callback_id),
api_base_url='https://uspdigital.usp.br/'
)
return self.oauth
def register_oauth():
"""Register the ``jwql`` application with the ``auth.mast``
authentication service.
Returns
-------
oauth : Object
An object containing methods to authenticate a user, provided
by the ``auth.mast`` service.
"""
# Get configuration parameters
for key in ['client_id', 'client_secret', 'auth_mast']:
check_config_for_key(key)
client_id = get_config()['client_id']
client_secret = get_config()['client_secret']
auth_mast = get_config()['auth_mast']
# Register with auth.mast
oauth = OAuth()
client_kwargs = {
'scope': 'mast:user:info',
'token_endpoint_auth_method': 'client_secret_basic',
'token_placement': 'header'
}
oauth.register(
'mast_auth',
client_id='{}'.format(client_id),
client_secret='{}'.format(client_secret),
access_token_url='https://{}/oauth/token'.format(auth_mast),
access_token_params=None,
refresh_token_url=None,
authorize_url='https://{}/oauth/authorize'.format(auth_mast),
api_base_url='https://{}/1.1/'.format(auth_mast),
client_kwargs=client_kwargs)
return oauth
def test_oauth2_authorize_access_denied(self):
oauth = OAuth()
client = oauth.register(
'dev',
client_id='dev',
client_secret='dev',
api_base_url='https://i.b/api',
access_token_url='https://i.b/token',
authorize_url='https://i.b/authorize',
)
with mock.patch('requests.sessions.Session.send'):
request = self.factory.get('/?error=access_denied&error_description=Not+Allowed')
request.session = self.factory.session
self.assertRaises(OAuthError, client.authorize_access_token, request)
def test_openid_authorize(self):
request = self.factory.get('/login')
request.session = self.factory.session
key = jwk.dumps('secret', 'oct', kid='f')
oauth = OAuth()
client = oauth.register(
'dev',
client_id='dev',
jwks={'keys': [key]},
api_base_url='https://i.b/api',
access_token_url='https://i.b/token',
authorize_url='https://i.b/authorize',
client_kwargs={'scope': 'openid profile'},
)
resp = client.authorize_redirect(request, 'https://b.com/bar')
self.assertEqual(resp.status_code, 302)
url = resp.get('Location')
self.assertIn('nonce=', url)
query_data = dict(url_decode(urlparse.urlparse(url).query))
token = get_bearer_token()
token['id_token'] = generate_id_token(
token,
{'sub': '123'},
key,
alg='HS256',
iss='https://i.b',
aud='dev',
exp=3600,
nonce=query_data['nonce'],
)
state = query_data['state']
with mock.patch('requests.sessions.Session.send') as send:
send.return_value = mock_send_value(token)
request2 = self.factory.get(
'/authorize?state={}&code=foo'.format(state))
request2.session = request.session
token = client.authorize_access_token(request2)
self.assertEqual(token['access_token'], 'a')
self.assertIn('userinfo', token)
self.assertEqual(token['userinfo']['sub'], '123')
def test_oauth2_access_token_with_post(self):
oauth = OAuth()
client = oauth.register(
'dev',
client_id='dev',
client_secret='dev',
api_base_url='https://i.b/api',
access_token_url='https://i.b/token',
authorize_url='https://i.b/authorize',
)
payload = {'code': 'a', 'state': 'b'}
with mock.patch('requests.sessions.Session.send') as send:
send.return_value = mock_send_value(get_bearer_token())
request = self.factory.post('/token', data=payload)
request.session = self.factory.session
request.session['_state_dev_b'] = {'data': {}}
token = client.authorize_access_token(request)
self.assertEqual(token['access_token'], 'a')
def test_with_fetch_token_in_oauth(self):
def fetch_token(name, request):
return {'access_token': name, 'token_type': 'bearer'}
oauth = OAuth(fetch_token=fetch_token)
client = oauth.register('dev',
client_id='dev',
client_secret='dev',
api_base_url='https://i.b/api',
access_token_url='https://i.b/token',
authorize_url='https://i.b/authorize')
def fake_send(sess, req, **kwargs):
self.assertEqual(sess.token['access_token'], 'dev')
return mock_send_value(get_bearer_token())
with mock.patch('requests.sessions.Session.send', fake_send):
request = self.factory.get('/login')
client.get('/user', request=request)
def test_openid_authorize(self):
request = self.factory.get('/login')
request.session = self.factory.session
oauth = OAuth()
client = oauth.register(
'dev',
client_id='dev',
api_base_url='https://i.b/api',
access_token_url='https://i.b/token',
authorize_url='https://i.b/authorize',
client_kwargs={'scope': 'openid profile'},
)
resp = client.authorize_redirect(request, 'https://b.com/bar')
self.assertEqual(resp.status_code, 302)
nonce = request.session['_dev_authlib_nonce_']
self.assertIsNotNone(nonce)
url = resp.get('Location')
self.assertIn('nonce={}'.format(nonce), url)
def test_request_without_token(self):
oauth = OAuth()
client = oauth.register('dev',
client_id='dev',
client_secret='dev',
api_base_url='https://i.b/api',
access_token_url='https://i.b/token',
authorize_url='https://i.b/authorize')
def fake_send(sess, req, **kwargs):
auth = req.headers.get('Authorization')
self.assertIsNone(auth)
resp = mock.MagicMock()
resp.text = 'hi'
resp.status_code = 200
return resp
with mock.patch('requests.sessions.Session.send', fake_send):
resp = client.get('/api/user', withhold_token=True)
self.assertEqual(resp.text, 'hi')
self.assertRaises(OAuthError, client.get, 'https://i.b/api/user')
ExamSlotFormSet,
CourseUserCreateForm,
CourseUserImportForm,
ExamEditForm,
ExamCheckinForm,
ExamEditSignupForm,
)
from .models import (Course, CourseUser, Exam, ExamRegistration, GithubToken,
User, ExamSlot)
oauth = OAuth()
oauth.register(
'github',
access_token_url='https://github.com/login/oauth/access_token',
access_token_params=None,
authorize_url='https://github.com/login/oauth/authorize',
authorize_params=None,
api_base_url='https://api.github.com/',
client_kwargs={'scope': 'repo:invite'},
)
def course_auth(request, course_code, instructor=False, use_sudo=True):
"""
Checks whether a user is enrolled in the course. If so, a 2-tuple
(course, course_user) is returned, and otherwise, a PermissionDenied
exception is raised. If the course doesn't exist, Http404 is raised.
If instructor is True, then only instructors are permitted to access
the course. If use_sudo is True, then the sudo user will be used if
activated in the session.
from authlib.integrations.django_client import OAuth
from tendenci.apps.event_logs.models import EventLog
from tendenci.apps.site_settings.utils import get_setting
oauth = OAuth()
remote_app_name = settings.OAUTH2_REMOTE_APP_NAME
oauth.register(
name=remote_app_name,
client_id=settings.OAUTH2_CLIENT_ID,
client_secret=settings.OAUTH2_CLIENT_SECRET,
userinfo_endpoint=settings.OAUTH2_USERINFO_ENDPOINT,
access_token_url=settings.OAUTH2_ACCESS_TOKEN_URL,
access_token_params=settings.OAUTH2_ACCESS_TOKEN_PARAMS,
authorize_url=settings.OAUTH2_AUTHORIZE_URL,
authorize_params=settings.OAUTH2_AUTHORIZE_PARAMS,
api_base_url=settings.OAUTH2_API_BASE_URL,
client_kwargs=settings.OAUTH2_CLIENT_KWARGS,
)
myclient = oauth.create_client(settings.OAUTH2_REMOTE_APP_NAME)
class LoginView(View):
def get(self, request):
if request.user.is_authenticated:
return HttpResponseRedirect(
request.GET.get('next', settings.LOGIN_REDIRECT_URL))
from django.http import Http404
from django.urls import reverse
from django.http import JsonResponse
from django.db.models import Count
from django.shortcuts import render, redirect
from authlib.integrations.django_client import OAuth
from .models import User, Tweets
from .utils import sevenspan, getlinks
oauth = OAuth()
oauth.register(
name='twitter',
api_base_url='https://api.twitter.com/1.1/',
request_token_url='https://api.twitter.com/oauth/request_token',
access_token_url='https://api.twitter.com/oauth/access_token',
authorize_url='https://api.twitter.com/oauth/authenticate',
fetch_token=lambda: session.get(token),
)
def home(request):
newuser = request.session.get('user')
if newuser:
newuser, created = User.objects.get_or_create(handleid=newuser['id'], name=newuser['screen_name'])
return render(request, 'tweetie/home.html', context={'user': newuser})
def login(request):
redirect_uri = request.build_absolute_uri(reverse('auth'))
def test_register_from_settings(self):
oauth = OAuth()
oauth.register('dev')
self.assertEqual(oauth.dev.client_id, 'dev-key')
self.assertEqual(oauth.dev.client_secret, 'dev-secret')
from django.shortcuts import redirect
from django.urls import reverse
from django.contrib.auth import authenticate, login as django_login
from authlib.integrations.django_client import OAuth
from django.conf import settings
host = getattr(settings, 'ENVOY_HOST', 'envoy.com')
oauth = OAuth()
oauth.register(name='envoy',
access_token_url=f'https://app.{host}/a/auth/v0/token',
authorize_url=f'https://dashboard.{host}/a/auth/v0/authorize',
client_kwargs={'scope': 'public'})
def login(request):
redirect_uri = request.build_absolute_uri(reverse('authorize'))
return oauth.envoy.authorize_redirect(request, redirect_uri)
def authorize(request):
oauth_token = oauth.envoy.authorize_access_token(request)
# Authenticates user using EnvoyAuthBackend
user = authenticate(oauth_token=oauth_token)
# TODO: handle failure
if user is not None:
# saves user_id in Session
django_login(request, user)
return redirect('/')
def login(request):
oauth = OAuth(update_token=_update_token)
oauth.register(name='dlfp')
dlfp = oauth.create_client('dlfp')
redirect_uri = 'https://localhost:8443/boardauth/oauth' # reverse('oauth')
return dlfp.authorize_redirect(request, redirect_uri)
def normalize_userinfo(_client, data: Dict[str, str]) -> Dict[str, str]:
return {
"id": data["id"],
"username": data["username"] + "." + data["discriminator"],
"email": data["email"],
}
oauth = OAuth()
oauth.register(
"discord",
api_base_url="https://discord.com/api/",
access_token_url="https://discord.com/api/oauth2/token",
authorize_url="https://discord.com/api/oauth2/authorize",
userinfo_endpoint="https://discord.com/api/users/%40me",
userinfo_compliance_fix=normalize_userinfo,
client_kwargs={
"token_endpoint_auth_method": "client_secret_post",
"scope": "identify email guilds",
},
)
def get_discord_client() -> DjangoRemoteApp:
"""
Get a Discord OAuth2 client
"""
return oauth.create_client("discord")
class OAuthMiddleware(MiddlewareMixin):
def __init__(self, get_response=None):
super().__init__(get_response)
self.oauth = OAuth()
def process_request(self, request):
if settings.OAUTH_URL_WHITELISTS is not None:
for w in settings.OAUTH_URL_WHITELISTS:
if request.path.startswith(w):
return self.get_response(request)
def update_token(token, refresh_token, access_token):
request.session['token'] = token
return None
sso_client = self.oauth.register(settings.OAUTH_CLIENT_NAME,
overwrite=True,
**settings.OAUTH_CLIENT,
update_token=update_token)
if request.path.startswith('/oauth/callback'):
self.clear_session(request)
request.session['token'] = sso_client.authorize_access_token(
request)
if self.get_current_user(sso_client, request) is not None:
redirect_uri = request.session.pop('redirect_uri', None)
if redirect_uri is not None:
return redirect(redirect_uri)
return redirect(views.index)
if request.session.get('token', None) is not None:
current_user = self.get_current_user(sso_client, request)
if current_user is not None:
return self.get_response(request)
# remember redirect URI for redirecting to the original URL.
request.session['redirect_uri'] = request.path
return sso_client.authorize_redirect(
request, settings.OAUTH_CLIENT['redirect_uri'])
# fetch current login user info
# 1. check if it's in cache
# 2. fetch from remote API when it's not in cache
@staticmethod
def get_current_user(sso_client, request):
token = request.session.get('token', None)
if token is None or 'access_token' not in token:
return None
if not OAuth2Token.from_dict(
token).is_expired() and 'user' in request.session:
return request.session['user']
try:
res = sso_client.get(settings.OAUTH_CLIENT['userinfo_endpoint'],
token=OAuth2Token(token))
if res.ok:
request.session['user'] = res.json()
return res.json()
except OAuthError as e:
print(e)
return None
@staticmethod
def clear_session(request):
try:
del request.session['user']
del request.session['token']
except KeyError:
pass
def __del__(self):
print('destroyed')
import logging
from django.contrib.auth.models import User
from django.contrib.auth import authenticate, login
from django.http import HttpResponseRedirect, HttpResponse
from people.models import Profile
from lib.KTH_Catalog import lookup_user, merge_user_info
oauth = OAuth()
oauth.register(
name='kth',
server_metadata_url=
'https://login.ug.kth.se/adfs/.well-known/openid-configuration',
client_kwargs={
'scope': 'openid email username',
},
authorization_endpoint='https://login.ug.kth.se/adfs/oauth2/authorize/',
token_endpoint='https://login.ug.kth.se/adfs/oauth2/token/',
response_type='code',
)
def kth_login(request):
next = '/' if not request.GET.__contains__('next') else request.GET['next']
redirect_uri = request.build_absolute_uri(
f'/oidc/kth/callback?next={next}')
return oauth.kth.authorize_redirect(request, redirect_uri)
def authorize(request):
# OAuth Configuration
oauth = OAuth()
REDIRECT_URI = 'http://localhost:8000/auth/authorize'
AUTHLIB_OAUTH_CLIENTS = {
'usp': {
'client_id': config('OAUTH_CLIENT_ID'),
'client_secret': config('OAUTH_CLIENT_SECRET')
}
}
oauth.register(name='usp',
request_token_url=config('REQUEST_TOKEN_URL'),
access_token_url=config('ACCESS_TOKEN_URL'),
authorize_url=config('AUTHORIZE_URL'),
api_base_url=config('API_BASE_URL'))
USP_CLIENT = oauth
# Application definition
INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'django_extensions',
},
'userinfo_endpoint': USERINFO_ENDPOINT,
'userinfo_compliance_fix': normalize_userinfo,
}
# facebook_oauth = OAuth()
# facebook_oauth.register(
# name='facebook',
# fetch_token = lambda request: getattr(request, token_name,None),
# client_cls = RemoteApp,
# )
CONF_URL = 'https://accounts.google.com/.well-known/openid-configuration'
oauth = OAuth()
oauth.register(name='google',
server_metadata_url=CONF_URL,
client_kwargs={'scope': 'openid email profile'})
oauth.register(
name='facebook',
overwrite=True,
fetch_token=lambda request: getattr(request, token_name, None),
)
def loginFacebook(request):
facebook = oauth.create_client('facebook')
redirect_uri = request.build_absolute_uri(reverse('authfacebook'))
return facebook.authorize_redirect(request, redirect_uri)
p.velocities = velocity_json
p.project_settings = attrs.get('project_settings',
p.project_settings)
p.mode = attrs.get('mode', p.mode)
p.save()
else:
logger.warning('projects_dict is None')
logger.info('parse_tms has finished')
response_message = ''
if len(new_projects) > 0:
response_message += "New projects found and parsed: {}.".format(
', '.join(new_projects))
else:
response_message += 'No new projects detected - please ensure there are done tasks assigned to you.'
if len(updated_projects) > 0:
response_message += " Updated existing projects: {}.".format(
', '.join(updated_projects))
logger.info('parse_tms response: {}'.format(response_message))
return response_message
PROD_HOST_URL = getattr(settings, "PROD_HOST_URL", "http://localhost:8000")
atlassian_redirect_uri = PROD_HOST_URL + '/atlassian_callback'
logger.debug('atlassian_redirect_uri: "{}"'.format(atlassian_redirect_uri))
oauth = OAuth(fetch_token=fetch_oauth_token, update_token=update_oauth_token)
oauth.register(name='atlassian')
logger.debug('oauth registered: {}'.format(oauth.atlassian))
logger.info('models import finished.')
import json
from django.shortcuts import redirect
from django.urls import reverse
from rest_framework.views import APIView
from rest_framework.permissions import IsAuthenticated
from authlib.integrations.django_client import OAuth
from django.conf import settings
from core.views.utils import generate_uri
oauth = OAuth()
oauth.register(
name='blizzard',
server_metadata_url=settings.BLIZZARD_CONF_URL,
client_kwargs={
'scope': ''
}
)
class AuthLoginBlizzard(APIView):
permission_classes = [IsAuthenticated]
def get(self, request):
redirect_uri = generate_uri(request, reverse('blizzard_auth'))
return oauth.blizzard.authorize_redirect(request, redirect_uri)
class AuthCompleteBlizzard(APIView):
permission_classes = [IsAuthenticated]