def authorized(provider):
if provider == 'github':
response = github_auth.authorized_response()
if response is None or response.get('access_token') is None:
# TODO: what to show to users?
log.warning('Access denied: {0}, {1}, {2}'.format(
request.args['error'], request.args['error_description'],
response))
abort(401, 'There was a problem logging in')
oauth_user = github_auth.get('user',
token=(response['access_token'], ''))
if oauth_user.status != 200:
log.warning('Access denied: could not get user details')
abort(401, 'Error logging in: could not get user details')
oauth_user = oauth_user.data
provider_id = oauth_user['id']
# Check if user exists, first by provider id, then by email
user = _get_user_by_provider_id(provider, provider_id)
if not user and oauth_user.get('email'):
# User exists, but she had logged in with another provider
user = _get_user_by_email(oauth_user['email'])
if not user:
# User does not exist, create it
user = User(name=oauth_user['login'],
display_name=oauth_user['name'],
email=oauth_user['email'])
log.debug('New user created: {0} (GitHub id: {1})'.format(
user.name, provider_id))
if user.provider_ids is None:
user.provider_ids = {}
if user.conf is None:
user.conf = {}
# Update these values
user.provider_ids.update({provider: provider_id})
user.github_oauth_token = response['access_token']
database['session'].add(user)
database['session'].commit()
# TODO: check github scopes
# Login user with Flask-Login
login_user(user)
log.debug('User logged in: {0} (GitHub id: {1})'.format(
user.name, provider_id))
return redirect(url_for('site.home'))
def test_update_user_stored_in_db():
params = {
'id': 'my-id',
'name': 'my-name-2',
'email': '*****@*****.**',
'admin': True,
'display_name': 'Test User'
}
database['session'].add(User(**params))
database['session'].commit()
# Make sure that we are not checking the cached object in the session
database['session'].remove()
user = database['session'].query(User).get('my-id')
assert user
user.email = '*****@*****.**'
database['session'].add(user)
database['session'].commit()
database['session'].remove()
user = database['session'].query(User).get('my-id')
assert user.email == '*****@*****.**'
def test_create_user_stored_in_db_no_email():
params = {
'id': 'my-id',
'name': 'my-name-2',
'email': None,
'admin': True,
'display_name': 'Test User'
}
database['session'].add(User(**params))
database['session'].commit()
# Make sure that we are not checking the cached object in the session
database['session'].remove()
user = database['session'].query(User).get('my-id')
assert user
assert user.id == 'my-id'
assert user.name == 'my-name-2'
assert user.email is None
assert user.display_name == 'Test User'
assert user.admin is True
def decorated_view(*args, **kwargs):
token = request.headers.get('Authorization')
msg = ('Unauthorized, please provide a valid token in the ' +
'`Authorization` header')
if not token:
raise ApiError(401, msg)
user = User.get_by_api_token(token)
if not user:
raise ApiError(401, msg)
return view(*args, user=user, **kwargs)
def test_get_by_api_token_not_existent():
user = User.get_by_api_token('not-existent')
assert user is None
def test_get_by_api_token():
user = factories.User()
token = user.create_api_token()
user = User.get_by_api_token(token.token)
assert len(user.api_tokens) == 1
assert len(user.api_tokens[0].token) == 40