def get_userinfo(cls, client_id, client_secret, code,
authorization_response):
client = WebApplicationClient(client_id)
base_url = authorization_response.replace(
'?' + urlparse(authorization_response).query, '')
# get access token
token_url, headers, body = client.prepare_token_request(
cls.token_endpoint,
authorization_response=authorization_response,
redirect_url=base_url,
code=code,
)
token_response = requests.post(
token_url,
headers=headers,
data=body,
auth=(client_id, client_secret),
)
client.parse_request_body_response(token_response.text)
# get user information
uri, headers, body = client.add_token(cls.userinfo_endpoint)
userinfo_response = requests.get(uri, headers=headers, data=body)
data = userinfo_response.json()
return data
def callback():
google_provider_cfg = get_google_provider_cfg()
token_endpoint = google_provider_cfg["token_endpoint"]
code = request.args.get("code")
client = WebApplicationClient(GOOGLE_CLIENT_ID)
token_url, headers, body = client.prepare_token_request(
token_endpoint,
authorization_response=force_https(request.url),
redirect_url=force_https(request.base_url),
code=code
)
token_response = requests.post(
force_https(token_url),
headers=headers,
data=body,
auth=(GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET),
)
client.parse_request_body_response(json.dumps(token_response.json()))
userinfo_endpoint = google_provider_cfg["userinfo_endpoint"]
uri, headers, body = client.add_token(userinfo_endpoint)
userinfo_response = requests.get(uri, headers=headers, data=body)
logging.info('Logging user')
login_user(User(userinfo_response.json()["email"]))
return redirect(url_for('main'))
def callback():
logger.debug("callback()")
code = request.args.get("code")
client = WebApplicationClient(oauth_credential["client_id"])
token_endpoint = requests.get(
GOOGLE_DISCOVERY_URL).json()["token_endpoint"]
token_url, headers, body = client.prepare_token_request(
token_endpoint,
authorization_response=request.url,
redirect_url=request.base_url,
code=code)
token_response = requests.post(
token_url,
headers=headers,
data=body,
auth=(oauth_credential["client_id"],
oauth_credential["client_secret"]))
client.parse_request_body_response(json.dumps(token_response.json()))
userinfo_endpoint = requests.get(
GOOGLE_DISCOVERY_URL).json()["userinfo_endpoint"]
uri, headers, body = client.add_token(userinfo_endpoint)
uri = uri.replace("http:", "https:")
userinfo_response = requests.get(uri, headers=headers,
data=body).json()
member = remote_db.get("member",
userinfo_response["email"].split('@')[0])
login_user(member, remember=True)
return redirect(url_for("index"))
def get_google_user_info(req: Request):
client = WebApplicationClient(current_app.config['GOOGLE_CLIENT_ID'])
code = req.args.get('code')
callback_uri = current_app.config.get('GOOGLE_CLIENT_CALLBACK')
# Find out what URL to hit to get tokens that allow you to ask for things on behalf of a user
google_provider_cfg = get_google_provider_cfg()
token_endpoint = google_provider_cfg['token_endpoint']
userinfo_endpoint = google_provider_cfg['userinfo_endpoint']
# Prepare and send a req to get tokens
token_url, headers, body = client.prepare_token_request(
token_endpoint,
authorization_response=translate_url_https(req.url),
redirect_url=callback_uri,
code=code
)
token_response = requests.post(
token_url,
headers=headers,
data=body,
auth=(current_app.config.get('GOOGLE_CLIENT_ID'), current_app.config.get('GOOGLE_CLIENT_SECRET')),
)
client.parse_request_body_response(json.dumps(token_response.json()))
# let's find and hit the URL from Google that gives you the user's profile information
uri, headers, body = client.add_token(userinfo_endpoint)
userinfo = requests.get(uri, headers=headers, data=body).json()
return userinfo
class GoogleSignIn(OAuthSignIn):
def __init__(self):
super(GoogleSignIn, self).__init__('google')
self.client = WebApplicationClient(self.consumer_id)
@classmethod
def get_google_provider_cfg(cls):
return requests.get(app.config["GOOGLE_DISCOVERY_URL"]).json()
def authorize(self):
google_provider_cfg = self.get_google_provider_cfg()
authorization_endpoint = google_provider_cfg["authorization_endpoint"]
request_uri = self.client.prepare_request_uri(
authorization_endpoint,
redirect_uri=request.base_url + "/callback",
scope=["openid", "email", "profile"],
)
return jsonify({'uri': request_uri})
def callback(self):
code = request.args.get("code")
google_provider_cfg = self.get_google_provider_cfg()
token_endpoint = google_provider_cfg["token_endpoint"]
token_url, headers, body = self.client.prepare_token_request(
token_endpoint,
authorization_response=request.url,
redirect_url=request.base_url,
code=code
)
token_response = requests.post(
token_url,
headers=headers,
data=body,
auth=(
self.consumer_id,
self.consumer_secret
),
)
self.client.parse_request_body_response(
json.dumps(token_response.json())
)
userinfo_endpoint = google_provider_cfg["userinfo_endpoint"]
uri, headers, body = self.client.add_token(userinfo_endpoint)
userinfo_response = requests.get(uri, headers=headers, data=body)
if userinfo_response.json().get("email_verified"):
user_email = userinfo_response.json()["email"]
else:
return jsonify(
"User email not available or not verified by Google."), 400
return super().check_for_user_in_database(user_email)
class OAuth2:
def __init__(
self, *,
client_id: str, client_secret: str,
authorization_url: str, token_url: str,
userinfo_url: str, scope: list
):
self.client_id = client_id
self.client_secret = client_secret
self.authorization_url = authorization_url
self.token_url = token_url
self.userinfo_url = userinfo_url
self.scope = scope
# see https://oauthlib.readthedocs.io/en/latest/oauth2/clients/webapplicationclient.html # noqa
self.oauth2_client = WebApplicationClient(client_id)
def get_redirect_url(self, callback_url: str):
# Prepare the authorization code request URI
request_uri = self.oauth2_client.prepare_request_uri(
self.authorization_url,
redirect_uri=callback_url,
scope=self.scope
)
return request_uri
def get_user_info(self, request_url: str, code: str) -> dict:
# Get request url without query parameter
base_url = urljoin(request_url, urlparse(request_url).path)
# Prepare a token creation request.
token_url, headers, body = self.oauth2_client.prepare_token_request(
self.token_url,
authorization_response=request_url,
redirect_url=base_url,
code=code
)
token_response = requests.post(
token_url,
headers=headers,
data=body,
auth=(self.client_id, self.client_secret)
)
# Parse the JSON response body.
self.oauth2_client.parse_request_body_response(
json.dumps(token_response.json())
)
# Add token to the request uri, body or authorization header.
uri, headers, body = self.oauth2_client.add_token(
self.userinfo_url
)
userinfo_response = requests.get(uri, headers=headers, data=body)
return userinfo_response.json()
def callback(client: WebApplicationClient):
# Get authorization code Google sent back to you
code = request.args.get("code")
# Find out what URL to hit to get tokens that allow you to ask for
# things on behalf of a user
google_provider_cfg = get_google_provider_cfg()
token_endpoint = google_provider_cfg["token_endpoint"]
# Prepare and send a request to get tokens! Yay tokens!
token_url, headers, body = client.prepare_token_request(
token_endpoint,
authorization_response=request.url,
redirect_url=request.base_url,
code=code)
token_response = requests.post(
token_url,
headers=headers,
data=body,
auth=(GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET),
)
# Parse the tokens!
client.parse_request_body_response(json.dumps(token_response.json()))
# Now that you have tokens (yay) let's find and hit the URL
# from Google that gives you the user's profile information,
# including their Google profile image and email
user_info_endpoint = google_provider_cfg["userinfo_endpoint"]
uri, headers, body = client.add_token(user_info_endpoint)
user_info_response = requests.get(uri, headers=headers, data=body)
# You want to make sure their email is verified.
# The user authenticated with Google, authorized your
# app, and now you've verified their email through Google!
if user_info_response.json().get("email_verified"):
unique_id = user_info_response.json()["sub"]
users_email = user_info_response.json()["email"]
picture = user_info_response.json()["picture"]
users_name = user_info_response.json()["name"]
else:
return "User email not available or not verified by Google.", 400
# Create a user in your db with the information provided by Google
user = user_dao.get_user_by_google_id(unique_id)
if user is None:
user = User(unique_id, users_name, users_email, picture, "")
user_dao.save_user(user)
# TODO send request about birthday
else:
if user.profile_pic != picture:
user.profile_pic = picture
user_dao.update_picture(user.id, picture)
# Begin user session by logging the user in
login_user(user)
def callback():
"""
This deals with the Google API token for user
authentification.
"""
client = WebApplicationClient(current_app.config['GOOGLE_CLIENT_ID'])
code = request.args.get("code")
google_provider_cfg = get_google_provider_cfg()
token_endpoint = google_provider_cfg["token_endpoint"]
print(request.base_url)
print(code)
print(request.url)
if request.url[4] == 's':
url = "https" + request.url[5:]
print(url)
token_url, headers, body = client.prepare_token_request(
token_endpoint,
authorization_response=url,
redirect_url=request.base_url,
code=code)
token_response = requests.post(
token_url,
headers=headers,
data=body,
auth=(current_app.config['GOOGLE_CLIENT_ID'],
current_app.config['GOOGLE_CLIENT_SECRET']),
)
client.parse_request_body_response(json.dumps(token_response.json()))
userinfo_endpoint = google_provider_cfg["userinfo_endpoint"]
uri, headers, body = client.add_token(userinfo_endpoint)
userinfo_response = requests.get(uri, headers=headers, data=body)
if userinfo_response.json().get("email_verified"):
unique_id = userinfo_response.json()["sub"]
users_email = userinfo_response.json()["email"]
users_name = userinfo_response.json()["given_name"]
if User.query.filter_by(email=users_email).first():
user = User.query.filter_by(email=users_email).first()
if user is None or not user.check_password(unique_id):
return redirect(url_for('shop.index'))
login_user(user, remember=False)
next_page = request.args.get('next')
if not next_page or url_parse(next_page).netloc != '':
next_page = url_for('shop.index')
return redirect(next_page)
else:
user = User(username=users_name, email=users_email)
user.set_password(unique_id)
db.session.add(user)
db.session.commit()
else:
return _("User email not available or not verified by Google."), 400
return redirect(url_for("shop.index"))
def google_callback():
google_provider_cfg = get_google_provider_cfg()
token_endpoint = google_provider_cfg["token_endpoint"]
oauth = WebApplicationClient(settings.GOOGLE_CLIENT_ID)
if request.args.get("error"):
flash('Error! ' + request.args.get("error"), 'alert-warning')
return redirect(url_for('main'))
state = request.args.get("state")
if state != session.get("state"):
flash('Error! state not match.', 'alert-warning')
return redirect(url_for('main'))
session.pop('state', None)
url, headers, body = oauth.prepare_token_request(
token_endpoint,
authorization_response=request.url,
redirect_url=request.base_url,
state='',
body='',
client_secret=settings.GOOGLE_CLIENT_SECRET)
token_response = requests.post(
url,
headers=headers,
data=body,
auth=(settings.GOOGLE_CLIENT_ID, settings.GOOGLE_CLIENT_SECRET),
)
oauth.parse_request_body_response(json.dumps(token_response.json()))
userinfo_endpoint = google_provider_cfg["userinfo_endpoint"]
uri, headers, body = oauth.add_token(userinfo_endpoint)
userinfo_response = requests.get(uri, headers=headers, data=body)
if userinfo_response.status_code != 200:
flash('Error! ' + userinfo_response.json(), 'alert-warning')
return redirect(url_for('main'))
unique_id = userinfo_response.json()["sub"]
users_name = userinfo_response.json()["name"]
picture = userinfo_response.json()["picture"]
user = User(id_=unique_id, name=users_name, profile_pic=picture)
if not User.get(unique_id):
User.create(unique_id, users_name, picture)
login_user(user)
session["newregister"] = 1
flash('You have been successfully created an account.',
'alert-success')
return redirect(url_for('pushtime'))
login_user(user)
return redirect(url_for('channellist'))
class GoogleAuth(object):
AUTHORIZATION_ENDPOINT_URL = "https://accounts.google.com/o/oauth2/v2/auth"
TOKEN_ENDPOINT_URL = "https://oauth2.googleapis.com/token"
USERINFO_ENDPOINT_URL = "https://openidconnect.googleapis.com/v1/userinfo"
def __init__(self, client_id, client_secret):
self.CLIENT_ID = client_id
self.CLIENT_SECRET = client_secret
self.client = WebApplicationClient(self.CLIENT_ID)
def get_requests_uri(self, redirect_uri, scope):
request_uri = self.client.prepare_request_uri(
self.AUTHORIZATION_ENDPOINT_URL,
redirect_uri=redirect_uri,
scope=scope,
state=str(time.time()))
return request_uri
def get_user_info(self, code, redirect_url):
token_url, headers, body = self.client.prepare_token_request(
self.TOKEN_ENDPOINT_URL,
client_secret=self.CLIENT_SECRET,
client_id=self.CLIENT_ID,
redirect_url=redirect_url,
code=code)
token_response = requests.post(
token_url,
headers=headers,
data=body,
auth=(self.CLIENT_ID, self.CLIENT_SECRET),
)
self.client.parse_request_body_response(
json.dumps(token_response.json()))
uri, headers, body = self.client.add_token(self.USERINFO_ENDPOINT_URL)
userinfo_response = requests.get(uri, headers=headers)
if userinfo_response.json().get("email_verified"):
_id = userinfo_response.json()["sub"]
email = userinfo_response.json()["email"]
name = userinfo_response.json()["given_name"]
return {"id": _id, "email": email, "name": name}
else:
return {}
def login_callback():
callback_code = request.args.get("code")
github_client = WebApplicationClient(os.environ.get('clientId'))
github_token = github_client.prepare_token_request("https://github.com/login/oauth/access_token", code=callback_code)
github_access = requests.post(github_token[0], headers=github_token[1], data=github_token[2], auth=(os.environ.get('clientId'), os.environ.get('client_secret')))
github_json = github_client.parse_request_body_response(github_access.text)
github_user_request_param = github_client.add_token("https://api.github.com/user")
github_user = requests.get(github_user_request_param[0], headers=github_user_request_param[1]).json()
login_user(User(github_user))
mongo.add_user_mongo(current_user)
app.logger.info("User '%s' logged in successfully", current_user.name)
return redirect('/')
def callback():
client = WebApplicationClient(app.config.get("CLIENT_ID"))
token = client.prepare_token_request(
"https://github.com/login/oauth/access_token",
code=request.args.get("code"))
access = requests.post(token[0],
headers=token[1],
data=token[2],
auth=(app.config.get("CLIENT_ID"),
app.config.get("CLIENT_SECRET")))
client.parse_request_body_response(access.text)
params = client.add_token("https://api.github.com/user")
github_user = requests.get(params[0], headers=params[1]).json()
login_user(User(github_user['id']))
return index()
class FacebookSignIn(OAuthSignIn):
def __init__(self):
super(FacebookSignIn, self).__init__('facebook')
self.client = WebApplicationClient(self.consumer_id)
self.authorize_url = app.config["FACEBOOK_AUTHORIZE_URL"]
self.access_token_url = app.config["FACEBOOK_ACCESS_TOKEN_URL"]
self.user_info_url = app.config["FACEBOOK_USER_INFO_URL"]
def authorize(self):
request_uri = self.client.prepare_request_uri(
self.authorize_url,
redirect_uri=request.base_url + "/callback",
scope=["email"],
)
return jsonify({'uri': request_uri})
def callback(self):
code = request.args.get("code")
token_url, headers, body = self.client.prepare_token_request(
self.access_token_url,
authorization_response=request.url,
redirect_url=request.base_url,
code=code
)
token_response = requests.post(
token_url,
headers=headers,
data=body,
auth=(
self.consumer_id,
self.consumer_secret
),
)
self.client.parse_request_body_response(
json.dumps(token_response.json())
)
uri, headers, body = self.client.add_token(self.user_info_url)
userinfo_response = requests.get(uri, headers=headers, data=body)
user_email = userinfo_response.json()["email"]
return super().check_for_user_in_database(user_email)
def callback(app, request):
# Get authorization code Google sent back to you
code = request.args.get("code")
client = WebApplicationClient(app.config["GOOGLE_CLIENT_ID"])
# Find out what URL to hit to get tokens that allow you to ask for
# things on behalf of a user
google_provider_cfg = get_google_provider_cfg(app)
token_endpoint = google_provider_cfg["token_endpoint"]
# Prepare and send request to get tokens! Yay tokens!
token_url, headers, body = client.prepare_token_request(
token_endpoint,
authorization_response=request.url,
redirect_url=request.base_url,
code=code,
)
token_response = requests.post(
token_url,
headers=headers,
data=body,
auth=(app.config["GOOGLE_CLIENT_ID"],
app.config["GOOGLE_CLIENT_SECRET"]),
)
# Parse the tokens!
client.parse_request_body_response(json.dumps(token_response.json()))
# Now that we have tokens (yay) let's find and hit URL
# from Google that gives you user's profile information,
# including their Google Profile Image and Email
userinfo_endpoint = google_provider_cfg["userinfo_endpoint"]
uri, headers, body = client.add_token(userinfo_endpoint)
userinfo_response = requests.get(uri, headers=headers, data=body)
# We want to make sure their email is verified.
# The user authenticated with Google, authorized our
# app, and now we've verified their email through Google!
if userinfo_response.json().get("email_verified"):
return {
"unique_id": userinfo_response.json()["sub"],
"users_name": userinfo_response.json()["given_name"],
"users_email": userinfo_response.json()["email"],
"picture": userinfo_response.json()["picture"],
}
else:
return None
class FacebookAuth(object):
AUTHORIZATION_ENDPOINT_URL = "https://www.facebook.com/v4.0/dialog/oauth"
TOKEN_ENDPOINT_URL = "https://graph.facebook.com/v4.0/oauth/access_token"
USERINFO_ENDPOINT_URL = "https://graph.facebook.com/me"
def __init__(self, client_id, client_secret):
self.CLIENT_ID = client_id
self.CLIENT_SECRET = client_secret
self.client = WebApplicationClient(self.CLIENT_ID)
def get_requests_uri(self, redirect_uri, scope):
request_uri = self.client.prepare_request_uri(
self.AUTHORIZATION_ENDPOINT_URL,
redirect_uri=redirect_uri,
scope=scope,
state=str(time.time()))
return request_uri
def get_user_info(self, code, redirect_url):
token_url, headers, body = self.client.prepare_token_request(
self.TOKEN_ENDPOINT_URL,
client_secret=self.CLIENT_SECRET,
client_id=self.CLIENT_ID,
redirect_url=redirect_url,
code=code)
token_response = requests.post(
token_url,
headers=headers,
data=body,
auth=(self.CLIENT_ID, self.CLIENT_SECRET),
)
self.client.parse_request_body_response(
json.dumps(token_response.json()))
uri, headers, body = self.client.add_token(self.USERINFO_ENDPOINT_URL)
params = {"fields": "email,name"}
userinfo_response = requests.get(uri, headers=headers, params=params)
return userinfo_response.json()
def callback():
get_code = request.args.get('code')
client = WebApplicationClient(client_id=client_id)
url, headers, body = client.prepare_token_request(
'https://github.com/login/oauth/access_token', code=get_code)
git_access_key = requests.post(url,
headers=headers,
data=body,
auth=(client_id, client_secret))
git_json = client.parse_request_body_response(git_access_key.text)
git_user_request = client.add_token("https://api.github.com/user")
git_user = requests.get(git_user_request[0],
headers=git_user_request[1]).json()
git_login = User(git_user['login'])
login_user(git_login)
return redirect('/')
def login_with_google_callback():
if app.config.get('GOOGLE_CLIENT_ID') \
and not request.is_secure \
and request.headers.get('X-Forwarded-Proto', 'http') == 'https':
os.environ['OAUTHLIB_INSECURE_TRANSPORT'] = '1'
client = WebApplicationClient(app.config.get('GOOGLE_CLIENT_ID'))
google_provider_cfg = requests.get(app.config.get('GOOGLE_DISCOVERY_URL')).json()
code = request.args.get("code")
token_endpoint = google_provider_cfg["token_endpoint"]
token_url, headers, body = client.prepare_token_request(
token_endpoint,
authorization_response=request.url,
redirect_url=url_for('login_with_google_callback', _external=True),
code=code,
)
token_response = requests.post(
token_url,
headers=headers,
data=body,
auth=(
app.config.get('GOOGLE_CLIENT_ID'),
app.config.get('GOOGLE_CLIENT_SECRET'),
),
).json()
client.parse_request_body_response(json.dumps(token_response))
userinfo_endpoint = google_provider_cfg["userinfo_endpoint"]
uri, headers, body = client.add_token(userinfo_endpoint)
userinfo_response = requests.get(uri, headers=headers, data=body).json()
user = app.datamapper.user.getByGoogleId(userinfo_response["sub"])
if user is None:
response = redirect(url_for('login'))
flash("Login failed", 'error')
return response
else:
session['user_id'] = user.id
flash("Welcome %s" % userinfo_response.get('name', user.name), 'success')
return redirect(url_for('home'))
def link_google_callback(self):
if self.config.get('GOOGLE_CLIENT_ID') \
and not request.is_secure \
and request.headers.get('X-Forwarded-Proto', 'http') == 'https':
os.environ['OAUTHLIB_INSECURE_TRANSPORT'] = '1'
client = WebApplicationClient(self.config.get('GOOGLE_CLIENT_ID'))
google_provider_cfg = requests.get(
self.config.get('GOOGLE_DISCOVERY_URL')).json()
code = request.args.get("code")
token_endpoint = google_provider_cfg["token_endpoint"]
token_url, headers, body = client.prepare_token_request(
token_endpoint,
authorization_response=request.url,
redirect_url=url_for('user.link_google_callback', _external=True),
code=code,
)
token_response = requests.post(
token_url,
headers=headers,
data=body,
auth=(
self.config.get('GOOGLE_CLIENT_ID'),
self.config.get('GOOGLE_CLIENT_SECRET'),
),
).json()
client.parse_request_body_response(json.dumps(token_response))
userinfo_endpoint = google_provider_cfg["userinfo_endpoint"]
uri, headers, body = client.add_token(userinfo_endpoint)
userinfo_response = requests.get(uri, headers=headers,
data=body).json()
user = self.datamapper.getById(request.user.id)
user.google_id = userinfo_response["sub"]
self.datamapper.update(user)
return redirect(url_for('user.edit', obj_id=user.id))
def login():
github_code = request.args.get('code')
client = WebApplicationClient(os.environ.get('AUTH_CLIENTID'))
token = client.prepare_token_request(os.environ.get('AUTH_TOKEN_URL'),
code=github_code)
access = requests.post(token[0],
headers=token[1],
data=token[2],
auth=(os.environ.get('AUTH_CLIENTID'),
os.environ.get('AUTH_SECRET')))
client.parse_request_body_response(access.text)
github_user_request_param = client.add_token(
os.environ.get('AUTH_API_URL'))
user_id = requests.get(
github_user_request_param[0],
headers=github_user_request_param[1]).json()['login']
print(user_id)
login_user(User(user_id))
app.logger.info(f"User {current_user.id} logged in")
return redirect('/')
def login():
request_code = request.args.get('code')
client = WebApplicationClient(github_oauth_client_id)
token_url, headers, body = client.prepare_token_request(
github_oauth_token_url,
authorization_response=request.url,
code=request_code,
client_secret=github_oauth_client_secret)
token_resp = requests.post(token_url, headers=headers, data=body)
client.parse_request_body_response(token_resp.text)
get_user_uri, headers, body = client.add_token(
'https://api.github.com/user')
user_profile = requests.get(get_user_uri, headers=headers, data=body)
user_profile_id = user_profile.json()["id"]
user = User(user_profile_id)
login_user(user)
return redirect('/')
def login_callback():
callback_code = request.args.get("code")
github_client = WebApplicationClient(os.environ.get('GHOAUTHCLIENTID'))
github_token = github_client.prepare_token_request(
"https://github.com/login/oauth/access_token", code=callback_code)
github_access = requests.post(
github_token[0],
headers=github_token[1],
data=github_token[2],
auth=(os.environ.get('GHOAUTHCLIENTID'),
os.environ.get('GHOAUTHCLIENTSECRET')))
github_json = github_client.parse_request_body_response(
github_access.text)
github_user_request_param = github_client.add_token(
"https://api.github.com/user")
github_user = requests.get(
github_user_request_param[0],
headers=github_user_request_param[1]).json()
login_user(User(github_user['login']))
app.logger.info("Github User %s successfully logged in",
github_user['login'])
return redirect('/')
def callback():
client = WebApplicationClient(os.getenv("CLIENT_ID"))
client.state = request.args.get('state')
code = request.args.get('code')
tokenurl, headers, body = client.prepare_token_request(
'https://github.com/login/oauth/access_token',
state=client.state,
code=code)
secret = os.getenv('OAUTH_SECRET')
clientid = os.getenv("CLIENT_ID")
tokenresponse = requests.post(tokenurl,
data=body,
auth=(clientid, secret))
client.parse_request_body_response(tokenresponse.text)
userinfo_endpoint = "https://api.github.com/user"
uri, headers, body = client.add_token(userinfo_endpoint)
userinfo_response = requests.get(uri, headers=headers, data=body)
userinfo_json = userinfo_response.json()
id = userinfo_json['id']
flask_login.login_user(load_user(id))
app.logger.info("user logged in Succesfully",
extra={"user_id": flask_login.current_user.get_id()})
return redirect("/")
def callback():
# Get authorization code Google sent back to you
code = request.args.get("code")
google_provider_cfg = get_google_provider_cfg()
token_endpoint = google_provider_cfg["token_endpoint"]
token_url = "https://accounts.google.com/o/oauth2/token"
refresh_url = token_url
client = WebApplicationClient(GOOGLE_CLIENT_ID)
token_url, headers, body = client.prepare_token_request(
token_endpoint,
authorization_response=request.url,
redirect_url=request.base_url,
code=code)
token_response = requests.post(
token_url,
headers=headers,
data=body,
auth=(GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET),
)
client.parse_request_body_response(json.dumps(token_response.json()))
userinfo_endpoint = google_provider_cfg["userinfo_endpoint"]
uri, headers, body = client.add_token(userinfo_endpoint)
userinfo_response = requests.get(uri, headers=headers, data=body)
if userinfo_response.json().get("email_verified"):
unique_id = userinfo_response.json()["sub"]
users_email = userinfo_response.json()["email"]
users_name = userinfo_response.json()["given_name"]
else:
return "User email not available or not verified by Google.", 400
employee = Employee.query.filter_by(email=users_email).first()
login_user(employee)
if employee.email == '*****@*****.**':
employee.is_admin = 1
return redirect(url_for("home.admin_dashboard"))
else:
return redirect(url_for("home.dashboard"))
class UserController:
def __init__(self, logger, user_dao):
self._user_dao = user_dao
self._client = WebApplicationClient(GOOGLE_CLIENT_ID)
self._logger = logger
def load_user(self, user_id):
return User(self._user_dao.get(user_id))
def login(self, google_provider_cfg, base_url):
self._logger.get().debug("UserController: Attempting login")
authorization_endpoint = google_provider_cfg["authorization_endpoint"]
request_uri = self._client.prepare_request_uri(
authorization_endpoint,
redirect_uri=base_url + "/login/callback",
scope=["openid", "email", "profile"],
)
return redirect(request_uri)
def callback(self, google_provider_cfg, authorization_code_from_google,
url, base_url):
self._logger.get().debug("UserController: login callback")
token_endpoint = google_provider_cfg["token_endpoint"]
token_url, headers, body = self._client.prepare_token_request(
token_endpoint,
authorization_response=url,
redirect_url=base_url,
code=authorization_code_from_google,
)
token_response = requests.post(
token_url,
headers=headers,
data=body,
auth=(GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET),
)
self._client.parse_request_body_response(
json.dumps(token_response.json()))
uri, headers, body = self._client.add_token(
google_provider_cfg["userinfo_endpoint"])
userinfo_response = requests.get(uri, headers=headers, data=body)
if not userinfo_response.json().get("email_verified"):
return "User email could not be verified by Google.", 400
user = {
'id': userinfo_response.json()["sub"],
'email': userinfo_response.json()["email"],
'pic': userinfo_response.json()["picture"],
'name': userinfo_response.json()["given_name"],
'scope': User.get_default_scope()
}
if self._user_dao.get(user['id']) is None:
self._logger.get().debug("UserController: setting new user " +
user['email'])
self._user_dao.set(user)
user_to_login = User(user)
self._logger.get_for(user_to_login).info(
"UserController: Attempting log in for " + user['name'])
login_user(user_to_login, remember=True)
self._logger.get_for(user_to_login).info(
"UserController: Login success ")
return redirect(url.replace('login/callback', 'home'))
def logout(self, url):
self._logger.get().info("UserController: Logging out")
logout_user()
return redirect(url)
class GoogleMusicSession(httpx.Client):
authorization_base_url = AUTHORIZATION_BASE_URL
redirect_uri = REDIRECT_URI
token_url = TOKEN_URL
def __init__(self,
client_id,
client_secret,
scope,
*,
token=None,
**kwargs):
# httpx sets a default timeout on the Client class.
# requests did not.
# Disable timeout by default as too low a value
# can cause issues with upload calls.
timeout = kwargs.pop('timeout', None)
super().__init__(timeout=timeout, **kwargs)
self.params = {}
self.headers.update({'User-Agent': f'{__title__}/{__version__}'})
self.client_id = client_id
self.client_secret = client_secret
self.scope = scope
self.token = token or {}
self.oauth_client = WebApplicationClient(self.client_id,
token=self.token)
@property
def access_token(self):
return self.token.get('access_token')
@property
def authorized(self):
return bool(self.access_token)
def authorization_url(self):
state = generate_token()
return (self.oauth_client.prepare_request_uri(
self.authorization_base_url,
redirect_uri=self.redirect_uri,
scope=self.scope,
state=state,
access_type='offline',
prompt='select_account'))
def fetch_token(self, code):
body = self.oauth_client.prepare_request_body(
code=code,
body='',
redirect_uri=self.redirect_uri,
include_client_id=None)
response = self.request(
'POST',
self.token_url,
headers={
'Accept': 'application/json',
'Content-Type':
'application/x-www-form-urlencoded;charset=UTF-8',
},
data=dict(urldecode(body)),
auth=httpx.BasicAuth(self.client_id, self.client_secret))
self.token = self.oauth_client.parse_request_body_response(
response.text, scope=self.scope)
return self.token
def refresh_token(self):
refresh_token = self.token.get('refresh_token')
body = self.oauth_client.prepare_refresh_body(
body='',
refresh_token=refresh_token,
scope=self.scope,
client_id=self.client_id,
client_secret=self.client_secret)
response = self.request(
'POST',
self.token_url,
headers={
'Accept': 'application/json',
'Content-Type':
'application/x-www-form-urlencoded;charset=UTF-8',
},
data=dict(urldecode(body)),
auth=httpx.BasicAuth(self.client_id, self.client_secret),
withhold_token=True)
self.token = self.oauth_client.parse_request_body_response(
response.text, scope=self.scope)
if 'refresh_token' not in self.token:
self.token['refresh_token'] = refresh_token
return self.token
def request(self,
method,
url,
data=None,
headers=None,
withhold_token=False,
**kwargs):
if self.token and not withhold_token:
try:
url, headers, data = self.oauth_client.add_token(
url, http_method=method, body=data, headers=headers)
except TokenExpiredError:
self.refresh_token()
url, headers, data = self.oauth_client.add_token(
url, http_method=method, body=data, headers=headers)
return super().request(method,
url,
headers=headers,
data=data,
**kwargs)
def callback():
# Get authorization code Google sent back to you
code = request.args.get("code")
provider = session['oidc_provider']
app = App(request.host)
credentials = app.get_credentials(provider)
client = WebApplicationClient(credentials['CLIENT_ID'])
provider_cfg = get_provider_cfg(credentials['DISCOVERY_URL'])
token_endpoint = provider_cfg["token_endpoint"]
# Prepare and send a request to get tokens! Yay tokens!
token_url, headers, body = client.prepare_token_request(
token_endpoint,
authorization_response=request.url,
redirect_url=request.base_url,
code=code
)
token_response = requests.post(
token_url,
headers=headers,
data=body,
auth=(
credentials['CLIENT_ID'],
credentials['CLIENT_SECRET'])
)
# Parse the tokens!
client.parse_request_body_response(json.dumps(token_response.json()))
# Now that you have tokens (yay) let's find and hit the URL
# from Google that gives you the user's profile information,
# including their Google profile image and email
userinfo_endpoint = provider_cfg["userinfo_endpoint"]
uri, headers, body = client.add_token(userinfo_endpoint)
userinfo_response = requests.get(uri, headers=headers, data=body)
userdata = userinfo_response.json()
# You want to make sure their email is verified.
# The user authenticated with Google, authorized your
# app, and now you've verified their email through Google!
if userinfo_response.json().get("email_verified"):
unique_id = f'{provider}:{userinfo_response.json()["sub"]}'
users_email = userinfo_response.json()["email"]
picture = userinfo_response.json()["picture"]
users_name = userinfo_response.json()["given_name"]
else:
return f"User email not available or not verified by {provider}.", 400
# Create a user in your db with the information provided
# by Google
userinfo = {
'id': unique_id,
'name': users_name,
'email': users_email,
'profile_pic': picture
}
try:
user = User.get(app, unique_id)
except UserNotFound:
print("no such user, create")
user = User(
id_ = unique_id,
app = app,
userinfo = userinfo
)
user.create()
# Begin user session by logging the user in
# print("login user", user)
login_user(user)
session['userinfo'] = userinfo
session.permanent = True
app_opts = app.get_config('etc/options.json')
# print("return to:", app_opts['return_url'])
return redirect(app_opts['return_url'])
class GoogleClient(object):
AUTHORIZATION_URL = 'https://accounts.google.com/o/oauth2/v2/auth'
ACCESS_TOKEN_URL = 'https://oauth2.googleapis.com/token'
REVOKE_TOKEN_URL = 'https://oauth2.googleapis.com/revoke'
USER_INFO_URL = 'https://openidconnect.googleapis.com/v1/userinfo'
ADD_DOCUMENT_URL = 'https://docs.googleapis.com/v1/documents'
GET_DOCUMENT_URL = 'https://docs.googleapis.com/v1/documents/%(file_id)s'
EXPORT_DOCUMENT_URL = 'https://docs.google.com/feeds/download/documents/export/Export?id=%(file_id)s&exportFormat=html'
DEFAULT_SCOPE = [
'openid', 'email', 'profile',
'https://www.googleapis.com/auth/documents.readonly',
'https://www.googleapis.com/auth/userinfo.email',
'https://www.googleapis.com/auth/userinfo.profile',
'https://www.googleapis.com/auth/documents',
'https://www.googleapis.com/auth/drive.file'
]
GOOGLE_DISCOVERY_URL = (
'https://accounts.google.com/.well-known/openid-configuration'
)
GOOGLE_CLIENT_ID = settings.GOOGLE_CLIENT_ID
GOOGLE_CLIENT_SECRET = settings.GOOGLE_CLIENT_SECRET
def __init__(self):
self.client = WebApplicationClient(self.GOOGLE_CLIENT_ID)
def get_authorization_uri(self, redirect_uri):
# Use library to construct the request for login and provide
# scopes that let you retrieve user's profile from Google
return self.client.prepare_request_uri(
self.AUTHORIZATION_URL,
redirect_uri=redirect_uri,
scope=self.DEFAULT_SCOPE,
)
def complete_authorization(self, code, redirect_url):
# Prepare token using oauth lib
token_url, headers, body = self.client.prepare_token_request(
self.ACCESS_TOKEN_URL,
redirect_url=redirect_url,
code=code,
client_secret=self.GOOGLE_CLIENT_SECRET
)
# Check if tokens are valid by sending then to token endpoint
token_response = requests.post(
token_url,
headers=headers,
data=body,
auth=(self.GOOGLE_CLIENT_ID, self.GOOGLE_CLIENT_SECRET),
)
# Parse the tokens!
self.client.parse_request_body_response(json.dumps(token_response.json()))
# Now that we have tokens (yay) let's find and hit URL
# from Google that gives you user's profile information,
# including their Google Profile Image and Email
uri, headers, body = self.client.add_token(self.USER_INFO_URL)
user_info_response = requests.get(uri, headers=headers, data=body)
# We want to make sure their email is verified.
# The user authenticated with Google, authorized our
# app, and now we've verified their email through Google!
return user_info_response.json(), token_response.json()
class FlaskState(object):
def __init__(self, app):
self.app = app
self.client_id = "950581708747-7t86ojep28ors7ei034rm58nidgne2d6.apps.googleusercontent.com"
self.client_secret = "8o1MSmNN9R4iYYWATIgD8_Dk"
self.google_url = "https://accounts.google.com/.well-known/openid-configuration"
self.database_manager = DatabaseManager()
self.db_conn = self.database_manager.get_db()
self.login_manager = LoginManager()
self.login_manager.init_app(self.app)
self.login_manager._user_callback = lambda user_id: User(self.db_fresh()).get(user_id)
self.client = WebApplicationClient(self.client_id)
self.current_user = current_user
self.login_user = login_user
self.logout_user = logout_user
def db_fresh(self):
return self.database_manager.get_db()
def google_login(self):
google_provider = requests.get(self.google_url).json()
authorization_endpoint = google_provider["authorization_endpoint"]
request_uri = self.client.prepare_request_uri(
authorization_endpoint,
redirect_uri= request.base_url + "/callback",
scope=["openid", "email", "profile"]
)
return redirect(request_uri)
def login_callback(self):
code = request.args.get("code")
google_provider = requests.get(self.google_url).json()
token_endpoint = google_provider["token_endpoint"]
token_url, headers, body = self.client.prepare_token_request(
token_endpoint,
authorization_response=request.url,
redirect_url=request.base_url,
code=code
)
token_response = requests.post(
token_url,
headers = headers,
data=body,
auth=(self.client_id, self.client_secret)
)
self.client.parse_request_body_response(json.dumps(token_response.json()))
userinfo_endpoint = google_provider["userinfo_endpoint"]
uri, headers, body = self.client.add_token(userinfo_endpoint)
userinfo_response = requests.get(uri, headers=headers, data=body)
if userinfo_response.json().get("email_verified"):
unique_id = userinfo_response.json()["sub"]
users_email = userinfo_response.json()["email"]
picture = userinfo_response.json()["picture"]
users_name = userinfo_response.json()["given_name"]
else:
return "User email not available or not verified by Google.", 400
user = User(DatabaseManager().get_db())
# Doesn't exist? Add it to the database.
if not user.get(unique_id):
user.create(unique_id, users_name, users_email, picture)
# Begin user session by logging the user in
self.login_user(user)
self.current_user = user
return redirect(os.path.split(os.path.split(request.base_url)[0])[0])
async def handle_oauth():
register_msg = '<p class="text-monospace">!ow register</p>'
try:
logger.debug(f"handle_oauth with request args {request.args}")
try:
state = request.args["state"]
except KeyError:
return await render_message(
_("I got an incomplete answer from the server. This sometimes happens (for unknown reasons) when registering from a "
"mobile phone. Try again with a PC or laptop. Sorry for the inconvenience"
),
is_error=True,
)
type, uid = serializer.loads(state, max_age=600)
except SignatureExpired:
return await render_message(
_("The link has expired. Please request a new link with {register}."
).format(register=register_msg),
is_error=True,
)
except BadSignature:
return await render_message(
_("The data I got back is invalid. Please request a new URL with {register}."
).format(register=register_msg),
is_error=True,
)
if type == "pc":
token_url = "https://eu.battle.net/oauth/token"
endpoint = "https://eu.battle.net/oauth/userinfo"
client_id = OAUTH_BLIZZARD_CLIENT_ID
client_secret = OAUTH_BLIZZARD_CLIENT_SECRET
scope = []
elif type == "xbox":
token_url = "https://discord.com/api/oauth2/token"
endpoint = "https://discord.com/api/v6/users/@me/connections"
scope = ["connections"]
client_id = OAUTH_DISCORD_CLIENT_ID
client_secret = OAUTH_DISCORD_CLIENT_SECRET
else:
return await render_message(
_("I got invalid data. Please try registering again."),
is_error=True)
client = WebApplicationClient(client_id)
logger.debug(f"got OAuth auth URL {request.url}")
# we are behind a proxy, and hypercorn doesn't support
# proxy headers yet, so just fake https to avoid an exception
request_url = request.url.replace("http:", "https:")
if "error=access_denied" in request_url:
return await render_message(
_("You didn't give me permission to access your BattleTag; registration cancelled."
),
is_error=True,
)
try:
url, headers, body = client.prepare_token_request(
token_url,
authorization_response=request_url,
scope=scope,
redirect_url=f"{OAUTH_REDIRECT_HOST}{OAUTH_REDIRECT_PATH}",
client_secret=client_secret,
)
logger.debug(f"got data {(url, headers, body)}")
resp = await asks.post(url, headers=headers, data=body)
logger.debug("got response %s", resp.text)
client.parse_request_body_response(resp.text, scope=scope)
logger.debug("token is %s", client.token)
url, headers, body = client.add_token(endpoint)
logger.debug("requesting data")
data = (await asks.get(url, headers=headers)).json()
logger.debug("data received: %s", data)
except Exception:
logger.error(
f"Something went wrong while getting OAuth data for {uid} {request_url}",
exc_info=True,
)
return await render_message(
_("I'm sorry. Something went wrong on my side. Try to reissue {register}."
).format(register=register_msg),
is_error=True,
)
logger.debug("sending to channel %s", send_ch)
await send_ch.send((uid, type, data))
logger.debug("sent to channel %s", send_ch)
return await render_message(_("Thank you! I have sent you a DM."))
def api_auth_callback(self):
s = self._settings
d = settings_defaults()
code = flask.request.args.get("code")
token_endpoint = s.get(['token_endpoint'])
client_id = s.get(['client_id'])
client_secret = s.get(['client_secret'])
userinfo_endpoint = s.get(['userinfo_endpoint'])
orguser_endpoint = s.get(['orguser_endpoint'])
organization = s.get(['organization'])
username_key = s.get(['username_key'])
self._logger.info('token_endpoint: ' + str(token_endpoint))
client = WebApplicationClient(client_id)
token_url, headers, body = client.prepare_token_request(
token_endpoint,
# authorization_response=flask.request.url,
# redirect_url=flask.request.base_url,
code=code
)
headers['Accept'] = 'application/json'
token_response = requests.post(
token_url,
headers=headers,
data=body,
auth=(client_id, client_secret),
)
client.parse_request_body_response(json.dumps(token_response.json()))
uri, headers, body = client.add_token(userinfo_endpoint)
headers['Accept'] = 'application/json'
userinfo_response = requests.get(uri, headers=headers, data=body)
userinfo = userinfo_response.json()
username = userinfo[username_key]
uri, headers, body = client.add_token(orguser_endpoint.format(organization, username))
headers['Accept'] = 'application/json'
orguser_response = requests.get(uri, headers=headers, data=body)
if orguser_response.status_code == 204:
# User is part of the specified organization, find user or create it if it doesn't exist
user = self._user_manager.login_user(OAuth2PGCUser(username))
flask.session["usersession.id"] = user.session
flask.g.user = user
self._logger.info("authenticated: " + str(user.is_authenticated))
self._logger.info("user: "******"Actively logging in user {} from {}".format(user.get_id(), remote_addr))
r = flask.redirect('/')
r.delete_cookie("active_logout")
eventManager().fire(Events.USER_LOGGED_IN, payload=dict(username=user.get_id()))
return r
return flask.redirect('/?error=unauthorized')
