def get_google_user_info(req: Request):
client = WebApplicationClient(current_app.config['GOOGLE_CLIENT_ID'])
code = req.args.get('code')
callback_uri = current_app.config.get('GOOGLE_CLIENT_CALLBACK')
# Find out what URL to hit to get tokens that allow you to ask for things on behalf of a user
google_provider_cfg = get_google_provider_cfg()
token_endpoint = google_provider_cfg['token_endpoint']
userinfo_endpoint = google_provider_cfg['userinfo_endpoint']
# Prepare and send a req to get tokens
token_url, headers, body = client.prepare_token_request(
token_endpoint,
authorization_response=translate_url_https(req.url),
redirect_url=callback_uri,
code=code
)
token_response = requests.post(
token_url,
headers=headers,
data=body,
auth=(current_app.config.get('GOOGLE_CLIENT_ID'), current_app.config.get('GOOGLE_CLIENT_SECRET')),
)
client.parse_request_body_response(json.dumps(token_response.json()))
# let's find and hit the URL from Google that gives you the user's profile information
uri, headers, body = client.add_token(userinfo_endpoint)
userinfo = requests.get(uri, headers=headers, data=body).json()
return userinfo
def get_userinfo(cls, client_id, client_secret, code,
authorization_response):
client = WebApplicationClient(client_id)
base_url = authorization_response.replace(
'?' + urlparse(authorization_response).query, '')
# get access token
token_url, headers, body = client.prepare_token_request(
cls.token_endpoint,
authorization_response=authorization_response,
redirect_url=base_url,
code=code,
)
token_response = requests.post(
token_url,
headers=headers,
data=body,
auth=(client_id, client_secret),
)
client.parse_request_body_response(token_response.text)
# get user information
uri, headers, body = client.add_token(cls.userinfo_endpoint)
userinfo_response = requests.get(uri, headers=headers, data=body)
data = userinfo_response.json()
return data
def test_parse_token_response(self):
client = WebApplicationClient(self.client_id)
# Parse code and state
response = client.parse_request_body_response(self.token_json, scope=self.scope)
self.assertEqual(response, self.token)
self.assertEqual(client.access_token, response.get("access_token"))
self.assertEqual(client.refresh_token, response.get("refresh_token"))
self.assertEqual(client.token_type, response.get("token_type"))
# Mismatching state
self.assertRaises(Warning, client.parse_request_body_response, self.token_json, scope="invalid")
os.environ['OAUTHLIB_RELAX_TOKEN_SCOPE'] = '1'
token = client.parse_request_body_response(self.token_json, scope="invalid")
self.assertTrue(token.scope_changed)
scope_changes_recorded = []
def record_scope_change(sender, message, old, new):
scope_changes_recorded.append((message, old, new))
signals.scope_changed.connect(record_scope_change)
try:
client.parse_request_body_response(self.token_json, scope="invalid")
self.assertEqual(len(scope_changes_recorded), 1)
message, old, new = scope_changes_recorded[0]
self.assertEqual(message, 'Scope has changed from "invalid" to "/profile".')
self.assertEqual(old, ['invalid'])
self.assertEqual(new, ['/profile'])
finally:
signals.scope_changed.disconnect(record_scope_change)
del os.environ['OAUTHLIB_RELAX_TOKEN_SCOPE']
def callback():
google_provider_cfg = get_google_provider_cfg()
token_endpoint = google_provider_cfg["token_endpoint"]
code = request.args.get("code")
client = WebApplicationClient(GOOGLE_CLIENT_ID)
token_url, headers, body = client.prepare_token_request(
token_endpoint,
authorization_response=force_https(request.url),
redirect_url=force_https(request.base_url),
code=code
)
token_response = requests.post(
force_https(token_url),
headers=headers,
data=body,
auth=(GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET),
)
client.parse_request_body_response(json.dumps(token_response.json()))
userinfo_endpoint = google_provider_cfg["userinfo_endpoint"]
uri, headers, body = client.add_token(userinfo_endpoint)
userinfo_response = requests.get(uri, headers=headers, data=body)
logging.info('Logging user')
login_user(User(userinfo_response.json()["email"]))
return redirect(url_for('main'))
def callback():
logger.debug("callback()")
code = request.args.get("code")
client = WebApplicationClient(oauth_credential["client_id"])
token_endpoint = requests.get(
GOOGLE_DISCOVERY_URL).json()["token_endpoint"]
token_url, headers, body = client.prepare_token_request(
token_endpoint,
authorization_response=request.url,
redirect_url=request.base_url,
code=code)
token_response = requests.post(
token_url,
headers=headers,
data=body,
auth=(oauth_credential["client_id"],
oauth_credential["client_secret"]))
client.parse_request_body_response(json.dumps(token_response.json()))
userinfo_endpoint = requests.get(
GOOGLE_DISCOVERY_URL).json()["userinfo_endpoint"]
uri, headers, body = client.add_token(userinfo_endpoint)
uri = uri.replace("http:", "https:")
userinfo_response = requests.get(uri, headers=headers,
data=body).json()
member = remote_db.get("member",
userinfo_response["email"].split('@')[0])
login_user(member, remember=True)
return redirect(url_for("index"))
class GoogleSignIn(OAuthSignIn):
def __init__(self):
super(GoogleSignIn, self).__init__('google')
self.client = WebApplicationClient(self.consumer_id)
@classmethod
def get_google_provider_cfg(cls):
return requests.get(app.config["GOOGLE_DISCOVERY_URL"]).json()
def authorize(self):
google_provider_cfg = self.get_google_provider_cfg()
authorization_endpoint = google_provider_cfg["authorization_endpoint"]
request_uri = self.client.prepare_request_uri(
authorization_endpoint,
redirect_uri=request.base_url + "/callback",
scope=["openid", "email", "profile"],
)
return jsonify({'uri': request_uri})
def callback(self):
code = request.args.get("code")
google_provider_cfg = self.get_google_provider_cfg()
token_endpoint = google_provider_cfg["token_endpoint"]
token_url, headers, body = self.client.prepare_token_request(
token_endpoint,
authorization_response=request.url,
redirect_url=request.base_url,
code=code
)
token_response = requests.post(
token_url,
headers=headers,
data=body,
auth=(
self.consumer_id,
self.consumer_secret
),
)
self.client.parse_request_body_response(
json.dumps(token_response.json())
)
userinfo_endpoint = google_provider_cfg["userinfo_endpoint"]
uri, headers, body = self.client.add_token(userinfo_endpoint)
userinfo_response = requests.get(uri, headers=headers, data=body)
if userinfo_response.json().get("email_verified"):
user_email = userinfo_response.json()["email"]
else:
return jsonify(
"User email not available or not verified by Google."), 400
return super().check_for_user_in_database(user_email)
class OAuth2:
def __init__(
self, *,
client_id: str, client_secret: str,
authorization_url: str, token_url: str,
userinfo_url: str, scope: list
):
self.client_id = client_id
self.client_secret = client_secret
self.authorization_url = authorization_url
self.token_url = token_url
self.userinfo_url = userinfo_url
self.scope = scope
# see https://oauthlib.readthedocs.io/en/latest/oauth2/clients/webapplicationclient.html # noqa
self.oauth2_client = WebApplicationClient(client_id)
def get_redirect_url(self, callback_url: str):
# Prepare the authorization code request URI
request_uri = self.oauth2_client.prepare_request_uri(
self.authorization_url,
redirect_uri=callback_url,
scope=self.scope
)
return request_uri
def get_user_info(self, request_url: str, code: str) -> dict:
# Get request url without query parameter
base_url = urljoin(request_url, urlparse(request_url).path)
# Prepare a token creation request.
token_url, headers, body = self.oauth2_client.prepare_token_request(
self.token_url,
authorization_response=request_url,
redirect_url=base_url,
code=code
)
token_response = requests.post(
token_url,
headers=headers,
data=body,
auth=(self.client_id, self.client_secret)
)
# Parse the JSON response body.
self.oauth2_client.parse_request_body_response(
json.dumps(token_response.json())
)
# Add token to the request uri, body or authorization header.
uri, headers, body = self.oauth2_client.add_token(
self.userinfo_url
)
userinfo_response = requests.get(uri, headers=headers, data=body)
return userinfo_response.json()
def callback(client: WebApplicationClient):
# Get authorization code Google sent back to you
code = request.args.get("code")
# Find out what URL to hit to get tokens that allow you to ask for
# things on behalf of a user
google_provider_cfg = get_google_provider_cfg()
token_endpoint = google_provider_cfg["token_endpoint"]
# Prepare and send a request to get tokens! Yay tokens!
token_url, headers, body = client.prepare_token_request(
token_endpoint,
authorization_response=request.url,
redirect_url=request.base_url,
code=code)
token_response = requests.post(
token_url,
headers=headers,
data=body,
auth=(GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET),
)
# Parse the tokens!
client.parse_request_body_response(json.dumps(token_response.json()))
# Now that you have tokens (yay) let's find and hit the URL
# from Google that gives you the user's profile information,
# including their Google profile image and email
user_info_endpoint = google_provider_cfg["userinfo_endpoint"]
uri, headers, body = client.add_token(user_info_endpoint)
user_info_response = requests.get(uri, headers=headers, data=body)
# You want to make sure their email is verified.
# The user authenticated with Google, authorized your
# app, and now you've verified their email through Google!
if user_info_response.json().get("email_verified"):
unique_id = user_info_response.json()["sub"]
users_email = user_info_response.json()["email"]
picture = user_info_response.json()["picture"]
users_name = user_info_response.json()["name"]
else:
return "User email not available or not verified by Google.", 400
# Create a user in your db with the information provided by Google
user = user_dao.get_user_by_google_id(unique_id)
if user is None:
user = User(unique_id, users_name, users_email, picture, "")
user_dao.save_user(user)
# TODO send request about birthday
else:
if user.profile_pic != picture:
user.profile_pic = picture
user_dao.update_picture(user.id, picture)
# Begin user session by logging the user in
login_user(user)
def _get_access_token(self, client_id, client_secret, refresh_token):
oauth = WebApplicationClient(client_id, refresh_token=refresh_token)
url, headers, body = oauth.prepare_refresh_token_request(
f"{self.api_base}/oauth2/token",
client_id=client_id,
client_secret=client_secret)
req = urllib.request.Request(url, body.encode(), headers=headers)
with urllib.request.urlopen(req) as res:
oauth.parse_request_body_response(res.read())
return oauth.access_token
def callback():
"""
This deals with the Google API token for user
authentification.
"""
client = WebApplicationClient(current_app.config['GOOGLE_CLIENT_ID'])
code = request.args.get("code")
google_provider_cfg = get_google_provider_cfg()
token_endpoint = google_provider_cfg["token_endpoint"]
print(request.base_url)
print(code)
print(request.url)
if request.url[4] == 's':
url = "https" + request.url[5:]
print(url)
token_url, headers, body = client.prepare_token_request(
token_endpoint,
authorization_response=url,
redirect_url=request.base_url,
code=code)
token_response = requests.post(
token_url,
headers=headers,
data=body,
auth=(current_app.config['GOOGLE_CLIENT_ID'],
current_app.config['GOOGLE_CLIENT_SECRET']),
)
client.parse_request_body_response(json.dumps(token_response.json()))
userinfo_endpoint = google_provider_cfg["userinfo_endpoint"]
uri, headers, body = client.add_token(userinfo_endpoint)
userinfo_response = requests.get(uri, headers=headers, data=body)
if userinfo_response.json().get("email_verified"):
unique_id = userinfo_response.json()["sub"]
users_email = userinfo_response.json()["email"]
users_name = userinfo_response.json()["given_name"]
if User.query.filter_by(email=users_email).first():
user = User.query.filter_by(email=users_email).first()
if user is None or not user.check_password(unique_id):
return redirect(url_for('shop.index'))
login_user(user, remember=False)
next_page = request.args.get('next')
if not next_page or url_parse(next_page).netloc != '':
next_page = url_for('shop.index')
return redirect(next_page)
else:
user = User(username=users_name, email=users_email)
user.set_password(unique_id)
db.session.add(user)
db.session.commit()
else:
return _("User email not available or not verified by Google."), 400
return redirect(url_for("shop.index"))
def google_callback():
google_provider_cfg = get_google_provider_cfg()
token_endpoint = google_provider_cfg["token_endpoint"]
oauth = WebApplicationClient(settings.GOOGLE_CLIENT_ID)
if request.args.get("error"):
flash('Error! ' + request.args.get("error"), 'alert-warning')
return redirect(url_for('main'))
state = request.args.get("state")
if state != session.get("state"):
flash('Error! state not match.', 'alert-warning')
return redirect(url_for('main'))
session.pop('state', None)
url, headers, body = oauth.prepare_token_request(
token_endpoint,
authorization_response=request.url,
redirect_url=request.base_url,
state='',
body='',
client_secret=settings.GOOGLE_CLIENT_SECRET)
token_response = requests.post(
url,
headers=headers,
data=body,
auth=(settings.GOOGLE_CLIENT_ID, settings.GOOGLE_CLIENT_SECRET),
)
oauth.parse_request_body_response(json.dumps(token_response.json()))
userinfo_endpoint = google_provider_cfg["userinfo_endpoint"]
uri, headers, body = oauth.add_token(userinfo_endpoint)
userinfo_response = requests.get(uri, headers=headers, data=body)
if userinfo_response.status_code != 200:
flash('Error! ' + userinfo_response.json(), 'alert-warning')
return redirect(url_for('main'))
unique_id = userinfo_response.json()["sub"]
users_name = userinfo_response.json()["name"]
picture = userinfo_response.json()["picture"]
user = User(id_=unique_id, name=users_name, profile_pic=picture)
if not User.get(unique_id):
User.create(unique_id, users_name, picture)
login_user(user)
session["newregister"] = 1
flash('You have been successfully created an account.',
'alert-success')
return redirect(url_for('pushtime'))
login_user(user)
return redirect(url_for('channellist'))
class GoogleAuth(object):
AUTHORIZATION_ENDPOINT_URL = "https://accounts.google.com/o/oauth2/v2/auth"
TOKEN_ENDPOINT_URL = "https://oauth2.googleapis.com/token"
USERINFO_ENDPOINT_URL = "https://openidconnect.googleapis.com/v1/userinfo"
def __init__(self, client_id, client_secret):
self.CLIENT_ID = client_id
self.CLIENT_SECRET = client_secret
self.client = WebApplicationClient(self.CLIENT_ID)
def get_requests_uri(self, redirect_uri, scope):
request_uri = self.client.prepare_request_uri(
self.AUTHORIZATION_ENDPOINT_URL,
redirect_uri=redirect_uri,
scope=scope,
state=str(time.time()))
return request_uri
def get_user_info(self, code, redirect_url):
token_url, headers, body = self.client.prepare_token_request(
self.TOKEN_ENDPOINT_URL,
client_secret=self.CLIENT_SECRET,
client_id=self.CLIENT_ID,
redirect_url=redirect_url,
code=code)
token_response = requests.post(
token_url,
headers=headers,
data=body,
auth=(self.CLIENT_ID, self.CLIENT_SECRET),
)
self.client.parse_request_body_response(
json.dumps(token_response.json()))
uri, headers, body = self.client.add_token(self.USERINFO_ENDPOINT_URL)
userinfo_response = requests.get(uri, headers=headers)
if userinfo_response.json().get("email_verified"):
_id = userinfo_response.json()["sub"]
email = userinfo_response.json()["email"]
name = userinfo_response.json()["given_name"]
return {"id": _id, "email": email, "name": name}
else:
return {}
def callback():
client = WebApplicationClient(app.config.get("CLIENT_ID"))
token = client.prepare_token_request(
"https://github.com/login/oauth/access_token",
code=request.args.get("code"))
access = requests.post(token[0],
headers=token[1],
data=token[2],
auth=(app.config.get("CLIENT_ID"),
app.config.get("CLIENT_SECRET")))
client.parse_request_body_response(access.text)
params = client.add_token("https://api.github.com/user")
github_user = requests.get(params[0], headers=params[1]).json()
login_user(User(github_user['id']))
return index()
def auth_callback():
global authorization_requests
global tokens
print(request.args)
print(authorization_requests)
state = request.args.get('state')
authorization_request = authorization_requests.pop(state)
oauth = WebApplicationClient(os.environ.get("AUTH0_CLIENT_ID"))
url, headers, body = oauth.prepare_token_request(
f'https://{os.environ.get("AUTH0_DOMAIN")}/oauth/token',
authorization_response=request.url,
state=authorization_request.get('state'),
code_verifier=authorization_request.get('code_verifier'),
redirect_url=os.environ.get("AUTH0_REDIRECT_URL"))
print(url)
print(headers)
print(body)
req = urllib.request.Request(url, body.encode(), headers=headers)
with urllib.request.urlopen(req) as res:
response = oauth.parse_request_body_response(res.read())
token = jwt.decode(response.get('access_token'), verify=False)
tokens[token.get('sub')] = token
return 'OK'
def callback():
"""Retrieving an access token.
After you've redirected from our provider to your callback URL,
you'll have access to the auth code in the redirect URL, which
we'll be using to get an access token.
"""
client = WebApplicationClient(client_id=CLIENT_ID)
# Parse the response URI after the callback, with the same state we initially sent
client.parse_request_uri_response(request.url,
state=session["oauth_state"])
# Now we've access to the auth code
code = client.code
# Prepare request body to get the access token
body = client.prepare_request_body(
code=code,
redirect_uri=REDIRECT_URI,
include_client_id=False,
scope=scope,
)
# Basic HTTP auth by providing your client credentials
auth = requests.auth.HTTPBasicAuth(CLIENT_ID, CLIENT_SECRET)
# Making a post request to the TOKEN_URL endpoint
r = requests.post(TOKEN_URL, data=dict(urldecode(body)), auth=auth)
# Parse the response to get the token and store it in session
token = client.parse_request_body_response(r.text, scope=scope)
session["access_token"] = token
return redirect("/home")
def test_oauth2(app, user, oauth2_client):
client_id, client_secret = oauth2_client
client = WebApplicationClient(client_id)
host = "https://localhost"
state = "randomly_text"
with app.test_client() as provider:
# login forcefully.
with provider.session_transaction() as sess:
sess["user_id"] = user
sess["_fresh"] = True
uri = client.prepare_request_uri(host + "/oauth2/authorize", redirect_uri=redirect_uri, state=state)
uri = uri[len(host) :]
# step 1: redirect to provider
response = provider.get(uri, follow_redirects=True)
assert response.status_code == 200
# step 2: redirect to client
response = provider.post(uri, data={"scope": "user", "confirm": "yes"})
assert response.location.startswith(redirect_uri)
data = client.parse_request_uri_response(response.location, state=state)
assert "code" in data
# step 3: get the token
body = client.prepare_request_body(code=data["code"], redirect_uri=redirect_uri)
response = provider.post("/oauth2/token", content_type="application/x-www-form-urlencoded", data=body)
assert response.status_code == 200
data = client.parse_request_body_response(response.data)
assert "access_token" in data
assert data["token_type"] == "Bearer"
assert data["scope"] == ["user"]
# step 4: using token
pass
def login():
# provder (github) sends the authorization code back
code = request.args.get('code')
client = WebApplicationClient(
client_id=os.getenv("GIT_CLIENT_ID"),
client_secret=os.getenv("GIT_CLIENT_SECRET"),
code=code)
# client then sends he authorization code back to the providers token URL to exchange for token
url, headers, body = client.prepare_token_request(
'https://github.com/login/oauth/access_token',
client_secret=os.getenv("GIT_CLIENT_SECRET"),
code=code)
# parse the JSON response body post token validation, receives an access token or key
token_response = requests.post(url,
headers=headers,
data=body,
auth=(os.getenv("GIT_CLIENT_ID"),
os.getenv("GIT_CLIENT_SECRET")))
# parse the token from the response
token = client.parse_request_body_response(token_response.text)
# save the token
session['oauth_token'] = token
# get user id details by passing above git token
github = OAuth2Session(os.getenv("GIT_CLIENT_ID"),
token=session['oauth_token'])
# can see my details in response 200
userinfo_response = jsonify(
github.get('https://api.github.com/user').json())
# prints out logged in user, TheLegendaryPan in this case!
user_id = userinfo_response.json['login']
user = User(user_id)
login_user(user)
return redirect(url_for('getAll'))
class FacebookSignIn(OAuthSignIn):
def __init__(self):
super(FacebookSignIn, self).__init__('facebook')
self.client = WebApplicationClient(self.consumer_id)
self.authorize_url = app.config["FACEBOOK_AUTHORIZE_URL"]
self.access_token_url = app.config["FACEBOOK_ACCESS_TOKEN_URL"]
self.user_info_url = app.config["FACEBOOK_USER_INFO_URL"]
def authorize(self):
request_uri = self.client.prepare_request_uri(
self.authorize_url,
redirect_uri=request.base_url + "/callback",
scope=["email"],
)
return jsonify({'uri': request_uri})
def callback(self):
code = request.args.get("code")
token_url, headers, body = self.client.prepare_token_request(
self.access_token_url,
authorization_response=request.url,
redirect_url=request.base_url,
code=code
)
token_response = requests.post(
token_url,
headers=headers,
data=body,
auth=(
self.consumer_id,
self.consumer_secret
),
)
self.client.parse_request_body_response(
json.dumps(token_response.json())
)
uri, headers, body = self.client.add_token(self.user_info_url)
userinfo_response = requests.get(uri, headers=headers, data=body)
user_email = userinfo_response.json()["email"]
return super().check_for_user_in_database(user_email)
class FacebookAuth(object):
AUTHORIZATION_ENDPOINT_URL = "https://www.facebook.com/v4.0/dialog/oauth"
TOKEN_ENDPOINT_URL = "https://graph.facebook.com/v4.0/oauth/access_token"
USERINFO_ENDPOINT_URL = "https://graph.facebook.com/me"
def __init__(self, client_id, client_secret):
self.CLIENT_ID = client_id
self.CLIENT_SECRET = client_secret
self.client = WebApplicationClient(self.CLIENT_ID)
def get_requests_uri(self, redirect_uri, scope):
request_uri = self.client.prepare_request_uri(
self.AUTHORIZATION_ENDPOINT_URL,
redirect_uri=redirect_uri,
scope=scope,
state=str(time.time()))
return request_uri
def get_user_info(self, code, redirect_url):
token_url, headers, body = self.client.prepare_token_request(
self.TOKEN_ENDPOINT_URL,
client_secret=self.CLIENT_SECRET,
client_id=self.CLIENT_ID,
redirect_url=redirect_url,
code=code)
token_response = requests.post(
token_url,
headers=headers,
data=body,
auth=(self.CLIENT_ID, self.CLIENT_SECRET),
)
self.client.parse_request_body_response(
json.dumps(token_response.json()))
uri, headers, body = self.client.add_token(self.USERINFO_ENDPOINT_URL)
params = {"fields": "email,name"}
userinfo_response = requests.get(uri, headers=headers, params=params)
return userinfo_response.json()
def callback(app, request):
# Get authorization code Google sent back to you
code = request.args.get("code")
client = WebApplicationClient(app.config["GOOGLE_CLIENT_ID"])
# Find out what URL to hit to get tokens that allow you to ask for
# things on behalf of a user
google_provider_cfg = get_google_provider_cfg(app)
token_endpoint = google_provider_cfg["token_endpoint"]
# Prepare and send request to get tokens! Yay tokens!
token_url, headers, body = client.prepare_token_request(
token_endpoint,
authorization_response=request.url,
redirect_url=request.base_url,
code=code,
)
token_response = requests.post(
token_url,
headers=headers,
data=body,
auth=(app.config["GOOGLE_CLIENT_ID"],
app.config["GOOGLE_CLIENT_SECRET"]),
)
# Parse the tokens!
client.parse_request_body_response(json.dumps(token_response.json()))
# Now that we have tokens (yay) let's find and hit URL
# from Google that gives you user's profile information,
# including their Google Profile Image and Email
userinfo_endpoint = google_provider_cfg["userinfo_endpoint"]
uri, headers, body = client.add_token(userinfo_endpoint)
userinfo_response = requests.get(uri, headers=headers, data=body)
# We want to make sure their email is verified.
# The user authenticated with Google, authorized our
# app, and now we've verified their email through Google!
if userinfo_response.json().get("email_verified"):
return {
"unique_id": userinfo_response.json()["sub"],
"users_name": userinfo_response.json()["given_name"],
"users_email": userinfo_response.json()["email"],
"picture": userinfo_response.json()["picture"],
}
else:
return None
class TestOauthlib(ApprovalTestCase):
def setUp(self):
super(TestOauthlib, self).setUp()
self.libclient = WebApplicationClient(self.oauth_client.id)
self.authorization_code.response_type = "code"
self.authorization_code.save()
def test_flow(self):
self.client.login(username="******", password="******")
request_uri = self.libclient.prepare_request_uri(
"https://localhost" + reverse("oauth2_authorize"),
redirect_uri=self.redirect_uri.url,
scope=["test", ],
state="test_state",
)
response = self.client.get(request_uri[17:])
self.assertEqual(response.status_code, 200)
self.assertTemplateUsed(response, "doac/authorize.html")
approval_url = reverse("oauth2_approval") + "?code=" + self.authorization_code.token
response = self.client.post(approval_url, {
"code": self.authorization_code.token,
"code_state": "test_state",
"approve_access": None,
})
response_uri = response.get("location", None)
if not response_uri:
response_uri = response.META["HTTP_LOCATION"]
response_uri = response_uri.replace("http://", "https://")
data = self.libclient.parse_request_uri_response(response_uri, state="test_state")
authorization_token = data["code"]
request_body = self.libclient.prepare_request_body(
client_secret=self.oauth_client.secret,
code=authorization_token,
)
post_dict = {}
for pair in request_body.split('&'):
key, val = pair.split('=')
post_dict[key] = val
response = self.client.post(reverse("oauth2_token"), post_dict)
data = self.libclient.parse_request_body_response(response.content)
class OAuthAuthorizationCodeGrantRequest:
def __init__(self, redirect_uri: str, settings: OAuthSettings):
from aiohttp import ClientSession
from oauthlib.oauth2 import WebApplicationClient
self.settings = settings
self.future = get_event_loop().create_future()
self.state = uuid.uuid4().hex
self.client = WebApplicationClient(settings.client_id)
self.redirect_uri = redirect_uri
self.session = ClientSession()
async def start(self) -> None:
uri = self.client.prepare_request_uri(
self.settings.token_uri, redirect_uri=self.redirect_uri, state=self.state)
body = self.client.prepare_request_body()
async with self.session.post(uri, data=body) as response:
print(response.status)
print(await response.text())
async def handle_redirect(self, uri: str, code: str, state: str) -> OAuthSettings:
self.client.parse_request_uri_response(uri, state)
kwargs = {}
if self.settings.client_secret:
kwargs['client_secret'] = self.settings.client_secret
uri = self.settings.token_uri
body = self.client.prepare_request_body(
code=code, redirect_uri=self.redirect_uri, **kwargs)
# fetch token
self.client.parse_request_body_response(response_body)
new_settings = OAuthSettings(
)
self.future.set_result(new_settings)
return new_settings
async def close(self):
await self.session.close()
def login_with_google_callback():
if app.config.get('GOOGLE_CLIENT_ID') \
and not request.is_secure \
and request.headers.get('X-Forwarded-Proto', 'http') == 'https':
os.environ['OAUTHLIB_INSECURE_TRANSPORT'] = '1'
client = WebApplicationClient(app.config.get('GOOGLE_CLIENT_ID'))
google_provider_cfg = requests.get(app.config.get('GOOGLE_DISCOVERY_URL')).json()
code = request.args.get("code")
token_endpoint = google_provider_cfg["token_endpoint"]
token_url, headers, body = client.prepare_token_request(
token_endpoint,
authorization_response=request.url,
redirect_url=url_for('login_with_google_callback', _external=True),
code=code,
)
token_response = requests.post(
token_url,
headers=headers,
data=body,
auth=(
app.config.get('GOOGLE_CLIENT_ID'),
app.config.get('GOOGLE_CLIENT_SECRET'),
),
).json()
client.parse_request_body_response(json.dumps(token_response))
userinfo_endpoint = google_provider_cfg["userinfo_endpoint"]
uri, headers, body = client.add_token(userinfo_endpoint)
userinfo_response = requests.get(uri, headers=headers, data=body).json()
user = app.datamapper.user.getByGoogleId(userinfo_response["sub"])
if user is None:
response = redirect(url_for('login'))
flash("Login failed", 'error')
return response
else:
session['user_id'] = user.id
flash("Welcome %s" % userinfo_response.get('name', user.name), 'success')
return redirect(url_for('home'))
def link_google_callback(self):
if self.config.get('GOOGLE_CLIENT_ID') \
and not request.is_secure \
and request.headers.get('X-Forwarded-Proto', 'http') == 'https':
os.environ['OAUTHLIB_INSECURE_TRANSPORT'] = '1'
client = WebApplicationClient(self.config.get('GOOGLE_CLIENT_ID'))
google_provider_cfg = requests.get(
self.config.get('GOOGLE_DISCOVERY_URL')).json()
code = request.args.get("code")
token_endpoint = google_provider_cfg["token_endpoint"]
token_url, headers, body = client.prepare_token_request(
token_endpoint,
authorization_response=request.url,
redirect_url=url_for('user.link_google_callback', _external=True),
code=code,
)
token_response = requests.post(
token_url,
headers=headers,
data=body,
auth=(
self.config.get('GOOGLE_CLIENT_ID'),
self.config.get('GOOGLE_CLIENT_SECRET'),
),
).json()
client.parse_request_body_response(json.dumps(token_response))
userinfo_endpoint = google_provider_cfg["userinfo_endpoint"]
uri, headers, body = client.add_token(userinfo_endpoint)
userinfo_response = requests.get(uri, headers=headers,
data=body).json()
user = self.datamapper.getById(request.user.id)
user.google_id = userinfo_response["sub"]
self.datamapper.update(user)
return redirect(url_for('user.edit', obj_id=user.id))
def test_parse_token_response(self):
client = WebApplicationClient(self.client_id)
# Parse code and state
response = client.parse_request_body_response(self.token_json, scope=self.scope)
self.assertEqual(response, self.token)
self.assertEqual(client.access_token, response.get("access_token"))
self.assertEqual(client.refresh_token, response.get("refresh_token"))
self.assertEqual(client.token_type, response.get("token_type"))
# Mismatching state
self.assertRaises(Warning, client.parse_request_body_response, self.token_json, scope="invalid")
def login():
request_code = request.args.get('code')
client = WebApplicationClient(github_oauth_client_id)
token_url, headers, body = client.prepare_token_request(
github_oauth_token_url,
authorization_response=request.url,
code=request_code,
client_secret=github_oauth_client_secret)
token_resp = requests.post(token_url, headers=headers, data=body)
client.parse_request_body_response(token_resp.text)
get_user_uri, headers, body = client.add_token(
'https://api.github.com/user')
user_profile = requests.get(get_user_uri, headers=headers, data=body)
user_profile_id = user_profile.json()["id"]
user = User(user_profile_id)
login_user(user)
return redirect('/')
def login():
github_code = request.args.get('code')
client = WebApplicationClient(os.environ.get('AUTH_CLIENTID'))
token = client.prepare_token_request(os.environ.get('AUTH_TOKEN_URL'),
code=github_code)
access = requests.post(token[0],
headers=token[1],
data=token[2],
auth=(os.environ.get('AUTH_CLIENTID'),
os.environ.get('AUTH_SECRET')))
client.parse_request_body_response(access.text)
github_user_request_param = client.add_token(
os.environ.get('AUTH_API_URL'))
user_id = requests.get(
github_user_request_param[0],
headers=github_user_request_param[1]).json()['login']
print(user_id)
login_user(User(user_id))
app.logger.info(f"User {current_user.id} logged in")
return redirect('/')
def callback():
client = WebApplicationClient(os.getenv("CLIENT_ID"))
client.state = request.args.get('state')
code = request.args.get('code')
tokenurl, headers, body = client.prepare_token_request(
'https://github.com/login/oauth/access_token',
state=client.state,
code=code)
secret = os.getenv('OAUTH_SECRET')
clientid = os.getenv("CLIENT_ID")
tokenresponse = requests.post(tokenurl,
data=body,
auth=(clientid, secret))
client.parse_request_body_response(tokenresponse.text)
userinfo_endpoint = "https://api.github.com/user"
uri, headers, body = client.add_token(userinfo_endpoint)
userinfo_response = requests.get(uri, headers=headers, data=body)
userinfo_json = userinfo_response.json()
id = userinfo_json['id']
flask_login.login_user(load_user(id))
app.logger.info("user logged in Succesfully",
extra={"user_id": flask_login.current_user.get_id()})
return redirect("/")
def get_access_token(code, state):
auth_client = WebApplicationClient(OAUTH_ID)
token_request = auth_client.prepare_token_request(
'https://github.com/login/oauth/access_token',
client_id=OAUTH_ID,
client_secret=OAUTH_SECRET,
code=code,
state=state
)
print(token_request)
token_request[1]['Accept'] = 'application/json'
access_token_response = requests.post(token_request[0], data=token_request[2], headers=token_request[1]).content
token_params = auth_client.parse_request_body_response(access_token_response)
return token_params['access_token']
def callback():
# Get authorization code Google sent back to you
code = request.args.get("code")
google_provider_cfg = get_google_provider_cfg()
token_endpoint = google_provider_cfg["token_endpoint"]
token_url = "https://accounts.google.com/o/oauth2/token"
refresh_url = token_url
client = WebApplicationClient(GOOGLE_CLIENT_ID)
token_url, headers, body = client.prepare_token_request(
token_endpoint,
authorization_response=request.url,
redirect_url=request.base_url,
code=code)
token_response = requests.post(
token_url,
headers=headers,
data=body,
auth=(GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET),
)
client.parse_request_body_response(json.dumps(token_response.json()))
userinfo_endpoint = google_provider_cfg["userinfo_endpoint"]
uri, headers, body = client.add_token(userinfo_endpoint)
userinfo_response = requests.get(uri, headers=headers, data=body)
if userinfo_response.json().get("email_verified"):
unique_id = userinfo_response.json()["sub"]
users_email = userinfo_response.json()["email"]
users_name = userinfo_response.json()["given_name"]
else:
return "User email not available or not verified by Google.", 400
employee = Employee.query.filter_by(email=users_email).first()
login_user(employee)
if employee.email == '*****@*****.**':
employee.is_admin = 1
return redirect(url_for("home.admin_dashboard"))
else:
return redirect(url_for("home.dashboard"))
def login_callback():
callback_code = request.args.get("code")
github_client = WebApplicationClient(os.environ.get('clientId'))
github_token = github_client.prepare_token_request("https://github.com/login/oauth/access_token", code=callback_code)
github_access = requests.post(github_token[0], headers=github_token[1], data=github_token[2], auth=(os.environ.get('clientId'), os.environ.get('client_secret')))
github_json = github_client.parse_request_body_response(github_access.text)
github_user_request_param = github_client.add_token("https://api.github.com/user")
github_user = requests.get(github_user_request_param[0], headers=github_user_request_param[1]).json()
login_user(User(github_user))
mongo.add_user_mongo(current_user)
app.logger.info("User '%s' logged in successfully", current_user.name)
return redirect('/')
def test_parse_token_response(self):
client = WebApplicationClient(self.client_id)
# Parse code and state
response = client.parse_request_body_response(self.token_json,
scope=self.scope)
self.assertEqual(response, self.token)
self.assertEqual(client.access_token, response.get("access_token"))
self.assertEqual(client.refresh_token, response.get("refresh_token"))
self.assertEqual(client.token_type, response.get("token_type"))
# Mismatching state
self.assertRaises(Warning,
client.parse_request_body_response,
self.token_json,
scope="invalid")
