def get_userinfo(cls, client_id, client_secret, code,
authorization_response):
client = WebApplicationClient(client_id)
base_url = authorization_response.replace(
'?' + urlparse(authorization_response).query, '')
# get access token
token_url, headers, body = client.prepare_token_request(
cls.token_endpoint,
authorization_response=authorization_response,
redirect_url=base_url,
code=code,
)
token_response = requests.post(
token_url,
headers=headers,
data=body,
auth=(client_id, client_secret),
)
client.parse_request_body_response(token_response.text)
# get user information
uri, headers, body = client.add_token(cls.userinfo_endpoint)
userinfo_response = requests.get(uri, headers=headers, data=body)
data = userinfo_response.json()
return data
def auth_callback():
global authorization_requests
global tokens
print(request.args)
print(authorization_requests)
state = request.args.get('state')
authorization_request = authorization_requests.pop(state)
oauth = WebApplicationClient(os.environ.get("AUTH0_CLIENT_ID"))
url, headers, body = oauth.prepare_token_request(
f'https://{os.environ.get("AUTH0_DOMAIN")}/oauth/token',
authorization_response=request.url,
state=authorization_request.get('state'),
code_verifier=authorization_request.get('code_verifier'),
redirect_url=os.environ.get("AUTH0_REDIRECT_URL"))
print(url)
print(headers)
print(body)
req = urllib.request.Request(url, body.encode(), headers=headers)
with urllib.request.urlopen(req) as res:
response = oauth.parse_request_body_response(res.read())
token = jwt.decode(response.get('access_token'), verify=False)
tokens[token.get('sub')] = token
return 'OK'
def callback():
google_provider_cfg = get_google_provider_cfg()
token_endpoint = google_provider_cfg["token_endpoint"]
code = request.args.get("code")
client = WebApplicationClient(GOOGLE_CLIENT_ID)
token_url, headers, body = client.prepare_token_request(
token_endpoint,
authorization_response=force_https(request.url),
redirect_url=force_https(request.base_url),
code=code
)
token_response = requests.post(
force_https(token_url),
headers=headers,
data=body,
auth=(GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET),
)
client.parse_request_body_response(json.dumps(token_response.json()))
userinfo_endpoint = google_provider_cfg["userinfo_endpoint"]
uri, headers, body = client.add_token(userinfo_endpoint)
userinfo_response = requests.get(uri, headers=headers, data=body)
logging.info('Logging user')
login_user(User(userinfo_response.json()["email"]))
return redirect(url_for('main'))
def callback():
logger.debug("callback()")
code = request.args.get("code")
client = WebApplicationClient(oauth_credential["client_id"])
token_endpoint = requests.get(
GOOGLE_DISCOVERY_URL).json()["token_endpoint"]
token_url, headers, body = client.prepare_token_request(
token_endpoint,
authorization_response=request.url,
redirect_url=request.base_url,
code=code)
token_response = requests.post(
token_url,
headers=headers,
data=body,
auth=(oauth_credential["client_id"],
oauth_credential["client_secret"]))
client.parse_request_body_response(json.dumps(token_response.json()))
userinfo_endpoint = requests.get(
GOOGLE_DISCOVERY_URL).json()["userinfo_endpoint"]
uri, headers, body = client.add_token(userinfo_endpoint)
uri = uri.replace("http:", "https:")
userinfo_response = requests.get(uri, headers=headers,
data=body).json()
member = remote_db.get("member",
userinfo_response["email"].split('@')[0])
login_user(member, remember=True)
return redirect(url_for("index"))
def get_google_user_info(req: Request):
client = WebApplicationClient(current_app.config['GOOGLE_CLIENT_ID'])
code = req.args.get('code')
callback_uri = current_app.config.get('GOOGLE_CLIENT_CALLBACK')
# Find out what URL to hit to get tokens that allow you to ask for things on behalf of a user
google_provider_cfg = get_google_provider_cfg()
token_endpoint = google_provider_cfg['token_endpoint']
userinfo_endpoint = google_provider_cfg['userinfo_endpoint']
# Prepare and send a req to get tokens
token_url, headers, body = client.prepare_token_request(
token_endpoint,
authorization_response=translate_url_https(req.url),
redirect_url=callback_uri,
code=code
)
token_response = requests.post(
token_url,
headers=headers,
data=body,
auth=(current_app.config.get('GOOGLE_CLIENT_ID'), current_app.config.get('GOOGLE_CLIENT_SECRET')),
)
client.parse_request_body_response(json.dumps(token_response.json()))
# let's find and hit the URL from Google that gives you the user's profile information
uri, headers, body = client.add_token(userinfo_endpoint)
userinfo = requests.get(uri, headers=headers, data=body).json()
return userinfo
def login():
# provder (github) sends the authorization code back
code = request.args.get('code')
client = WebApplicationClient(
client_id=os.getenv("GIT_CLIENT_ID"),
client_secret=os.getenv("GIT_CLIENT_SECRET"),
code=code)
# client then sends he authorization code back to the providers token URL to exchange for token
url, headers, body = client.prepare_token_request(
'https://github.com/login/oauth/access_token',
client_secret=os.getenv("GIT_CLIENT_SECRET"),
code=code)
# parse the JSON response body post token validation, receives an access token or key
token_response = requests.post(url,
headers=headers,
data=body,
auth=(os.getenv("GIT_CLIENT_ID"),
os.getenv("GIT_CLIENT_SECRET")))
# parse the token from the response
token = client.parse_request_body_response(token_response.text)
# save the token
session['oauth_token'] = token
# get user id details by passing above git token
github = OAuth2Session(os.getenv("GIT_CLIENT_ID"),
token=session['oauth_token'])
# can see my details in response 200
userinfo_response = jsonify(
github.get('https://api.github.com/user').json())
# prints out logged in user, TheLegendaryPan in this case!
user_id = userinfo_response.json['login']
user = User(user_id)
login_user(user)
return redirect(url_for('getAll'))
class OAuth2:
def __init__(
self, *,
client_id: str, client_secret: str,
authorization_url: str, token_url: str,
userinfo_url: str, scope: list
):
self.client_id = client_id
self.client_secret = client_secret
self.authorization_url = authorization_url
self.token_url = token_url
self.userinfo_url = userinfo_url
self.scope = scope
# see https://oauthlib.readthedocs.io/en/latest/oauth2/clients/webapplicationclient.html # noqa
self.oauth2_client = WebApplicationClient(client_id)
def get_redirect_url(self, callback_url: str):
# Prepare the authorization code request URI
request_uri = self.oauth2_client.prepare_request_uri(
self.authorization_url,
redirect_uri=callback_url,
scope=self.scope
)
return request_uri
def get_user_info(self, request_url: str, code: str) -> dict:
# Get request url without query parameter
base_url = urljoin(request_url, urlparse(request_url).path)
# Prepare a token creation request.
token_url, headers, body = self.oauth2_client.prepare_token_request(
self.token_url,
authorization_response=request_url,
redirect_url=base_url,
code=code
)
token_response = requests.post(
token_url,
headers=headers,
data=body,
auth=(self.client_id, self.client_secret)
)
# Parse the JSON response body.
self.oauth2_client.parse_request_body_response(
json.dumps(token_response.json())
)
# Add token to the request uri, body or authorization header.
uri, headers, body = self.oauth2_client.add_token(
self.userinfo_url
)
userinfo_response = requests.get(uri, headers=headers, data=body)
return userinfo_response.json()
class GoogleSignIn(OAuthSignIn):
def __init__(self):
super(GoogleSignIn, self).__init__('google')
self.client = WebApplicationClient(self.consumer_id)
@classmethod
def get_google_provider_cfg(cls):
return requests.get(app.config["GOOGLE_DISCOVERY_URL"]).json()
def authorize(self):
google_provider_cfg = self.get_google_provider_cfg()
authorization_endpoint = google_provider_cfg["authorization_endpoint"]
request_uri = self.client.prepare_request_uri(
authorization_endpoint,
redirect_uri=request.base_url + "/callback",
scope=["openid", "email", "profile"],
)
return jsonify({'uri': request_uri})
def callback(self):
code = request.args.get("code")
google_provider_cfg = self.get_google_provider_cfg()
token_endpoint = google_provider_cfg["token_endpoint"]
token_url, headers, body = self.client.prepare_token_request(
token_endpoint,
authorization_response=request.url,
redirect_url=request.base_url,
code=code
)
token_response = requests.post(
token_url,
headers=headers,
data=body,
auth=(
self.consumer_id,
self.consumer_secret
),
)
self.client.parse_request_body_response(
json.dumps(token_response.json())
)
userinfo_endpoint = google_provider_cfg["userinfo_endpoint"]
uri, headers, body = self.client.add_token(userinfo_endpoint)
userinfo_response = requests.get(uri, headers=headers, data=body)
if userinfo_response.json().get("email_verified"):
user_email = userinfo_response.json()["email"]
else:
return jsonify(
"User email not available or not verified by Google."), 400
return super().check_for_user_in_database(user_email)
class Authentication:
def __init__(self, req):
self.authorization_endpoint = "https://accounts.google.com/o/oauth2/v2/auth"
self.token_endpoint = "https://www.googleapis.com/oauth2/v4/token"
self.url = req.url
self.base_url = req.base_url
self.full_path = req.full_path
self.redirect_url = f'{req.url}/callback'
self.args = req.args
self.client_id = os.getenv('GOOGLE_CLIENT_ID')
self.client_secret = os.getenv('GOOGLE_CLIENT_SECRET')
self.client = WebApplicationClient(os.getenv('GOOGLE_CLIENT_ID'))
self.scopes = [
"https://www.googleapis.com/auth/userinfo.email",
"https://www.googleapis.com/auth/userinfo.profile",
"https://www.googleapis.com/auth/drive",
"https://www.googleapis.com/auth/spreadsheets"
]
self.tokens_json = {}
def google_login(self):
state = hashlib.sha256(os.urandom(1024)).hexdigest()
request_uri = self.client.prepare_request_uri(
self.authorization_endpoint,
redirect_uri=self.redirect_url,
state=state,
scope=self.scopes)
return {'request_uri': request_uri, 'state': state}
def google_login_callback(self):
code = self.args.get('code')
token_url, headers, body = self.client.prepare_token_request(
self.token_endpoint,
code=code,
authorization_response=self.url,
redirect_url=self.base_url)
## TODO handle error unauthorized!
token_response = requests.post(token_url,
headers=headers,
data=body,
auth=(self.client_id,
self.client_secret))
self.tokens_json = token_response.json()
user_data = jwt.decode(self.tokens_json['id_token'], verify=False)
return {
'user_data': user_data,
'jwt': self.tokens_json['id_token'],
'access_token': self.tokens_json['access_token']
}
def get_access_token(self):
return self.tokens_json
def callback(client: WebApplicationClient):
# Get authorization code Google sent back to you
code = request.args.get("code")
# Find out what URL to hit to get tokens that allow you to ask for
# things on behalf of a user
google_provider_cfg = get_google_provider_cfg()
token_endpoint = google_provider_cfg["token_endpoint"]
# Prepare and send a request to get tokens! Yay tokens!
token_url, headers, body = client.prepare_token_request(
token_endpoint,
authorization_response=request.url,
redirect_url=request.base_url,
code=code)
token_response = requests.post(
token_url,
headers=headers,
data=body,
auth=(GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET),
)
# Parse the tokens!
client.parse_request_body_response(json.dumps(token_response.json()))
# Now that you have tokens (yay) let's find and hit the URL
# from Google that gives you the user's profile information,
# including their Google profile image and email
user_info_endpoint = google_provider_cfg["userinfo_endpoint"]
uri, headers, body = client.add_token(user_info_endpoint)
user_info_response = requests.get(uri, headers=headers, data=body)
# You want to make sure their email is verified.
# The user authenticated with Google, authorized your
# app, and now you've verified their email through Google!
if user_info_response.json().get("email_verified"):
unique_id = user_info_response.json()["sub"]
users_email = user_info_response.json()["email"]
picture = user_info_response.json()["picture"]
users_name = user_info_response.json()["name"]
else:
return "User email not available or not verified by Google.", 400
# Create a user in your db with the information provided by Google
user = user_dao.get_user_by_google_id(unique_id)
if user is None:
user = User(unique_id, users_name, users_email, picture, "")
user_dao.save_user(user)
# TODO send request about birthday
else:
if user.profile_pic != picture:
user.profile_pic = picture
user_dao.update_picture(user.id, picture)
# Begin user session by logging the user in
login_user(user)
def callback():
"""
This deals with the Google API token for user
authentification.
"""
client = WebApplicationClient(current_app.config['GOOGLE_CLIENT_ID'])
code = request.args.get("code")
google_provider_cfg = get_google_provider_cfg()
token_endpoint = google_provider_cfg["token_endpoint"]
print(request.base_url)
print(code)
print(request.url)
if request.url[4] == 's':
url = "https" + request.url[5:]
print(url)
token_url, headers, body = client.prepare_token_request(
token_endpoint,
authorization_response=url,
redirect_url=request.base_url,
code=code)
token_response = requests.post(
token_url,
headers=headers,
data=body,
auth=(current_app.config['GOOGLE_CLIENT_ID'],
current_app.config['GOOGLE_CLIENT_SECRET']),
)
client.parse_request_body_response(json.dumps(token_response.json()))
userinfo_endpoint = google_provider_cfg["userinfo_endpoint"]
uri, headers, body = client.add_token(userinfo_endpoint)
userinfo_response = requests.get(uri, headers=headers, data=body)
if userinfo_response.json().get("email_verified"):
unique_id = userinfo_response.json()["sub"]
users_email = userinfo_response.json()["email"]
users_name = userinfo_response.json()["given_name"]
if User.query.filter_by(email=users_email).first():
user = User.query.filter_by(email=users_email).first()
if user is None or not user.check_password(unique_id):
return redirect(url_for('shop.index'))
login_user(user, remember=False)
next_page = request.args.get('next')
if not next_page or url_parse(next_page).netloc != '':
next_page = url_for('shop.index')
return redirect(next_page)
else:
user = User(username=users_name, email=users_email)
user.set_password(unique_id)
db.session.add(user)
db.session.commit()
else:
return _("User email not available or not verified by Google."), 400
return redirect(url_for("shop.index"))
class GoogleAuth(object):
AUTHORIZATION_ENDPOINT_URL = "https://accounts.google.com/o/oauth2/v2/auth"
TOKEN_ENDPOINT_URL = "https://oauth2.googleapis.com/token"
USERINFO_ENDPOINT_URL = "https://openidconnect.googleapis.com/v1/userinfo"
def __init__(self, client_id, client_secret):
self.CLIENT_ID = client_id
self.CLIENT_SECRET = client_secret
self.client = WebApplicationClient(self.CLIENT_ID)
def get_requests_uri(self, redirect_uri, scope):
request_uri = self.client.prepare_request_uri(
self.AUTHORIZATION_ENDPOINT_URL,
redirect_uri=redirect_uri,
scope=scope,
state=str(time.time()))
return request_uri
def get_user_info(self, code, redirect_url):
token_url, headers, body = self.client.prepare_token_request(
self.TOKEN_ENDPOINT_URL,
client_secret=self.CLIENT_SECRET,
client_id=self.CLIENT_ID,
redirect_url=redirect_url,
code=code)
token_response = requests.post(
token_url,
headers=headers,
data=body,
auth=(self.CLIENT_ID, self.CLIENT_SECRET),
)
self.client.parse_request_body_response(
json.dumps(token_response.json()))
uri, headers, body = self.client.add_token(self.USERINFO_ENDPOINT_URL)
userinfo_response = requests.get(uri, headers=headers)
if userinfo_response.json().get("email_verified"):
_id = userinfo_response.json()["sub"]
email = userinfo_response.json()["email"]
name = userinfo_response.json()["given_name"]
return {"id": _id, "email": email, "name": name}
else:
return {}
def google_callback():
google_provider_cfg = get_google_provider_cfg()
token_endpoint = google_provider_cfg["token_endpoint"]
oauth = WebApplicationClient(settings.GOOGLE_CLIENT_ID)
if request.args.get("error"):
flash('Error! ' + request.args.get("error"), 'alert-warning')
return redirect(url_for('main'))
state = request.args.get("state")
if state != session.get("state"):
flash('Error! state not match.', 'alert-warning')
return redirect(url_for('main'))
session.pop('state', None)
url, headers, body = oauth.prepare_token_request(
token_endpoint,
authorization_response=request.url,
redirect_url=request.base_url,
state='',
body='',
client_secret=settings.GOOGLE_CLIENT_SECRET)
token_response = requests.post(
url,
headers=headers,
data=body,
auth=(settings.GOOGLE_CLIENT_ID, settings.GOOGLE_CLIENT_SECRET),
)
oauth.parse_request_body_response(json.dumps(token_response.json()))
userinfo_endpoint = google_provider_cfg["userinfo_endpoint"]
uri, headers, body = oauth.add_token(userinfo_endpoint)
userinfo_response = requests.get(uri, headers=headers, data=body)
if userinfo_response.status_code != 200:
flash('Error! ' + userinfo_response.json(), 'alert-warning')
return redirect(url_for('main'))
unique_id = userinfo_response.json()["sub"]
users_name = userinfo_response.json()["name"]
picture = userinfo_response.json()["picture"]
user = User(id_=unique_id, name=users_name, profile_pic=picture)
if not User.get(unique_id):
User.create(unique_id, users_name, picture)
login_user(user)
session["newregister"] = 1
flash('You have been successfully created an account.',
'alert-success')
return redirect(url_for('pushtime'))
login_user(user)
return redirect(url_for('channellist'))
def get_access_token(code, state):
auth_client = WebApplicationClient(OAUTH_ID)
token_request = auth_client.prepare_token_request(
'https://github.com/login/oauth/access_token',
client_id=OAUTH_ID,
client_secret=OAUTH_SECRET,
code=code,
state=state
)
print(token_request)
token_request[1]['Accept'] = 'application/json'
access_token_response = requests.post(token_request[0], data=token_request[2], headers=token_request[1]).content
token_params = auth_client.parse_request_body_response(access_token_response)
return token_params['access_token']
def callback():
client = WebApplicationClient(app.config.get("CLIENT_ID"))
token = client.prepare_token_request(
"https://github.com/login/oauth/access_token",
code=request.args.get("code"))
access = requests.post(token[0],
headers=token[1],
data=token[2],
auth=(app.config.get("CLIENT_ID"),
app.config.get("CLIENT_SECRET")))
client.parse_request_body_response(access.text)
params = client.add_token("https://api.github.com/user")
github_user = requests.get(params[0], headers=params[1]).json()
login_user(User(github_user['id']))
return index()
def login_callback():
callback_code = request.args.get("code")
github_client = WebApplicationClient(os.environ.get('clientId'))
github_token = github_client.prepare_token_request("https://github.com/login/oauth/access_token", code=callback_code)
github_access = requests.post(github_token[0], headers=github_token[1], data=github_token[2], auth=(os.environ.get('clientId'), os.environ.get('client_secret')))
github_json = github_client.parse_request_body_response(github_access.text)
github_user_request_param = github_client.add_token("https://api.github.com/user")
github_user = requests.get(github_user_request_param[0], headers=github_user_request_param[1]).json()
login_user(User(github_user))
mongo.add_user_mongo(current_user)
app.logger.info("User '%s' logged in successfully", current_user.name)
return redirect('/')
def callback(app, request):
# Get authorization code Google sent back to you
code = request.args.get("code")
client = WebApplicationClient(app.config["GOOGLE_CLIENT_ID"])
# Find out what URL to hit to get tokens that allow you to ask for
# things on behalf of a user
google_provider_cfg = get_google_provider_cfg(app)
token_endpoint = google_provider_cfg["token_endpoint"]
# Prepare and send request to get tokens! Yay tokens!
token_url, headers, body = client.prepare_token_request(
token_endpoint,
authorization_response=request.url,
redirect_url=request.base_url,
code=code,
)
token_response = requests.post(
token_url,
headers=headers,
data=body,
auth=(app.config["GOOGLE_CLIENT_ID"],
app.config["GOOGLE_CLIENT_SECRET"]),
)
# Parse the tokens!
client.parse_request_body_response(json.dumps(token_response.json()))
# Now that we have tokens (yay) let's find and hit URL
# from Google that gives you user's profile information,
# including their Google Profile Image and Email
userinfo_endpoint = google_provider_cfg["userinfo_endpoint"]
uri, headers, body = client.add_token(userinfo_endpoint)
userinfo_response = requests.get(uri, headers=headers, data=body)
# We want to make sure their email is verified.
# The user authenticated with Google, authorized our
# app, and now we've verified their email through Google!
if userinfo_response.json().get("email_verified"):
return {
"unique_id": userinfo_response.json()["sub"],
"users_name": userinfo_response.json()["given_name"],
"users_email": userinfo_response.json()["email"],
"picture": userinfo_response.json()["picture"],
}
else:
return None
class FacebookAuth(object):
AUTHORIZATION_ENDPOINT_URL = "https://www.facebook.com/v4.0/dialog/oauth"
TOKEN_ENDPOINT_URL = "https://graph.facebook.com/v4.0/oauth/access_token"
USERINFO_ENDPOINT_URL = "https://graph.facebook.com/me"
def __init__(self, client_id, client_secret):
self.CLIENT_ID = client_id
self.CLIENT_SECRET = client_secret
self.client = WebApplicationClient(self.CLIENT_ID)
def get_requests_uri(self, redirect_uri, scope):
request_uri = self.client.prepare_request_uri(
self.AUTHORIZATION_ENDPOINT_URL,
redirect_uri=redirect_uri,
scope=scope,
state=str(time.time()))
return request_uri
def get_user_info(self, code, redirect_url):
token_url, headers, body = self.client.prepare_token_request(
self.TOKEN_ENDPOINT_URL,
client_secret=self.CLIENT_SECRET,
client_id=self.CLIENT_ID,
redirect_url=redirect_url,
code=code)
token_response = requests.post(
token_url,
headers=headers,
data=body,
auth=(self.CLIENT_ID, self.CLIENT_SECRET),
)
self.client.parse_request_body_response(
json.dumps(token_response.json()))
uri, headers, body = self.client.add_token(self.USERINFO_ENDPOINT_URL)
params = {"fields": "email,name"}
userinfo_response = requests.get(uri, headers=headers, params=params)
return userinfo_response.json()
class FacebookSignIn(OAuthSignIn):
def __init__(self):
super(FacebookSignIn, self).__init__('facebook')
self.client = WebApplicationClient(self.consumer_id)
self.authorize_url = app.config["FACEBOOK_AUTHORIZE_URL"]
self.access_token_url = app.config["FACEBOOK_ACCESS_TOKEN_URL"]
self.user_info_url = app.config["FACEBOOK_USER_INFO_URL"]
def authorize(self):
request_uri = self.client.prepare_request_uri(
self.authorize_url,
redirect_uri=request.base_url + "/callback",
scope=["email"],
)
return jsonify({'uri': request_uri})
def callback(self):
code = request.args.get("code")
token_url, headers, body = self.client.prepare_token_request(
self.access_token_url,
authorization_response=request.url,
redirect_url=request.base_url,
code=code
)
token_response = requests.post(
token_url,
headers=headers,
data=body,
auth=(
self.consumer_id,
self.consumer_secret
),
)
self.client.parse_request_body_response(
json.dumps(token_response.json())
)
uri, headers, body = self.client.add_token(self.user_info_url)
userinfo_response = requests.get(uri, headers=headers, data=body)
user_email = userinfo_response.json()["email"]
return super().check_for_user_in_database(user_email)
def callback():
get_code = request.args.get('code')
client = WebApplicationClient(client_id=client_id)
url, headers, body = client.prepare_token_request(
'https://github.com/login/oauth/access_token', code=get_code)
git_access_key = requests.post(url,
headers=headers,
data=body,
auth=(client_id, client_secret))
git_json = client.parse_request_body_response(git_access_key.text)
git_user_request = client.add_token("https://api.github.com/user")
git_user = requests.get(git_user_request[0],
headers=git_user_request[1]).json()
git_login = User(git_user['login'])
login_user(git_login)
return redirect('/')
def login_with_google_callback():
if app.config.get('GOOGLE_CLIENT_ID') \
and not request.is_secure \
and request.headers.get('X-Forwarded-Proto', 'http') == 'https':
os.environ['OAUTHLIB_INSECURE_TRANSPORT'] = '1'
client = WebApplicationClient(app.config.get('GOOGLE_CLIENT_ID'))
google_provider_cfg = requests.get(app.config.get('GOOGLE_DISCOVERY_URL')).json()
code = request.args.get("code")
token_endpoint = google_provider_cfg["token_endpoint"]
token_url, headers, body = client.prepare_token_request(
token_endpoint,
authorization_response=request.url,
redirect_url=url_for('login_with_google_callback', _external=True),
code=code,
)
token_response = requests.post(
token_url,
headers=headers,
data=body,
auth=(
app.config.get('GOOGLE_CLIENT_ID'),
app.config.get('GOOGLE_CLIENT_SECRET'),
),
).json()
client.parse_request_body_response(json.dumps(token_response))
userinfo_endpoint = google_provider_cfg["userinfo_endpoint"]
uri, headers, body = client.add_token(userinfo_endpoint)
userinfo_response = requests.get(uri, headers=headers, data=body).json()
user = app.datamapper.user.getByGoogleId(userinfo_response["sub"])
if user is None:
response = redirect(url_for('login'))
flash("Login failed", 'error')
return response
else:
session['user_id'] = user.id
flash("Welcome %s" % userinfo_response.get('name', user.name), 'success')
return redirect(url_for('home'))
def link_google_callback(self):
if self.config.get('GOOGLE_CLIENT_ID') \
and not request.is_secure \
and request.headers.get('X-Forwarded-Proto', 'http') == 'https':
os.environ['OAUTHLIB_INSECURE_TRANSPORT'] = '1'
client = WebApplicationClient(self.config.get('GOOGLE_CLIENT_ID'))
google_provider_cfg = requests.get(
self.config.get('GOOGLE_DISCOVERY_URL')).json()
code = request.args.get("code")
token_endpoint = google_provider_cfg["token_endpoint"]
token_url, headers, body = client.prepare_token_request(
token_endpoint,
authorization_response=request.url,
redirect_url=url_for('user.link_google_callback', _external=True),
code=code,
)
token_response = requests.post(
token_url,
headers=headers,
data=body,
auth=(
self.config.get('GOOGLE_CLIENT_ID'),
self.config.get('GOOGLE_CLIENT_SECRET'),
),
).json()
client.parse_request_body_response(json.dumps(token_response))
userinfo_endpoint = google_provider_cfg["userinfo_endpoint"]
uri, headers, body = client.add_token(userinfo_endpoint)
userinfo_response = requests.get(uri, headers=headers,
data=body).json()
user = self.datamapper.getById(request.user.id)
user.google_id = userinfo_response["sub"]
self.datamapper.update(user)
return redirect(url_for('user.edit', obj_id=user.id))
def login():
request_code = request.args.get('code')
client = WebApplicationClient(github_oauth_client_id)
token_url, headers, body = client.prepare_token_request(
github_oauth_token_url,
authorization_response=request.url,
code=request_code,
client_secret=github_oauth_client_secret)
token_resp = requests.post(token_url, headers=headers, data=body)
client.parse_request_body_response(token_resp.text)
get_user_uri, headers, body = client.add_token(
'https://api.github.com/user')
user_profile = requests.get(get_user_uri, headers=headers, data=body)
user_profile_id = user_profile.json()["id"]
user = User(user_profile_id)
login_user(user)
return redirect('/')
def login():
github_code = request.args.get('code')
client = WebApplicationClient(os.environ.get('AUTH_CLIENTID'))
token = client.prepare_token_request(os.environ.get('AUTH_TOKEN_URL'),
code=github_code)
access = requests.post(token[0],
headers=token[1],
data=token[2],
auth=(os.environ.get('AUTH_CLIENTID'),
os.environ.get('AUTH_SECRET')))
client.parse_request_body_response(access.text)
github_user_request_param = client.add_token(
os.environ.get('AUTH_API_URL'))
user_id = requests.get(
github_user_request_param[0],
headers=github_user_request_param[1]).json()['login']
print(user_id)
login_user(User(user_id))
app.logger.info(f"User {current_user.id} logged in")
return redirect('/')
def notifycallback():
oauth = WebApplicationClient(settings.LINE_NOTIFY_ID)
if request.args.get("error"):
flash('Error! ' + request.args.get("error_description"),
'alert-warning')
return redirect(url_for('main'))
state = request.args.get("state")
if state != session.get("state"):
flash('Error! state not match.', 'alert-warning')
return redirect(url_for('main'))
session.pop('state', None)
url, headers, body = oauth.prepare_token_request(
'https://notify-bot.line.me/oauth/token',
authorization_response=request.url,
redirect_url=request.base_url,
client_secret=settings.LINE_NOTIFY_SECRET)
req = urllib.request.Request(url, body.encode(), headers=headers)
try:
with urllib.request.urlopen(req) as res:
response_body = res.read()
except urllib.error.HTTPError as err:
return err.read()
oauth_res = json.loads(response_body)
if oauth_res.get('access_token'):
db = get_db()
db.execute(
"UPDATE user set notify_token = ? WHERE id = ?",
(oauth_res.get('access_token'), current_user.id),
)
db.commit()
flash('Line notify has been successfully linked!', 'alert-success')
if session.get("newregister") == 1:
return redirect(url_for("channellist"))
else:
return redirect(url_for("account"))
else:
return 'err: access_token not found'
def login_callback():
callback_code = request.args.get("code")
github_client = WebApplicationClient(os.environ.get('GHOAUTHCLIENTID'))
github_token = github_client.prepare_token_request(
"https://github.com/login/oauth/access_token", code=callback_code)
github_access = requests.post(
github_token[0],
headers=github_token[1],
data=github_token[2],
auth=(os.environ.get('GHOAUTHCLIENTID'),
os.environ.get('GHOAUTHCLIENTSECRET')))
github_json = github_client.parse_request_body_response(
github_access.text)
github_user_request_param = github_client.add_token(
"https://api.github.com/user")
github_user = requests.get(
github_user_request_param[0],
headers=github_user_request_param[1]).json()
login_user(User(github_user['login']))
app.logger.info("Github User %s successfully logged in",
github_user['login'])
return redirect('/')
def callback():
client = WebApplicationClient(os.getenv("CLIENT_ID"))
client.state = request.args.get('state')
code = request.args.get('code')
tokenurl, headers, body = client.prepare_token_request(
'https://github.com/login/oauth/access_token',
state=client.state,
code=code)
secret = os.getenv('OAUTH_SECRET')
clientid = os.getenv("CLIENT_ID")
tokenresponse = requests.post(tokenurl,
data=body,
auth=(clientid, secret))
client.parse_request_body_response(tokenresponse.text)
userinfo_endpoint = "https://api.github.com/user"
uri, headers, body = client.add_token(userinfo_endpoint)
userinfo_response = requests.get(uri, headers=headers, data=body)
userinfo_json = userinfo_response.json()
id = userinfo_json['id']
flask_login.login_user(load_user(id))
app.logger.info("user logged in Succesfully",
extra={"user_id": flask_login.current_user.get_id()})
return redirect("/")
def callback():
# Get authorization code Google sent back to you
code = request.args.get("code")
google_provider_cfg = get_google_provider_cfg()
token_endpoint = google_provider_cfg["token_endpoint"]
token_url = "https://accounts.google.com/o/oauth2/token"
refresh_url = token_url
client = WebApplicationClient(GOOGLE_CLIENT_ID)
token_url, headers, body = client.prepare_token_request(
token_endpoint,
authorization_response=request.url,
redirect_url=request.base_url,
code=code)
token_response = requests.post(
token_url,
headers=headers,
data=body,
auth=(GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET),
)
client.parse_request_body_response(json.dumps(token_response.json()))
userinfo_endpoint = google_provider_cfg["userinfo_endpoint"]
uri, headers, body = client.add_token(userinfo_endpoint)
userinfo_response = requests.get(uri, headers=headers, data=body)
if userinfo_response.json().get("email_verified"):
unique_id = userinfo_response.json()["sub"]
users_email = userinfo_response.json()["email"]
users_name = userinfo_response.json()["given_name"]
else:
return "User email not available or not verified by Google.", 400
employee = Employee.query.filter_by(email=users_email).first()
login_user(employee)
if employee.email == '*****@*****.**':
employee.is_admin = 1
return redirect(url_for("home.admin_dashboard"))
else:
return redirect(url_for("home.dashboard"))
def callback():
'''
Exchange authorization code for access token
Send: client_id, client_secret, redirect_uricode, grant_type
Receive: access_token, token_type, expire_in, refresh_token, xoauth_yahoo_guid
'''
client = WebApplicationClient(app.config['CLIENT_ID'])
req = client.prepare_token_request(
yahoo_oauth2.request_token_url,
authorization_response=request.url, ##what is this?
redirect_url=yahoo_oauth2.redirect_url,
client_secret=app.config['CLIENT_SECRET'])
token_url, headers, body = req
resp = requests.post(token_url, headers=headers, data=body)
#update the user object with the (response) token data
current_user.set_oauth_tokens(resp.json())
#permanently store user's oauth credentials
db.session.add(current_user)
db.session.commit()
return redirect(url_for('teams'))
def api_auth_callback(self):
s = self._settings
d = settings_defaults()
code = flask.request.args.get("code")
token_endpoint = s.get(['token_endpoint'])
client_id = s.get(['client_id'])
client_secret = s.get(['client_secret'])
userinfo_endpoint = s.get(['userinfo_endpoint'])
orguser_endpoint = s.get(['orguser_endpoint'])
organization = s.get(['organization'])
username_key = s.get(['username_key'])
self._logger.info('token_endpoint: ' + str(token_endpoint))
client = WebApplicationClient(client_id)
token_url, headers, body = client.prepare_token_request(
token_endpoint,
# authorization_response=flask.request.url,
# redirect_url=flask.request.base_url,
code=code
)
headers['Accept'] = 'application/json'
token_response = requests.post(
token_url,
headers=headers,
data=body,
auth=(client_id, client_secret),
)
client.parse_request_body_response(json.dumps(token_response.json()))
uri, headers, body = client.add_token(userinfo_endpoint)
headers['Accept'] = 'application/json'
userinfo_response = requests.get(uri, headers=headers, data=body)
userinfo = userinfo_response.json()
username = userinfo[username_key]
uri, headers, body = client.add_token(orguser_endpoint.format(organization, username))
headers['Accept'] = 'application/json'
orguser_response = requests.get(uri, headers=headers, data=body)
if orguser_response.status_code == 204:
# User is part of the specified organization, find user or create it if it doesn't exist
user = self._user_manager.login_user(OAuth2PGCUser(username))
flask.session["usersession.id"] = user.session
flask.g.user = user
self._logger.info("authenticated: " + str(user.is_authenticated))
self._logger.info("user: "******"Actively logging in user {} from {}".format(user.get_id(), remote_addr))
r = flask.redirect('/')
r.delete_cookie("active_logout")
eventManager().fire(Events.USER_LOGGED_IN, payload=dict(username=user.get_id()))
return r
return flask.redirect('/?error=unauthorized')
