def api_authGithubAuthorized(): """Handle a callback from a successful OAUTH request. Tracks oauth users in a database. """ # clear temporary cookie values first expect = cookie.unchecked_remove(_COOKIE_NONCE) or '<missing-nonce>' t = cookie.unchecked_remove(_COOKIE_SIM_TYPE) oc = _oauth_client() if not oc.authorize_access_token(): util.raise_forbidden('missing oauth response') got = flask.request.args.get('state', '<missing-state>') if expect != got: pkdlog( 'mismatch oauth state: expected {} != got {}', expect, got, ) auth.login_fail_redirect(t, this_module, 'oauth-state', reload_js=True) raise AssertionError('auth.login_fail_redirect returned unexpectedly') d = oc.get('user').json() with auth_db.thread_lock: u = AuthGithubUser.search_by(oauth_id=d['id']) if u: # always update user_name u.user_name = d['login'] else: u = AuthGithubUser(oauth_id=d['id'], user_name=d['login']) u.save() auth.login(this_module, model=u, sim_type=t, want_redirect=True) raise AssertionError('auth.login returned unexpectedly')
def api_authGuestLogin(simulation_type): """You have to be an anonymous or logged in user at this point""" req = http_request.parse_params(type=simulation_type) # if already logged in as guest, just redirect if auth.user_if_logged_in(AUTH_METHOD): auth.login_success_response(req.type) auth.login(this_module, sim_type=req.type) raise AssertionError('auth.login returned unexpectedly')
def test_migration(): """See if user gets migrated""" from pykern.pkunit import pkeq, pkok, pkexcept, work_dir from pykern.pkdebug import pkdp from sirepo import auth # deprecated methods raise Unauthorized, but still login with pkexcept('UNAUTHORIZED'): auth.login(auth.github, uid='jeTJR5G4') # verify logged in pkeq('jeTJR5G4', auth.user_if_logged_in('github')) pkok(work_dir().join('db/auth.db').exists(), 'auth.db does not exist')
def api_authEmailAuthorized(simulation_type, token): """Clicked by user in an email Token must exist in db and not be expired. """ t = sirepo.template.assert_sim_type(simulation_type) with auth_db.thread_lock: u = AuthEmailUser.search_by(token=token) if u and u.expires >= datetime.datetime.utcnow(): u.query.filter( (AuthEmailUser.user_name == u.unverified_email), AuthEmailUser.unverified_email != u.unverified_email, ).delete() u.user_name = u.unverified_email u.token = None u.expires = None u.save() return auth.login(this_module, sim_type=t, model=u) if not u: pkdlog('login with invalid token={}', token) else: pkdlog( 'login with expired token={}, email={}', token, u.unverified_email, ) return auth.login_fail_redirect(t, this_module, 'email-token')
def api_authGuestLogin(simulation_type): """You have to be an anonymous or logged in user at this point""" t = sirepo.template.assert_sim_type(simulation_type) # if already logged in as guest, just redirect if auth.user_if_logged_in(AUTH_METHOD): return auth.login_success_redirect(t) return auth.login(this_module, sim_type=t)
def test_login(): from pykern import pkunit from pykern.pkdebug import pkdp from pykern.pkunit import pkeq, pkok, pkre, pkexcept from sirepo import auth import flask import sirepo.auth.guest import sirepo.cookie import sirepo.http_request r = auth.api_authState() pkre('LoggedIn": false.*Registration": false', r.data) delattr(flask.g, 'sirepo_cookie') auth.process_request() with pkunit.pkexcept('SRException.*routeName=login'): auth.logged_in_user() with pkexcept('SRException.*routeName=login'): auth.require_user() sirepo.cookie.set_sentinel() # copying examples for new user takes time with pkunit.pkexcept('SRException.*routeName=None'): r = auth.login(sirepo.auth.guest, sim_type='myapp') r = auth.api_authState() pkre('LoggedIn": true.*Registration": false', r.data) u = auth.logged_in_user() pkok(u, 'user should exist') # guests do not require completeRegistration auth.require_user()
def test_login(): from pykern import pkunit, pkcompat from pykern.pkunit import pkeq, pkok, pkre, pkfail, pkexcept from sirepo import auth import flask import sirepo.auth.guest import sirepo.cookie import sirepo.http_request import sirepo.util r = auth.api_authState() pkre('LoggedIn": false.*Registration": false', pkcompat.from_bytes(r.data)) delattr(flask.g, 'sirepo_cookie') auth.process_request() with pkunit.pkexcept('SRException.*routeName=login'): auth.logged_in_user() with pkexcept('SRException.*routeName=login'): auth.require_user() sirepo.cookie.set_sentinel() # copying examples for new user takes time try: r = auth.login(sirepo.auth.guest, sim_type='myapp') pkfail('expecting sirepo.util.Response') except sirepo.util.Response as e: r = e.sr_args.response pkre(r'LoggedIn":\s*true.*Registration":\s*false', pkcompat.from_bytes(r.data)) u = auth.logged_in_user() pkok(u, 'user should exist') # guests do not require completeRegistration auth.require_user()
def api_authEmailAuthorized(simulation_type, token): """Clicked by user in an email Token must exist in db and not be expired. """ if http_request.is_spider(): sirepo.util.raise_forbidden('robots not allowed') req = http_request.parse_params(type=simulation_type) with auth_db.thread_lock: u = AuthEmailUser.search_by(token=token) if u and u.expires >= srtime.utc_now(): n = _verify_confirm(req.type, token, auth.need_complete_registration(u)) u.query.filter( (AuthEmailUser.user_name == u.unverified_email), AuthEmailUser.unverified_email != u.unverified_email, ).delete() u.user_name = u.unverified_email u.token = None u.expires = None u.save() auth.login(this_module, sim_type=req.type, model=u, display_name=n) raise AssertionError('auth.login returned unexpectedly') if not u: pkdlog('login with invalid token={}', token) else: pkdlog( 'login with expired token={}, email={}', token, u.unverified_email, ) # if user is already logged in via email, then continue to the app if auth.user_if_logged_in(AUTH_METHOD): pkdlog( 'user already logged in. ignoring invalid token: {}, user: {}', token, auth.logged_in_user(), ) raise sirepo.util.Redirect(sirepo.uri.local_route(req.type)) auth.login_fail_redirect(req.type, this_module, 'email-token')
def api_authGithubAuthorized(): """Handle a callback from a successful OAUTH request. Tracks oauth users in a database. """ # clear temporary cookie values first oc = _client(cookie.unchecked_remove(_COOKIE_NONCE)) t = cookie.unchecked_remove(_COOKIE_SIM_TYPE) if not oc.authorize_access_token(): auth.login_fail_redirect(t, this_module, 'oauth-state', reload_js=True) raise AssertionError('auth.login_fail_redirect returned unexpectedly') d = oc.get('user').json() with auth_db.thread_lock: u = AuthGithubUser.search_by(oauth_id=d['id']) if u: # always update user_name u.user_name = d['login'] else: u = AuthGithubUser(oauth_id=d['id'], user_name=d['login']) u.save() auth.login(this_module, model=u, sim_type=t, want_redirect=True) raise AssertionError('auth.login returned unexpectedly')
def api_authBlueskyLogin(): req = http_request.parse_json() auth_hash(req, verify=True) sid = req.simulationId sim_type = req.simulationType path = simulation_db.find_global_simulation( sim_type, sid, checked=True, ) r = auth.login( this_module, uid=simulation_db.uid_from_dir_name(path), ) if r: return r return http_reply.gen_json_ok(dict( data=simulation_db.open_json_file(req.simulationType, sid=req.simulationId), schema=simulation_db.get_schema(req.simulationType), ))
def test_login(): from pykern import pkunit from pykern.pkdebug import pkdp from pykern.pkunit import pkeq, pkok, pkre from sirepo import auth import flask import sirepo.auth.guest import sirepo.cookie import sirepo.http_request r = auth.api_authState() pkre('LoggedIn": false.*Registration": false', r.data) delattr(flask.g, 'sirepo_cookie') auth.process_request() with pkunit.pkexcept('Unauthorized'): auth.logged_in_user() r = auth.require_user() pkeq(400, r.status_code, 'status should be BAD REQUEST') pkre('"routeName": "login"', r.data) sirepo.cookie.set_sentinel() # copying examples for new user takes time r = auth.login(sirepo.auth.guest) pkeq(None, r, 'user created') r = auth.api_authState() pkre('LoggedIn": true.*Registration": true', r.data) u = auth.logged_in_user() pkok(u, 'user should exist') r = auth.require_user() pkeq(400, r.status_code, 'status should be BAD REQUEST') pkre('"routeName": "completeRegistration"', r.data) flask.request = 'abcdef' def parse_json(*args, **kwargs): return pkcollections.Dict(simulationType='myapp', displayName='Joe Bob') setattr(sirepo.http_request, 'parse_json', parse_json) auth.api_authCompleteRegistration() r = auth.api_authState() pkre('Name": "Joe Bob".*In": true.*.*Registration": false', r.data)