def callback(): resp = oauth_provider.authorized_response() if resp is None or isinstance(resp, OAuthException): # FIXME: notify the user, somehow. return redirect(url_for('ui')) session['oauth'] = resp session['roles'] = [system_role(Role.SYSTEM_USER)] if 'googleapis.com' in oauth_provider.base_url: me = oauth_provider.get('userinfo') user_id = 'google:%s' % me.data.get('id') role = Role.load_or_create(user_id, Role.USER, me.data.get('name'), email=me.data.get('email')) elif 'occrp.org' in oauth_provider.base_url or \ 'investigativedashboard.org' in oauth_provider.base_url: me = oauth_provider.get('api/2/accounts/profile/') user_id = 'idashboard:user:%s' % me.data.get('id') role = Role.load_or_create(user_id, Role.USER, me.data.get('display_name'), email=me.data.get('email'), is_admin=me.data.get('is_admin')) for group in me.data.get('groups', []): group_id = 'idashboard:%s' % group.get('id') group_role = Role.load_or_create(group_id, Role.GROUP, group.get('name')) session['roles'].append(group_role.id) else: raise RuntimeError("Unknown OAuth URL: %r" % oauth_provider.base_url) session['roles'].append(role.id) session['user'] = role.id db.session.commit() return redirect(url_for('ui'))
def load_role(): request.auth_roles = set([system_role(Role.SYSTEM_GUEST)]) request.auth_role = None request.logged_in = False auth_header = request.headers.get('Authorization') if session.get('user'): request.auth_roles.update(session.get('roles', [])) request.auth_role = Role.by_id(session.get('user')) request.logged_in = True elif auth_header is not None: if not auth_header.lower().startswith('apikey'): return api_key = auth_header.split(' ', 1).pop() role = Role.by_api_key(api_key) if role is None: return request.auth_role = role request.auth_roles.update([system_role(Role.SYSTEM_USER), role.id]) request.logged_in = True