Пример #1
0
    def authenticate(self, google_oauth2_token: Optional[str]=None, realm: Optional[Realm]=None,
                     return_data: Optional[Dict[str, Any]]=None) -> Optional[UserProfile]:
        # We lazily import apiclient as part of optimizing the base
        # import time for a Zulip management command, since it's only
        # used in this one code path and takes 30-50ms to import.
        from apiclient.sample_tools import client as googleapiclient
        from oauth2client.crypt import AppIdentityError
        if realm is None:
            return None
        if return_data is None:
            return_data = {}

        if not google_auth_enabled(realm=realm):
            return_data["google_auth_disabled"] = True
            return None

        try:
            token_payload = googleapiclient.verify_id_token(google_oauth2_token, settings.GOOGLE_CLIENT_ID)
        except AppIdentityError:
            return None

        if token_payload["email_verified"] not in (True, "true"):
            return_data["valid_attestation"] = False
            return None

        return_data["valid_attestation"] = True
        return common_get_active_user(token_payload["email"], realm, return_data)
Пример #2
0
    def authenticate(
            self,
            google_oauth2_token: Optional[str] = None,
            realm: Optional[Realm] = None,
            return_data: Optional[Dict[str,
                                       Any]] = None) -> Optional[UserProfile]:
        # We lazily import apiclient as part of optimizing the base
        # import time for a Zulip management command, since it's only
        # used in this one code path and takes 30-50ms to import.
        from apiclient.sample_tools import client as googleapiclient
        from oauth2client.crypt import AppIdentityError
        if realm is None:
            return None
        if return_data is None:
            return_data = {}

        if not google_auth_enabled(realm=realm):
            return_data["google_auth_disabled"] = True
            return None

        try:
            token_payload = googleapiclient.verify_id_token(
                google_oauth2_token, settings.GOOGLE_CLIENT_ID)
        except AppIdentityError:
            return None

        if token_payload["email_verified"] not in (True, "true"):
            return_data["valid_attestation"] = False
            return None

        return_data["valid_attestation"] = True
        return common_get_active_user(token_payload["email"], realm,
                                      return_data)
Пример #3
0
    def authenticate(
            self,
            google_oauth2_token: str = None,
            realm: Optional[Realm] = None,
            return_data: Optional[Dict[str,
                                       Any]] = None) -> Optional[UserProfile]:
        if realm is None:
            return None
        if return_data is None:
            return_data = {}

        if not google_auth_enabled(realm=realm):
            return_data["google_auth_disabled"] = True
            return None

        try:
            token_payload = googleapiclient.verify_id_token(
                google_oauth2_token, settings.GOOGLE_CLIENT_ID)
        except AppIdentityError:
            return None

        if token_payload["email_verified"] not in (True, "true"):
            return_data["valid_attestation"] = False
            return None

        return_data["valid_attestation"] = True
        return common_get_active_user(token_payload["email"], realm,
                                      return_data)
Пример #4
0
    def authenticate(self, google_oauth2_token=None, realm_subdomain=None, return_data=None):
        # type: (Optional[str], Optional[Text], Optional[Dict[str, Any]]) -> Optional[UserProfile]
        if return_data is None:
            return_data = {}

        try:
            token_payload = googleapiclient.verify_id_token(google_oauth2_token, settings.GOOGLE_CLIENT_ID)
        except AppIdentityError:
            return None
        if token_payload["email_verified"] in (True, "true"):
            try:
                user_profile = get_user_profile_by_email(token_payload["email"])
            except UserProfile.DoesNotExist:
                return_data["valid_attestation"] = True
                return None
            if not user_profile.is_active:
                return_data["inactive_user"] = True
                return None
            if user_profile.realm.deactivated:
                return_data["inactive_realm"] = True
                return None
            if not check_subdomain(realm_subdomain, user_profile.realm.subdomain):
                return_data["invalid_subdomain"] = True
                return None
            if not google_auth_enabled(realm=user_profile.realm):
                return_data["google_auth_disabled"] = True
                return None
            return user_profile
        else:
            return_data["valid_attestation"] = False
            return None
Пример #5
0
    def authenticate(self, google_oauth2_token=None, realm_subdomain=None, return_data=None):
        # type: (Optional[str], Optional[Text], Optional[Dict[str, Any]]) -> Optional[UserProfile]
        if return_data is None:
            return_data = {}

        try:
            token_payload = googleapiclient.verify_id_token(google_oauth2_token, settings.GOOGLE_CLIENT_ID)
        except AppIdentityError:
            return None
        if token_payload["email_verified"] in (True, "true"):
            try:
                user_profile = get_user_profile_by_email(token_payload["email"])
            except UserProfile.DoesNotExist:
                return_data["valid_attestation"] = True
                return None
            if not user_profile.is_active:
                return_data["inactive_user"] = True
                return None
            if user_profile.realm.deactivated:
                return_data["inactive_realm"] = True
                return None
            if not check_subdomain(realm_subdomain, user_profile.realm.subdomain):
                return_data["invalid_subdomain"] = True
                return None
            if not google_auth_enabled(realm=user_profile.realm):
                return_data["google_auth_disabled"] = True
                return None
            return user_profile
        else:
            return_data["valid_attestation"] = False
            return None
Пример #6
0
 def authenticate(self, google_oauth2_token=None, return_data={}):
     try:
         token_payload = googleapiclient.verify_id_token(google_oauth2_token, settings.GOOGLE_CLIENT_ID)
     except AppIdentityError:
         return None
     if token_payload["email_verified"] in (True, "true"):
         try:
             return get_user_profile_by_email(token_payload["email"])
         except UserProfile.DoesNotExist:
             return_data["valid_attestation"] = True
             return None
     else:
         return_data["valid_attestation"] = False
Пример #7
0
 def authenticate(self, google_oauth2_token=None, return_data={}):
     try:
         token_payload = googleapiclient.verify_id_token(
             google_oauth2_token, settings.GOOGLE_CLIENT_ID)
     except AppIdentityError:
         return None
     if token_payload["email_verified"] in (True, "true"):
         try:
             return get_user_profile_by_email(token_payload["email"])
         except UserProfile.DoesNotExist:
             return_data["valid_attestation"] = True
             return None
     else:
         return_data["valid_attestation"] = False
Пример #8
0
 def authenticate(self, google_oauth2_token=None, return_data=dict()):
     # type: (Optional[str], Dict[str, Any]) -> Optional[UserProfile]
     try:
         token_payload = googleapiclient.verify_id_token(google_oauth2_token, settings.GOOGLE_CLIENT_ID)
     except AppIdentityError:
         return None
     if token_payload["email_verified"] in (True, "true"):
         try:
             user_profile = get_user_profile_by_email(token_payload["email"])
         except UserProfile.DoesNotExist:
             return_data["valid_attestation"] = True
             return None
         if not user_profile.is_active:
             return_data["inactive_user"] = True
             return None
         if user_profile.realm.deactivated:
             return_data["inactive_realm"] = True
             return None
         return user_profile
     else:
         return_data["valid_attestation"] = False
Пример #9
0
    def authenticate(self, google_oauth2_token: str=None, realm: Optional[Realm]=None,
                     return_data: Optional[Dict[str, Any]]=None) -> Optional[UserProfile]:
        if realm is None:
            return None
        if return_data is None:
            return_data = {}

        if not google_auth_enabled(realm=realm):
            return_data["google_auth_disabled"] = True
            return None

        try:
            token_payload = googleapiclient.verify_id_token(google_oauth2_token, settings.GOOGLE_CLIENT_ID)
        except AppIdentityError:
            return None

        if token_payload["email_verified"] not in (True, "true"):
            return_data["valid_attestation"] = False
            return None

        return_data["valid_attestation"] = True
        return common_get_active_user(token_payload["email"], realm, return_data)
Пример #10
0
 def authenticate(self, google_oauth2_token=None, return_data=dict()):
     # type: (Optional[str], Dict[str, Any]) -> Optional[UserProfile]
     try:
         token_payload = googleapiclient.verify_id_token(
             google_oauth2_token, settings.GOOGLE_CLIENT_ID)
     except AppIdentityError:
         return None
     if token_payload["email_verified"] in (True, "true"):
         try:
             user_profile = get_user_profile_by_email(
                 token_payload["email"])
         except UserProfile.DoesNotExist:
             return_data["valid_attestation"] = True
             return None
         if not user_profile.is_active:
             return_data["inactive_user"] = True
             return None
         if user_profile.realm.deactivated:
             return_data["inactive_realm"] = True
             return None
         return user_profile
     else:
         return_data["valid_attestation"] = False