def test_register_conf_from_app(self): app = Flask(__name__) app.config.update({ 'DEV_CLIENT_KEY': 'dev', 'DEV_CLIENT_SECRET': 'dev', }) oauth = OAuth(app) oauth.register('dev') self.assertEqual(oauth.dev.client_key, 'dev')
def register(self, app): oauth = OAuth(app) oauth.register( name=self.name, client_id=self.client_id, client_secret=self.client_secret, access_token_url=self.access_token_url, authorize_url=self.authorize_url, client_kwargs=self.client_kwargs, fetch_token=self.fetch_token_from_session, ) return oauth
def test_register_remote_app(self): app = Flask(__name__) oauth = OAuth(app) self.assertRaises(AttributeError, lambda: oauth.dev) oauth.register( 'dev', client_key='dev', client_secret='dev', ) self.assertEqual(oauth.dev.name, 'dev') self.assertEqual(oauth.dev.client_key, 'dev')
def test_register_oauth1_remote_app(self): app = Flask(__name__) oauth = OAuth(app) oauth.register('dev', client_id='dev', client_secret='dev', request_token_url='https://i.b/reqeust-token', api_base_url='https://i.b/api', access_token_url='https://i.b/token', authorize_url='https://i.b/authorize') self.assertEqual(oauth.dev.name, 'dev') self.assertEqual(oauth.dev.client_id, 'dev')
def test_init_app_later(self): app = Flask(__name__) app.config.update({ 'DEV_CLIENT_KEY': 'dev', 'DEV_CLIENT_SECRET': 'dev', }) oauth = OAuth() remote = oauth.register('dev') self.assertRaises(RuntimeError, lambda: oauth.dev.client_key) oauth.init_app(app) self.assertEqual(oauth.dev.client_key, 'dev') self.assertEqual(remote.client_key, 'dev')
def test_register_oauth1_remote_app(self): app = Flask(__name__) app.config.update({'OAUTH_CLIENT_CACHE_TYPE': 'null'}) oauth = OAuth(app) oauth.register('dev', client_key='dev', client_secret='dev', request_token_url='https://i.b/reqeust-token', base_url='https://i.b/api', access_token_url='https://i.b/token', authorize_url='https://i.b/authorize') self.assertEqual(oauth.dev.name, 'dev') self.assertEqual(oauth.dev.client_key, 'dev')
def test_register_oauth2_remote_app(self): app = Flask(__name__) oauth = OAuth(app) oauth.register('dev', client_id='dev', client_secret='dev', api_base_url='https://i.b/api', access_token_url='https://i.b/token', refresh_token_url='https://i.b/token', authorize_url='https://i.b/authorize', update_token=lambda name: 'hi') self.assertEqual(oauth.dev.name, 'dev') session = oauth.dev._get_session() self.assertIsNotNone(session.token_updater)
def init_app(self, app): """Do setup required by a Flask app.""" app.config.setdefault('AUTH0_ALGORITHMS', 'RS256') app.config.setdefault('AUTH0_AUDIENCE', None) app.config.setdefault('AUTH0_CALLBACK_URL', None) app.config.setdefault('AUTH0_CLIENT_ID', None) app.config.setdefault('AUTH0_CLIENT_SECRET', None) app.config.setdefault('AUTH0_DOMAIN', None) app.config.setdefault('AUTH0_LOGOUT_URL', None) app.config.setdefault('AUTH0_REQUIRE_VERIFIED_EMAIL', True) app.config.setdefault('AUTH0_SESSION_JWT_PAYLOAD_KEY', 'jwt_payload') app.config.setdefault('AUTH0_SESSION_TOKEN_KEY', 'auth0_token') app.config.setdefault('AUTH0_SCOPE', 'openid profile email') self._client_id = app.config['AUTH0_CLIENT_ID'] self._client_secret = app.config['AUTH0_CLIENT_SECRET'] self._domain = app.config['AUTH0_DOMAIN'] self._base_url = 'https://{}'.format(self._domain) self._access_token_url = self._base_url + '/oauth/token' self._callback_url = app.config['AUTH0_CALLBACK_URL'] self._logout_url = app.config['AUTH0_LOGOUT_URL'] self._authorize_url = self._base_url + '/authorize' default_audience = self._base_url + '/userinfo' self._audience = app.config.get('AUTH0_AUDIENCE', default_audience) self._scope = app.config['AUTH0_SCOPE'] self._session_token_key = app.config['AUTH0_SESSION_TOKEN_KEY'] self._session_jwt_payload_key = \ app.config['AUTH0_SESSION_JWT_PAYLOAD_KEY'] self._auth0 = OAuth(app).register( 'auth0', client_id=self._client_id, client_secret=self._client_secret, api_base_url=self._base_url, access_token_url=self._access_token_url, authorize_url=self._authorize_url, client_kwargs={ 'audience': self._audience, 'scope': self._scope, }, ) route = urlparse(self._callback_url).path app.route(route)(self._callback) @app.errorhandler(AuthError) def handle_auth_error(ex): response = flask.jsonify(ex.error) response.status_code = ex.status_code return response
def establish_login_auth(app): oauth = OAuth(app) auth0 = oauth.register( "auth0", client_id=AUTH0_CLIENT_ID, client_secret=AUTH0_CLIENT_SECRET, api_base_url="https://%s/" % AUTH0_DOMAIN, access_token_url="https://%s/oauth/token" % AUTH0_DOMAIN, authorize_url="https://%s/authorize" % AUTH0_DOMAIN, client_kwargs={"scope": "openid profile email"}, ) return auth0
def add_auth_controllers(app: Flask, config: Config, db: Database): oauth = OAuth(app, Cache()) def handle_authorize(remote, token, user_info): sub = user_info['sub'] email = user_info['email'] user_info['providerName'] = remote.name session['user_info'] = user_info with db.session_scope() as conn: user = conn.query(User).filter( or_(User.sub == sub, and_(User.email == email, User.email != None))).first() if not user: user = User(sub=sub, email=email) conn.add(user) user.email = email user.name = user_info['name'] user.avatar = user_info['picture'] conn.flush() session['user_id'] = user.id return redirect('/') for backend in backends: bp = create_flask_blueprint(backend, oauth, handle_authorize) app.register_blueprint(bp, url_prefix='/{}'.format(backend.OAUTH_NAME)) @app.route('/logout') def logout(): # pylint: disable=unused-variable del session['user_info'] del session['user_id'] return redirect('/')
def test_init_app_later(self): app = Flask(__name__) app.config.update({ 'DEV_CLIENT_ID': 'dev', 'DEV_CLIENT_SECRET': 'dev', }) oauth = OAuth() remote = oauth.register('dev') self.assertRaises(RuntimeError, lambda: oauth.dev.client_id) oauth.init_app(app) self.assertEqual(oauth.dev.client_id, 'dev') self.assertEqual(remote.client_id, 'dev') self.assertIsNone(oauth.cache) self.assertIsNone(oauth.fetch_token) self.assertIsNone(oauth.update_token)
def test_register_with_overwrite(self): app = Flask(__name__) app.config.update({ 'DEV_CLIENT_ID': 'dev-1', 'DEV_CLIENT_SECRET': 'dev', 'DEV_ACCESS_TOKEN_PARAMS': {'foo': 'foo-1'} }) oauth = OAuth(app) oauth.register( 'dev', overwrite=True, client_id='dev', access_token_params={'foo': 'foo'} ) self.assertEqual(oauth.dev.client_id, 'dev-1') self.assertEqual(oauth.dev.client_secret, 'dev') self.assertEqual(oauth.dev.access_token_params['foo'], 'foo-1')
def setup(): # Initializing OAuth. oauth = OAuth(current_app) current_app.secret_key = os.environ['APP_SECRET_KEY'] global auth0 auth0 = oauth.register( 'auth0', client_id=os.environ['CLIENT_ID'], client_secret=os.environ['CLIENT_SECRET'], api_base_url=os.environ['AUTH0_DOMAIN'], access_token_url=os.environ['AUTH0_DOMAIN'] + '/oauth/token', authorize_url=os.environ['AUTH0_DOMAIN'] + '/authorize', client_kwargs={ 'scope': 'openid email profile', # What data you want to fetch. }, )
def setup(): # Initializing OAuth oauth = OAuth(current_app) current_app.secret_key = 'random_string' global auth0 auth0 = oauth.register( 'auth0', client_id=os.environ['CLIENT_ID'], client_secret=os.environ['CLIENT_SECRET'], api_base_url=os.environ['AUTH0_DOMAIN'], access_token_url=os.environ['AUTH0_DOMAIN'] + '/oauth/token', authorize_url=os.environ['AUTH0_DOMAIN'] + '/authorize', client_kwargs={ 'scope': 'openid profile', }, )
def test_oauth2_access_token_with_post(self): app = Flask(__name__) app.secret_key = '!' oauth = OAuth(app) client = oauth.register('dev', client_id='dev', client_secret='dev', api_base_url='https://i.b/api', access_token_url='https://i.b/token', authorize_url='https://i.b/authorize') payload = {'code': 'a', 'state': 'b'} with app.test_request_context(data=payload, method='POST'): session['_dev_authlib_state_'] = 'b' with mock.patch('requests.sessions.Session.send') as send: send.return_value = mock_send_value(get_bearer_token()) token = client.authorize_access_token() self.assertEqual(token['access_token'], 'a')
def init_app(self, app): self.app = app app.auth_manager = self app.context_processor(_user_context_processor) app.context_processor(_user_roles_context_processor) if app.config.get('AUTH_METHOD') == 'google': app.config.setdefault('GOOGLE_ALLOWED_DOMAINS', []) from authlib.flask.client import OAuth self.oauth = OAuth(app) from loginpass import create_flask_blueprint from loginpass.google import Google from .google import handle_authorize google_bp = create_flask_blueprint(Google, self.oauth, handle_authorize) app.register_blueprint(google_bp, url_prefix='/auth/google') self.login_view = 'loginpass_google.login' elif app.config.get('AUTH_METHOD') == 'oidc': from authlib.flask.client import OAuth self.oauth = OAuth(app) from loginpass import create_flask_blueprint from .oidc import create_oidc_backend, handle_authorize backend = create_oidc_backend('oidc', app.config['OIDC_CLIENT_SECRETS'], app.config.get('OIDC_SCOPES')) oidc_bp = create_flask_blueprint(backend, self.oauth, handle_authorize) app.register_blueprint(oidc_bp, url_prefix='/auth/oidc') self.login_view = 'loginpass_oidc.login' else: from . import local_views app.register_blueprint(local_views.bp, url_prefix='/auth/local') self.login_view = 'auth_local.login' from . import views app.register_blueprint(views.bp, url_prefix='/auth')
def register_extensions(app: Flask): # Initializes oauth global oauth oauth = OAuth(app) # Initializes JWT global jwt jwt = JWTManager(app) return app
def setup_oauth_backends(main_app: Flask, cache: Cache) -> OAuth: """ Configure the OAuth2 service providers. """ oauth = OAuth(main_app, cache=cache) for backend in OAUTH_BACKENDS.values(): remote = register_to(backend, oauth, RemoteApp) OAUTH_REMOTE_APPS[backend.OAUTH_NAME] = remote return oauth
class Federation: def __init__(self): self.clients = set() self._authlib_clients = OAuth() def register(self, client_name, **kwargs): self.clients.add(client_name) self._authlib_clients.register(client_name, **kwargs) def get(self, client_name): if client_name in self.clients: return self._authlib_clients.create_client(client_name) return None def init_app(self, app): self.register('solidsea', client_cls=OIDCClient, discovery_url=app.config['SOLIDSEA_DISCOVERY_URL']) self._authlib_clients.init_app(app)
class CAPOAuth(object): """CAP auth extension.""" def __init__(self, app=None): """Extension initialization.""" if app: self.init_app(app) def init_app(self, app): """Flask application initialization.""" self.auth = OAuth(app, fetch_token=_fetch_token, update_token=_update_token) self.register_oauth_services() self.app = app app.extensions['cap-auth'] = self def register_oauth_services(self): for service in OAUTH_SERVICES: self.auth.register(**OAUTH_SERVICES[service])
def __init__(self, app): self.app = app self.auth0 = OAuth(app).register( "auth0", client_id=Auth.AUTH0_CLIENT_ID, client_secret=Auth.AUTH0_CLIENT_SECRET, api_base_url=Auth.AUTH0_BASE_URL, access_token_url=Auth.AUTH0_BASE_URL + "/oauth/token", authorize_url=Auth.AUTH0_BASE_URL + "/authorize", client_kwargs={"scope": Auth.SCOPE}, )
class Federation: def __init__(self): self.clients = [] self._authlib_clients = OAuth() def register(self, client_name, **kwargs): self.clients.append(client_name) self._authlib_clients.register(client_name, **kwargs) def get(self, client_name): if client_name in self.clients: return self._authlib_clients.create_client(client_name) return None def init_app(self, app): for client_name in app.config['FEDERATION']: log.info('Registering client "{}"'.format(client_name)) module_name = app.config.get('{}_CLIENT_MODULE'.format( client_name.upper())) self.register(client_name, client_cls=get_client_cls(module_name)) self._authlib_clients.init_app(app)
def test_request_with_refresh_token(self): app = Flask(__name__) app.secret_key = '!' oauth = OAuth() expired_token = { 'token_type': 'Bearer', 'access_token': 'expired-a', 'refresh_token': 'expired-b', 'expires_in': '3600', 'expires_at': 1566465749, } oauth.init_app(app, fetch_token=lambda name: expired_token) client = oauth.register('dev', client_id='dev', client_secret='dev', api_base_url='https://i.b/api', access_token_url='https://i.b/token', refresh_token_url='https://i.b/token', authorize_url='https://i.b/authorize') def fake_send(sess, req, **kwargs): if req.url == 'https://i.b/token': auth = req.headers['Authorization'] self.assertIn('Basic', auth) resp = mock.MagicMock() resp.json = get_bearer_token resp.status_code = 200 return resp resp = mock.MagicMock() resp.text = 'hi' resp.status_code = 200 return resp with app.test_request_context(): with mock.patch('requests.sessions.Session.send', fake_send): resp = client.get('/api/user', token=expired_token) self.assertEqual(resp.text, 'hi')
def init_auth(state): global auth oauth = OAuth(state.app) config = state.app.config provider = config.get('AUTH_PROVIDER') scope = config.get('AUTH_SCOPE') domain = config.get('AUTH_DOMAIN') client_id = config.get('AUTH_CLIENT_ID') client_secret = config.get('AUTH_CLIENT_SECRET') auth = oauth.register( provider, client_id=client_id, client_secret=client_secret, api_base_url=domain, access_token_url='{}/oauth/token'.format(domain), authorize_url='{}/authorize'.format(domain), client_kwargs={ 'scope': scope, }, )
def test_register_built_in_app(self): app = Flask(__name__) app.config.update({ 'OAUTH_CLIENT_CACHE_TYPE': 'null', 'TWITTER_CLIENT_KEY': 'twitter_key', 'TWITTER_CLIENT_SECRET': 'twitter_secret', }) oauth = OAuth(app) twitter.register_to(oauth) self.assertEqual(oauth.twitter.name, 'twitter') self.assertEqual(twitter.client.name, 'twitter') self.assertTrue(callable(twitter.fetch_user)) self.assertTrue(callable(twitter.client.fetch_user)) self.assertTrue(callable(oauth.twitter.fetch_user))
def test_request_withhold_token(self): app = Flask(__name__) app.secret_key = '!' oauth = OAuth(app) client = oauth.register('dev', client_id='dev', client_secret='dev', api_base_url='https://i.b/api', access_token_url='https://i.b/token', authorize_url='https://i.b/authorize') def fake_send(sess, req, **kwargs): auth = req.headers.get('Authorization') self.assertIsNone(auth) resp = mock.MagicMock() resp.text = 'hi' resp.status_code = 200 return resp with app.test_request_context(): with mock.patch('requests.sessions.Session.send', fake_send): resp = client.get('/api/user', withhold_token=True) self.assertEqual(resp.text, 'hi')
def test_init_app_params(self): app = Flask(__name__) oauth = OAuth() oauth.init_app(app, SimpleCache()) self.assertIsNotNone(oauth.cache) self.assertIsNone(oauth.update_token) oauth.init_app(app, update_token=lambda o: o) self.assertIsNotNone(oauth.update_token)
def test_oauth2_authorize_code_challenge(self): app = Flask(__name__) app.secret_key = '!' oauth = OAuth(app) client = oauth.register( 'dev', client_id='dev', api_base_url='https://i.b/api', access_token_url='https://i.b/token', authorize_url='https://i.b/authorize', code_challenge_method='S256', ) with app.test_request_context(): resp = client.authorize_redirect('https://b.com/bar') self.assertEqual(resp.status_code, 302) url = resp.headers.get('Location') self.assertIn('code_challenge=', url) self.assertIn('code_challenge_method=S256', url) state = session['_dev_authlib_state_'] self.assertIsNotNone(state) verifier = session['_dev_authlib_code_verifier_'] self.assertIsNotNone(verifier) def fake_send(sess, req, **kwargs): self.assertIn('code_verifier={}'.format(verifier), req.body) return mock_send_value(get_bearer_token()) path = '/?code=a&state={}'.format(state) with app.test_request_context(path=path): # session is cleared in tests session['_dev_authlib_state_'] = state session['_dev_authlib_code_verifier_'] = verifier with mock.patch('requests.sessions.Session.send', fake_send): token = client.authorize_access_token() self.assertEqual(token['access_token'], 'a')
def get_auth0_client(self): if ('OAuth' not in g): g.OAuth = OAuth(current_app).register( 'auth0', client_id=g.service_data['clientId'], client_secret=g.service_data['clientSecret'], api_base_url=g.service_data['domain'], access_token_url=g.service_data['domain'] + '/oauth/token', authorize_url=g.service_data['domain'] + '/authorize', client_kwargs={ 'scope':'openid profile' }, ) return g.OAuth
def test_register_built_in_app(self): app = Flask(__name__) app.config.update({ 'TWITTER_CLIENT_ID': 'twitter_key', 'TWITTER_CLIENT_SECRET': 'twitter_secret', }) oauth = OAuth(app) register_apps(oauth, ['twitter']) self.assertEqual(oauth.twitter.name, 'twitter') twitter = get_oauth_app(oauth, 'twitter') self.assertEqual(twitter, get_app('twitter')) self.assertEqual(twitter.name, 'twitter') self.assertEqual(twitter.client.name, 'twitter') self.assertTrue(callable(twitter.profile))
app = Flask(__name__.split()[0], instance_relative_config='NO_INSTANCE_CONFIG' not in os.environ) # Loads configuration information from config.py and instance/config.py app.config.from_object('config') if 'NO_INSTANCE_CONFIG' not in os.environ: app.config.from_pyfile('config.py') celery = Celery(app.name, broker=app.config['CELERY_BROKER_URL']) celery.conf.update(app.config) # Enable authentication if configured. oauth = None # pylint: disable=C0103 if app.config.get('WATERAUTH_AUTHORIZE_URL'): oauth = OAuth(app) # pylint: disable=C0103 oauth.register('waterauth', client_kwargs={'verify': app.config.get('VERIFY_CERT', True)} ) if app.config.get('LOGGING_ENABLED'): log_directory = app.config.get('LOGGING_DIRECTORY') loglevel = app.config.get('LOGGING_LEVEL') handler = _create_log_handler(log_directory) # Do not set logging level in the handler. # Otherwise, if Flask's DEBUG is set to False, # all logging will be disabled. # Instead, set the level in the logger object. app.logger.setLevel(loglevel) app.logger.addHandler(handler) # celery uses two loggers: one global/worker logger and a second task logger
fh.setLevel(logging.INFO) fh.setFormatter(fmt) ch = logging.StreamHandler() ch.setLevel(logging.INFO) ch.setFormatter(fmt) log = logging.getLogger('notebook2') log.setLevel(logging.INFO) logging.basicConfig( handlers=[fh, ch], level=logging.INFO) app = Flask(__name__) sockets = Sockets(app) oauth = OAuth(app) scss_path = os.path.join(app.static_folder, 'styles') css_path = os.path.join(app.static_folder, 'css') os.makedirs(css_path, exist_ok=True) sass.compile(dirname=(scss_path, css_path), output_style='compressed') def read_string(f): with open(f, 'r') as f: return f.read().strip() # Must be int for Kubernetes V1 api timeout_seconds property KUBERNETES_TIMEOUT_IN_SECONDS = float(os.environ.get('KUBERNETES_TIMEOUT_IN_SECONDS', 5))