def handle_redirect_uri(self, request):
# If the user disapproves, we are alerted here.
error = request.GET.get("error")
if error:
logging.warning("OAuth2: Error: %s" % (error,))
raise OAuth2Error(error)
authorization_code = request.GET.get("code")
payload = {
"code": authorization_code,
"client_id": Secret.get_secret('google_client_id').value,
"client_secret": Secret.get_secret('google_client_secret').value,
"redirect_uri": self.redirect_uri,
"grant_type": "authorization_code"
}
encoded_payload = urllib.urlencode(payload)
logging.info("OAuth2: Requesting access token. Payload: %s" % (payload,))
result = json.loads(urlfetch.fetch(url=self.ACCESS_TOKEN_ENDPOINT,
payload=encoded_payload,
method=urlfetch.POST,
headers={"Content-Type": "application/x-www-form-urlencoded"}).content)
logging.info("OAuth2: Access token response: %s" % (result,))
error = result.get("error")
if error:
logging.error("OAuth2: Error: %s" % (error,))
raise OAuth2Error(error)
self.access_token = result['access_token']
def make_app():
""" This function returns a Pyramid WSGI application.
"""
auth_secret = Secret.get_secret('auth_secret')
if not auth_secret.value:
auth_secret.value = uuid.uuid4().hex
auth_secret.put()
authn_policy = AuthTktAuthenticationPolicy(
auth_secret.value,
callback=groupfinder,
cookie_name='divsie_auth',
secure=True,
timeout=86400,
reissue_time=300,
max_age=86400,
http_only=True,
wild_domain=False,
)
authz_policy = ACLAuthorizationPolicy()
config = Configurator(root_factory=Root,
authentication_policy=authn_policy,
authorization_policy=authz_policy)
#config.add_tween('divsieapp.timing_tween_factory')
config.add_request_method(get_user, 'user', reify=True)
config.add_renderer('.html', pyramid_jinja2.Jinja2Renderer)
config.add_renderer(name='safejson', factory=SafeJSON())
config.add_notfound_view(views.notfound, renderer='404.html')
# The root page, which may be different based on user status.
config.add_route('root', '/')
# The form target to request an invite code.
config.add_route('request-invite', '/request-invite')
# The form target to redeem an invite code.
config.add_route('invitation-code', '/invitation-code')
# The targets which actually log a user in or out.
# The login target expects proof of identity.
config.add_route('login', '/login')
config.add_route('logout', '/logout')
# Hook up the views
views.add_views(config)
config.include(cornice)
config.include(api_v1)
return config.make_wsgi_app()
def get_auth_url(self):
params = {
"response_type": self.response_type,
"client_id": Secret.get_secret('google_client_id').value,
"redirect_uri": self.redirect_uri,
"scope": self.scope,
"access_type": self.access_type
}
if self.prompt:
params["prompt"] = self.prompt
if self.state:
params["state"] = self.state
auth_url = self.AUTH_ENDPOINT + '?' + urllib.urlencode(params)
logging.info("OAuth2: Creating auth_url: %s" % (auth_url,))
return auth_url
