Пример #1
0
    def process_token_result(self, result):  # select the processing function
        jdoc = self.process_result_as_JSON(result)
        if 'error' in jdoc or 'id_token' not in jdoc:  # failed
            self.add_infomessage('info', MSG.INFORMATION(),
                                 MSG.REGISTRATION_ABORT())
            self.redirect_to_relevant_page()
            return
        id_token = jdoc['id_token']
        if type(id_token) == bytes:
            segments = id_token.split(b'.')
        else:
            segments = id_token.split(u'.')
        jwtencoded = segments[1]
        if isinstance(jwtencoded, unicode):
            jwtencoded = jwtencoded.encode('ascii')
        jwtencoded = jwtencoded + b'=' * (4 - len(jwtencoded) % 4)
        jwt = json.loads(base64.urlsafe_b64decode(jwtencoded).decode('utf-8'))

        if not self.validate_token_doc(jwt):
            self.add_infomessage('info', MSG.INFORMATION(),
                                 MSG.REGISTRATION_ABORT())
            self.redirect_to_relevant_page()
            return

        loginInfoSettings = {
            'provider_uid': 'sub',
            'email': 'email',
            'email_verified': 'email_verified'
        }
        loginInfo = self.process_login_info(loginInfoSettings, jwt)
        self.provider_authenticated_callback(loginInfo)
Пример #2
0
    def process_token_result(self, result):  # select the processing function
        data = self.process_result_as_query_string(result)
        if not data:  # failed
            self.add_infomessage('info', MSG.INFORMATION(),
                                 MSG.REGISTRATION_ABORT())
            self.redirect_to_relevant_page()
            return
        token = data['access_token']
        profile = self.get_profile(token)
        jdoc = self.process_result_as_JSON(profile)

        emailUrl = 'https://api.github.com/user/emails?' + urllib.urlencode(
            {'access_token': token})
        emailDoc = self.urlfetch_safe(url=emailUrl)
        jemails = self.process_result_as_JSON(emailDoc)
        for item in jemails:
            if item.get('verified', False):
                jdoc.update(item)
                if item.get('primary', False):
                    break  # if we have a verified primary we stop and use that
        if jemails and not jdoc.get('email', None):
            jdoc.update(jemails[0])

        jdoc['id'] = str(jdoc['id'])  # convert id to string

        loginInfoSettings = {
            'provider_uid': 'id',
            'email': 'email',
            'email_verified': 'verified'
        }
        loginInfo = self.process_login_info(loginInfoSettings, jdoc)
        self.provider_authenticated_callback(loginInfo)
Пример #3
0
    def urlfetch_safe(self, *args, **kwargs):
        haveError = False
        try:
            result = urlfetch.fetch(*args, **kwargs)
            if result.status_code != 200:
                haveError = True
        except:
            haveError = True

        if haveError:
            self.add_infomessage(MSG.INFORMATION(), MSG.REGISTRATION_ABORT())
            self.redirect_to_relevant_page(True)
        return result
Пример #4
0
    def process_token_result(self, result):  # select the processing function
        data = self.process_result_as_query_string(result)
        if not data:  # failed
            self.add_infomessage('info', MSG.INFORMATION(),
                                 MSG.REGISTRATION_ABORT())
            self.redirect_to_relevant_page()
            return
        token = data['access_token']
        profile = self.get_profile(token)
        jdoc = self.process_result_as_JSON(profile)

        loginInfoSettings = {
            'provider_uid': 'id',
            'email': 'email',
            'email_verified': 'verified'
        }
        loginInfo = self.process_login_info(loginInfoSettings, jdoc)
        self.provider_authenticated_callback(loginInfo)
Пример #5
0
 def process_token_result(self, result):  # select the processing function
     data = self.process_result_as_JSON(result)
     if not data:  # failed
         self.add_infomessage(MSG.INFORMATION(), MSG.REGISTRATION_ABORT())
         self.redirect_to_relevant_page()
         return
     token = data['access_token']
     profile = self.get_profile(token, {'fields': 'id,email'})
     jdoc = self.process_result_as_JSON(profile)
     jdoc[
         'email_verified'] = True  # Facebook emails only given if verified.
     loginInfoSettings = {
         'provider_uid': 'id',
         'email': 'email',
         'email_verified': 'email_verified'
     }
     loginInfo = self.process_login_info(loginInfoSettings, jdoc)
     self.provider_authenticated_callback(loginInfo)
Пример #6
0
 def post(self):
     choice = self.request.get('choice')
     # Step 1
     if choice == 'create' or choice == 'cancel':
         token = self.session.get('tokenregisterauth')
         tokenEntity = EnkiModelTokenVerify.get_by_token_type(
             token, 'register')
         authId = tokenEntity.auth_ids_provider
         provider_name, provider_uid = authId.partition(':')[::2]
         auth_email = tokenEntity.email if tokenEntity.email else None
         if choice == 'create':
             if auth_email:
                 # If the email is given by the provider, it is verified. Get or ceate the account and log the user in.
                 user = self.get_or_create_user_from_authid(
                     authId, auth_email)
                 if user:  # login the user through auth
                     self.log_in_session_token_create(user)
                     self.add_infomessage('success', MSG.SUCCESS(),
                                          MSG.LOGGED_IN())
                 else:  # user creation failed (timeout etc.)
                     self.add_infomessage(
                         'warning', MSG.WARNING(),
                         MSG.AUTH_LOGIN_FAILED(provider_name))
                 self.redirect_to_relevant_page()
                 tokenEntity.key.delete()
                 self.session.pop('tokenregisterauth')
             else:
                 # If the email isn't given by the provider, use the manually entered email.
                 self.check_CSRF()
                 email = self.request.get('email')
                 user = self.get_or_create_user_from_authid(authId)
                 self.log_in_session_token_create(user)
                 error_message = ''
                 success = False
                 result = enki.libuser.validate_email(email)
                 if result == enki.libutil.ENKILIB_OK:
                     result = self.email_change_request(
                         email
                     )  # send an email for verification. Since it's not verified at this point, create the account without the email.
                     self.add_infomessage(
                         'info', MSG.INFORMATION(),
                         MSG.REGISTER_AUTH_ADD_EMAIL_INFO_EMAIL_SENT(email))
                     if result == enki.handlerbase.ERROR_EMAIL_IN_USE:
                         self.add_debugmessage(
                             'Comment - whether the email is available or not, the feedback through the UI is identical to prevent email checking.'
                         )
                     success = True
                     tokenEntity.key.delete()
                     self.session.pop('tokenregisterauth')
                 elif result == enki.libuser.ERROR_EMAIL_FORMAT_INVALID:
                     error_message = MSG.WRONG_EMAIL_FORMAT()
                 elif result == enki.libuser.ERROR_EMAIL_MISSING:
                     error_message = MSG.MISSING_EMAIL()
                 self.render_tmpl('registeroauthconfirm.html',
                                  active_menu='register',
                                  token=tokenEntity,
                                  provider_name=provider_name,
                                  provider_uid=str(provider_uid),
                                  error=error_message,
                                  success=success)
         elif choice == 'cancel':
             self.add_infomessage('info', MSG.INFORMATION(),
                                  MSG.REGISTRATION_ABORT())
             self.redirect_to_relevant_page()
             tokenEntity.key.delete()
             self.session.pop('tokenregisterauth')
     # Step 2 (those choices will only be presented to the user if they successfully added an email manually).
     elif choice == 'continue':
         self.redirect_to_relevant_page()
     elif choice == 'profile':
         url = enki.libutil.get_local_url('profile')
         self.session['sessionrefpath'] = url
         self.redirect(url)