def login(): handshaker = Handshaker("https://meta.wikimedia.org/w/index.php", oauth_token) redirect_url, request_token = handshaker.initiate() session['request_token'] = request_token session['return_to_url'] = request.args.get('next', '/') return redirect(redirect_url)
def get(self): consumer_token = ConsumerToken( self.authenticator.client_id, self.authenticator.client_secret ) handshaker = Handshaker( self.authenticator.mw_index_url, consumer_token ) request_token = dejsonify(self.get_secure_cookie(AUTH_REQUEST_COOKIE_NAME)) self.clear_cookie(AUTH_REQUEST_COOKIE_NAME) access_token = yield self.executor.submit( handshaker.complete, request_token, self.request.query ) identity = handshaker.identify(access_token) if identity and 'username' in identity: # FIXME: Figure out total set of chars that can be present # in MW's usernames, and set of chars valid in jupyterhub # usernames, and do a proper mapping username = identity['username'].replace(' ', '_') user = self.find_user(username) if user is None: user = orm.User(name=username, id=identity['sub']) self.db.add(user) self.db.commit() self.set_login_cookie(user) self.redirect(url_path_join(self.hub.server.base_url, 'home')) else: # todo: custom error page? raise web.HTTPError(403)
def authcallback(): # Step 3: Complete -- obtain authorized key/secret for "resource owner" rediskey = request.cookies.get('rediskey') oauth_verifier = request.args.get('oauth_verifier', '') oauth_token = request.args.get('oauth_token', '') request_token = r.get(rediskey) if request_token == None: resp = make_response(render_template('redirect.html'), 302) resp.headers['Location'] = 'auth' return resp elif oauth_verifier == '': resp = make_response(render_template('redirect.html'), 302) resp.headers['Location'] = 'auth' return resp else: handshaker = Handshaker("https://en.wikipedia.org/w/index.php", consumer_token) serialrequest_token = r.get(rediskey) request_token = pickle.loads(serialrequest_token) response_qs = 'oauth_verifier=' + oauth_verifier + '&' + 'oauth_token=' + oauth_token #print(request_token) #print(response_qs) access_token = handshaker.complete(request_token,response_qs) #print(str(access_token)) # Step 4: Identify -- (optional) get identifying information about the user identity = handshaker.identify(access_token) r.delete(rediskey) #return "Identified as {username}.".format(**identity) username = "******".format(**identity) resp = make_response(render_template('redirect.html'), 302) resp.headers['Location'] = 'https://kiwiirc.com/client/irc.freenode.net/wikipedia-en-help?nick=' + username return resp
def oauth_callback(): handshaker = Handshaker( "https://meta.wikimedia.org/w/index.php", oauth_token, user_agent=user_agent ) access_token = handshaker.complete(session['request_token'], request.query_string) session['access_token'] = access_token identity = handshaker.identify(access_token) wiki_uid = identity['sub'] user = g.conn.session.query(User).filter(User.wiki_uid == wiki_uid).first() if user is None: user = User(username=identity['username'], wiki_uid=wiki_uid) g.conn.session.add(user) g.conn.session.commit() elif user.username != identity['username']: user.username = identity['username'] g.conn.session.add(user) try: g.conn.session.commit() except IntegrityError as e: if e[0] == 1062: # Duplicate g.conn.session.rollback() else: raise session['user_id'] = user.id return_to_url = session.get('return_to_url') del session['request_token'] del session['return_to_url'] return redirect(return_to_url)
def get(self): consumer_token = ConsumerToken(self.authenticator.client_id, self.authenticator.client_secret) handshaker = Handshaker(self.authenticator.mw_index_url, consumer_token) request_token = dejsonify( self.get_secure_cookie(AUTH_REQUEST_COOKIE_NAME)) self.clear_cookie(AUTH_REQUEST_COOKIE_NAME) access_token = yield self.executor.submit(handshaker.complete, request_token, self.request.query) identity = handshaker.identify(access_token) if identity and 'username' in identity: # FIXME: Figure out total set of chars that can be present # in MW's usernames, and set of chars valid in jupyterhub # usernames, and do a proper mapping username = identity['username'].replace(' ', '_') user = self.find_user(username) if user is None: user = orm.User(name=username, id=identity['sub']) self.db.add(user) self.db.commit() self.set_login_cookie(user) self.redirect(url_path_join(self.hub.server.base_url, 'home')) else: # todo: custom error page? raise web.HTTPError(403)
def complete_login(request, consumer_token, cookie, rdb_session, root_path, api_log): # TODO: Remove or standardize the DEBUG option if DEBUG: identity = {'sub': 6024474, 'username': '******'} else: handshaker = Handshaker(WIKI_OAUTH_URL, consumer_token) with api_log.debug('load_login_cookie') as act: try: rt_key = cookie['request_token_key'] rt_secret = cookie['request_token_secret'] except KeyError: # in some rare cases, stale cookies are left behind # and users have to click login again act.failure('clearing stale cookie, redirecting to {}', root_path) cookie.set_expires() return redirect(root_path) req_token = RequestToken(rt_key, rt_secret) access_token = handshaker.complete(req_token, request.query_string) identity = handshaker.identify(access_token) userid = identity['sub'] username = identity['username'] user = rdb_session.query(User).filter(User.id == userid).first() now = datetime.datetime.utcnow() if user is None: user = User(id=userid, username=username, last_active_date=now) rdb_session.add(user) else: user.last_active_date = now # These would be useful when we have oauth beyond simple ID, but # they should be stored in the database along with expiration times. # ID tokens only last 100 seconds or so # cookie['access_token_key'] = access_token.key # cookie['access_token_secret'] = access_token.secret # identity['confirmed_email'] = True/False might be interesting # for contactability through the username. Might want to assert # that it is True. cookie['userid'] = identity['sub'] cookie['username'] = identity['username'] return_to_url = cookie.get('return_to_url') # TODO: Clean up if not DEBUG: del cookie['request_token_key'] del cookie['request_token_secret'] del cookie['return_to_url'] else: return_to_url = '/' return redirect(return_to_url)
def wd_oauth_handshake_1(): consumer_token = ConsumerToken(oauth_config.consumer_key, oauth_config.consumer_secret) # Construct handshaker with wiki URI and consumer handshaker = Handshaker("https://www.mediawiki.org/w/index.php", consumer_token) # # Step 1: Initialize -- ask MediaWiki for a temporary key/secret for user mw_redirect, request_token = handshaker.initiate() return mw_redirect
def login(): handshaker = Handshaker( "https://meta.wikimedia.org/w/index.php", oauth_token ) redirect_url, request_token = handshaker.initiate() session['request_token'] = request_token session['return_to_url'] = request.args.get('next', '/') return redirect(redirect_url)
def login(request, consumer_token, cookie, root_path): handshaker = Handshaker(WIKI_OAUTH_URL, consumer_token) redirect_url, request_token = handshaker.initiate() cookie['request_token_key'] = request_token.key cookie['request_token_secret'] = request_token.secret cookie['return_to_url'] = request.args.get('next', root_path) return redirect(redirect_url)
class MWOauthHandshake(object): def __init__(self): self.consumer_token = ConsumerToken(oauth_config.consumer_key, oauth_config.consumer_secret) self.handshaker = Handshaker("https://www.mediawiki.org/w/index.php", self.consumer_token) self.request_token = '' self.response_qs = '' self.access_token = '' def redirection(self): mw_redirect, self.request_token = self.handshaker.initiate() return mw_redirect def get_access_token(self): self.access_token = self.handshaker.complete(self.request_token, self.response_qs)
async def authenticate(self, handler, data=None): consumer_token = ConsumerToken( self.client_id, self.client_secret, ) handshaker = Handshaker(self.mw_index_url, consumer_token) request_token = dejsonify( handler.get_secure_cookie(AUTH_REQUEST_COOKIE_NAME)) handler.clear_cookie(AUTH_REQUEST_COOKIE_NAME) access_token = await wrap_future( self.executor.submit(handshaker.complete, request_token, handler.request.query)) identity = await wrap_future( self.executor.submit(handshaker.identify, access_token)) if identity and 'username' in identity: # this shouldn't be necessary anymore, # but keep for backward-compatibility return { 'name': identity['username'].replace(' ', '_'), 'auth_state': { 'ACCESS_TOKEN_KEY': access_token.key, 'ACCESS_TOKEN_SECRET': access_token.secret, 'MEDIAWIKI_USER_IDENTITY': identity, }, } else: self.log.error("No username found in %s", identity)
def authenticate(self, handler): code = handler.get_argument('code', False) if not code: raise web.HTTPError(400, "oauth callback made without a token") consumer_token = ConsumerToken( self.client_id, self.client_secret, ) handshaker = Handshaker(self.mw_index_url, consumer_token) request_token = dejsonify( handler.get_secure_cookie(AUTH_REQUEST_COOKIE_NAME)) handler.clear_cookie(AUTH_REQUEST_COOKIE_NAME) access_token = yield self.executor.submit(handshaker.complete, request_token, handler.request.query) identity = yield self.executor.submit(handshaker.identify, access_token) if identity and 'username' in identity: # this shouldn't be necessary anymore, # but keep for backward-compatibility return identity['username'].replace(' ', '_') else: self.log.error("No username found in %s", identity)
def wd_oauth(request): if request.method == 'POST': body_unicode = request.body.decode('utf-8') body = json.loads(body_unicode) consumer_token = ConsumerToken(oauth_config.consumer_key, oauth_config.consumer_secret) print(consumer_token) mw_uri = "https://www.mediawiki.org/w/index.php" callbackURI = "http://54.166.140.4" + body[ 'current_path'] + '/authorized' print(callbackURI) handshaker = Handshaker(mw_uri=mw_uri, consumer_token=consumer_token, callback=callbackURI) mw_redirect, request_token = handshaker.initiate(callback=callbackURI) response_data = {'wikimediaURL': mw_redirect} return JsonResponse(response_data)
def oauth_callback(): handshaker = Handshaker( "https://meta.wikimedia.org/w/index.php", oauth_token ) access_token = handshaker.complete(session['request_token'], request.query_string) session['acces_token'] = access_token identity = handshaker.identify(access_token) wiki_uid = identity['sub'] user = User.get_by_wiki_uid(wiki_uid) if user is None: user = User(username=identity['username'], wiki_uid=wiki_uid) user.save_new() session['user_id'] = user.id return_to_url = session.get('return_to_url') del session['request_token'] del session['return_to_url'] return redirect(return_to_url)
def oauth_callback(): handshaker = Handshaker("https://meta.wikimedia.org/w/index.php", oauth_token) access_token = handshaker.complete(session['request_token'], request.query_string) session['acces_token'] = access_token identity = handshaker.identify(access_token) wiki_uid = identity['sub'] user = g.conn.session.query(User).filter(User.wiki_uid == wiki_uid).first() if user is None: user = User(username=identity['username'], wiki_uid=wiki_uid) g.conn.session.add(user) g.conn.session.commit() session['user_id'] = user.id return_to_url = session.get('return_to_url') del session['request_token'] del session['return_to_url'] return redirect(return_to_url)
def auth(): # Construct handshaker with wiki URI and consumer handshaker = Handshaker("https://en.wikipedia.org/w/index.php", consumer_token) # Step 1: Initialize -- ask MediaWiki for a temporary key/secret for user redirect, request_token = handshaker.initiate() # Make a response resp = make_response(render_template('redirect.html'), 302) resp.headers['Location'] = redirect # Generate a random key for redis rediskey = config.redisprefix + id_generator() # Pickle the request_token object and store it in redis serialrequest_token = pickle.dumps(request_token) r.set(rediskey, serialrequest_token) # Set a cookie containing the redis key resp.set_cookie('rediskey', rediskey) # Return the response return resp
def get_MW_redirect(user): """Fetch redirect from mwoauth via consumer token for user :param user: string, user :return: string, redirect url for user """ consumer_token = ConsumerToken(settings.MW_CLIENT_KEY, settings.MW_CLIENT_SECRET) # Construct handshaker with wiki URI and consumer handshaker = Handshaker(COMMONS_URL, consumer_token) # Step 1: Initialize -- ask MediaWiki for a temporary key/secret for user redirect, request_token = handshaker.initiate() # Pickle the handshaker & request token key = hmac(user) set_serialized(handshaker, settings.MWOAUTH_HANDSHAKER_PKL_KEY, key) set_serialized(request_token, settings.MWOAUTH_REQTOKEN_PKL_KEY, key) # Step 2: Authorize -- send user to MediaWiki to confirm authorization return redirect
def complete_login(request, consumer_token, cookie): handshaker = Handshaker(WIKI_OAUTH_URL, consumer_token) req_token = RequestToken(cookie['request_token_key'], cookie['request_token_secret']) access_token = handshaker.complete(req_token, request.query_string) identity = handshaker.identify(access_token) userid = identity['sub'] username = identity['username'] cookie['userid'] = userid cookie['username'] = username # Is this OK to put in a cookie? cookie['oauth_access_key'] = access_token.key cookie['oauth_access_secret'] = access_token.secret return_to_url = cookie.get('return_to_url', '/') return redirect(return_to_url)
def complete_login(request, consumer_token, cookie, rdb_session): handshaker = Handshaker(WIKI_OAUTH_URL, consumer_token) req_token = RequestToken(cookie['request_token_key'], cookie['request_token_secret']) access_token = handshaker.complete(req_token, request.query_string) identity = handshaker.identify(access_token) userid = identity['sub'] username = identity['username'] user = rdb_session.query(User).filter(User.id == userid).first() now = datetime.datetime.utcnow() if user is None: user = User(id=userid, username=username, last_login_date=now) rdb_session.add(user) else: user.last_login_date = now # These would be useful when we have oauth beyond simple ID, but # they should be stored in the database along with expiration times. # ID tokens only last 100 seconds or so # cookie['access_token_key'] = access_token.key # cookie['access_token_secret'] = access_token.secret # identity['confirmed_email'] = True/False might be interesting # for contactability through the username. Might want to assert # that it is True. cookie['userid'] = identity['sub'] cookie['username'] = identity['username'] return_to_url = cookie.get('return_to_url') del cookie['request_token_key'] del cookie['request_token_secret'] del cookie['return_to_url'] return redirect(return_to_url)
async def get(self): consumer_token = ConsumerToken( self.authenticator.client_id, self.authenticator.client_secret, ) handshaker = Handshaker(self.authenticator.mw_index_url, consumer_token) redirect, request_token = await wrap_future( self.authenticator.executor.submit(handshaker.initiate)) self.set_secure_cookie(AUTH_REQUEST_COOKIE_NAME, jsonify(request_token), expires_days=1, path=url_path_join(self.base_url, 'hub', 'oauth_callback'), httponly=True) self.log.info('oauth redirect: %r', redirect) self.redirect(redirect)
def make_handshaker_mw(): return Handshaker( app.config['META_MW_BASE_URL'] + app.config['META_MW_BASE_INDEX'], mw_oauth_token, )
from mwoauth import ConsumerToken, Handshaker import requests from requests_oauthlib import OAuth1 from six.moves import input # For compatibility between python 2 and 3 # Consruct a "consumer" from the key/secret provided by MediaWiki import config # You'll need to provide this consumer_token = ConsumerToken(config.consumer_key, config.consumer_secret) # Construct handshaker with wiki URI and consumer handshaker = Handshaker("https://en.wikipedia.org/w/index.php", consumer_token) # Step 1: Initialize -- ask MediaWiki for a temporary key/secret for user redirect, request_token = handshaker.initiate() # Step 2: Authorize -- send user to MediaWiki to confirm authorization print("Point your browser to: %s" % redirect) # response_qs = input("Response query string: ") # Step 3: Complete -- obtain authorized key/secret for "resource owner" access_token = handshaker.complete(request_token, response_qs) # Construct an auth object with the consumer and access tokens auth1 = OAuth1(consumer_token.key, client_secret=consumer_token.secret, resource_owner_key=access_token.key, resource_owner_secret=access_token.secret) # Now, accessing the API on behalf of a user
def __init__(self, user=None, pwd=None, mediawiki_api_url=None, mediawiki_index_url=None, mediawiki_rest_url=None, token_renew_period=1800, use_clientlogin=False, consumer_key=None, consumer_secret=None, access_token=None, access_secret=None, client_id=None, client_secret=None, callback_url='oob', user_agent=None, debug=False): """ This class handles several types of login procedures. Either use user and pwd authentication or OAuth. Wikidata clientlogin can also be used. If using one method, do NOT pass parameters for another method. :param user: the username which should be used for the login :type user: str :param pwd: the password which should be used for the login :type pwd: str :param token_renew_period: Seconds after which a new token should be requested from the Wikidata server :type token_renew_period: int :param use_clientlogin: use authmanager based login method instead of standard login. For 3rd party data consumer, e.g. web clients :type use_clientlogin: bool :param consumer_key: The consumer key for OAuth :type consumer_key: str :param consumer_secret: The consumer secret for OAuth :type consumer_secret: str :param access_token: The access token for OAuth :type access_token: str :param access_secret: The access secret for OAuth :type access_secret: str :param callback_url: URL which should be used as the callback URL :type callback_url: str :param user_agent: UA string to use for API requests. :type user_agent: str :return: None """ self.mediawiki_api_url = config[ 'MEDIAWIKI_API_URL'] if mediawiki_api_url is None else mediawiki_api_url self.mediawiki_index_url = config[ 'MEDIAWIKI_INDEX_URL'] if mediawiki_index_url is None else mediawiki_index_url self.mediawiki_rest_url = config[ 'MEDIAWIKI_REST_URL'] if mediawiki_rest_url is None else mediawiki_rest_url if debug: print(self.mediawiki_api_url) self.session = requests.Session() self.edit_token = '' self.instantiation_time = time.time() self.token_renew_period = token_renew_period self.consumer_key = consumer_key self.consumer_secret = consumer_secret self.access_token = access_token self.access_secret = access_secret self.client_id = client_id self.client_secret = client_secret self.response_qs = None self.callback_url = callback_url if user_agent: self.user_agent = user_agent else: # if a user is given append " (User:USER)" to the UA string and update that value in CONFIG if user and user.casefold( ) not in config['USER_AGENT_DEFAULT'].casefold(): config['USER_AGENT_DEFAULT'] += " (User:{})".format(user) self.user_agent = config['USER_AGENT_DEFAULT'] self.session.headers.update({'User-Agent': self.user_agent}) if self.consumer_key and self.consumer_secret: if self.access_token and self.access_secret: # OAuth procedure, based on https://www.mediawiki.org/wiki/OAuth/Owner-only_consumers#Python auth = OAuth1(self.consumer_key, client_secret=self.consumer_secret, resource_owner_key=self.access_token, resource_owner_secret=self.access_secret) self.session.auth = auth self.generate_edit_credentials() else: # Oauth procedure, based on https://www.mediawiki.org/wiki/OAuth/For_Developers # Consruct a "consumer" from the key/secret provided by MediaWiki self.consumer_token = ConsumerToken(self.consumer_key, self.consumer_secret) # Construct handshaker with wiki URI and consumer self.handshaker = Handshaker(self.mediawiki_index_url, self.consumer_token, callback=self.callback_url, user_agent=self.user_agent) # Step 1: Initialize -- ask MediaWiki for a temp key/secret for user # redirect -> authorization -> callback url self.redirect, self.request_token = self.handshaker.initiate( callback=self.callback_url) elif self.client_id and self.client_secret: oauth = OAuth2Session(client=BackendApplicationClient( client_id=self.client_id)) token = oauth.fetch_token(token_url=self.mediawiki_rest_url + '/oauth2/access_token', client_id=self.client_id, client_secret=self.client_secret) auth = OAuth2(token=token) self.session.auth = auth self.generate_edit_credentials() else: params_login = { 'action': 'query', 'meta': 'tokens', 'type': 'login', 'format': 'json' } # get login token login_token = self.session.post( self.mediawiki_api_url, data=params_login).json()['query']['tokens']['logintoken'] if use_clientlogin: params = { 'action': 'clientlogin', 'username': user, 'password': pwd, 'logintoken': login_token, 'loginreturnurl': 'https://example.org/', 'format': 'json' } login_result = self.session.post(self.mediawiki_api_url, data=params).json() if debug: print(login_result) if 'clientlogin' in login_result: if login_result['clientlogin']['status'] != 'PASS': clientlogin = login_result['clientlogin'] raise LoginError( "Login failed ({}). Message: '{}'".format( clientlogin['messagecode'], clientlogin['message'])) elif debug: print("Successfully logged in as", login_result['clientlogin']['username']) else: error = login_result['error'] raise LoginError("Login failed ({}). Message: '{}'".format( error['code'], error['info'])) else: params = { 'action': 'login', 'lgname': user, 'lgpassword': pwd, 'lgtoken': login_token, 'format': 'json' } login_result = self.session.post(self.mediawiki_api_url, data=params).json() if debug: print(login_result) if login_result['login']['result'] != 'Success': raise LoginError("Login failed. Reason: '{}'".format( login_result['login']['result'])) elif debug: print("Successfully logged in as", login_result['login']['lgusername']) if 'warnings' in login_result: print("MediaWiki login warnings messages:") for message in login_result['warnings']: print("* {}: {}".format( message, login_result['warnings'][message]['*'])) self.generate_edit_credentials()
class WDLogin(object): """ A class which handles the login to Wikidata and the generation of edit-tokens """ @wdi_backoff() def __init__(self, user=None, pwd=None, mediawiki_api_url='https://www.wikidata.org/w/api.php', token_renew_period=1800, use_clientlogin=False, consumer_key=None, consumer_secret=None, callback_url='oob', user_agent=None): """ This class handles several types of login procedures. Either use user and pwd authentication or OAuth. Wikidata clientlogin can also be used. If using one method, do NOT pass parameters for another method. :param user: the username which should be used for the login :param pwd: the password which should be used for the login :param token_renew_period: Seconds after which a new token should be requested from the Wikidata server :type token_renew_period: int :param use_clientlogin: use authmanager based login method instead of standard login. For 3rd party data consumer, e.g. web clients :type use_clientlogin: bool :param consumer_key: The consumer key for OAuth :type consumer_key: str :param consumer_secret: The consumer secret for OAuth :type consumer_secret: str :param callback_url: URL which should be used as the callback URL :type callback_url: str :param user_agent: UA string to use for API requests. :type user_agent: str :return: None """ self.base_url = mediawiki_api_url print(self.base_url) self.s = requests.Session() self.edit_token = '' self.instantiation_time = time.time() self.token_renew_period = token_renew_period self.mw_url = "https://www.mediawiki.org/w/index.php" self.consumer_key = consumer_key self.consumer_secret = consumer_secret self.response_qs = None self.callback_url = callback_url if user_agent: self.user_agent = user_agent else: # if a user is given append " (User:USER)" to the UA string and update that value in CONFIG if user and user.lower() not in config['USER_AGENT_DEFAULT'].lower(): config['USER_AGENT_DEFAULT'] += " (User:{})".format(user) self.user_agent = config['USER_AGENT_DEFAULT'] self.s.headers.update({ 'User-Agent': self.user_agent }) if self.consumer_key and self.consumer_secret: # Oauth procedure, based on https://www.mediawiki.org/wiki/OAuth/For_Developers # Consruct a "consumer" from the key/secret provided by MediaWiki self.consumer_token = ConsumerToken(self.consumer_key, self.consumer_secret) # Construct handshaker with wiki URI and consumer self.handshaker = Handshaker(self.mw_url, self.consumer_token, callback=self.callback_url, user_agent=self.user_agent) # Step 1: Initialize -- ask MediaWiki for a temp key/secret for user # redirect -> authorization -> callback url self.redirect, self.request_token = self.handshaker.initiate(callback=self.callback_url) elif use_clientlogin: params = { 'action': 'query', 'format': 'json', 'meta': 'authmanagerinfo', 'amisecuritysensitiveoperation': '', 'amirequestsfor': 'login' } self.s.get(self.base_url, params=params) params2 = { 'action': 'query', 'format': 'json', 'meta': 'tokens', 'type': 'login' } login_token = self.s.get(self.base_url, params=params2).json()['query']['tokens']['logintoken'] data = { 'action': 'clientlogin', 'format': 'json', 'username': user, 'password': pwd, 'logintoken': login_token, 'loginreturnurl': 'http://example.org/' } login_result = self.s.post(self.base_url, data=data).json() print(login_result) if login_result['clientlogin']['status'] == 'FAIL': raise ValueError('Login FAILED') self.generate_edit_credentials() else: params = { 'action': 'login', 'lgname': user, 'lgpassword': pwd, 'format': 'json' } # get login token login_token = self.s.post(self.base_url, data=params).json()['login']['token'] # do the login using the login token params.update({'lgtoken': login_token}) r = self.s.post(self.base_url, data=params).json() if r['login']['result'] != 'Success': print('login failed:', r['login']['reason']) raise ValueError('login FAILED!!') else: print('Successfully logged in as', r['login']['lgusername']) self.generate_edit_credentials() def generate_edit_credentials(self): """ request an edit token and update the cookie_jar in order to add the session cookie :return: Returns a json with all relevant cookies, aka cookie jar """ params = { 'action': 'query', 'meta': 'tokens', 'format': 'json' } response = self.s.get(self.base_url, params=params) self.edit_token = response.json()['query']['tokens']['csrftoken'] return self.s.cookies def get_edit_cookie(self): """ Can be called in order to retrieve the cookies from an instance of WDLogin :return: Returns a json with all relevant cookies, aka cookie jar """ if (time.time() - self.instantiation_time) > self.token_renew_period: self.generate_edit_credentials() self.instantiation_time = time.time() return self.s.cookies def get_edit_token(self): """ Can be called in order to retrieve the edit token from an instance of WDLogin :return: returns the edit token """ if not self.edit_token or (time.time() - self.instantiation_time) > self.token_renew_period: self.generate_edit_credentials() self.instantiation_time = time.time() return self.edit_token def get_session(self): """ returns the requests session object used for the login. :return: Object of type requests.Session() """ return self.s def continue_oauth(self, oauth_callback_data=None): """ Continuation of OAuth procedure. Method must be explicitly called in order to complete OAuth. This allows external entities, e.g. websites, to provide tokens through callback URLs directly. :param oauth_callback_data: The callback URL received to a Web app :type oauth_callback_data: bytes :return: """ self.response_qs = oauth_callback_data if not self.response_qs: webbrowser.open(self.redirect) self.response_qs = input("Callback URL: ") # input the url from redirect after authorization response_qs = self.response_qs.split(b'?')[-1] # Step 3: Complete -- obtain authorized key/secret for "resource owner" access_token = self.handshaker.complete(self.request_token, response_qs) # input the access token to return a csrf (edit) token auth1 = OAuth1(self.consumer_token.key, client_secret=self.consumer_token.secret, resource_owner_key=access_token.key, resource_owner_secret=access_token.secret) self.s.auth = auth1 self.generate_edit_credentials()
def __init__(self): self.consumer_token = ConsumerToken(oauth_config.consumer_key, oauth_config.consumer_secret) self.handshaker = Handshaker("https://www.mediawiki.org/w/index.php", self.consumer_token) self.request_token = '' self.response_qs = '' self.access_token = ''
def __init__(self, user=None, pwd=None, mediawiki_api_url='https://www.wikidata.org/w/api.php', token_renew_period=1800, use_clientlogin=False, consumer_key=None, consumer_secret=None, callback_url='oob', user_agent=None): """ This class handles several types of login procedures. Either use user and pwd authentication or OAuth. Wikidata clientlogin can also be used. If using one method, do NOT pass parameters for another method. :param user: the username which should be used for the login :param pwd: the password which should be used for the login :param token_renew_period: Seconds after which a new token should be requested from the Wikidata server :type token_renew_period: int :param use_clientlogin: use authmanager based login method instead of standard login. For 3rd party data consumer, e.g. web clients :type use_clientlogin: bool :param consumer_key: The consumer key for OAuth :type consumer_key: str :param consumer_secret: The consumer secret for OAuth :type consumer_secret: str :param callback_url: URL which should be used as the callback URL :type callback_url: str :param user_agent: UA string to use for API requests. :type user_agent: str :return: None """ self.base_url = mediawiki_api_url print(self.base_url) self.s = requests.Session() self.edit_token = '' self.instantiation_time = time.time() self.token_renew_period = token_renew_period self.mw_url = "https://www.mediawiki.org/w/index.php" self.consumer_key = consumer_key self.consumer_secret = consumer_secret self.response_qs = None self.callback_url = callback_url if user_agent: self.user_agent = user_agent else: # if a user is given append " (User:USER)" to the UA string and update that value in CONFIG if user and user.lower() not in config['USER_AGENT_DEFAULT'].lower(): config['USER_AGENT_DEFAULT'] += " (User:{})".format(user) self.user_agent = config['USER_AGENT_DEFAULT'] self.s.headers.update({ 'User-Agent': self.user_agent }) if self.consumer_key and self.consumer_secret: # Oauth procedure, based on https://www.mediawiki.org/wiki/OAuth/For_Developers # Consruct a "consumer" from the key/secret provided by MediaWiki self.consumer_token = ConsumerToken(self.consumer_key, self.consumer_secret) # Construct handshaker with wiki URI and consumer self.handshaker = Handshaker(self.mw_url, self.consumer_token, callback=self.callback_url, user_agent=self.user_agent) # Step 1: Initialize -- ask MediaWiki for a temp key/secret for user # redirect -> authorization -> callback url self.redirect, self.request_token = self.handshaker.initiate(callback=self.callback_url) elif use_clientlogin: params = { 'action': 'query', 'format': 'json', 'meta': 'authmanagerinfo', 'amisecuritysensitiveoperation': '', 'amirequestsfor': 'login' } self.s.get(self.base_url, params=params) params2 = { 'action': 'query', 'format': 'json', 'meta': 'tokens', 'type': 'login' } login_token = self.s.get(self.base_url, params=params2).json()['query']['tokens']['logintoken'] data = { 'action': 'clientlogin', 'format': 'json', 'username': user, 'password': pwd, 'logintoken': login_token, 'loginreturnurl': 'http://example.org/' } login_result = self.s.post(self.base_url, data=data).json() print(login_result) if login_result['clientlogin']['status'] == 'FAIL': raise ValueError('Login FAILED') self.generate_edit_credentials() else: params = { 'action': 'login', 'lgname': user, 'lgpassword': pwd, 'format': 'json' } # get login token login_token = self.s.post(self.base_url, data=params).json()['login']['token'] # do the login using the login token params.update({'lgtoken': login_token}) r = self.s.post(self.base_url, data=params).json() if r['login']['result'] != 'Success': print('login failed:', r['login']['reason']) raise ValueError('login FAILED!!') else: print('Successfully logged in as', r['login']['lgusername']) self.generate_edit_credentials()
def requests_handshaker(): consumer_key = config.OAUTH_CONSUMER_KEY consumer_secret = config.OAUTH_CONSUMER_SECRET consumer_token = ConsumerToken(consumer_key, consumer_secret) return Handshaker("https://meta.wikimedia.org/w/index.php", consumer_token)
def _get_handshaker(): consumer_token = ConsumerToken(settings.TWLIGHT_OAUTH_CONSUMER_KEY, settings.TWLIGHT_OAUTH_CONSUMER_SECRET) handshaker = Handshaker(settings.TWLIGHT_OAUTH_PROVIDER_URL, consumer_token) return handshaker
class Login(object): """ A class which handles the login to Wikidata and the generation of edit-tokens """ @wbi_backoff() def __init__(self, user=None, pwd=None, mediawiki_api_url=None, mediawiki_index_url=None, mediawiki_rest_url=None, token_renew_period=1800, use_clientlogin=False, consumer_key=None, consumer_secret=None, access_token=None, access_secret=None, client_id=None, client_secret=None, callback_url='oob', user_agent=None, debug=False): """ This class handles several types of login procedures. Either use user and pwd authentication or OAuth. Wikidata clientlogin can also be used. If using one method, do NOT pass parameters for another method. :param user: the username which should be used for the login :type user: str :param pwd: the password which should be used for the login :type pwd: str :param token_renew_period: Seconds after which a new token should be requested from the Wikidata server :type token_renew_period: int :param use_clientlogin: use authmanager based login method instead of standard login. For 3rd party data consumer, e.g. web clients :type use_clientlogin: bool :param consumer_key: The consumer key for OAuth :type consumer_key: str :param consumer_secret: The consumer secret for OAuth :type consumer_secret: str :param access_token: The access token for OAuth :type access_token: str :param access_secret: The access secret for OAuth :type access_secret: str :param callback_url: URL which should be used as the callback URL :type callback_url: str :param user_agent: UA string to use for API requests. :type user_agent: str :return: None """ self.mediawiki_api_url = config[ 'MEDIAWIKI_API_URL'] if mediawiki_api_url is None else mediawiki_api_url self.mediawiki_index_url = config[ 'MEDIAWIKI_INDEX_URL'] if mediawiki_index_url is None else mediawiki_index_url self.mediawiki_rest_url = config[ 'MEDIAWIKI_REST_URL'] if mediawiki_rest_url is None else mediawiki_rest_url if debug: print(self.mediawiki_api_url) self.session = requests.Session() self.edit_token = '' self.instantiation_time = time.time() self.token_renew_period = token_renew_period self.consumer_key = consumer_key self.consumer_secret = consumer_secret self.access_token = access_token self.access_secret = access_secret self.client_id = client_id self.client_secret = client_secret self.response_qs = None self.callback_url = callback_url if user_agent: self.user_agent = user_agent else: # if a user is given append " (User:USER)" to the UA string and update that value in CONFIG if user and user.casefold( ) not in config['USER_AGENT_DEFAULT'].casefold(): config['USER_AGENT_DEFAULT'] += " (User:{})".format(user) self.user_agent = config['USER_AGENT_DEFAULT'] self.session.headers.update({'User-Agent': self.user_agent}) if self.consumer_key and self.consumer_secret: if self.access_token and self.access_secret: # OAuth procedure, based on https://www.mediawiki.org/wiki/OAuth/Owner-only_consumers#Python auth = OAuth1(self.consumer_key, client_secret=self.consumer_secret, resource_owner_key=self.access_token, resource_owner_secret=self.access_secret) self.session.auth = auth self.generate_edit_credentials() else: # Oauth procedure, based on https://www.mediawiki.org/wiki/OAuth/For_Developers # Consruct a "consumer" from the key/secret provided by MediaWiki self.consumer_token = ConsumerToken(self.consumer_key, self.consumer_secret) # Construct handshaker with wiki URI and consumer self.handshaker = Handshaker(self.mediawiki_index_url, self.consumer_token, callback=self.callback_url, user_agent=self.user_agent) # Step 1: Initialize -- ask MediaWiki for a temp key/secret for user # redirect -> authorization -> callback url self.redirect, self.request_token = self.handshaker.initiate( callback=self.callback_url) elif self.client_id and self.client_secret: oauth = OAuth2Session(client=BackendApplicationClient( client_id=self.client_id)) token = oauth.fetch_token(token_url=self.mediawiki_rest_url + '/oauth2/access_token', client_id=self.client_id, client_secret=self.client_secret) auth = OAuth2(token=token) self.session.auth = auth self.generate_edit_credentials() else: params_login = { 'action': 'query', 'meta': 'tokens', 'type': 'login', 'format': 'json' } # get login token login_token = self.session.post( self.mediawiki_api_url, data=params_login).json()['query']['tokens']['logintoken'] if use_clientlogin: params = { 'action': 'clientlogin', 'username': user, 'password': pwd, 'logintoken': login_token, 'loginreturnurl': 'https://example.org/', 'format': 'json' } login_result = self.session.post(self.mediawiki_api_url, data=params).json() if debug: print(login_result) if 'clientlogin' in login_result: if login_result['clientlogin']['status'] != 'PASS': clientlogin = login_result['clientlogin'] raise LoginError( "Login failed ({}). Message: '{}'".format( clientlogin['messagecode'], clientlogin['message'])) elif debug: print("Successfully logged in as", login_result['clientlogin']['username']) else: error = login_result['error'] raise LoginError("Login failed ({}). Message: '{}'".format( error['code'], error['info'])) else: params = { 'action': 'login', 'lgname': user, 'lgpassword': pwd, 'lgtoken': login_token, 'format': 'json' } login_result = self.session.post(self.mediawiki_api_url, data=params).json() if debug: print(login_result) if login_result['login']['result'] != 'Success': raise LoginError("Login failed. Reason: '{}'".format( login_result['login']['result'])) elif debug: print("Successfully logged in as", login_result['login']['lgusername']) if 'warnings' in login_result: print("MediaWiki login warnings messages:") for message in login_result['warnings']: print("* {}: {}".format( message, login_result['warnings'][message]['*'])) self.generate_edit_credentials() def generate_edit_credentials(self): """ request an edit token and update the cookie_jar in order to add the session cookie :return: Returns a json with all relevant cookies, aka cookie jar """ params = { 'action': 'query', 'meta': 'tokens', 'type': 'csrf', 'format': 'json' } response = self.session.get(self.mediawiki_api_url, params=params) self.edit_token = response.json()['query']['tokens']['csrftoken'] return self.session.cookies def get_edit_cookie(self): """ Can be called in order to retrieve the cookies from an instance of wbi_login.Login :return: Returns a json with all relevant cookies, aka cookie jar """ if (time.time() - self.instantiation_time) > self.token_renew_period: self.generate_edit_credentials() self.instantiation_time = time.time() return self.session.cookies def get_edit_token(self): """ Can be called in order to retrieve the edit token from an instance of wbi_login.Login :return: returns the edit token """ if not self.edit_token or (time.time() - self.instantiation_time ) > self.token_renew_period: self.generate_edit_credentials() self.instantiation_time = time.time() return self.edit_token def get_session(self): """ returns the requests session object used for the login. :return: Object of type requests.Session() """ return self.session def continue_oauth(self, oauth_callback_data=None): """ Continuation of OAuth procedure. Method must be explicitly called in order to complete OAuth. This allows external entities, e.g. websites, to provide tokens through callback URLs directly. :param oauth_callback_data: The callback URL received to a Web app :type oauth_callback_data: bytes :return: """ self.response_qs = oauth_callback_data if not self.response_qs: webbrowser.open(self.redirect) self.response_qs = input("Callback URL: ") # input the url from redirect after authorization response_qs = self.response_qs.split(b'?')[-1] # Step 3: Complete -- obtain authorized key/secret for "resource owner" access_token = self.handshaker.complete(self.request_token, response_qs) # input the access token to return a csrf (edit) token auth = OAuth1(self.consumer_token.key, client_secret=self.consumer_token.secret, resource_owner_key=access_token.key, resource_owner_secret=access_token.secret) self.session.auth = auth self.generate_edit_credentials()
from requests_oauthlib import OAuth1 from config import consumer_key, consumer_secret, api_url, redis_pw, redis_host from redis import Redis from celery.result import AsyncResult import youtube_dl import guess_language from redisession import RedisSessionInterface sys.path.append( os.path.dirname(os.path.realpath(__file__)) + "/../../../backend/") import worker # NOQA consumer_token = ConsumerToken(consumer_key, consumer_secret) handshaker = Handshaker(api_url, consumer_token) redisconnection = Redis(host=redis_host, db=3, password=redis_pw) app = Flask(__name__) app.session_interface = RedisSessionInterface(redisconnection) @app.errorhandler(Exception) def all_exception_handler(error): """Handle an exception and show the traceback to error page.""" return 'Please notify [[commons:User:Zhuyifei1999]]: ' + \ traceback.format_exc(), 500