def get(self, request, *args, **kwargs):
addon_name = kwargs['addon_name']
institution_id = int(kwargs['institution_id'])
rdm_addon_option = get_rdm_addon_option(institution_id, addon_name)
# check existence of OAuth authentication settings
if not rdm_addon_option.external_accounts.exists():
res = add_extra_info({'accounts': []}, addon_name)
return JsonResponse(res)
accounts = []
for external_account in rdm_addon_option.external_accounts.all():
if external_account.provider == addon_name:
account = {
'id': external_account._id,
'provider_id': external_account.provider_id,
'provider_name': external_account.provider_name,
'provider_short_name': external_account.provider,
'display_name': external_account.display_name,
'profile_url': external_account.profile_url,
}
# add each add-on's account information
account = add_addon_extra_info(account, external_account, addon_name)
accounts.append(account)
res = add_extra_info({'accounts': accounts}, addon_name)
return JsonResponse(res)
def disconnect(external_account_id, institution_id, user):
"""disconnect OAuth"""
account = ExternalAccount.load(external_account_id)
if not account:
raise Http404
rdm_addon_option = get_rdm_addon_option(institution_id, account.provider)
if not rdm_addon_option.external_accounts.filter(id=account.id).exists():
raise Http404
app = flask.Flask(__name__)
with app.test_client() as c:
# Create dummy Flask communication.
# revoke_oauth_access method goes through flask
# in order to confirm the user is logged in.
c.get('/')
# iterate AddonUserSettings for addons
for user_settings in user.get_oauth_addons():
if user_settings.oauth_provider.short_name == account.provider:
user_settings.revoke_oauth_access(account, Auth(user))
user_settings.save()
# # only after all addons have been dealt with can we remove it from the user
rdm_addon_option.external_accounts.remove(account)
rdm_addon_option.save()
user.external_accounts.remove(account)
user.save()
return HttpResponse('')
def get(self, request, *args, **kwargs):
addon_name = kwargs['addon_name']
# Session
if not request.session.session_key:
request.session.create()
session_key = request.session.session_key
try:
session = self.get_session(addon_name)
institution_id = session.data['oauth_states'][addon_name]['institution_id']
flask_ctx = self.get_request_context(session_key, institution_id, addon_name)
flask_ctx.request.args = ImmutableMultiDict(dict(self.request.GET.iterlists()))
provider = get_service(addon_name)
rdm_addon_option = get_rdm_addon_option(institution_id, addon_name)
# Retrieve permanent credentials from provider
auth_callback_result = provider.auth_callback(user=rdm_addon_option)
if auth_callback_result:
if provider.account and not rdm_addon_option.external_accounts.filter(id=provider.account.id).exists():
rdm_addon_option.external_accounts.add(provider.account)
rdm_addon_option.save()
finally:
try:
flask_ctx.pop()
except IndexError:
pass
return HttpResponse('OK')
def add_account(json_request, institution_id, addon_name):
host = json_request['host']
api_token = json_request['api_token']
provider = DataverseProvider()
# check authentication
client.connect_or_error(host, api_token)
# acquire authentication account information
try:
provider.account = ExternalAccount(
provider=provider.short_name,
provider_name=provider.name,
display_name=host,
oauth_key=host,
oauth_secret=api_token,
provider_id=api_token,
)
provider.account.save()
except ValidationError:
# ... or get the old one
provider.account = ExternalAccount.objects.get(
provider=provider.short_name, provider_id=api_token)
rdm_addon_option = get_rdm_addon_option(institution_id, addon_name)
if not rdm_addon_option.external_accounts.filter(
id=provider.account.id).exists():
rdm_addon_option.external_accounts.add(provider.account)
return {}, httplib.OK
def test_get_not_forced(self, *args, **kwargs):
self.view.kwargs['forced'] = False
self.view.get(self.request, *args, **self.view.kwargs)
rdm_addon_option = utils.get_rdm_addon_option(
MAGIC_INSTITUTION_ID, self.view.kwargs['addon_name'])
nt.assert_equal(rdm_addon_option.is_forced, False)
nt.assert_equal(rdm_addon_option.provider,
self.view.kwargs['addon_name'])
def test_get(self, *args, **kwargs):
self.view.get(self.request, *args, **self.view.kwargs)
rdm_addon_option = utils.get_rdm_addon_option(
MAGIC_INSTITUTION_ID, self.view.kwargs['addon_name'])
logging.debug(rdm_addon_option)
nt.assert_true(rdm_addon_option.is_forced)
nt.assert_equal(rdm_addon_option.provider,
self.view.kwargs['addon_name'])
def test_get(self, *args, **kwargs):
self.view.get(self.request, *args, **self.view.kwargs)
rdm_addon_option = utils.get_rdm_addon_option(
self.rdm_addon_option.institution.id,
self.view.kwargs['addon_name'])
nt.assert_true(rdm_addon_option.is_forced)
nt.assert_equal(rdm_addon_option.provider,
self.view.kwargs['addon_name'])
def test_get_disallowed(self, *args, **kwargs):
self.view.kwargs['allowed'] = False
self.view.get(self.request, *args, **self.view.kwargs)
rdm_addon_option = utils.get_rdm_addon_option(
MAGIC_INSTITUTION_ID, self.view.kwargs['addon_name'])
nt.assert_equal(rdm_addon_option.is_allowed, False)
nt.assert_equal(rdm_addon_option.provider,
self.view.kwargs['addon_name'])
nt.assert_equal(
self.user.external_accounts.filter(
pk=self.external_account.id).exists(), False)
def add_account(json_request, institution_id, addon_name):
try:
access_key = json_request['access_key']
secret_key = json_request['secret_key']
except KeyError:
raise HTTPError(httplib.BAD_REQUEST)
if not (access_key and secret_key):
return {
'message': 'All the fields above are required.'
}, httplib.BAD_REQUEST
user_info = get_user_info(access_key, secret_key)
if not user_info:
return {
'message': ('Unable to access account.\n'
'Check to make sure that the above credentials are valid, '
'and that they have permission to list buckets.')
}, httplib.BAD_REQUEST
if not can_list(access_key, secret_key):
return {
'message': ('Unable to list buckets.\n'
'Listing buckets is required permission that can be changed via IAM')
}, httplib.BAD_REQUEST
account = None
try:
account = ExternalAccount(
provider=SHORT_NAME,
provider_name=FULL_NAME,
oauth_key=access_key,
oauth_secret=secret_key,
provider_id=user_info.id,
display_name=user_info.display_name,
)
account.save()
except ValidationError:
# ... or get the old one
account = ExternalAccount.objects.get(
provider=SHORT_NAME,
provider_id=user_info.id
)
if account.oauth_key != access_key or account.oauth_secret != secret_key:
account.oauth_key = access_key
account.oauth_secret = secret_key
account.save()
assert account is not None
rdm_addon_option = get_rdm_addon_option(institution_id, addon_name)
if not rdm_addon_option.external_accounts.filter(id=account.id).exists():
rdm_addon_option.external_accounts.add(account)
return {}, httplib.OK
def test_get_not_forced(self, *args, **kwargs):
self.view.kwargs['forced'] = False
self.view.get(self.request, *args, **self.view.kwargs)
rdm_addon_option = utils.get_rdm_addon_option(
self.rdm_addon_option.institution.id,
self.view.kwargs['addon_name'])
nt.assert_equal(rdm_addon_option.is_forced, False)
nt.assert_equal(rdm_addon_option.provider,
self.view.kwargs['addon_name'])
nt.assert_true(
self.user.external_accounts.filter(
pk=self.external_account.id).exists())
def add_account(json_request, institution_id, addon_name):
"""
Verifies new external account credentials and adds to user's list
This view expects `host`, `username` and `password` fields in the JSON
body of the request.
"""
# Ensure that ownCloud uses https
host_url = json_request['host']
host = furl()
host.host = host_url.rstrip('/').replace('https://', '').replace('http://', '')
host.scheme = 'https'
username = json_request['username']
password = json_request['password']
try:
oc = owncloud.Client(host.url, verify_certs=settings.USE_SSL)
oc.login(username, password)
oc.logout()
except requests.exceptions.ConnectionError:
return {
'message': 'Invalid ownCloud server.' + host.url
}, httplib.BAD_REQUEST
except owncloud.owncloud.HTTPResponseError:
return {
'message': 'ownCloud Login failed.'
}, httplib.UNAUTHORIZED
provider = OwnCloudProvider(account=None, host=host.url,
username=username, password=password)
try:
provider.account.save()
except ValidationError:
# ... or get the old one
provider.account = ExternalAccount.objects.get(
provider=provider.short_name,
provider_id='{}:{}'.format(host.url, username).lower()
)
if provider.account.oauth_key != password:
provider.account.oauth_key = password
provider.account.save()
rdm_addon_option = get_rdm_addon_option(institution_id, addon_name)
if not rdm_addon_option.external_accounts.filter(id=provider.account.id).exists():
rdm_addon_option.external_accounts.add(provider.account)
return {}, httplib.OK
def import_admin_account(auth, addon_name=None):
user = auth.user
institution_id = rdm_utils.get_institution_id(user)
rdm_addon_option = rdm_addons_utils.get_rdm_addon_option(
institution_id, addon_name)
if not rdm_addon_option.external_accounts.exists():
raise HTTPError(httplib.BAD_REQUEST)
for account in rdm_addon_option.external_accounts.all():
user.external_accounts.add(account)
user.get_or_add_addon(addon_name, auth=auth)
user.save()
return {}
def test_get(self, *args, **kwargs):
rdm_addon_option = utils.get_rdm_addon_option(
MAGIC_INSTITUTION_ID, self.view.kwargs['addon_name'])
nt.assert_true(rdm_addon_option.is_allowed)
nt.assert_equal(rdm_addon_option.provider,
self.view.kwargs['addon_name'])