async def authorize(self, request: Request):
if 'redirectbacktoken' in request.query:
# Someone is trying to authenticate with the add-on, direct them to the google auth url
raise HTTPSeeOther(await self.exchanger.getAuthorizationUrl(
request.query.get('redirectbacktoken')))
elif 'state' in request.query and 'code' in request.query:
state = request.query.get('state')
code = request.query.get('code')
try:
creds = (await self.exchanger.exchange(code)).serialize(
include_secret=False)
# Redirect to "state" address with serialized creentials"
raise HTTPSeeOther(state + "?creds=" +
urllib.parse.quote(json.dumps(creds)))
except Exception as e:
if isinstance(e, HTTPSeeOther):
# expected, pass this thorugh
raise
self.logError(request, e)
content = "The server encountered an error while processing this request: " + str(
e) + "<br/>"
content += "Please <a href='https://github.com/sabeechen/hassio-google-drive-backup/issues'>file an issue</a> on Home Assistant Google Backup's GitHub page so I'm aware of this problem or attempt authorizing with Google Drive again."
return Response(status=500, body=content)
else:
raise HTTPBadRequest()
async def authorize(self, request: Request):
if 'redirectbacktoken' in request.query:
version = Version.parse(request.query.get('version', "0"))
token_url = request.query.get('redirectbacktoken')
return_url = request.query.get('return', None)
state = {
'v': str(version),
'token': token_url,
'return': return_url,
'bg': self.base_context(request).get('backgroundColor'),
'ac': self.base_context(request).get('accentColor'),
}
# Someone is trying to authenticate with the add-on, direct them to the google auth url
raise HTTPSeeOther(await self.exchanger.getAuthorizationUrl(
json.dumps(state)))
elif 'state' in request.query and 'code' in request.query:
state = json.loads(unquote(request.query.get('state')))
code = request.query.get('code')
try:
version = Version.parse(state["v"])
creds = (await self.exchanger.exchange(code)).serialize(
include_secret=False)
if version < NEW_AUTH_MINIMUM:
# Redirect back to the addon, since this is the older addon
url = URL(state['token']).with_query(
{'creds': json.dumps(creds)})
raise HTTPSeeOther(url)
serialized_creds = str(
base64.b64encode(json.dumps(creds).encode("utf-8")),
"utf-8")
url = URL(state['token']).with_query({
'creds': serialized_creds,
'host': state['return']
})
context = {
**self.base_context(request),
'redirect_url': str(url),
'credentials_serialized': serialized_creds,
}
if 'bg' in state:
context['backgroundColor'] = state['bg']
if 'ac' in state:
context['accentColor'] = state['ac']
return aiohttp_jinja2.render_template("authorize.jinja2",
request, context)
except Exception as e:
if isinstance(e, HTTPSeeOther):
# expected, pass this thorugh
raise
self.logError(request, e)
content = "The server encountered an error while processing this request: " + str(
e) + "<br/>"
content += "Please <a href='https://github.com/sabeechen/hassio-google-drive-backup/issues'>file an issue</a> on Home Assistant Google Backup's GitHub page so I'm aware of this problem or attempt authorizing with Google Drive again."
return Response(status=500, body=content)
else:
raise HTTPBadRequest()
async def authenticate(self, params: MultiDict):
request = self.request
logger.debug('Redirecting to login form')
raise HTTPSeeOther(location='{}?{}'.format(
request.app['config'].get('http_server.endpoints.login.path'),
urlencode(
{'next': '{}?{}'.format(request.path, urlencode(params))})))
def error_redirect(reason, source: Exception = None):
logger.warning('Redirecting with error: %s', reason)
exc = HTTPSeeOther('{}?{}'.format(
request.app['config'].get('http_server.endpoints.login.path'),
urlencode({
'error':
'bigur_oidc_provider_error',
'error_description':
reason,
'next':
('{}?{}'.format(request.path,
urlencode(query=state['p'], doseq=True))),
})))
if source is None:
raise exc
else:
raise exc from source
async def authenticate(self, params: MultiDict):
request = self.request
try:
domain = self.get_domain_from_acr(params['acr_values'])
except ValueError:
logger.warning('Invalid acr_values parameter')
raise HTTPBadRequest()
try:
provider = await self.get_provider(domain)
logger.debug('Using provider %s', provider)
authorization_endpoint = provider.get_authorization_endpoint()
if not authorization_endpoint:
raise ConfigurationError('Authorization point is not defined')
client_id = provider.get_client_id()
if not client_id:
raise ConfigurationError('Client does not registered')
if 'code' not in provider.get_response_types_supported():
raise ConfigurationError(
'Responce type "code" is not supported by provider')
scopes = provider.get_scopes_supported()
if 'openid' not in scopes:
raise ConfigurationError(
'Scope "openid" is not supported by provider')
scopes = ' '.join(
list({'openid'} | {'email', 'profile'} & set(scopes)))
nonce = sha256(request['sid'].encode('utf-8')).hexdigest()
except ProviderError as e:
logger.warning('Error getting provider configuration: %s', e)
reason = str(e)
raise HTTPSeeOther('{}?{}'.format(
request.app['config'].get('http_server.endpoints.login.path'),
urlencode({
'error':
'bigur_oidc_provider_error',
'error_description':
reason,
'next':
('{}?{}'.format(request.path,
urlencode(query=params, doseq=True))),
})))
else:
raise HTTPSeeOther('{}?{}'.format(
authorization_endpoint,
urlencode({
'redirect_uri':
self.endpoint_uri,
'client_id':
client_id,
'state':
urlsafe_b64encode(
crypt(
request.app['cookie_key'],
dumps({
'n': nonce,
'u': request.path,
'p': dict(params)
}))).decode('utf-8'),
'scope':
scopes,
'response_type':
'code',
'nonce':
nonce
})))