def callback():
resp = oauth_provider.authorized_response()
if resp is None or isinstance(resp, OAuthException):
# FIXME: notify the user, somehow.
return redirect(url_for('ui'))
session['oauth'] = resp
session['roles'] = [system_role(Role.SYSTEM_USER)]
if 'googleapis.com' in oauth_provider.base_url:
me = oauth_provider.get('userinfo')
user_id = 'google:%s' % me.data.get('id')
role = Role.load_or_create(user_id, Role.USER, me.data.get('name'),
email=me.data.get('email'))
elif 'occrp.org' in oauth_provider.base_url or \
'investigativedashboard.org' in oauth_provider.base_url:
me = oauth_provider.get('api/2/accounts/profile/')
user_id = 'idashboard:user:%s' % me.data.get('id')
role = Role.load_or_create(user_id, Role.USER,
me.data.get('display_name'),
email=me.data.get('email'),
is_admin=me.data.get('is_admin'))
for group in me.data.get('groups', []):
group_id = 'idashboard:%s' % group.get('id')
group_role = Role.load_or_create(group_id, Role.GROUP,
group.get('name'))
session['roles'].append(group_role.id)
else:
raise RuntimeError("Unknown OAuth URL: %r" % oauth_provider.base_url)
session['roles'].append(role.id)
session['user'] = role.id
db.session.commit()
return redirect(url_for('ui'))
def load_role():
request.auth_roles = set([system_role(Role.SYSTEM_GUEST)])
request.auth_role = None
request.logged_in = False
auth_header = request.headers.get('Authorization')
if session.get('user'):
request.auth_roles.update(session.get('roles', []))
request.auth_role = Role.by_id(session.get('user'))
request.logged_in = True
elif auth_header is not None:
if not auth_header.lower().startswith('apikey'):
return
api_key = auth_header.split(' ', 1).pop()
role = Role.by_api_key(api_key)
if role is None:
return
request.auth_role = role
request.auth_roles.update([system_role(Role.SYSTEM_USER), role.id])
request.logged_in = True
