def init_app(self, app): if app.config.get("MODULE_USER_ACCOUNT_ENABLE_OAUTH_LOGIN"): secret = app.config.get("SECRET_KEY") providers = app.config.get("MODULE_USER_ACCOUNT_OAUTH_PROVIDERS") config = {} auth_providers = [] for provider, conf in providers.items(): if hasattr(oauth2, provider): cls = getattr(oauth2, provider) conf["class_"] = conf["class_"] if "class_" in conf else cls elif hasattr(oauth1, provider): cls = getattr(oauth1, provider) conf["class_"] = conf["class_"] if "class_" in conf else cls else: continue conf["id"] = provider_id() _provider = provider.lower() auth_providers.append(_provider) config[_provider] = conf self.oauth = Authomatic( config=config, secret=secret, session=session, report_errors=True ) Webmaster.g(OAUTH_PROVIDERS=auth_providers)
def init_app(self, app): if app.config.get("MODULE_USER_ACCOUNT_ENABLE_OAUTH_LOGIN"): secret = app.config.get("SECRET_KEY") providers = app.config.get("MODULE_USER_ACCOUNT_OAUTH_PROVIDERS") config = {} auth_providers = [] for provider, conf in list(providers.items()): if hasattr(oauth2, provider): cls = getattr(oauth2, provider) conf[ "class_"] = conf["class_"] if "class_" in conf else cls elif hasattr(oauth1, provider): cls = getattr(oauth1, provider) conf[ "class_"] = conf["class_"] if "class_" in conf else cls else: continue conf["id"] = provider_id() _provider = provider.lower() auth_providers.append(_provider) config[_provider] = conf self.oauth = Authomatic(config=config, secret=secret, session=session, report_errors=True) Juice.g(OAUTH_PROVIDERS=auth_providers)
def authomatic_config(request): DEFAULTS = { 'popup': True, } ESGF = { 'dkrz': { 'class_': esgfopenid.ESGFOpenID, 'hostname': 'esgf-data.dkrz.de', }, 'ipsl': { 'class_': esgfopenid.ESGFOpenID, 'hostname': 'esgf-node.ipsl.upmc.fr', }, 'ceda': { 'class_': esgfopenid.ESGFOpenID, 'hostname': 'ceda.ac.uk', 'provider_url': 'https://{hostname}/openid/{username}', }, 'pcmdi': { 'class_': esgfopenid.ESGFOpenID, 'hostname': 'pcmdi.llnl.gov', }, 'smhi': { 'class_': esgfopenid.ESGFOpenID, 'hostname': 'esg-dn1.nsc.liu.se', }, } OAUTH2 = { 'github': { 'class_': oauth2.GitHub, 'consumer_key': request.registry.settings.get('github.client.id'), 'consumer_secret': request.registry.settings.get('github.client.secret'), 'access_headers': { 'User-Agent': 'Phoenix' }, 'id': provider_id(), 'scope': oauth2.GitHub.user_info_scope, '_apis': { 'Get your events': ('GET', 'https://api.github.com/users/{user.username}/events'), 'Get your watched repos': ('GET', 'https://api.github.com/user/subscriptions'), }, }, } # Concatenate the configs. config = {} config.update(OAUTH2) config.update(ESGF) config['__defaults__'] = DEFAULTS return config
def authomatic_config(request): DEFAULTS = { 'popup': True, } ESGF = { 'dkrz': { 'class_': esgfopenid.ESGFOpenID, 'hostname': 'esgf-data.dkrz.de', }, 'ipsl': { 'class_': esgfopenid.ESGFOpenID, 'hostname': 'esgf-node.ipsl.upmc.fr', }, 'ceda': { 'class_': esgfopenid.ESGFOpenID, 'hostname': 'ceda.ac.uk', 'provider_url': 'https://{hostname}/openid/{username}', }, 'pcmdi': { 'class_': esgfopenid.ESGFOpenID, 'hostname': 'pcmdi.llnl.gov', }, 'smhi': { 'class_': esgfopenid.ESGFOpenID, 'hostname': 'esg-dn1.nsc.liu.se', }, } OAUTH2 = { 'github': { 'class_': oauth2.GitHub, 'consumer_key': request.registry.settings.get('github.client.id'), 'consumer_secret': request.registry.settings.get('github.client.secret'), 'access_headers': {'User-Agent': 'Phoenix'}, 'id': provider_id(), 'scope': oauth2.GitHub.user_info_scope, '_apis': { 'Get your events': ('GET', 'https://api.github.com/users/{user.username}/events'), 'Get your watched repos': ('GET', 'https://api.github.com/user/subscriptions'), }, }, 'ceda_oauth': { # Not named 'ceda' to avoid conflict with CEDA OpenID 'class_': CEDAProvider, 'consumer_key': request.registry.settings.get('ceda.client.id'), 'consumer_secret': request.registry.settings.get('ceda.client.secret'), 'access_headers': {'User-Agent': 'Phoenix'}, 'scope': CEDAProvider.user_info_scope, }, } # Concatenate the configs. config = {} config.update(OAUTH2) config.update(ESGF) config['__defaults__'] = DEFAULTS return config
def authomatic_config(request): DEFAULTS = { 'popup': True, } AUTHENTICATION = { 'openid': { 'class_': openid.OpenID, }, } OAUTH2 = { 'github': { 'class_': oauth2.GitHub, 'consumer_key': request.registry.settings.get('github.consumer.key'), 'consumer_secret': request.registry.settings.get('github.consumer.secret'), 'access_headers': {'User-Agent': 'Phoenix'}, 'id': provider_id(), 'scope': oauth2.GitHub.user_info_scope, '_apis': { 'Get your events': ('GET', 'https://api.github.com/users/{user.username}/events'), 'Get your watched repos': ('GET', 'https://api.github.com/user/subscriptions'), }, }, 'ceda': { 'class_': myoauth2.Ceda, 'consumer_key': request.registry.settings.get('ceda.consumer.key'), 'consumer_secret': request.registry.settings.get('ceda.consumer.secret'), 'id': provider_id(), 'scope': myoauth2.Ceda.user_info_scope, #'state': 'ceda', 'redirect_uri': request.registry.settings.get('ceda.consumer.redirect.uri'), }, } # Concatenate the configs. config = {} config.update(OAUTH2) config.update(AUTHENTICATION) config['__defaults__'] = DEFAULTS return config
def authomatic_config(request): DEFAULTS = { 'popup': True, } OAUTH2 = { 'github': { 'class_': oauth2.GitHub, 'consumer_key': request.registry.settings.get('github.client.id'), 'consumer_secret': request.registry.settings.get('github.client.secret'), 'access_headers': {'User-Agent': 'Phoenix'}, 'id': provider_id(), 'scope': oauth2.GitHub.user_info_scope, '_apis': { 'Get your events': ('GET', 'https://api.github.com/users/{user.username}/events'), 'Get your watched repos': ('GET', 'https://api.github.com/user/subscriptions'), }, }, 'ceda_oauth': { # Not named 'ceda' to avoid conflict with CEDA OpenID 'class_': CEDAProvider, 'consumer_key': request.registry.settings.get('ceda.client.id'), 'consumer_secret': request.registry.settings.get('ceda.client.secret'), 'access_headers': {'User-Agent': 'Phoenix'}, 'scope': CEDAProvider.user_info_scope, }, 'keycloak': { # keycloak 'class_': create_keycloak_provider( url=request.registry.settings.get('keycloak.url'), realm=request.registry.settings.get('keycloak.realm')), 'consumer_key': request.registry.settings.get('keycloak.client.id'), 'consumer_secret': request.registry.settings.get('keycloak.client.secret'), 'access_headers': {'User-Agent': 'Phoenix'}, 'scope': 'openid email profile', }, } # Concatenate the configs. config = {} config.update(OAUTH2) config['__defaults__'] = DEFAULTS return config
AUTHENTICATION = { 'openid': { 'class_': openid.OpenID, }, 'gae-openid': { 'class_': gaeopenid.GAEOpenID, }, } OAUTH1 = { 'bitbucket': { 'class_': oauth1.Bitbucket, 'consumer_key': '##########', 'consumer_secret': '##########', 'id': authomatic.provider_id(), '_apis': { 'Get repos you follow': ('GET', 'https://api.bitbucket.org/1.0/user/repositories/overview'), 'Get your privileges': ('GET', 'https://api.bitbucket.org/1.0/user/privileges'), } }, 'flickr': { 'class_': oauth1.Flickr, 'consumer_key': '##########', 'consumer_secret': '##########', 'id': authomatic.provider_id(), '_apis': { 'List your photos':
def setup_routes(app, debug, spreadsheet_name): OAUTH_CONFIG = { "google": { "class_": oauth2.Google, "id": authomatic.provider_id(), "consumer_key": "678365835388-gt8b1d2voof0n6cffe5ljdgu80qaand4.apps.googleusercontent.com", "consumer_secret": "kK2vuS9muxml3cISlb5w5bRp", "scope": ["profile", "email"] } } authomatic_config = Authomatic(OAUTH_CONFIG, "asda", report_errors=False) valid_domain = "@signal.co" if not debug: # if we're on production make sure we're always on https @app.before_request def before_request(): if not request.headers.get('X-Forwarded-Proto', '').startswith('https'): return redirect(request.url.replace('http://', 'https://', 1), code=301) @app.route("/login/<provider_name>/", methods=["GET", "POST"]) def login(provider_name): response = make_response() result = authomatic_config.login( WerkzeugAdapter(request, response), provider_name, session=session, session_saver=lambda: app.save_session(session, response) ) if result: if result.user: result.user.update() if valid_domain not in result.user.email: return render_template("index.html", message="Please login with a valid @signal.co email address.") session["email"] = result.user.email session["name"] = result.user.name return redirect("/") return logout_error() return response @app.route("/", methods=["GET"]) def index(): email, name = session.get("email", None), session.get("name", None) return render_template("index.html", email=email, name=name) def open_spreadsheet(names=False): scope = ["https://spreadsheets.google.com/feeds"] credentials = ServiceAccountCredentials.from_json_keyfile_name(os.path.join(os.path.dirname(__file__), "test-3f652713c268.json"), scope) gc = gspread.authorize(credentials) spreadsheet = gc.open(spreadsheet_name) return spreadsheet.get_worksheet(1 if names else 0) def get_employees(): name_worksheet = open_spreadsheet(True) employee_names, region_codes, employee_ids = name_worksheet.col_values(1), name_worksheet.col_values(2), name_worksheet.col_values(3) return [{"name": name, "region": region_codes[i], "id": employee_ids[i]} for i, name in enumerate(employee_names)] @app.route("/employees.json") def employees(): if session: employees = get_employees() return jsonify(data=[employee["name"] for employee in employees if employee["name"]]) return 'Um, nah brah', 403 @app.route("/", methods=["POST"]) def handle_submit(): bonus_worksheet, name_worksheet = open_spreadsheet(False), open_spreadsheet(True) month, year = time.strftime("%b %y").split(' ') email, name = session.get("email", None), session.get("name", None) month_name = month + name validation_result = validate_form(month_name, request.form, session, bonus_worksheet, name_worksheet) if validation_result: return render_template("index.html", message=validation_result, email=email, name=name) else: give_bonus(month, year, request.form, name, bonus_worksheet) return render_template("index.html", confirmation="Your bonus is on its way!", email=email, name=name) def give_bonus(month, year, bonus_request, sender_name, bonus_worksheet): recipient_name, comments, informed_status = bonus_request["recipient"], bonus_request["comments"], bonus_request["informed_status"] month_year_name = month + year + sender_name employees = get_employees() person = next(employee for employee in employees if employee["name"] == recipient_name) recipient, employee_id, region_code = person["name"], person["id"], person["region"] last_row_num = 0 for row_num, value in enumerate(bonus_worksheet.col_values(1)): if not value: last_row_num = row_num break last_row_num += 1 bonus_worksheet.update_acell("A{}".format(last_row_num), month + year) bonus_worksheet.update_acell("B{}".format(last_row_num), recipient) bonus_worksheet.update_acell("C{}".format(last_row_num), region_code) bonus_worksheet.update_acell("D{}".format(last_row_num), comments) bonus_worksheet.update_acell("E{}".format(last_row_num), informed_status) bonus_worksheet.update_acell("F{}".format(last_row_num), sender_name) bonus_worksheet.update_acell("G{}".format(last_row_num), month_year_name) bonus_worksheet.update_acell("H{}".format(last_row_num), employee_id) def validate_form(month_name, form, session, bonus_worksheet, name_worksheet): recipient = form["recipient"] if self_bonus(form, session): return "You can't bonus yourself!" if validate_redundancy(month_name, bonus_worksheet): return "You've already submitted a bonus for this month!" if not validate_input(form, name_worksheet): return "Please fill out all the fields correctly." def self_bonus(form, session): recipient = form["recipient"] name = session.get("name", None) return recipient == name def validate_redundancy(month_name, bonus_worksheet): already_bonused = bonus_worksheet.findall(month_name) return True if already_bonused else False def validate_input(form, name_worksheet): recipient = form["recipient"] comment = form["comments"] informed_status = form.get("informed_status", None) emp_names = [e for e in name_worksheet.col_values(1) if e] if recipient not in emp_names: return False if len(comment.strip()) == 0: #check length and trim return False return False if not informed_status else True def logout_error(): session.clear() return render_template("index.html", message="Something went wrong, please try logging in again.") @app.route('/logout') def logout(): session.clear() return render_template("index.html", message="k, BAI.")
# config.py from authomatic.providers import oauth2, oauth1, openid, gaeopenid import authomatic CONFIG = { "tw": { # Your internal provider name # Provider class "class_": oauth1.Twitter, # Twitter is an AuthorizationProvider so we need to set several other properties too: "consumer_key": "####################", "consumer_secret": "####################", "id": authomatic.provider_id(), }, "fb": { "class_": oauth2.Facebook, # Facebook is AuthorizationProvider too. "consumer_key": "####################", "consumer_secret": "####################", "id": authomatic.provider_id(), # We need the "publish_stream" scope to post to users timeline, # the "offline_access" scope to be able to refresh credentials, # and the other scopes to get user info. "scope": ["publish_stream", "offline_access", "user_about_me", "email"], }, "gae_oi": { # OpenID based Google App Engine Users API works only on GAE # and returns only the id and email of a user. # Moreover, the id is not available in the development environment! "class_": gaeopenid.GAEOpenID },
def authomatic_config(request=None): defaults_config = { "popup": True, } openid_config = { "openid": { "class_": openid.OpenID, "display_name": "OpenID", }, } esgf_config = { "dkrz": { "class_": esgfopenid.ESGFOpenID, "hostname": "esgf-data.dkrz.de", "provider_url": "https://{hostname}/esgf-idp/openid/{username}", "display_name": "DKRZ", }, "ipsl": { "class_": esgfopenid.ESGFOpenID, "hostname": "esgf-node.ipsl.upmc.fr", "display_name": "IPSL", }, # former "badc" "ceda": { "class_": esgfopenid.ESGFOpenID, "hostname": "esgf-index1.ceda.ac.uk", "provider_url": "https://{hostname}/openid/{username}", "display_name": "CEDA", }, # former "pcmdi" "llnl": { "class_": esgfopenid.ESGFOpenID, "hostname": "esgf-node.llnl.gov", "display_name": "LLNL", }, "smhi": { "class_": esgfopenid.ESGFOpenID, "hostname": "esg-dn1.nsc.liu.se", "display_name": "SMHI", }, } _get_const_info = dict(raise_missing=False, raise_not_set=False, print_missing=True) oauth2_config = { "github": { "class_": oauth2.GitHub, "display_name": "GitHub", "consumer_key": get_constant("GITHUB_CLIENT_ID", **_get_const_info), "consumer_secret": get_constant("GITHUB_CLIENT_SECRET", **_get_const_info), "redirect_uri": request.application_url if request else None, # "redirect_uri": "{}/providers/github/signin".format(request.application_url) if request else None, "access_headers": { "User-Agent": "Magpie" }, "id": provider_id(), "_apis": { "Get your events": ("GET", "https://api.github.com/users/{user.username}/events"), "Get your watched repos": ("GET", "https://api.github.com/user/subscriptions"), }, }, "wso2": { "class_": wso2.WSO2, "display_name": "WSO2", "hostname": get_constant("WSO2_HOSTNAME", **_get_const_info), "consumer_key": get_constant("WSO2_CLIENT_ID", **_get_const_info), "consumer_secret": get_constant("WSO2_CLIENT_SECRET", **_get_const_info), "certificate_file": get_constant("WSO2_CERTIFICATE_FILE", **_get_const_info) or None, # replace if == "" "ssl_verify": asbool( get_constant("WSO2_SSL_VERIFY", default_value=True, **_get_const_info)), "redirect_uri": "{}/providers/wso2/signin".format(request.application_url) if request else None, "id": provider_id(), } } # Concatenate the configs. config = {} # type: JSON config.update(oauth2_config) config.update(openid_config) config.update(esgf_config) config["__defaults__"] = defaults_config return config
AUTHENTICATION = { 'openid': { 'class_': openid.OpenID, }, 'gae-openid': { 'class_': gaeopenid.GAEOpenID, }, } OAUTH1 = { 'bitbucket': { 'class_': oauth1.Bitbucket, 'consumer_key': '##########', 'consumer_secret': '##########', 'id': authomatic.provider_id(), '_apis': { 'Get repos you follow': ('GET', 'https://api.bitbucket.org/1.0/user/repositories/overview'), 'Get your privileges': ('GET', 'https://api.bitbucket.org/1.0/user/privileges'), } }, 'flickr': { 'class_': oauth1.Flickr, 'consumer_key': '##########', 'consumer_secret': '##########', 'id': authomatic.provider_id(), '_apis': { 'List your photos': ('GET', 'http://api.flickr.com/services/rest?method=flickr.activity.userPhotos&format=json'), 'List your comments': ('GET', 'http://api.flickr.com/services/rest?method=flickr.activity.userComments&format=json'), },
def authomatic_config(request=None): defaults_config = { 'popup': True, } openid_config = { 'openid': { 'class_': openid.OpenID, 'display_name': 'OpenID', }, } esgf_config = { 'dkrz': { 'class_': esgfopenid.ESGFOpenID, 'hostname': 'esgf-data.dkrz.de', 'provider_url': 'https://{hostname}/esgf-idp/openid/{username}', 'display_name': 'DKRZ', }, 'ipsl': { 'class_': esgfopenid.ESGFOpenID, 'hostname': 'providers-node.ipsl.fr', 'display_name': 'IPSL', }, 'badc': { 'class_': esgfopenid.ESGFOpenID, 'hostname': 'ceda.ac.uk', 'provider_url': 'https://{hostname}/openid/{username}', 'display_name': 'BADC', }, 'pcmdi': { 'class_': esgfopenid.ESGFOpenID, 'hostname': 'providers-node.llnl.gov', 'display_name': 'PCMDI', }, 'smhi': { 'class_': esgfopenid.ESGFOpenID, 'hostname': 'esg-dn1.nsc.liu.se', 'display_name': 'SMHI', }, } _get_const_info = dict(raise_missing=False, raise_not_set=False, print_missing=True) oauth2_config = { 'github': { 'class_': oauth2.GitHub, 'display_name': 'GitHub', 'consumer_key': get_constant('GITHUB_CLIENT_ID', **_get_const_info), 'consumer_secret': get_constant('GITHUB_CLIENT_SECRET', **_get_const_info), 'redirect_uri': request.application_url if request else None, # 'redirect_uri': '{}/providers/github/signin'.format(request.application_url) if request else None, 'access_headers': { 'User-Agent': 'Magpie' }, 'id': provider_id(), '_apis': { 'Get your events': ('GET', 'https://api.github.com/users/{user.username}/events'), 'Get your watched repos': ('GET', 'https://api.github.com/user/subscriptions'), }, }, 'wso2': { 'class_': wso2.WSO2, 'display_name': 'WSO2', 'hostname': get_constant('WSO2_HOSTNAME', **_get_const_info), 'consumer_key': get_constant('WSO2_CLIENT_ID', **_get_const_info), 'consumer_secret': get_constant('WSO2_CLIENT_SECRET', **_get_const_info), 'certificate_file': get_constant('WSO2_CERTIFICATE_FILE', **_get_const_info) or None, # replace if == '' 'ssl_verify': asbool( get_constant('WSO2_SSL_VERIFY', default_value=True, **_get_const_info)), 'redirect_uri': '{}/providers/wso2/signin'.format(request.application_url) if request else None, 'id': provider_id(), } } # Concatenate the configs. config = {} # type: JSON config.update(oauth2_config) config.update(openid_config) config.update(esgf_config) config['__defaults__'] = defaults_config return config
import authomatic from authomatic.providers import oauth2, oauth1 CONFIG = { 'google': { 'class_': oauth2.Google, 'consumer_key': '801799207789-qj58obkub7m1coj112fje0vs57mi8ode.apps.googleusercontent.com', 'consumer_secret': '0Jjk48bTxHGGRgt2ycYccZ-Z', 'id': authomatic.provider_id(), 'scope': oauth2.Google.user_info_scope + [ 'https://www.googleapis.com/auth/calendar', 'https://mail.google.com/mail/feed/atom', 'https://www.googleapis.com/auth/drive', 'https://gdata.youtube.com' ], '_apis': { 'List your calendars': ('GET', 'https://www.googleapis.com/calendar/v3/users/me/calendarList'), 'List your YouTube playlists': ('GET', 'https://gdata.youtube.com/feeds/api/users/default/playlists?alt=json' ), }, } }
def authomatic_config(request): DEFAULTS = { 'popup': True, } OPENID = { 'openid': { 'class_': openid.OpenID, }, } ESGF = { 'dkrz': { 'class_': esgfopenid.ESGFOpenID, 'hostname': 'esgf-data.dkrz.de', }, 'ipsl': { 'class_': esgfopenid.ESGFOpenID, 'hostname': 'esgf-node.ipsl.fr', }, 'badc': { 'class_': esgfopenid.ESGFOpenID, 'hostname': 'ceda.ac.uk', 'provider_url': 'https://{hostname}/openid/{username}' }, 'pcmdi': { 'class_': esgfopenid.ESGFOpenID, 'hostname': 'pcmdi.llnl.gov', }, 'smhi': { 'class_': esgfopenid.ESGFOpenID, 'hostname': 'esg-dn1.nsc.liu.se', }, } OAUTH2 = { 'github': { 'class_': oauth2.GitHub, 'consumer_key': request.github_oauth[0], 'consumer_secret': request.github_oauth[1], 'access_headers': {'User-Agent': 'Phoenix'}, 'id': provider_id(), 'scope': oauth2.GitHub.user_info_scope, '_apis': { 'Get your events': ('GET', 'https://api.github.com/users/{user.username}/events'), 'Get your watched repos': ('GET', 'https://api.github.com/user/subscriptions'), }, }, 'ceda': { 'class_': myoauth2.Ceda, 'consumer_key': request.registry.settings.get('ceda.consumer.key'), 'consumer_secret': request.registry.settings.get('ceda.consumer.secret'), 'id': provider_id(), 'scope': myoauth2.Ceda.user_info_scope, #'state': 'ceda', 'redirect_uri': request.registry.settings.get('ceda.consumer.redirect.uri'), }, } # Concatenate the configs. config = {} config.update(OAUTH2) config.update(OPENID) config.update(ESGF) config['__defaults__'] = DEFAULTS return config