def prepare(self):
super(AdminHandler, self).prepare()
self.set_cache(is_public=False)
if CONFIG.ENABLE_HTTPS and not self.is_https:
request = self.request
if request.version == 'HTTP/1.0':
if request.method in ('GET', 'HEAD'):
self.redirect('https://%s%s' % (request.host, request.uri))
else:
raise HTTPError(403)
else:
self.redirect('https://%s%s' % (request.host, request.uri), status=307)
return
if not self.is_admin:
if not self.current_user_id:
request = self.request
if request.method in ('GET', 'HEAD'):
state = Auth.generate(request.uri)
self.set_state_cookie(state)
self.redirect(self.get_login_url(), status=302 if request.version == 'HTTP/1.0' else 303)
return
self.set_session_time_cookie() # force check user status
raise HTTPError(403)
def prepare(self):
super(AdminHandler, self).prepare()
self.set_cache(is_public=False)
if CONFIG.ENABLE_HTTPS and not self.is_https:
request = self.request
if request.version == 'HTTP/1.0':
if request.method in ('GET', 'HEAD'):
self.redirect('https://%s%s' % (request.host, request.uri))
else:
raise HTTPError(403)
else:
self.redirect('https://%s%s' % (request.host, request.uri), status=307)
return
if not self.is_admin:
if not self.current_user_id:
request = self.request
if request.method in ('GET', 'HEAD'):
state = Auth.generate(request.uri)
self.set_state_cookie(state)
self.redirect(self.get_login_url(), status=302 if request.version == 'HTTP/1.0' else 303)
return
self.set_session_time_cookie() # force check user status
raise HTTPError(403)
def authorized_handler(self, *args, **kwargs):
self.set_cache(is_public=False)
request = self.request
if request.method == 'GET':
if not self.current_user_id:
state = Auth.generate(request.uri)
self.set_state_cookie(state)
self.redirect(self.get_login_url(), status=302 if request.version == 'HTTP/1.0' else 303)
elif admin_only and not self.is_admin:
raise HTTPError(403)
else:
user_handler(self, *args, **kwargs)
elif not self.current_user_id:
self.set_session_time_cookie() # force check user status
raise HTTPError(403)
elif admin_only and not self.is_admin:
raise HTTPError(403)
else:
user_handler(self, *args, **kwargs)
def authorized_handler(self, *args, **kwargs):
self.set_cache(is_public=False)
request = self.request
if request.method == 'GET':
if not self.current_user_id:
state = Auth.generate(request.uri)
self.set_state_cookie(state)
self.redirect(self.get_login_url(), status=302 if request.version == 'HTTP/1.0' else 303)
elif admin_only and not self.is_admin:
raise HTTPError(403)
else:
user_handler(self, *args, **kwargs)
elif not self.current_user_id:
self.set_session_time_cookie() # force check user status
raise HTTPError(403)
elif admin_only and not self.is_admin:
raise HTTPError(403)
else:
user_handler(self, *args, **kwargs)
def get(self):
self.set_cache(0, is_public=False)
if CONFIG.ENABLE_HTTPS and not self.is_https:
request = self.request
self.redirect('https://%s%s' % (request.host, request.uri), status=302 if request.version == 'HTTP/1.0' else 303)
return
if self.current_user_id:
self.set_session_time_cookie() # 强制修改 session_time,使用户可以重新访问 PageAppendHandler,以更新配置信息
self.redirect(self.get_next_url() or '/')
return
code = self.get_argument('code', None)
if code:
state = self.get_argument('state')
if len(state) != CONFIG.AUTH_STATE_LENGTH:
raise HTTPError(400)
if self.get_cookie('state') != state:
raise HTTPError(403)
next_url = Auth.get(state)
if next_url is None:
raise HTTPError(403)
self.clear_cookie('state')
try:
token_info = yield self.get_authenticated_user(
redirect_uri=CONFIG.GOOGLE_OAUTH2_REDIRECT_URI,
code=code)
if token_info:
access_token = token_info.get('access_token')
if access_token:
try:
response = yield self.get_auth_http_client().fetch('https://www.googleapis.com/oauth2/v1/userinfo?access_token=' + access_token)
except HTTPClientError:
logging.exception('failed to get user info')
raise HTTPError(500)
user_info = ujson.loads(response.body)
user = User.get_by_email(user_info['email'])
if not user:
user = User(
email=user_info['email'],
name=user_info['name']
)
url = user_info.get('url')
if url:
user.site = url
user.save(inserting=True)
self.set_secure_cookie('user_id', str(user.id), httponly=True, secure=self.is_https)
self.set_session_time_cookie() # 使用户重新访问 PageAppendHandler,以更新配置信息
self.redirect(next_url or '/')
return
except AuthError:
logging.warning('failed to login', exc_info=True)
raise HTTPError(403)
else:
state = self.get_cookie('state')
if not (state and Auth.is_existing(state)): # invalid state
state = Auth.generate(self.get_next_url() or '')
self.set_state_cookie(state)
yield self.authorize_redirect(
redirect_uri=CONFIG.GOOGLE_OAUTH2_REDIRECT_URI,
client_id=CONFIG.GOOGLE_OAUTH2_CLIENT_ID,
scope=['profile', 'email'],
response_type='code',
extra_params={'approval_prompt': 'auto', 'state': state})
def get(self):
self.set_cache(0, is_public=False)
if CONFIG.ENABLE_HTTPS and not self.is_https:
request = self.request
self.redirect('https://%s%s' % (request.host, request.uri),
status=302 if request.version == 'HTTP/1.0' else 303)
return
if self.current_user_id:
self.set_session_time_cookie(
) # 强制修改 session_time,使用户可以重新访问 PageAppendHandler,以更新配置信息
self.redirect(self.get_next_url() or '/')
return
code = self.get_argument('code', None)
if code:
state = self.get_argument('state')
if len(state) != CONFIG.AUTH_STATE_LENGTH:
raise HTTPError(400)
if self.get_cookie('state') != state:
raise HTTPError(403)
next_url = Auth.get(state)
if next_url is None:
raise HTTPError(403)
self.clear_cookie('state')
try:
token_info = yield self.get_authenticated_user(
redirect_uri=CONFIG.GOOGLE_OAUTH2_REDIRECT_URI, code=code)
if token_info:
access_token = token_info.get('access_token')
if access_token:
try:
response = yield self.get_auth_http_client().fetch(
'https://www.googleapis.com/oauth2/v1/userinfo?access_token='
+ access_token)
except HTTPClientError:
logging.exception('failed to get user info')
raise HTTPError(500)
user_info = json.loads(response.body)
user = User.get_by_email(user_info['email'])
if not user:
user = User(email=user_info['email'],
name=user_info['name'])
url = user_info.get('url')
if url:
user.site = url
user.save(inserting=True)
self.set_secure_cookie('user_id',
str(user.id),
httponly=True,
secure=self.is_https)
self.set_session_time_cookie(
) # 使用户重新访问 PageAppendHandler,以更新配置信息
self.redirect(next_url or '/')
return
except AuthError:
logging.warning('failed to login', exc_info=True)
raise HTTPError(403)
else:
state = self.get_cookie('state')
if not (state and Auth.is_existing(state)): # invalid state
state = Auth.generate(self.get_next_url() or '')
self.set_state_cookie(state)
yield self.authorize_redirect(
redirect_uri=CONFIG.GOOGLE_OAUTH2_REDIRECT_URI,
client_id=CONFIG.GOOGLE_OAUTH2_CLIENT_ID,
scope=['profile', 'email'],
response_type='code',
extra_params={
'approval_prompt': 'auto',
'state': state
})