def authorize(self):
code = request.args.get('code')
if not code:
abort(403)
d = self.exchange_code_to_token(code)
token = d.get('access_token')
refresh_token = d.get('refresh_token')
expires_in = d.get('expires_in')
user = self.load_user(token)
email = user.get('email')
id = user.get('id')
f = self.app.view_functions.get(self.current.next_endpoint)
if getattr(f, '_herokai_only', False) and not utils.is_herokai(email):
abort(401)
self.current.logged_in = True
self.current.token = token
self.current.id = id
self.current.username = email
self.current.refresh_token = refresh_token
self.current.expires_in = expires_in
self.current.expiry_time = utils.utc_timestamp() + expires_in
return redirect(self.current.next_url)
def authenticate(self, username, password):
"""
"""
r = build_client()
resp = r.get('/account', auth=(username, password))
if resp.status_code != 200:
current_app.logger.info(
'API Auth: Call to /account returned %s' % resp.status_code)
current_app.logger.info(
'API Auth: %s' % json.dumps(resp.json()))
abort(401)
f = self.app.view_functions.get(request.endpoint)
email = resp.json().get('email')
if getattr(f, '_herokai_only', False) and not utils.is_herokai(email):
current_app.logger.info(
'API Auth: Non-Herokai attempting to access Herokai Only')
abort(401)
g._herokuauth_api_user = username
g._herokuauth_api_pass = password
g._herokuauth_api_account = resp.json()
def login(self):
def auth():
self.current.next_endpoint = request.endpoint
self.current.next_url = request.url or "/"
return self.oauth.authorize(callback=url_for('heroku_auth_login'))
if request.endpoint in ([
"heroku_auth_login",
"heroku_auth_logout",
"heroku_auth_redirect",
None
]):
return None
if not self.current.valid:
return auth()
f = self.app.view_functions.get(request.endpoint)
if self.current.logged_in:
if getattr(f, '_herokai_only', False) and not utils.is_herokai(self.current.username):
abort(401)
return None
return auth()
