def test_GoogleOauth2Verifier_verify_token_invalid_iss(_verify_token_payload):
_verify_token_payload.return_value = {"iss": "invalid", "key": "value"}
verifier = verifiers.GoogleOauth2Verifier(
client_ids=[mock.sentinel.audience])
with pytest.raises(exceptions.GoogleVerificationError):
result = verifier.verify_token(mock.sentinel.token)
def test_GoogleOauth2Verifier_verify_token_valid_iss(_verify_token_payload):
_verify_token_payload.return_value = {
"iss": "accounts.google.com",
"key": "value"
}
verifier = verifiers.GoogleOauth2Verifier(
client_ids=[mock.sentinel.audience])
result = verifier.verify_token(mock.sentinel.token)
assert result["key"] == "value"
def test_GoogleOauth2Verifier_verify_token_invalid_hd(_verify_token_payload):
_verify_token_payload.return_value = {
"iss": "accounts.google.com",
"key": "value",
"hd": "invalid"
}
verifier = verifiers.GoogleOauth2Verifier(
client_ids=[mock.sentinel.audience], g_suite_hosted_domain="domain")
with pytest.raises(exceptions.GoogleVerificationError):
result = verifier.verify_token(mock.sentinel.token)
def test_GoogleOauth2Verifier_verify_token_valid_hd(_verify_token_payload):
_verify_token_payload.return_value = {
"iss": "accounts.google.com",
"key": "value",
"hd": "domain"
}
verifier = verifiers.GoogleOauth2Verifier(
client_ids=[mock.sentinel.audience], g_suite_hosted_domain="domain")
result = verifier.verify_token(mock.sentinel.token)
assert result["key"] == "value"
def handle_google_sign_in():
"""Handle signing in when Google sends the token to our server directly"""
print('Handling User Request from Google Button or OneTap')
#Verify CSRF double submit cookie
csrf_token_cookie = request.cookies.get('g_csrf_token')
if not csrf_token_cookie:
return render_template('home.html', error="Google Sign In failed. No CSRF token in provided cookie.")
csrf_token_body = request.values.get('g_csrf_token')
if not csrf_token_body:
return render_template('home.html', error="Google Sign In failed. No CSRF token in post body.")
if csrf_token_body != csrf_token_cookie:
return render_template('home.html', error="Google Sign In failed. Failed to verify double submit cookie.")
id_token = request.values.get('credential')
CLIENT_APP_IDS = ["443130310905-s9hq5vg9nbjctal1dlm2pf8ljb9vlbm3.apps.googleusercontent.com"] #CLIENT IDs of apps using this backend
verifier = verifiers.GoogleOauth2Verifier(client_ids=CLIENT_APP_IDS)
try:
decoded_token = verifier.verify_token(id_token) #use decoded_token to complete user sign in
email = decoded_token.get_email().lower()
given_name = decoded_token.get_given_name()
create_user_table()
registered = is_email_registered(email)
federated = is_account_federated(email)
if registered:
if federated:
return render_template('account_success.html', name=given_name, login=str(True))
else: #legacy user - link accounts
session['decoded_token'] = decoded_token.to_json()
error_message = ("The email associated with this Google account is already registered. "
"Please link this existing account to your Google account.")
return render_template('link_existing_account.html', link_error=error_message, google_email=email)
else: #unregistered user
session['decoded_token'] = decoded_token.to_json() #session value must be serializable
return render_template('register_googler.html')
except (ValueError, exceptions.GoogleVerificationError):
#invalid token, prompt user to try again
return render_template('home.html', error="Google Sign In failed. The ID Token was invalid.")