def make_default_account(db, config):
import platform
from inbox.models.backends.gmail import GmailAccount
from inbox.models.backends.gmail import GmailAuthCredentials
from inbox.auth.gmail import OAUTH_SCOPE
from inbox.models import Namespace
ns = Namespace()
account = GmailAccount(
sync_host='{}:{}'.format(platform.node(), 0),
email_address='*****@*****.**')
account.namespace = ns
account.create_emailed_events_calendar()
account.refresh_token = 'faketoken'
auth_creds = GmailAuthCredentials()
auth_creds.client_id = config.get_required('GOOGLE_OAUTH_CLIENT_ID')
auth_creds.client_secret = \
config.get_required('GOOGLE_OAUTH_CLIENT_SECRET')
auth_creds.refresh_token = 'faketoken'
auth_creds.g_id_token = 'foo'
auth_creds.created_at = datetime.utcnow()
auth_creds.updated_at = datetime.utcnow()
auth_creds.gmailaccount = account
auth_creds.scopes = OAUTH_SCOPE
db.session.add(account)
db.session.add(auth_creds)
db.session.commit()
return account
def add_fake_gmail_account(
db_session,
email_address="*****@*****.**",
refresh_token="tearsofgold",
password="******",
):
import platform
from inbox.models import Namespace
from inbox.models.backends.gmail import GmailAccount
with db_session.no_autoflush:
namespace = Namespace()
account = GmailAccount(
email_address=email_address,
refresh_token=refresh_token,
sync_host=platform.node(),
namespace=namespace,
)
account.imap_password = password
account.smtp_password = password
db_session.add(account)
db_session.commit()
return account
def create_account(self, email_address, response):
# This method assumes that the existence of an account for the
# provider and email_address has been checked by the caller;
# callers may have different methods of performing the check
# (redwood auth versus bin/inbox-auth)
namespace = Namespace()
account = GmailAccount(namespace=namespace)
account.create_emailed_events_calendar()
return self.update_account(account, response)
def create_account(self, email_address, response):
# This method assumes that the existence of an account for the
# provider and email_address has been checked by the caller;
# callers may have different methods of performing the check
# (redwood auth versus bin/inbox-auth)
namespace = Namespace()
account = GmailAccount(namespace=namespace)
account.create_emailed_events_calendar()
return self.update_account(account, response)
def gmail_account(db):
import platform
from inbox.models import Namespace
from inbox.models.backends.gmail import GmailAccount
account = db.session.query(GmailAccount).first()
if account is None:
with db.session.no_autoflush:
namespace = Namespace()
account = GmailAccount(email_address='*****@*****.**',
refresh_token='tearsofgold',
sync_host=platform.node(),
namespace=namespace)
account.password = '******'
db.session.add(account)
db.session.commit()
return account
def add_fake_gmail_account(
db_session, email_address="*****@*****.**", refresh_token="tearsofgold", password="******"
):
from inbox.models import Namespace
from inbox.models.backends.gmail import GmailAccount
import platform
with db_session.no_autoflush:
namespace = Namespace()
account = GmailAccount(
email_address=email_address, refresh_token=refresh_token, sync_host=platform.node(), namespace=namespace
)
account.password = password
db_session.add(account)
db_session.commit()
return account
def gmail_account(db):
import platform
from inbox.models import Namespace
from inbox.models.backends.gmail import GmailAccount
account = db.session.query(GmailAccount).first()
if account is None:
with db.session.no_autoflush:
namespace = Namespace()
account = GmailAccount(
email_address='*****@*****.**',
refresh_token='tearsofgold',
sync_host=platform.node(),
namespace=namespace)
account.password = '******'
db.session.add(account)
db.session.commit()
return account
def create_account(self, db_session, email_address, response):
# Override create_account to persist the 'login hint' email_address
# rather than the canonical email that is contained in response.
# This allows us to trigger errors by authing with addresses of the
# format:
# [email protected]
# Since verify_config throws an Exception if no specific case is
# triggered, this account is never committed.
namespace = Namespace()
account = GmailAccount(namespace=namespace)
account.email_address = email_address
try:
self.verify_config(account)
except GmailSettingError as e:
print e
raise UserRecoverableConfigError(e)
return account
def add_fake_gmail_account(db_session,
email_address='*****@*****.**',
refresh_token='tearsofgold',
password='******'):
from inbox.models import Account, Namespace
from inbox.models.backends.gmail import GmailAccount
import platform
with db_session.no_autoflush:
namespace = Namespace()
account = GmailAccount(email_address=email_address,
refresh_token=refresh_token,
sync_host=platform.node(),
namespace=namespace)
account.password = password
db_session.add(account)
db_session.commit()
return account
def make_default_account(db, config):
import platform
from inbox.models.backends.gmail import GmailAccount
from inbox.models.backends.gmail import GmailAuthCredentials
from inbox.auth.gmail import OAUTH_SCOPE
from inbox.models import Namespace
ns = Namespace()
account = GmailAccount(sync_host=platform.node(),
email_address='*****@*****.**')
account.namespace = ns
account.create_emailed_events_calendar()
account.refresh_token = 'faketoken'
auth_creds = GmailAuthCredentials()
auth_creds.client_id = config.get_required('GOOGLE_OAUTH_CLIENT_ID')
auth_creds.client_secret = \
config.get_required('GOOGLE_OAUTH_CLIENT_SECRET')
auth_creds.refresh_token = 'faketoken'
auth_creds.g_id_token = 'foo'
auth_creds.created_at = datetime.utcnow()
auth_creds.updated_at = datetime.utcnow()
auth_creds.gmailaccount = account
auth_creds.scopes = OAUTH_SCOPE
db.session.add(account)
db.session.add(auth_creds)
db.session.commit()
return account
def default_account(db):
import platform
from inbox.models.backends.gmail import GmailAccount
from inbox.models import Namespace, Folder
ns = Namespace()
account = GmailAccount(
sync_host=platform.node(),
email_address='*****@*****.**')
account.namespace = ns
account.create_emailed_events_calendar()
account.refresh_token = 'faketoken'
account.inbox_folder = Folder(canonical_name='inbox', name='Inbox',
account=account)
account.sent_folder = Folder(canonical_name='sent', name='[Gmail]/Sent',
account=account)
account.drafts_folder = Folder(canonical_name='drafts',
name='[Gmail]/Drafts',
account=account)
db.session.add(account)
db.session.commit()
return account
def make_default_account(db, config):
import platform
from inbox.models import Namespace
from inbox.models.backends.gmail import GmailAccount
ns = Namespace()
account = GmailAccount(
sync_host="{}:{}".format(platform.node(), 0),
email_address="*****@*****.**",
)
account.namespace = ns
account.client_id = config.get_required("GOOGLE_OAUTH_CLIENT_ID")
account.create_emailed_events_calendar()
account.refresh_token = "faketoken"
db.session.add(account)
db.session.commit()
return account
def create_account(self, db_session, email_address, response):
email_address = response.get('email')
# See if the account exists in db, otherwise create it
try:
account = db_session.query(GmailAccount) \
.filter_by(email_address=email_address).one()
except NoResultFound:
namespace = Namespace()
account = GmailAccount(namespace=namespace)
# We only get refresh tokens on initial login (or failed credentials)
# otherwise, we don't force the login screen and therefore don't get a
# refresh token back from google.
new_refresh_token = response.get('refresh_token')
if new_refresh_token:
account.refresh_token = new_refresh_token
else:
if not account.refresh_token or account.sync_state == 'invalid':
# We got a new auth without a refresh token, so we need to back
# out and force the auth flow, since we don't already have
# a refresh (or the one we have doesn't work.)
raise OAuthError("Missing refresh token")
tok = response.get('access_token')
expires_in = response.get('expires_in')
token_manager.cache_token(account, tok, expires_in)
account.scope = response.get('scope')
account.email_address = email_address
account.family_name = response.get('family_name')
account.given_name = response.get('given_name')
account.name = response.get('name')
account.gender = response.get('gender')
account.g_id = response.get('id')
account.g_user_id = response.get('user_id')
account.g_id_token = response.get('id_token')
account.link = response.get('link')
account.locale = response.get('locale')
account.picture = response.get('picture')
account.home_domain = response.get('hd')
account.client_id = response.get('client_id')
account.client_secret = response.get('client_secret')
account.sync_contacts = response.get('contacts', True)
account.sync_events = response.get('events', True)
try:
self.verify_config(account)
except GmailSettingError as e:
raise UserRecoverableConfigError(e)
# Ensure account has sync enabled.
account.enable_sync()
# See if we've already stored this refresh token
match = [auth_creds for auth_creds in account.auth_credentials
if auth_creds.refresh_token == new_refresh_token]
# For new refresh_tokens, create new GmailAuthCredentials entry
if new_refresh_token and len(match) == 0:
auth_creds = GmailAuthCredentials()
auth_creds.gmailaccount = account
auth_creds.scopes = response.get('scope')
auth_creds.g_id_token = response.get('id_token')
auth_creds.client_id = response.get('client_id')
auth_creds.client_secret = response.get('client_secret')
auth_creds.refresh_token = new_refresh_token
return account
def create_account(db_session, email_address, response):
# See if the account exists in db, otherwise create it
try:
account = db_session.query(GmailAccount) \
.filter_by(email_address=email_address).one()
except NoResultFound:
namespace = Namespace()
account = GmailAccount(namespace=namespace)
tok = response.get('access_token')
expires_in = response.get('expires_in')
account.set_access_token(tok, expires_in)
account.refresh_token = response.get('refresh_token')
account.scope = response.get('scope')
account.email_address = response.get('email')
account.family_name = response.get('family_name')
account.given_name = response.get('given_name')
account.name = response.get('name')
account.gender = response.get('gender')
account.g_id = response.get('id')
account.g_user_id = response.get('user_id')
account.g_id_token = response.get('id_token')
account.link = response.get('link')
account.locale = response.get('locale')
account.picture = response.get('picture')
account.home_domain = response.get('hd')
account.client_id = response.get('client_id')
account.client_secret = response.get('client_secret')
return account
def create_account(self, db_session, email_address, response):
email_address = response.get('email')
# See if the account exists in db, otherwise create it
try:
account = db_session.query(GmailAccount) \
.filter_by(email_address=email_address).one()
except NoResultFound:
namespace = Namespace()
account = GmailAccount(namespace=namespace)
# We only get refresh tokens on initial login (or failed credentials)
# otherwise, we don't force the login screen and therefore don't get a
# refresh token back from google.
new_refresh_token = response.get('refresh_token')
if new_refresh_token:
account.refresh_token = new_refresh_token
else:
if not account.refresh_token or account.sync_state == 'invalid':
# We got a new auth without a refresh token, so we need to back
# out and force the auth flow, since we don't already have
# a refresh (or the one we have doesn't work.)
raise OAuthError("Missing refresh token")
tok = response.get('access_token')
expires_in = response.get('expires_in')
token_manager.cache_token(account, tok, expires_in)
account.scope = response.get('scope')
account.email_address = email_address
account.family_name = response.get('family_name')
account.given_name = response.get('given_name')
account.name = response.get('name')
account.gender = response.get('gender')
account.g_id = response.get('id')
account.g_user_id = response.get('user_id')
account.g_id_token = response.get('id_token')
account.link = response.get('link')
account.locale = response.get('locale')
account.picture = response.get('picture')
account.home_domain = response.get('hd')
account.client_id = response.get('client_id')
account.client_secret = response.get('client_secret')
account.sync_contacts = response.get('contacts', True)
account.sync_events = response.get('events', True)
try:
self.verify_config(account)
except GmailSettingError as e:
raise UserRecoverableConfigError(e)
# Ensure account has sync enabled.
account.enable_sync()
# See if we've already stored this refresh token
match = [
auth_creds for auth_creds in account.auth_credentials
if auth_creds.refresh_token == new_refresh_token
]
# For new refresh_tokens, create new GmailAuthCredentials entry
if new_refresh_token and len(match) == 0:
auth_creds = GmailAuthCredentials()
auth_creds.gmailaccount = account
auth_creds.scopes = response.get('scope')
auth_creds.g_id_token = response.get('id_token')
auth_creds.client_id = response.get('client_id')
auth_creds.client_secret = response.get('client_secret')
auth_creds.refresh_token = new_refresh_token
return account
def create_account(db_session, response):
email_address = response.get('email')
# See if the account exists in db, otherwise create it
try:
account = db_session.query(GmailAccount) \
.filter_by(email_address=email_address).one()
except NoResultFound:
namespace = Namespace()
account = GmailAccount(namespace=namespace)
# We only get refresh tokens on initial login (or failed credentials)
# otherwise, we don't force the login screen and therefore don't get a
# refresh token back from google.
new_refresh_token = response.get('refresh_token')
if new_refresh_token:
account.refresh_token = new_refresh_token
tok = response.get('access_token')
expires_in = response.get('expires_in')
account.set_access_token(tok, expires_in)
account.scope = response.get('scope')
account.email_address = email_address
account.family_name = response.get('family_name')
account.given_name = response.get('given_name')
account.name = response.get('name')
account.gender = response.get('gender')
account.g_id = response.get('id')
account.g_user_id = response.get('user_id')
account.g_id_token = response.get('id_token')
account.link = response.get('link')
account.locale = response.get('locale')
account.picture = response.get('picture')
account.home_domain = response.get('hd')
account.client_id = response.get('client_id')
account.client_secret = response.get('client_secret')
return account
def create_account(db_session, response):
email_address = response.get('email')
# See if the account exists in db, otherwise create it
try:
account = db_session.query(GmailAccount) \
.filter_by(email_address=email_address).one()
except NoResultFound:
namespace = Namespace()
account = GmailAccount(namespace=namespace)
# We only get refresh tokens on initial login (or failed credentials)
# otherwise, we don't force the login screen and therefore don't get a
# refresh token back from google.
new_refresh_token = response.get('refresh_token')
if new_refresh_token:
account.refresh_token = new_refresh_token
tok = response.get('access_token')
expires_in = response.get('expires_in')
account.set_access_token(tok, expires_in)
account.scope = response.get('scope')
account.email_address = email_address
account.family_name = response.get('family_name')
account.given_name = response.get('given_name')
account.name = response.get('name')
account.gender = response.get('gender')
account.g_id = response.get('id')
account.g_user_id = response.get('user_id')
account.g_id_token = response.get('id_token')
account.link = response.get('link')
account.locale = response.get('locale')
account.picture = response.get('picture')
account.home_domain = response.get('hd')
account.client_id = response.get('client_id')
account.client_secret = response.get('client_secret')
return account
def create_account(self, db_session, email_address, response):
email_address = response.get('email')
# See if the account exists in db, otherwise create it
try:
account = db_session.query(GmailAccount) \
.filter_by(email_address=email_address).one()
except NoResultFound:
namespace = Namespace()
account = GmailAccount(namespace=namespace)
# We only get refresh tokens on initial login (or failed credentials)
# otherwise, we don't force the login screen and therefore don't get a
# refresh token back from google.
new_refresh_token = response.get('refresh_token')
if new_refresh_token:
account.refresh_token = new_refresh_token
else:
if (len(account.valid_auth_credentials) == 0 or
account.sync_state == 'invalid'):
# We got a new auth without a refresh token, so we need to back
# out and force the auth flow, since we don't already have
# a refresh (or the ones we have don't work.)
raise OAuthError("No valid refresh tokens")
account.email_address = email_address
account.family_name = response.get('family_name')
account.given_name = response.get('given_name')
account.name = response.get('name')
account.gender = response.get('gender')
account.g_id = response.get('id')
account.g_user_id = response.get('user_id')
account.link = response.get('link')
account.locale = response.get('locale')
account.picture = response.get('picture')
account.home_domain = response.get('hd')
account.sync_email = (account.sync_email or
response.get('sync_email', True))
account.sync_contacts = (account.sync_contacts or
response.get('contacts', True))
account.sync_events = (account.sync_events or
response.get('events', True))
# These values are deprecated and should not be used, along
# with the account's refresh_token. Access all these values
# through the GmailAuthCredentials objects instead.
account.client_id = response.get('client_id')
account.client_secret = response.get('client_secret')
account.scope = response.get('scope')
account.g_id_token = response.get('id_token')
# Don't need to actually save these now
# tok = response.get('access_token')
# expires_in = response.get('expires_in')
client_id = response.get('client_id') or OAUTH_CLIENT_ID
client_secret = response.get('client_secret') or OAUTH_CLIENT_SECRET
if new_refresh_token:
# See if we already have credentials for this client_id/secret
# pair. If those don't exist, make a new GmailAuthCredentials
auth_creds = next(
(auth_creds for auth_creds in account.auth_credentials
if (auth_creds.client_id == client_id and
auth_creds.client_secret == client_secret)),
GmailAuthCredentials())
auth_creds.gmailaccount = account
auth_creds.scopes = response.get('scope')
auth_creds.g_id_token = response.get('id_token')
auth_creds.client_id = client_id
auth_creds.client_secret = client_secret
auth_creds.refresh_token = new_refresh_token
auth_creds.is_valid = True
try:
self.verify_config(account)
except ImapSupportDisabledError:
if account.sync_email:
raise
# Ensure account has sync enabled.
account.enable_sync()
return account
def add_new_user():
response = {}
encoder = APIEncoder()
data = request.get_json(force=True)
email_address = data.get('email_address')
password = data.get('password')
auth_details = data.get('auth_details')
reauth = data.get('reauth')
target = data.get('target', 0)
if not email_address:
response['error'] = 'Missing key - "email_address"!'
return encoder.jsonify(response)
shard_id = target << 48
with session_scope(shard_id) as db_session:
account = db_session.query(Account).filter_by(
email_address=email_address).first()
if account is not None and not reauth:
response['error'] = 'Already have this account!'
return encoder.jsonify(response)
auth_info = {}
provider = provider_from_address(email_address)
if 'gmail' in provider:
auth_handler = handler_from_provider(provider)
response['oauth_url'] = auth_handler.get_oauth_url(email_address)
response['links'] = {'confirm_url': request.url + '/confirm_oauth'}
namespace = Namespace()
account = GmailAccount(namespace=namespace)
account.sync_should_run = False
account.refresh_token = '_placeholder_'
account.email_address = email_address
else:
if not password:
response['error'] = 'Missing key - "password"!'
return encoder.jsonify(response)
auth_info['email'] = email_address
auth_info['password'] = password
if provider != 'unknown':
auth_handler = handler_from_provider(provider)
auth_info['provider'] = provider
try:
if reauth:
account = auth_handler.update_account(
account, auth_info)
else:
account = auth_handler.create_account(
email_address, auth_info)
except Exception as e:
response['error'] = e.msg
else:
auth_info['provider'] = 'custom'
auth_handler = handler_from_provider('custom')
if not auth_details:
auth_info.update(
try_fill_config_data(email_address, password))
else:
auth_info.update(auth_details)
try:
if reauth:
account = auth_handler.update_account(
account, auth_info)
else:
account = auth_handler.create_account(
email_address, auth_info)
except Exception as e:
response['error'] = str(e)
try:
auth_handler.verify_account(account)
response['data'] = 'OK. Authenticated account for {}'.format(
email_address)
except Exception as e:
response['error'] = str(e)
db_session.add(account)
db_session.commit()
return encoder.jsonify(response)
def create_account(self, db_session, email_address, response):
email_address = response.get('email')
# See if the account exists in db, otherwise create it
try:
account = db_session.query(GmailAccount) \
.filter_by(email_address=email_address).one()
except NoResultFound:
namespace = Namespace()
account = GmailAccount(namespace=namespace)
# We only get refresh tokens on initial login (or failed credentials)
# otherwise, we don't force the login screen and therefore don't get a
# refresh token back from google.
new_refresh_token = response.get('refresh_token')
if new_refresh_token:
account.refresh_token = new_refresh_token
else:
if (len(account.valid_auth_credentials) == 0
or account.sync_state == 'invalid'):
# We got a new auth without a refresh token, so we need to back
# out and force the auth flow, since we don't already have
# a refresh (or the ones we have don't work.)
raise OAuthError("No valid refresh tokens")
account.email_address = email_address
account.family_name = response.get('family_name')
account.given_name = response.get('given_name')
account.name = response.get('name')
account.gender = response.get('gender')
account.g_id = response.get('id')
account.g_user_id = response.get('user_id')
account.link = response.get('link')
account.locale = response.get('locale')
account.picture = response.get('picture')
account.home_domain = response.get('hd')
account.sync_contacts = (account.sync_contacts
or response.get('contacts', True))
account.sync_events = (account.sync_events
or response.get('events', True))
# These values are deprecated and should not be used, along
# with the account's refresh_token. Access all these values
# through the GmailAuthCredentials objects instead.
account.client_id = response.get('client_id')
account.client_secret = response.get('client_secret')
account.scope = response.get('scope')
account.g_id_token = response.get('id_token')
# Don't need to actually save these now
# tok = response.get('access_token')
# expires_in = response.get('expires_in')
client_id = response.get('client_id') or OAUTH_CLIENT_ID
client_secret = response.get('client_secret') or OAUTH_CLIENT_SECRET
if new_refresh_token:
# See if we already have credentials for this client_id/secret
# pair. If those don't exist, make a new GmailAuthCredentials
auth_creds = next(
(auth_creds for auth_creds in account.auth_credentials
if (auth_creds.client_id == client_id
and auth_creds.client_secret == client_secret)),
GmailAuthCredentials())
auth_creds.gmailaccount = account
auth_creds.scopes = response.get('scope')
auth_creds.g_id_token = response.get('id_token')
auth_creds.client_id = client_id
auth_creds.client_secret = client_secret
auth_creds.refresh_token = new_refresh_token
auth_creds.is_valid = True
db_session.add(auth_creds)
self.verify_config(account)
# Ensure account has sync enabled.
account.enable_sync()
return account
def create_account(self, db_session, email_address, response):
email_address = response.get('email')
# See if the account exists in db, otherwise create it
try:
account = db_session.query(GmailAccount) \
.filter_by(email_address=email_address).one()
except NoResultFound:
namespace = Namespace()
account = GmailAccount(namespace=namespace)
# We only get refresh tokens on initial login (or failed credentials)
# otherwise, we don't force the login screen and therefore don't get a
# refresh token back from google.
new_refresh_token = response.get('refresh_token')
if new_refresh_token:
account.refresh_token = new_refresh_token
else:
if not account.refresh_token or account.sync_state == 'invalid':
# We got a new auth without a refresh token, so we need to back
# out and force the auth flow, since we don't already have
# a refresh (or the one we have doesn't work.)
raise OAuthError("Missing refresh token")
tok = response.get('access_token')
expires_in = response.get('expires_in')
token_manager.cache_token(account, tok, expires_in)
account.scope = response.get('scope')
account.email_address = email_address
account.family_name = response.get('family_name')
account.given_name = response.get('given_name')
account.name = response.get('name')
account.gender = response.get('gender')
account.g_id = response.get('id')
account.g_user_id = response.get('user_id')
account.g_id_token = response.get('id_token')
account.link = response.get('link')
account.locale = response.get('locale')
account.picture = response.get('picture')
account.home_domain = response.get('hd')
account.client_id = response.get('client_id')
account.client_secret = response.get('client_secret')
account.sync_contacts = response.get('contacts', True)
account.sync_events = response.get('events', True)
try:
self.verify_config(account)
except GmailSettingError as e:
raise UserRecoverableConfigError(e)
# Hack to ensure that account syncs get restarted if they were stopped
# because of e.g. invalid credentials and the user re-auths.
# TODO(emfree): remove after status overhaul.
if account.sync_state != 'running':
account.sync_state = None
return account
def create_account(db_session, email_address, response):
# See if the account exists in db, otherwise create it
try:
account = db_session.query(GmailAccount) \
.filter_by(email_address=email_address).one()
except NoResultFound:
namespace = Namespace()
account = GmailAccount(namespace=namespace)
tok = response.get('access_token')
expires_in = response.get('expires_in')
account.set_access_token(tok, expires_in)
account.refresh_token = response.get('refresh_token')
account.scope = response.get('scope')
account.email_address = response.get('email')
account.family_name = response.get('family_name')
account.given_name = response.get('given_name')
account.name = response.get('name')
account.gender = response.get('gender')
account.g_id = response.get('id')
account.g_user_id = response.get('user_id')
account.g_id_token = response.get('id_token')
account.link = response.get('link')
account.locale = response.get('locale')
account.picture = response.get('picture')
account.home_domain = response.get('hd')
account.client_id = response.get('client_id')
account.client_secret = response.get('client_secret')
return account
