def authorized_signup_handler(resp, remote, *args, **kwargs):
"""Handle sign-in/up functionality.
This is needed as we don't use Flask Forms (for now), thus the default
function would fail.
"""
# Remove any previously stored auto register session key
session.pop(token_session_key(remote.name) + '_autoregister', None)
# Store token in session
# ----------------------
# Set token in session - token object only returned if
# current_user.is_autenticated().
token = response_token_setter(remote, resp)
handlers = current_oauthclient.signup_handlers[remote.name]
# Sign-in/up user
# ---------------
if not current_user.is_authenticated:
account_info = handlers['info'](resp)
account_info_received.send(remote,
token=token,
response=resp,
account_info=account_info)
user = oauth_get_user(
remote.consumer_key,
account_info=account_info,
access_token=token_getter(remote)[0],
)
if user is None:
# Auto sign-up if user not found
user = oauth_register(account_info)
# Authenticate user
if not oauth_authenticate(
remote.consumer_key,
user,
require_existing_link=False,
remember=current_app.config['OAUTHCLIENT_REMOTE_APPS'][
remote.name].get('remember', False)):
return current_app.login_manager.unauthorized()
# Link account
# ------------
# Need to store token in database instead of only the session when
# called first time.
token = response_token_setter(remote, resp)
# Setup account
# -------------
if not token.remote_account.extra_data:
account_setup = handlers['setup'](token, resp)
account_setup_received.send(remote,
token=token,
response=resp,
account_setup=account_setup)
return redirect('/')
def authorized_signup_handler(resp, remote, *args, **kwargs):
"""Handle sign-in/up functionality.
This is needed as we don't use Flask Forms (for now), thus the default
function would fail.
"""
# Remove any previously stored auto register session key
session.pop(token_session_key(remote.name) + '_autoregister', None)
# Store token in session
# ----------------------
# Set token in session - token object only returned if
# current_user.is_autenticated().
token = response_token_setter(remote, resp)
handlers = current_oauthclient.signup_handlers[remote.name]
# Sign-in/up user
# ---------------
if not current_user.is_authenticated:
account_info = handlers['info'](resp)
account_info_received.send(
remote, token=token, response=resp, account_info=account_info
)
user = oauth_get_user(
remote.consumer_key,
account_info=account_info,
access_token=token_getter(remote)[0],
)
if user is None:
# Auto sign-up if user not found
user = oauth_register(account_info)
# Authenticate user
if not oauth_authenticate(remote.consumer_key, user,
require_existing_link=False):
return current_app.login_manager.unauthorized()
# Link account
# ------------
# Need to store token in database instead of only the session when
# called first time.
token = response_token_setter(remote, resp)
# Setup account
# -------------
if not token.remote_account.extra_data:
account_setup = handlers['setup'](token, resp)
account_setup_received.send(
remote, token=token, response=resp, account_setup=account_setup
)
return redirect('/')
def signup_handler(remote, *args, **kwargs):
"""Handle extra signup information.
:param remote: The remote application.
:returns: Redirect response or the template rendered.
"""
# User already authenticated so move on
if current_user.is_authenticated:
return redirect('/')
# Retrieve token from session
oauth_token = token_getter(remote)
if not oauth_token:
return redirect('/')
session_prefix = token_session_key(remote.name)
# Test to see if this is coming from on authorized request
if not session.get(session_prefix + '_autoregister', False):
return redirect(url_for('.login', remote_app=remote.name))
form = create_registrationform(request.form)
if form.validate_on_submit():
account_info = session.get(session_prefix + '_account_info')
response = session.get(session_prefix + '_response')
# Register user
user = oauth_register(form)
if user is None:
raise OAuthError('Could not create user.', remote)
# Remove session key
session.pop(session_prefix + '_autoregister', None)
# Link account and set session data
token = token_setter(remote,
oauth_token[0],
secret=oauth_token[1],
user=user)
handlers = current_oauthclient.signup_handlers[remote.name]
if token is None:
raise OAuthError('Could not create token for user.', remote)
if not token.remote_account.extra_data:
account_setup = handlers['setup'](token, response)
account_setup_received.send(remote,
token=token,
response=response,
account_setup=account_setup)
# Registration has been finished
db.session.commit()
account_setup_committed.send(remote, token=token)
else:
# Registration has been finished
db.session.commit()
# Authenticate the user
if not oauth_authenticate(
remote.consumer_key,
user,
require_existing_link=False,
remember=current_app.config['OAUTHCLIENT_REMOTE_APPS'][
remote.name].get('remember', False)):
# Redirect the user after registration (which doesn't include the
# activation), waiting for user to confirm his email.
return redirect('/')
# Remove account info from session
session.pop(session_prefix + '_account_info', None)
session.pop(session_prefix + '_response', None)
# Redirect to next
next_url = get_session_next_url(remote.name)
if next_url:
return redirect(next_url)
else:
return redirect('/')
# Pre-fill form
account_info = session.get(session_prefix + '_account_info')
if not form.is_submitted():
form = fill_form(form, account_info['user'])
return render_template(
current_app.config['OAUTHCLIENT_SIGNUP_TEMPLATE'],
form=form,
remote=remote,
app_title=current_app.config['OAUTHCLIENT_REMOTE_APPS'][
remote.name].get('title', ''),
app_description=current_app.config['OAUTHCLIENT_REMOTE_APPS'][
remote.name].get('description', ''),
app_icon=current_app.config['OAUTHCLIENT_REMOTE_APPS'][
remote.name].get('icon', None),
)
def authorized_signup_handler(resp, remote, *args, **kwargs):
"""Handle sign-in/up functionality.
:param remote: The remote application.
:param resp: The response.
:returns: Redirect response.
"""
# Remove any previously stored auto register session key
session.pop(token_session_key(remote.name) + '_autoregister', None)
# Store token in session
# ----------------------
# Set token in session - token object only returned if
# current_user.is_autenticated().
token = response_token_setter(remote, resp)
handlers = current_oauthclient.signup_handlers[remote.name]
# Sign-in/up user
# ---------------
if not current_user.is_authenticated:
account_info = handlers['info'](resp)
account_info_received.send(remote,
token=token,
response=resp,
account_info=account_info)
user = oauth_get_user(
remote.consumer_key,
account_info=account_info,
access_token=token_getter(remote)[0],
)
if user is None:
# Auto sign-up if user not found
form = create_csrf_disabled_registrationform()
form = fill_form(form, account_info['user'])
user = oauth_register(form)
# if registration fails ...
if user is None:
# requires extra information
session[token_session_key(remote.name) +
'_autoregister'] = True
session[token_session_key(remote.name) +
'_account_info'] = account_info
session[token_session_key(remote.name) + '_response'] = resp
db.session.commit()
return redirect('/')
# Authenticate user
if not oauth_authenticate(
remote.consumer_key, user, require_existing_link=False):
return current_app.login_manager.unauthorized()
# Link account
# ------------
# Need to store token in database instead of only the session when
# called first time.
token = response_token_setter(remote, resp)
# Setup account
# -------------
if not token.remote_account.extra_data:
account_setup = handlers['setup'](token, resp)
account_setup_received.send(remote,
token=token,
response=resp,
account_setup=account_setup)
db.session.commit()
account_setup_committed.send(remote, token=token)
else:
db.session.commit()
# Redirect to next
next_url = get_session_next_url(remote.name)
if next_url:
return redirect(next_url)
return redirect('/')
def authorized_handler(self, resp, remote, *args, **kwargs):
"""Handle sign-in functionality.
:param remote: The remote application.
:param resp: The response.
:returns: Redirect response.
"""
# Remove any previously stored auto register session key
session.pop(token_session_key(remote.name) + '_autoregister', None)
# Store token in session
# ----------------------
# Set token in session - token object only returned if
# current_user.is_autenticated().
token = response_token_setter(remote, resp)
handlers = current_oauthclient.signup_handlers[remote.name]
# Sign-in user
# ---------------
if not current_user.is_authenticated:
account_info = handlers['info'](resp)
account_info_received.send(remote,
token=token,
response=resp,
account_info=account_info)
user = oauth_get_user(
remote.consumer_key,
account_info=account_info,
access_token=token_getter(remote)[0],
)
# Make sure that external identity either matches
# or is not yet created (gets created on first oidc login)
extid = _get_external_id(account_info)
user_identity: UserIdentity = UserIdentity.query.filter_by(
id=extid['id'], method=extid['method']).first()
if user_identity and user_identity.id != extid['id']:
abort(401)
if user is None:
abort(403)
# Authenticate user
if not oauth_authenticate(
remote.consumer_key, user, require_existing_link=False):
return current_app.login_manager.unauthorized()
# Link account
# ------------
# Need to store token in database instead of only the session when
# called first time.
token = response_token_setter(remote, resp)
# Setup account
# -------------
if not token.remote_account.extra_data:
account_setup = handlers['setup'](token, resp)
account_setup_received.send(remote,
token=token,
response=resp,
account_setup=account_setup)
db.session.commit()
account_setup_committed.send(remote, token=token)
else:
db.session.commit()
# Redirect to next
next_url = get_session_next_url(remote.name)
if next_url:
return redirect(next_url)
return redirect(url_for('invenio_oauthclient_settings.index'))
def signup_handler(remote, *args, **kwargs):
"""Handle extra signup information.
:param remote: The remote application.
:returns: Redirect response or the template rendered.
"""
# User already authenticated so move on
if current_user.is_authenticated:
return redirect('/')
# Retrieve token from session
oauth_token = token_getter(remote)
if not oauth_token:
return redirect('/')
session_prefix = token_session_key(remote.name)
# Test to see if this is coming from on authorized request
if not session.get(session_prefix + '_autoregister', False):
return redirect(url_for('.login', remote_app=remote.name))
form = create_registrationform(request.form)
if form.validate_on_submit():
account_info = session.get(session_prefix + '_account_info')
response = session.get(session_prefix + '_response')
# Register user
user = oauth_register(form)
if user is None:
raise OAuthError('Could not create user.', remote)
# Remove session key
session.pop(session_prefix + '_autoregister', None)
# Link account and set session data
token = token_setter(remote, oauth_token[0], secret=oauth_token[1],
user=user)
handlers = current_oauthclient.signup_handlers[remote.name]
if token is None:
raise OAuthError('Could not create token for user.', remote)
if not token.remote_account.extra_data:
account_setup = handlers['setup'](token, response)
account_setup_received.send(
remote, token=token, response=response,
account_setup=account_setup
)
# Registration has been finished
db.session.commit()
account_setup_committed.send(remote, token=token)
else:
# Registration has been finished
db.session.commit()
# Authenticate the user
if not oauth_authenticate(remote.consumer_key, user,
require_existing_link=False,
remember=current_app.config[
'OAUTHCLIENT_REMOTE_APPS']
[remote.name].get('remember', False)):
# Redirect the user after registration (which doesn't include the
# activation), waiting for user to confirm his email.
return redirect('/')
# Remove account info from session
session.pop(session_prefix + '_account_info', None)
session.pop(session_prefix + '_response', None)
# Redirect to next
next_url = get_session_next_url(remote.name)
if next_url:
return redirect(next_url)
else:
return redirect('/')
# Pre-fill form
account_info = session.get(session_prefix + '_account_info')
if not form.is_submitted():
form = fill_form(form, account_info['user'])
return render_template(
current_app.config['OAUTHCLIENT_SIGNUP_TEMPLATE'],
form=form,
remote=remote,
app_title=current_app.config['OAUTHCLIENT_REMOTE_APPS'][
remote.name].get('title', ''),
app_description=current_app.config['OAUTHCLIENT_REMOTE_APPS'][
remote.name].get('description', ''),
app_icon=current_app.config['OAUTHCLIENT_REMOTE_APPS'][
remote.name].get('icon', None),
)
def authorized_signup_handler(resp, remote, *args, **kwargs):
"""Handle sign-in/up functionality.
:param remote: The remote application.
:param resp: The response.
:returns: Redirect response.
"""
# Remove any previously stored auto register session key
session.pop(token_session_key(remote.name) + '_autoregister', None)
# Store token in session
# ----------------------
# Set token in session - token object only returned if
# current_user.is_autenticated().
token = response_token_setter(remote, resp)
handlers = current_oauthclient.signup_handlers[remote.name]
# Sign-in/up user
# ---------------
if not current_user.is_authenticated:
account_info = handlers['info'](resp)
account_info_received.send(
remote, token=token, response=resp, account_info=account_info
)
user = oauth_get_user(
remote.consumer_key,
account_info=account_info,
access_token=token_getter(remote)[0],
)
if user is None:
# Auto sign-up if user not found
form = create_csrf_disabled_registrationform()
form = fill_form(
form,
account_info['user']
)
user = oauth_register(form)
# if registration fails ...
if user is None:
# requires extra information
session[
token_session_key(remote.name) + '_autoregister'] = True
session[token_session_key(remote.name) +
'_account_info'] = account_info
session[token_session_key(remote.name) +
'_response'] = resp
db.session.commit()
return redirect('/')
# Authenticate user
if not oauth_authenticate(remote.consumer_key, user,
require_existing_link=False):
return current_app.login_manager.unauthorized()
# Link account
# ------------
# Need to store token in database instead of only the session when
# called first time.
token = response_token_setter(remote, resp)
# Setup account
# -------------
if not token.remote_account.extra_data:
account_setup = handlers['setup'](token, resp)
account_setup_received.send(
remote, token=token, response=resp, account_setup=account_setup
)
db.session.commit()
account_setup_committed.send(remote, token=token)
else:
db.session.commit()
# Redirect to next
next_url = get_session_next_url(remote.name)
if next_url:
return redirect(next_url)
return redirect('/')
def authorized_signup_handler(resp, remote, *args, **kwargs):
"""Handle sign-in/up functionality.
:param remote: The remote application.
:param resp: The response.
:returns: Redirect response.
"""
# Remove any previously stored auto register session key
session.pop(token_session_key(remote.name) + '_autoregister', None)
# Store token in session
# ----------------------
# Set token in session - token object only returned if
# current_user.is_autenticated().
token = response_token_setter(remote, resp)
handlers = current_oauthclient.signup_handlers[remote.name]
# Sign-in/up user
# ---------------
if not current_user.is_authenticated:
account_info = handlers['info'](resp)
account_info_received.send(remote,
token=token,
response=resp,
account_info=account_info)
user = oauth_get_user(
remote.consumer_key,
account_info=account_info,
access_token=token_getter(remote)[0],
)
if user is None:
# Auto sign-up if user not found
form = create_csrf_disabled_registrationform()
form = fill_form(form, account_info['user'])
user = oauth_register(form)
# if registration fails ...
if user is None:
# requires extra information
session[token_session_key(remote.name) +
'_autoregister'] = True
session[token_session_key(remote.name) +
'_account_info'] = account_info
session[token_session_key(remote.name) + '_response'] = resp
db.session.commit()
return render_template(
current_app.config['AUTHENTICATION_POPUP_TEMPLATE'],
msg='Registration to the service failed.'), 400
# Authenticate user
if not oauth_authenticate(
remote.consumer_key, user, require_existing_link=False):
return render_template(
current_app.
config['AUTHENTICATION_POPUP__NO_REDIRECT_TEMPLATE'],
msg='Error: Unauthorized user.'), 401
# Link account
# ------------
# Need to store token in database instead of only the session when
# called first time.
token = response_token_setter(remote, resp)
# Setup account
# -------------
if not token.remote_account.extra_data:
account_setup = handlers['setup'](token, resp)
account_setup_received.send(remote,
token=token,
response=resp,
account_setup=account_setup)
db.session.commit()
account_setup_committed.send(remote, token=token)
else:
db.session.commit()
return render_template(current_app.config['AUTHENTICATION_POPUP_TEMPLATE'],
msg='Account linked successfully.'), 200