def _handle_callback(self, auth, get_vars):
data = self.callback(get_vars)
if not data:
abort(401)
error = data.get("error")
if error:
if isinstance(error, str):
code, msg = 401, error
else:
code = error.get("code", 401)
msg = error.get("message", "Unknown error")
abort(code, msg)
if auth.db:
# map returned fields into auth_user fields
user = {}
for key, value in self.maps.items():
value, parts = data, value.split(".")
for part in parts:
value = value[int(part) if part.isdigit() else part]
user[key] = value
user["sso_id"] = "%s:%s" % (self.name, user["sso_id"])
if not "username" in user:
user["username"] = user["sso_id"]
# store or retrieve the user
data = auth.get_or_register_user(user)
else:
# WIP Allow login without DB
if not "id" in data:
data["id"] = data.get("username") or data.get("email")
user_id = data.get("id")
auth.store_user_in_session(user_id)
redirect(URL("index"))
def handle_request(self, auth, path, get_vars, post_vars):
if path == 'login':
# WIP
client_id = request.get('client_id')
info = {} # retrieve the user info upon login
code = jwt.encode(info, self.secret + client_id, algorithm='HS256')
elif path == 'callback':
db = self.auth.db
code = get_vars.get('code'),
client_id = get_vars.get('client_id'),
client_secret = get_vars.get('client_secret'),
redirect_uri = get_vars.get('callback_url'),
grant_type = get_vars.get('grant_type')
if (not grant_type == 'authorization_code'
or not hashlib.sha1(client_secret).hexdigest() == client_id
or
not db(db.oauth2.client_secret == client_secret).count()):
abort(404)
info = jwt.decode(code,
self.secret + client_id,
algorithms=['HS256'])
access_token = jwt.encode(info, self.secret, algorithm='HS256')
return dict(access_token=access_token)
elif path == 'profile':
access_token = request.environ.get('HTTP_AUTHORIZATION', '')[7:]
info = jwt.decode(access_token, self.secret, algorithms=['HS256'])
return info
else:
abort(404)
def handle_request(self, auth, path, get_vars, post_vars):
if path == "login":
redirect(self.get_login_url())
elif path == "callback":
self._handle_callback(auth, get_vars)
else:
abort(404)
def handle_request(self, auth, path, get_vars, post_vars):
if path == "login":
# WIP
client_id = request.get("client_id")
info = {} # retrieve the user info upon login
code = jwt.encode(info, self.secret + client_id, algorithm="HS256")
elif path == "callback":
db = self.auth.db
code = (get_vars.get("code"), )
client_id = (get_vars.get("client_id"), )
client_secret = (get_vars.get("client_secret"), )
redirect_uri = (get_vars.get("callback_url"), )
grant_type = get_vars.get("grant_type")
if (not grant_type == "authorization_code"
or not hashlib.sha1(client_secret).hexdigest() == client_id
or
not db(db.oauth2.client_secret == client_secret).count()):
abort(404)
info = jwt.decode(code,
self.secret + client_id,
algorithms=["HS256"])
access_token = jwt.encode(info, self.secret, algorithm="HS256")
return dict(access_token=access_token)
elif path == "profile":
access_token = request.environ.get("HTTP_AUTHORIZATION", "")[7:]
info = jwt.decode(access_token,
self.secret,
algorithms=self.algorithms)
return info
else:
abort(404)
def handle_request(self, auth, path, get_vars, post_vars):
if path == "login":
self.next = request.query.get('next') or URL('index')
redirect(self.get_login_url())
elif path == "callback":
self._handle_callback(auth, get_vars)
else:
abort(404)
def handle_request(self, auth, path, get_vars, post_vars):
if path == "login":
auth.session["_next"] = request.query.get("next") or URL("index")
redirect(self.get_login_url())
elif path == "callback":
self._handle_callback(auth, get_vars)
else:
abort(404)
def _handle_callback(self, auth, get_vars):
data = self.callback(get_vars)
if not data or 'error' in data:
abort(401)
if auth.db:
# map returned fields into auth_user fields
user = {}
for key, value in self.maps.items():
value, parts = data, value.split('.')
for part in parts:
value = value[int(part) if part.isdigit() else part]
user[key] = value
user['sso_id'] = '%s:%s' % (self.name, user['sso_id'])
# store or retrieve the user
data = auth.get_or_register_user(user)
else:
# WIP Allow login without DB
if not 'id' in data:
data['id'] = data.get('username') or data.get('email')
auth.session['user'] = data
redirect(URL('index'))
def _handle_callback(self, auth, get_vars):
data = self.callback(get_vars)
if not data or "error" in data:
abort(401)
if auth.db:
# map returned fields into auth_user fields
user = {}
for key, value in self.maps.items():
value, parts = data, value.split(".")
for part in parts:
value = value[int(part) if part.isdigit() else part]
user[key] = value
user["sso_id"] = "%s:%s" % (self.name, user["sso_id"])
# store or retrieve the user
data = auth.get_or_register_user(user)
else:
# WIP Allow login without DB
if not "id" in data:
data["id"] = data.get("username") or data.get("email")
auth.session["user"] = data
redirect(URL("index"))
