示例#1
0
    def get_google_login_url(self,
                             oauth_redirect_uri=None,
                             redirect_to_after_oauth=None):
        if not oauth_redirect_uri:
            oauth_redirect_uri = '%s%s' % (
                'http://localhost:9095' if self.request.host.startswith(
                    'localhost') else self.request.host_url.replace(
                        'http://', 'https://'), '/_/auth/oauth2_callback')

        if not redirect_to_after_oauth:
            redirect_to_after_oauth = 'http://localhost:5007' if self.request.host.startswith(
                'localhost') else '/'

        self.session['redirect_to_after_oauth'] = str(redirect_to_after_oauth)

        # http://oauth2client.readthedocs.io/en/latest/source/oauth2client.client.html
        flow = flow_from_clientsecrets(
            get_path_to_oauth_secrets(),
            scope='https://www.googleapis.com/auth/userinfo.email',
            redirect_uri=oauth_redirect_uri)

        self.session['pickled_oauth_flow'] = pickle.dumps(flow)
        self.session['oauth_state'] = utils.generate_secret(32)
        try:
            return str(
                flow.step1_get_authorize_url(
                    state=self.session['oauth_state']))
        except TypeError:
            # TODO: Fix breakage only appearing in tests.
            return str(flow.step1_get_authorize_url())
示例#2
0
    def dispatch(self):
        if self.request.host == 'dev.trot.to':
            if not users.get_current_user():
                self.redirect(users.create_login_url('/'))
                return
            elif not users.is_current_user_admin():
                self.abort(403)

        self.is_local_env = not os.getenv('SERVER_SOFTWARE',
                                          '').startswith('Google App Engine/')

        # Get a session store for this request.
        self.session_store = sessions.get_store(request=self.request)

        self.login_error = None

        self.user_email = None
        self.user = None

        if not self.user_email:
            self.user_email = self.session.get('user_email')
            self.user_org = get_organization_id_for_email(
                self.user_email) if self.user_email else None

        if not self.user_email:
            self.attempt_auth_by_emailed_link()

        if not self.user_email and env.current_env_is_local():
            self.attempt_auth_by_user_header()

        self.session['already_accepted_terms'] = False
        if self.user_email:
            self.user = get_or_create_user(self.user_email, self.user_org)
            self.session[
                'already_accepted_terms'] = not not self.user.accepted_terms_at

            if not self.session.get('csrf_token'):
                self.session['csrf_token'] = utils.generate_secret(32)

        try:
            self.redirect_to = None
            self.check_authorization()

            if self.redirect_to:
                self.response.write(
                    json.dumps({'redirect_to': self.redirect_to}))
                return

            # Dispatch the request.
            webapp2.RequestHandler.dispatch(self)
        finally:
            # Save all sessions, IFF secure connection
            if self.request.scheme == 'https' or self.is_local_env:
                self.session_store.save_sessions(self.response)
示例#3
0
def send_login_email(request_source_url, email):
    if not validate_email(email):
        raise LoginEmailException('Please provide a valid email address')

    email_login_link_object = models.EmailLoginLink(
        email=email, secret=utils.generate_secret(32))
    email_login_link_object.put()

    html_template = JINJA_ENVIRONMENT.get_template(
        'auth/login_link_email.html')
    txt_template = JINJA_ENVIRONMENT.get_template('auth/login_link_email.txt')

    if '/play_queued_request' in request_source_url:
        emailed_url = request_source_url
    else:
        scheme, remainder = request_source_url.split('://')
        emailed_url = '%s://%s/_/auth/email_callback' % (
            scheme, remainder.split('/')[0])

    login_url = '%s?%s' % (emailed_url,
                           urllib.urlencode({
                               'e': email,
                               's': email_login_link_object.secret
                           }))

    html = html_template.render({'login_url': login_url})
    text = txt_template.render({'login_url': login_url})

    email_data = {
        'recipient_email': email,
        'subject': 'Log in to Trotto',
        'plaintext': text,
        'html': html
    }

    deferred.defer(email_helper.send_email, email_data)
示例#4
0
            os.path.join(os.path.dirname(os.path.realpath(__file__)),
                         'src/config/client_secrets.json')):
        print(
            '\nTo deploy to App Engine, you must include a src/config/client_secrets.json. For guidance, see'
            ' https://github.com/trotto/go-links#obtain-oauth-client-credentials.'
        )

        sys.exit(1)


if __name__ == "__main__":
    secrets = get_secrets(False) or {}

    if 'sessions_secret' not in secrets:
        user_input = raw_input(
            "You don't yet have a sessions secret, so one will be created for you and stored"
            " in src/config/secrets.yaml. Be sure to store this secret somewhere safe."
            " Hit Enter to continue. ")
        print('\n')

        secrets['sessions_secret'] = generate_secret(64)

    if 'app_id' not in secrets:
        secrets['app_id'] = raw_input("What's your App Engine app ID? ")

    _write_secrets(secrets)

    _check_for_client_secrets()

    os.environ['TROTTO_APP_ID'] = secrets['app_id']