示例#1
0
def check_user_has_role(role, raise_forbidden=True):
    u = logged_in_user()
    if auth_db.UserRole.has_role(u, role):
        return True
    if raise_forbidden:
        util.raise_forbidden('uid={} role={} not found'.format(u, role))
    return False
示例#2
0
文件: github.py 项目: yeeon/sirepo 
def api_authGithubAuthorized():
    """Handle a callback from a successful OAUTH request.

    Tracks oauth users in a database.
    """
    # clear temporary cookie values first
    expect = cookie.unchecked_remove(_COOKIE_NONCE) or '<missing-nonce>'
    t = cookie.unchecked_remove(_COOKIE_SIM_TYPE)
    oc = _oauth_client()
    resp = oc.authorized_response()
    if not resp:
        util.raise_forbidden('missing oauth response')
    got = flask.request.args.get('state', '<missing-state>')
    if expect != got:
        pkdlog(
            'mismatch oauth state: expected {} != got {}',
            expect,
            got,
        )
        return auth.login_fail_redirect(t, this_module, 'oauth-state')
    d = oc.get('user', token=(resp['access_token'], '')).data
    with auth_db.thread_lock:
        u = AuthGithubUser.search_by(oauth_id=d['id'])
        if u:
            # always update user_name
            u.user_name = d['login']
        else:
            u = AuthGithubUser(oauth_id=d['id'], user_name=d['login'])
        u.save()
        return auth.login(
            this_module,
            model=u,
            sim_type=t,
            data=d,
        )
示例#3
0
文件: __init__.py 项目: ahebnl/Sirepo 
def check_user_has_role(role, raise_forbidden=True):
    u = _get_user()
    with auth_db.thread_lock:
        if sirepo.auth_db.UserRole.search_by(role=role, uid=u):
            return True
    if raise_forbidden:
        util.raise_forbidden('uid={} role={} not found'.format(u, role))
    return False
示例#4
0
文件: oauth.py 项目: e-carlin/sirepo 
def authorized_callback(oauth_type):
    """Handle a callback from a successful OAUTH request. Tracks oauth
    users in a database.
    """
    oc = _oauth_client(oauth_type)
    resp = oc.authorized_response()
    if not resp:
        util.raise_forbidden('missing oauth response')
    state = _remove_cookie_key(_COOKIE_NONCE)
    if state != flask.request.args.get('state', ''):
        util.raise_forbidden(
            'mismatch oauth state: {} != {}',
            state,
            flask.request.args.get('state'),
        )
    # fields: id, login, name
    user_data = oc.get('user', token=(resp['access_token'], '')).data
    user = _update_database(user_data, oauth_type)
    _update_session(_LOGGED_IN, user.user_name)
    return server.javascript_redirect(_remove_cookie_key(_COOKIE_NEXT))
示例#5
0
def authorized_callback(oauth_type):
    """Handle a callback from a successful OAUTH request. Tracks oauth
    users in a database.
    """
    oc = _oauth_client(oauth_type)
    resp = oc.authorized_response()
    if not resp:
        util.raise_forbidden('missing oauth response')
    state = _remove_cookie_key(_COOKIE_NONCE)
    if state != flask.request.args.get('state', ''):
        util.raise_forbidden(
            'mismatch oauth state: {} != {}',
            state,
            flask.request.args.get('state'),
        )
    # fields: id, login, name
    user_data = oc.get('user', token=(resp['access_token'], '')).data
    user = _update_database(user_data, oauth_type)
    _update_session(_LOGGED_IN, user.user_name)
    return server.javascript_redirect(_remove_cookie_key(_COOKIE_NEXT))