def add_user_auth(self, node_addon, user, external_account_id):
external_account = ExternalAccount.load(external_account_id)
if external_account not in user.external_accounts:
raise HTTPError(http.FORBIDDEN)
try:
node_addon.set_auth(external_account, user)
except PermissionsError:
raise HTTPError(http.FORBIDDEN)
node = node_addon.owner
node.add_log(
action='dataverse_node_authorized',
params={
'project': node.parent_id,
'node': node._id,
},
auth=Auth(user=user),
)
result = self.serializer(
node_settings=node_addon,
user_settings=user.get_addon('dataverse'),
).serialized_node_settings
return {'result': result}
def get_account_or_error(self, addon_name, external_account_id, auth):
external_account = ExternalAccount.load(external_account_id)
if not external_account:
raise exceptions.NotFound('Unable to find requested account.')
if external_account not in auth.user.external_accounts:
raise exceptions.PermissionDenied('Requested action requires account ownership.')
if external_account.provider != addon_name:
raise Conflict('Cannot authorize the {} addon with an account for {}'.format(addon_name, external_account.provider))
return external_account
def get_account_or_error(self, addon_name, external_account_id, auth):
external_account = ExternalAccount.load(external_account_id)
if not external_account:
raise exceptions.NotFound('Unable to find requested account.')
if external_account not in auth.user.external_accounts:
raise exceptions.PermissionDenied('Requested action requires account ownership.')
if external_account.provider != addon_name:
raise Conflict('Cannot authorize the {} addon with an account for {}'.format(addon_name, external_account.provider))
return external_account
def add_user_auth(self, node_addon, user, external_account_id):
external_account = ExternalAccount.load(external_account_id)
if external_account not in user.external_accounts:
raise HTTPError(http.FORBIDDEN)
try:
node_addon.set_auth(external_account, user)
except PermissionsError:
raise HTTPError(http.FORBIDDEN)
result = self.serialize_settings(node_addon, user)
return {'result': result}
def add_user_auth(self, node_addon, user, external_account_id):
external_account = ExternalAccount.load(external_account_id)
if external_account not in user.external_accounts:
raise HTTPError(http.FORBIDDEN)
try:
node_addon.set_auth(external_account, user)
except PermissionsError:
raise HTTPError(http.FORBIDDEN)
result = self.serializer(
node_settings=node_addon,
user_settings=user.get_addon(self.provider_name),
).serialized_node_settings
return {'result': result}
def add_user_auth(self, node_addon, user, external_account_id):
external_account = ExternalAccount.load(external_account_id)
if external_account not in user.external_accounts:
raise HTTPError(http.FORBIDDEN)
try:
node_addon.set_auth(external_account, user)
except PermissionsError:
raise HTTPError(http.FORBIDDEN)
result = self.serializer(
node_settings=node_addon,
user_settings=user.get_addon(self.provider_name),
).serialized_node_settings
result['validCredentials'] = self.check_credentials(node_addon)
return {'result': result}
def oauth_disconnect(external_account_id, auth):
account = ExternalAccount.load(external_account_id)
user = auth.user
if account is None:
HTTPError(http.NOT_FOUND)
if account not in user.external_accounts:
HTTPError(http.FORBIDDEN)
# iterate AddonUserSettings for addons
for user_settings in user.get_oauth_addons():
user_settings.revoke_oauth_access(account)
user_settings.save()
# ExternalAccount.remove_one(account)
# # only after all addons have been dealt with can we remove it from the user
user.external_accounts.remove(account)
user.save()
def add_user_auth(self, node_addon, user, external_account_id):
"""Adds authorization to a node
if the user has authorization to grant"""
external_account = ExternalAccount.load(external_account_id)
if external_account not in user.external_accounts:
raise HTTPError(http.FORBIDDEN)
try:
node_addon.set_auth(external_account, user)
except PermissionsError:
raise HTTPError(http.FORBIDDEN)
result = self.serializer(
node_settings=node_addon,
user_settings=user.get_addon(self.provider_name),
).serialized_node_settings
result['validCredentials'] = self.check_credentials(node_addon)
return {'result': result}
def creds_are_valid(ea_id):
logger.warn('Validating credentials for externalaccount {}'.format(ea_id))
ea = ExternalAccount.load(ea_id)
if ea.provider == 'github':
try:
GitHubClient(external_account=ea).user()
except (GitHubError, IndexError):
logger.info('Invalid creds: {}'.format(ea_id))
return False
elif ea.provider == 'dropbox':
try:
DropboxClient(ea.oauth_key).account_info()
except (ValueError, IndexError, ErrorResponse):
logger.info('Invalid creds: {}'.format(ea_id))
return False
else:
raise Exception('Unexpected provider: {}'.format(ea.provider))
logger.info('Valid creds: {}'.format(ea_id))
return True
def oauth_disconnect(external_account_id, auth):
account = ExternalAccount.load(external_account_id)
user = auth.user
if account is None:
HTTPError(http.NOT_FOUND)
if account not in user.external_accounts:
HTTPError(http.FORBIDDEN)
# iterate AddonUserSettings for addons
for user_settings in user.get_oauth_addons():
user_settings.revoke_oauth_access(account)
user_settings.save()
# ExternalAccount.remove_one(account)
# # only after all addons have been dealt with can we remove it from the user
user.external_accounts.remove(account)
user.save()
def googledrive_import_user_auth(auth, node_addon, **kwargs):
""" Import googledrive credentials from the currently logged-in user to a node.
"""
user = auth.user
external_account_id = request.get_json().get('external_account_id')
external_account = ExternalAccount.load(external_account_id)
if external_account not in user.external_accounts:
raise HTTPError(http.FORBIDDEN)
try:
node_addon.set_auth(external_account, user)
except PermissionsError:
raise HTTPError(http.FORBIDDEN)
result = GoogleDriveSerializer(
node_settings=node_addon,
user_settings=user.get_addon('googledrive'),
).serialize_settings(node_addon, user)
return result
def creds_are_valid(ea_id):
logger.warn('Validating credentials for externalaccount {}'.format(ea_id))
ea = ExternalAccount.load(ea_id)
if ea.provider == 'github':
try:
GitHubClient(external_account=ea).user()
except (GitHubError, IndexError):
logger.info('Invalid creds: {}'.format(ea_id))
return False
elif ea.provider == 'dropbox':
try:
DropboxClient(ea.oauth_key).account_info()
except (ValueError, IndexError, ErrorResponse):
logger.info('Invalid creds: {}'.format(ea_id))
return False
else:
raise Exception('Unexpected provider: {}'.format(ea.provider))
logger.info('Valid creds: {}'.format(ea_id))
return True
def _import_auth(auth, node_addon, user_addon, **kwargs):
"""Import add-on credentials from the currently logged-in user to a node.
"""
external_account = ExternalAccount.load(
request.json['external_account_id'])
if external_account not in user_addon.external_accounts:
raise HTTPError(http.FORBIDDEN)
try:
node_addon.set_auth(external_account, user_addon.owner)
except PermissionsError:
raise HTTPError(http.FORBIDDEN)
node_addon.save()
return {
'result': Serializer().serialize_settings(node_addon, auth.user),
'message': 'Successfully imported access token from profile.',
}
def oauth_disconnect(external_account_id, auth):
account = ExternalAccount.load(external_account_id)
user = auth.user
if account is None:
raise HTTPError(http.NOT_FOUND)
if not user.external_accounts.filter(id=account.id).exists():
raise HTTPError(http.FORBIDDEN)
# iterate AddonUserSettings for addons
for user_settings in user.get_oauth_addons():
if user_settings.oauth_provider.short_name == account.provider:
user_settings.revoke_oauth_access(account)
user_settings.save()
# ExternalAccount.remove_one(account)
# # only after all addons have been dealt with can we remove it from the user
user.external_accounts.remove(account)
user.save()
def _import_auth(auth, node_addon, user_addon, **kwargs):
"""Import add-on credentials from the currently logged-in user to a node.
"""
external_account = ExternalAccount.load(
request.json['external_account_id']
)
if external_account not in user_addon.external_accounts:
raise HTTPError(http.FORBIDDEN)
try:
node_addon.set_auth(external_account, user_addon.owner)
except PermissionsError:
raise HTTPError(http.FORBIDDEN)
node_addon.save()
return {
'result': Serializer().serialize_settings(node_addon, auth.user),
'message': 'Successfully imported access token from profile.',
}
