realms-wiki/realms/modules/auth/oauth/models.py

from flask import session
from flask_login import login_user
from flask_oauthlib.client import OAuth

from realms import config
from ..models import BaseUser

config = config.conf

oauth = OAuth()

users = {}

providers = {
    'twitter': {
        'oauth': dict(
            base_url='https://api.twitter.com/1.1/',
            request_token_url='https://api.twitter.com/oauth/request_token',
            access_token_url='https://api.twitter.com/oauth/access_token',
            authorize_url='https://api.twitter.com/oauth/authenticate',
            access_token_method='GET'),
        'button': '<a href="/login/oauth/twitter" class="btn btn-twitter"><i class="fa fa-twitter"></i></a>',
        'profile': None,
        'field_map': {
            'id': 'user_id',
            'username': 'screen_name'
        },
        'token_name': 'oauth_token'
    },
    'github': {
        'oauth': dict(
            request_token_params={'scope': 'user:email'},
            base_url='https://api.github.com/',
            request_token_url=None,
            access_token_method='POST',
            access_token_url='https://github.com/login/oauth/access_token',
            authorize_url='https://github.com/login/oauth/authorize'),
        'button': '<a href="/login/oauth/github" class="btn btn-github"><i class="fa fa-github"></i></a>',
        'profile': 'user',
        'field_map': {
            'id': 'id',
            'username': 'login',
            'email': lambda(data): data.get('email') or data['login'] + '@users.noreply.github.com'
        },
        'token_name': 'access_token'
    },
    'facebook': {
        'oauth': dict(
            request_token_params={'scope': 'email'},
            base_url='https://graph.facebook.com',
            request_token_url=None,
            access_token_url='/oauth/access_token',
            access_token_method='GET',
            authorize_url='https://www.facebook.com/dialog/oauth'
        ),
        'button': '<a href="/login/oauth/facebook" class="btn btn-facebook"><i class="fa fa-facebook"></i></a>',
        'profile': '/me',
        'field_map': {
            'id': 'id',
            'username': 'name',
            'email': 'email'
        },
        'token_name': 'access_token'
    },
    'google': {
        'oauth': dict(
            request_token_params={
                'scope': 'https://www.googleapis.com/auth/userinfo.email'
            },
            base_url='https://www.googleapis.com/oauth2/v1/',
            request_token_url=None,
            access_token_method='POST',
            access_token_url='https://accounts.google.com/o/oauth2/token',
            authorize_url='https://accounts.google.com/o/oauth2/auth',
        ),
        'button': '<a href="/login/oauth/google" class="btn btn-google"><i class="fa fa-google"></i></a>',
        'profile': 'userinfo',
        'field_map': {
            'id': 'id',
            'username': 'name',
            'email': 'email'
        },
        'token_name': 'access_token'
    }
}


class User(BaseUser):
    type = 'oauth'
    provider = None

    def __init__(self, provider, user_id, username=None, token=None, email=None):
        self.provider = provider
        self.username = username
        self.email = email
        self.id = user_id
        self.token = token
        self.auth_id = "%s-%s" % (provider, username)

    @property
    def auth_token_id(self):
        return self.token

    @staticmethod
    def load_user(*args, **kwargs):
        return User.get_by_id(args[0])

    @staticmethod
    def get_by_id(user_id):
        return users.get(user_id)

    @staticmethod
    def auth(provider, data, oauth_token):
        field_map = providers.get(provider).get('field_map')
        if not field_map:
            raise NotImplementedError

        def get_value(d, key):
            if isinstance(key, basestring):
                return d.get(key)
            elif callable(key):
                return key(d)
            # key should be list here
            val = d.get(key.pop(0))
            if len(key) == 0:
                # if empty we have our value
                return val
            # keep digging
            return get_value(val, key)

        fields = {}
        for k, v in field_map.items():
            fields[k] = get_value(data, v)

        user = User(provider, fields['id'], username=fields.get('username'), email=fields.get('email'),
                    token=User.hash_password(oauth_token))
        users[user.auth_id] = user

        if user:
            login_user(user, remember=True)
            return True
        else:
            return False

    @classmethod
    def get_app(cls, provider):
        if oauth.remote_apps.get(provider):
            return oauth.remote_apps.get(provider)
        app = oauth.remote_app(
            provider,
            consumer_key=config.OAUTH.get(provider, {}).get('key'),
            consumer_secret=config.OAUTH.get(provider, {}).get(
                'secret'),
            **providers[provider]['oauth'])
        app.tokengetter(lambda: session.get(provider + "_token"))
        return app

    @classmethod
    def get_provider_value(cls, provider, key):
        return providers.get(provider, {}).get(key)

    @classmethod
    def get_token(cls, provider, resp):
        return resp.get(cls.get_provider_value(provider, 'token_name'))

    def get_id(self):
        return unicode("%s/%s" % (self.type, self.auth_id))

    @staticmethod
    def login_form():
        buttons = []
        for name, val in providers.items():
            if not config.OAUTH.get(name, {}).get('key') or not config.OAUTH.get(name, {}).get('secret'):
                continue
            buttons.append(val.get('button'))

        return "<h3>Social Login</h3>" + " ".join(buttons)
define tokegetter 2015-11-14 00:55:42 +02:00			`from flask import session`
oauth work 2015-10-16 01:36:47 +03:00			`from flask_login import login_user`
first pass, non-working 2015-10-14 06:52:30 +03:00			`from flask_oauthlib.client import OAuth`
oauth work 2015-10-16 01:36:47 +03:00
first pass, non-working 2015-10-14 06:52:30 +03:00			`from realms import config`
			`from ..models import BaseUser`

Use properties in config for pass-through compat vars Strings are immutable, so when one variable changes the other will not, as such there is variance on config load between variables that should be the the value of another variable. To solve that I've moved the config into a class and made those values read-only properties to the loaded values. Closes: #137 #138 2016-06-02 10:39:12 +03:00			`config = config.conf`

first pass, non-working 2015-10-14 06:52:30 +03:00			`oauth = OAuth()`

2nd pass on oauth, making more generic 2015-10-15 07:08:56 +03:00			`users = {}`
first pass, non-working 2015-10-14 06:52:30 +03:00
2nd pass on oauth, making more generic 2015-10-15 07:08:56 +03:00			`providers = {`
			`'twitter': {`
			`'oauth': dict(`
oauth work 2015-10-16 01:36:47 +03:00			`base_url='https://api.twitter.com/1.1/',`
ldap first pass 2015-10-15 01:36:22 +03:00			`request_token_url='https://api.twitter.com/oauth/request_token',`
			`access_token_url='https://api.twitter.com/oauth/access_token',`
oauth work 2015-10-16 01:36:47 +03:00			`authorize_url='https://api.twitter.com/oauth/authenticate',`
			`access_token_method='GET'),`
Clean up OAuth buttons 2015-11-23 01:13:59 +02:00			`'button': '<a href="/login/oauth/twitter" class="btn btn-twitter"><i class="fa fa-twitter"></i></a>',`
get oauth data from providers 2015-11-13 01:19:26 +02:00			`'profile': None,`
add more oauth providers, really authenticate 2015-10-22 01:34:20 +03:00			`'field_map': {`
oauth field map to include lists to access nested response dicts oauth authorize callback to use absolute url, needed by Facebook 2015-10-26 23:47:32 +02:00			`'id': 'user_id',`
add more oauth providers, really authenticate 2015-10-22 01:34:20 +03:00			`'username': 'screen_name'`
get oauth data from providers 2015-11-13 01:19:26 +02:00			`},`
			`'token_name': 'oauth_token'`
add github support, fix redirect on oauth 2015-10-21 17:09:42 +03:00			`},`
			`'github': {`
			`'oauth': dict(`
			`request_token_params={'scope': 'user:email'},`
			`base_url='https://api.github.com/',`
			`request_token_url=None,`
			`access_token_method='POST',`
			`access_token_url='https://github.com/login/oauth/access_token',`
			`authorize_url='https://github.com/login/oauth/authorize'),`
Clean up OAuth buttons 2015-11-23 01:13:59 +02:00			`'button': '<a href="/login/oauth/github" class="btn btn-github"><i class="fa fa-github"></i></a>',`
get oauth data from providers 2015-11-13 01:19:26 +02:00			`'profile': 'user',`
oauth field map to include lists to access nested response dicts oauth authorize callback to use absolute url, needed by Facebook 2015-10-26 23:47:32 +02:00			`'field_map': {`
change github fieldmap define tokengetter for each provider 2015-11-14 01:25:55 +02:00			`'id': 'id',`
			`'username': 'login',`
Use github's anonymous email standin when github auth user has email as private 2016-07-14 05:47:24 +03:00			`'email': lambda(data): data.get('email') or data['login'] + '@users.noreply.github.com'`
get oauth data from providers 2015-11-13 01:19:26 +02:00			`},`
			`'token_name': 'access_token'`
add more oauth providers, really authenticate 2015-10-22 01:34:20 +03:00			`},`
			`'facebook': {`
			`'oauth': dict(`
			`request_token_params={'scope': 'email'},`
			`base_url='https://graph.facebook.com',`
			`request_token_url=None,`
			`access_token_url='/oauth/access_token',`
			`access_token_method='GET',`
			`authorize_url='https://www.facebook.com/dialog/oauth'`
			`),`
Clean up OAuth buttons 2015-11-23 01:13:59 +02:00			`'button': '<a href="/login/oauth/facebook" class="btn btn-facebook"><i class="fa fa-facebook"></i></a>',`
get oauth data from providers 2015-11-13 01:19:26 +02:00			`'profile': '/me',`
oauth field map to include lists to access nested response dicts oauth authorize callback to use absolute url, needed by Facebook 2015-10-26 23:47:32 +02:00			`'field_map': {`
			`'id': 'id',`
			`'username': 'name',`
			`'email': 'email'`
get oauth data from providers 2015-11-13 01:19:26 +02:00			`},`
fix facebook token name 2015-12-07 02:22:13 +02:00			`'token_name': 'access_token'`
add more oauth providers, really authenticate 2015-10-22 01:34:20 +03:00			`},`
			`'google': {`
			`'oauth': dict(`
			`request_token_params={`
			`'scope': 'https://www.googleapis.com/auth/userinfo.email'`
			`},`
			`base_url='https://www.googleapis.com/oauth2/v1/',`
			`request_token_url=None,`
			`access_token_method='POST',`
			`access_token_url='https://accounts.google.com/o/oauth2/token',`
			`authorize_url='https://accounts.google.com/o/oauth2/auth',`
			`),`
Clean up OAuth buttons 2015-11-23 01:13:59 +02:00			`'button': '<a href="/login/oauth/google" class="btn btn-google"><i class="fa fa-google"></i></a>',`
get oauth data from providers 2015-11-13 01:19:26 +02:00			`'profile': 'userinfo',`
			`'field_map': {`
			`'id': 'id',`
			`'username': 'name',`
			`'email': 'email'`
			`},`
			`'token_name': 'access_token'`
2nd pass on oauth, making more generic 2015-10-15 07:08:56 +03:00			`}`
			`}`
ldap first pass 2015-10-15 01:36:22 +03:00
update readme 2015-11-22 19:19:11 +02:00
2nd pass on oauth, making more generic 2015-10-15 07:08:56 +03:00			`class User(BaseUser):`
oauth work 2015-10-16 01:36:47 +03:00			`type = 'oauth'`
			`provider = None`

get oauth data from providers 2015-11-13 01:19:26 +02:00			`def __init__(self, provider, user_id, username=None, token=None, email=None):`
oauth work 2015-10-16 01:36:47 +03:00			`self.provider = provider`
			`self.username = username`
get oauth data from providers 2015-11-13 01:19:26 +02:00			`self.email = email`
oauth field map to include lists to access nested response dicts oauth authorize callback to use absolute url, needed by Facebook 2015-10-26 23:47:32 +02:00			`self.id = user_id`
oauth work 2015-10-16 01:36:47 +03:00			`self.token = token`
add more oauth providers, really authenticate 2015-10-22 01:34:20 +03:00			`self.auth_id = "%s-%s" % (provider, username)`
oauth work 2015-10-16 01:36:47 +03:00
			`@property`
			`def auth_token_id(self):`
			`return self.token`

			`@staticmethod`
			`def load_user(args, *kwargs):`
			`return User.get_by_id(args[0])`

			`@staticmethod`
			`def get_by_id(user_id):`
			`return users.get(user_id)`

			`@staticmethod`
set token in session before making oauth request 2015-11-14 01:03:58 +02:00			`def auth(provider, data, oauth_token):`
add more oauth providers, really authenticate 2015-10-22 01:34:20 +03:00			`field_map = providers.get(provider).get('field_map')`
			`if not field_map:`
			`raise NotImplementedError`

oauth field map to include lists to access nested response dicts oauth authorize callback to use absolute url, needed by Facebook 2015-10-26 23:47:32 +02:00			`def get_value(d, key):`
			`if isinstance(key, basestring):`
			`return d.get(key)`
Use github's anonymous email standin when github auth user has email as private 2016-07-14 05:47:24 +03:00			`elif callable(key):`
			`return key(d)`
oauth field map to include lists to access nested response dicts oauth authorize callback to use absolute url, needed by Facebook 2015-10-26 23:47:32 +02:00			`# key should be list here`
			`val = d.get(key.pop(0))`
			`if len(key) == 0:`
			`# if empty we have our value`
			`return val`
			`# keep digging`
			`return get_value(val, key)`

add more oauth providers, really authenticate 2015-10-22 01:34:20 +03:00			`fields = {}`
			`for k, v in field_map.items():`
get oauth data from providers 2015-11-13 01:19:26 +02:00			`fields[k] = get_value(data, v)`
add more oauth providers, really authenticate 2015-10-22 01:34:20 +03:00
get oauth data from providers 2015-11-13 01:19:26 +02:00			`user = User(provider, fields['id'], username=fields.get('username'), email=fields.get('email'),`
			`token=User.hash_password(oauth_token))`
add more oauth providers, really authenticate 2015-10-22 01:34:20 +03:00			`users[user.auth_id] = user`

oauth work 2015-10-16 01:36:47 +03:00			`if user:`
			`login_user(user, remember=True)`
			`return True`
			`else:`
			`return False`
2nd pass on oauth, making more generic 2015-10-15 07:08:56 +03:00
			`@classmethod`
			`def get_app(cls, provider):`
oauth work 2015-10-16 01:36:47 +03:00			`if oauth.remote_apps.get(provider):`
			`return oauth.remote_apps.get(provider)`
change github fieldmap define tokengetter for each provider 2015-11-14 01:25:55 +02:00			`app = oauth.remote_app(`
add github support, fix redirect on oauth 2015-10-21 17:09:42 +03:00			`provider,`
			`consumer_key=config.OAUTH.get(provider, {}).get('key'),`
			`consumer_secret=config.OAUTH.get(provider, {}).get(`
			`'secret'),`
			`**providers[provider]['oauth'])`
change github fieldmap define tokengetter for each provider 2015-11-14 01:25:55 +02:00			`app.tokengetter(lambda: session.get(provider + "_token"))`
			`return app`
oauth work 2015-10-16 01:36:47 +03:00
get oauth data from providers 2015-11-13 01:19:26 +02:00			`@classmethod`
			`def get_provider_value(cls, provider, key):`
			`return providers.get(provider, {}).get(key)`

			`@classmethod`
			`def get_token(cls, provider, resp):`
			`return resp.get(cls.get_provider_value(provider, 'token_name'))`

oauth work 2015-10-16 01:36:47 +03:00			`def get_id(self):`
add more oauth providers, really authenticate 2015-10-22 01:34:20 +03:00			`return unicode("%s/%s" % (self.type, self.auth_id))`
first pass, non-working 2015-10-14 06:52:30 +03:00
			`@staticmethod`
			`def login_form():`
add github support, fix redirect on oauth 2015-10-21 17:09:42 +03:00			`buttons = []`
add more oauth providers, really authenticate 2015-10-22 01:34:20 +03:00			`for name, val in providers.items():`
			`if not config.OAUTH.get(name, {}).get('key') or not config.OAUTH.get(name, {}).get('secret'):`
			`continue`
			`buttons.append(val.get('button'))`
oauth work 2015-10-16 01:36:47 +03:00
fix layout in small view 2015-12-07 01:17:44 +02:00			`return "<h3>Social Login</h3>" + " ".join(buttons)`