get oauth data from providers
This commit is contained in:
Matthew Scragg
parent
96b583d63b
commit
6edaec3876
3 changed files with 38 additions and 15 deletions
|
|
@ -84,7 +84,7 @@ DB_URI = 'sqlite:////tmp/wiki.db'
|
||||||
# DB_URI = 'crate://'
|
# DB_URI = 'crate://'
|
||||||
|
|
||||||
LDAP = {
|
LDAP = {
|
||||||
'URI': 'ldap://localhost:8389',
|
'URI': '',
|
||||||
|
|
||||||
# This BIND_DN/BIND_PASSWORD default to '', this is shown here for demonstrative purposes
|
# This BIND_DN/BIND_PASSWORD default to '', this is shown here for demonstrative purposes
|
||||||
# The values '' perform an anonymous bind so we may use search/bind method
|
# The values '' perform an anonymous bind so we may use search/bind method
|
||||||
|
|
|
||||||
|
|
@ -17,10 +17,12 @@ providers = {
|
||||||
authorize_url='https://api.twitter.com/oauth/authenticate',
|
authorize_url='https://api.twitter.com/oauth/authenticate',
|
||||||
access_token_method='GET'),
|
access_token_method='GET'),
|
||||||
'button': '<a href="/login/oauth/twitter" class="btn btn-default"><i class="fa fa-twitter"></i> Twitter</a>',
|
'button': '<a href="/login/oauth/twitter" class="btn btn-default"><i class="fa fa-twitter"></i> Twitter</a>',
|
||||||
|
'profile': None,
|
||||||
'field_map': {
|
'field_map': {
|
||||||
'id': 'user_id',
|
'id': 'user_id',
|
||||||
'username': 'screen_name'
|
'username': 'screen_name'
|
||||||
}
|
},
|
||||||
|
'token_name': 'oauth_token'
|
||||||
},
|
},
|
||||||
'github': {
|
'github': {
|
||||||
'oauth': dict(
|
'oauth': dict(
|
||||||
|
|
@ -31,11 +33,13 @@ providers = {
|
||||||
access_token_url='https://github.com/login/oauth/access_token',
|
access_token_url='https://github.com/login/oauth/access_token',
|
||||||
authorize_url='https://github.com/login/oauth/authorize'),
|
authorize_url='https://github.com/login/oauth/authorize'),
|
||||||
'button': '<a href="/login/oauth/github" class="btn btn-default"><i class="fa fa-github"></i> Github</a>',
|
'button': '<a href="/login/oauth/github" class="btn btn-default"><i class="fa fa-github"></i> Github</a>',
|
||||||
|
'profile': 'user',
|
||||||
'field_map': {
|
'field_map': {
|
||||||
'id': ['user', 'id'],
|
'id': ['user', 'id'],
|
||||||
'username': ['user', 'login'],
|
'username': ['user', 'login'],
|
||||||
'email': ['user', 'email']
|
'email': ['user', 'email']
|
||||||
}
|
},
|
||||||
|
'token_name': 'access_token'
|
||||||
},
|
},
|
||||||
'facebook': {
|
'facebook': {
|
||||||
'oauth': dict(
|
'oauth': dict(
|
||||||
|
|
@ -47,11 +51,13 @@ providers = {
|
||||||
authorize_url='https://www.facebook.com/dialog/oauth'
|
authorize_url='https://www.facebook.com/dialog/oauth'
|
||||||
),
|
),
|
||||||
'button': '<a href="/login/oauth/facebook" class="btn btn-default"><i class="fa fa-facebook"></i> Facebook</a>',
|
'button': '<a href="/login/oauth/facebook" class="btn btn-default"><i class="fa fa-facebook"></i> Facebook</a>',
|
||||||
|
'profile': '/me',
|
||||||
'field_map': {
|
'field_map': {
|
||||||
'id': 'id',
|
'id': 'id',
|
||||||
'username': 'name',
|
'username': 'name',
|
||||||
'email': 'email'
|
'email': 'email'
|
||||||
}
|
},
|
||||||
|
'token_name': 'access_name'
|
||||||
},
|
},
|
||||||
'google': {
|
'google': {
|
||||||
'oauth': dict(
|
'oauth': dict(
|
||||||
|
|
@ -64,7 +70,14 @@ providers = {
|
||||||
access_token_url='https://accounts.google.com/o/oauth2/token',
|
access_token_url='https://accounts.google.com/o/oauth2/token',
|
||||||
authorize_url='https://accounts.google.com/o/oauth2/auth',
|
authorize_url='https://accounts.google.com/o/oauth2/auth',
|
||||||
),
|
),
|
||||||
'button': '<a href="/login/oauth/google" class="btn btn-default"><i class="fa fa-google"></i> Google</a>'
|
'button': '<a href="/login/oauth/google" class="btn btn-default"><i class="fa fa-google"></i> Google</a>',
|
||||||
|
'profile': 'userinfo',
|
||||||
|
'field_map': {
|
||||||
|
'id': 'id',
|
||||||
|
'username': 'name',
|
||||||
|
'email': 'email'
|
||||||
|
},
|
||||||
|
'token_name': 'access_token'
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -73,9 +86,10 @@ class User(BaseUser):
|
||||||
type = 'oauth'
|
type = 'oauth'
|
||||||
provider = None
|
provider = None
|
||||||
|
|
||||||
def __init__(self, provider, user_id, username, token):
|
def __init__(self, provider, user_id, username=None, token=None, email=None):
|
||||||
self.provider = provider
|
self.provider = provider
|
||||||
self.username = username
|
self.username = username
|
||||||
|
self.email = email
|
||||||
self.id = user_id
|
self.id = user_id
|
||||||
self.token = token
|
self.token = token
|
||||||
self.auth_id = "%s-%s" % (provider, username)
|
self.auth_id = "%s-%s" % (provider, username)
|
||||||
|
|
@ -93,7 +107,8 @@ class User(BaseUser):
|
||||||
return users.get(user_id)
|
return users.get(user_id)
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def auth(provider, resp):
|
def auth(provider, data, resp):
|
||||||
|
oauth_token = resp.get(User.get_provider_value(provider, 'token_name'))
|
||||||
field_map = providers.get(provider).get('field_map')
|
field_map = providers.get(provider).get('field_map')
|
||||||
if not field_map:
|
if not field_map:
|
||||||
raise NotImplementedError
|
raise NotImplementedError
|
||||||
|
|
@ -111,9 +126,10 @@ class User(BaseUser):
|
||||||
|
|
||||||
fields = {}
|
fields = {}
|
||||||
for k, v in field_map.items():
|
for k, v in field_map.items():
|
||||||
fields[k] = get_value(resp, v)
|
fields[k] = get_value(data, v)
|
||||||
|
|
||||||
user = User(provider, fields['id'], fields['username'], User.hash_password(resp['oauth_token']))
|
user = User(provider, fields['id'], username=fields.get('username'), email=fields.get('email'),
|
||||||
|
token=User.hash_password(oauth_token))
|
||||||
users[user.auth_id] = user
|
users[user.auth_id] = user
|
||||||
|
|
||||||
if user:
|
if user:
|
||||||
|
|
@ -133,6 +149,14 @@ class User(BaseUser):
|
||||||
'secret'),
|
'secret'),
|
||||||
**providers[provider]['oauth'])
|
**providers[provider]['oauth'])
|
||||||
|
|
||||||
|
@classmethod
|
||||||
|
def get_provider_value(cls, provider, key):
|
||||||
|
return providers.get(provider, {}).get(key)
|
||||||
|
|
||||||
|
@classmethod
|
||||||
|
def get_token(cls, provider, resp):
|
||||||
|
return resp.get(cls.get_provider_value(provider, 'token_name'))
|
||||||
|
|
||||||
def get_id(self):
|
def get_id(self):
|
||||||
return unicode("%s/%s" % (self.type, self.auth_id))
|
return unicode("%s/%s" % (self.type, self.auth_id))
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -18,7 +18,8 @@ def login(provider):
|
||||||
def callback(provider):
|
def callback(provider):
|
||||||
next_url = request.args.get('next') or url_for(current_app.config['ROOT_ENDPOINT'])
|
next_url = request.args.get('next') or url_for(current_app.config['ROOT_ENDPOINT'])
|
||||||
try:
|
try:
|
||||||
resp = User.get_app(provider).authorized_response()
|
remote_app = User.get_app(provider)
|
||||||
|
resp = remote_app.authorized_response()
|
||||||
if resp is None:
|
if resp is None:
|
||||||
flash('You denied the request to sign in.', 'error')
|
flash('You denied the request to sign in.', 'error')
|
||||||
flash('Reason: ' + request.args['error_reason'] +
|
flash('Reason: ' + request.args['error_reason'] +
|
||||||
|
|
@ -28,11 +29,9 @@ def callback(provider):
|
||||||
flash('Access denied: %s' % e.message)
|
flash('Access denied: %s' % e.message)
|
||||||
return redirect(next_url)
|
return redirect(next_url)
|
||||||
|
|
||||||
session[provider + '_token'] = (
|
profile = User.get_provider_value(provider, 'profile')
|
||||||
resp['oauth_token'],
|
data = remote_app.get(profile) if profile else resp
|
||||||
resp['oauth_token_secret']
|
|
||||||
)
|
|
||||||
|
|
||||||
User.auth(provider, resp)
|
User.auth(provider, data, resp)
|
||||||
|
|
||||||
return redirect(next_url)
|
return redirect(next_url)
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue