From a4b9722d47c8f418479204a8ea7b7c51b8708313 Mon Sep 17 00:00:00 2001 From: patito Date: Fri, 22 Sep 2017 15:28:09 +0100 Subject: [PATCH 1/2] Google OAuth --- app/__init__.py | 41 ++++++++++++++++++++++++++++++++++++++++ app/templates/login.html | 3 +++ app/views.py | 32 ++++++++++++++++++++++++++++++- config_template.py | 12 ++++++++++++ run.py | 2 +- 5 files changed, 88 insertions(+), 2 deletions(-) diff --git a/app/__init__.py b/app/__init__.py index bcb3525..96e36d8 100644 --- a/app/__init__.py +++ b/app/__init__.py @@ -11,6 +11,7 @@ login_manager = LoginManager() login_manager.init_app(app) db = SQLAlchemy(app) + def enable_github_oauth(GITHUB_ENABLE): if not GITHUB_ENABLE: return None, None @@ -46,7 +47,47 @@ def enable_github_oauth(GITHUB_ENABLE): return oauth, github + oauth, github = enable_github_oauth(app.config.get('GITHUB_OAUTH_ENABLE')) +def enable_google_oauth(GOOGLE_ENABLE): + if not GOOGLE_ENABLE: + return None + from flask_oauthlib.client import OAuth + oauth = OAuth(app) + + google = oauth.remote_app( + 'google', + consumer_key=app.config['GOOGLE_OAUTH_CLIENT_ID'], + consumer_secret=app.config['GOOGLE_OAUTH_CLIENT_SECRET'], + request_token_params=app.config['GOOGLE_TOKEN_PARAMS'], + base_url=app.config['GOOGLE_BASE_URL'], + request_token_url=None, + access_token_method='POST', + access_token_url=app.config['GOOGLE_TOKEN_URL'], + authorize_url=app.config['GOOGLE_AUTHORIZE_URL'], + ) + + @app.route('/user/authorized') + def authorized(): + resp = google.authorized_response() + if resp is None: + return 'Access denied: reason=%s error=%s' % ( + request.args['error_reason'], + request.args['error_description'] + ) + session['google_token'] = (resp['access_token'], '') + return redirect(url_for('.login')) + + @google.tokengetter + def get_google_oauth_token(): + return session.get('google_token') + + return google + + +google = enable_google_oauth(app.config.get('GOOGLE_OAUTH_ENABLE')) + + from app import views, models diff --git a/app/templates/login.html b/app/templates/login.html index 9527f22..ca32d04 100644 --- a/app/templates/login.html +++ b/app/templates/login.html @@ -98,6 +98,9 @@ + {% if google_enabled %} + Google oauth login + {% endif %} {% if github_enabled %} Github oauth login {% endif %} diff --git a/app/views.py b/app/views.py index 8cc8761..2023d53 100644 --- a/app/views.py +++ b/app/views.py @@ -17,7 +17,7 @@ from werkzeug import secure_filename from werkzeug.security import gen_salt from .models import User, Domain, Record, Server, History, Anonymous, Setting, DomainSetting -from app import app, login_manager, github +from app import app, login_manager, github, google from lib import utils @@ -160,6 +160,14 @@ def register(): else: return render_template('errors/404.html'), 404 + +@app.route('/google/login') +def google_login(): + if not app.config.get('GOOGLE_OAUTH_ENABLE'): + return abort(400) + return google.authorize(callback=url_for('authorized', _external=True)) + + @app.route('/github/login') def github_login(): if not app.config.get('GITHUB_OAUTH_ENABLE'): @@ -175,10 +183,30 @@ def login(): BASIC_ENABLED = app.config['BASIC_ENABLED'] SIGNUP_ENABLED = app.config['SIGNUP_ENABLED'] GITHUB_ENABLE = app.config.get('GITHUB_OAUTH_ENABLE') + GOOGLE_ENABLE = app.config.get('GOOGLE_OAUTH_ENABLE') if g.user is not None and current_user.is_authenticated: return redirect(url_for('dashboard')) + if 'google_token' in session: + user_data = google.get('userinfo').data + first_name = user_data['given_name'] + surname = user_data['family_name'] + email = user_data['email'] + user = User.query.filter_by(username=email).first() + if not user: + # create user + user = User(username=email, + firstname=first_name, + lastname=surname, + plain_text_password=gen_salt(7), + email=email) + user.create_local_user() + + session['user_id'] = user.id + login_user(user, remember = False) + return redirect(url_for('index')) + if 'github_token' in session: me = github.get('user') user_info = me.data @@ -197,6 +225,7 @@ def login(): if request.method == 'GET': return render_template('login.html', github_enabled=GITHUB_ENABLE, + google_enabled=GOOGLE_ENABLE, ldap_enabled=LDAP_ENABLED, login_title=LOGIN_TITLE, basic_enabled=BASIC_ENABLED, signup_enabled=SIGNUP_ENABLED) @@ -263,6 +292,7 @@ def login(): def logout(): session.pop('user_id', None) session.pop('github_token', None) + session.pop('google_token', None) logout_user() return redirect(url_for('login')) diff --git a/config_template.py b/config_template.py index 288ff47..cc4b983 100644 --- a/config_template.py +++ b/config_template.py @@ -65,6 +65,18 @@ GITHUB_OAUTH_URL = 'http://127.0.0.1:5000/api/v3/' GITHUB_OAUTH_TOKEN = 'http://127.0.0.1:5000/oauth/token' GITHUB_OAUTH_AUTHORIZE = 'http://127.0.0.1:5000/oauth/authorize' +# Google OAuth +GOOGLE_OAUTH_ENABLE = False +GOOGLE_OAUTH_CLIENT_ID = ' ' +GOOGLE_OAUTH_CLIENT_SECRET = ' ' +GOOGLE_REDIRECT_URI = '/Callback' +GOOGLE_TOKEN_URL = 'https://accounts.google.com/o/oauth2/token' +GOOGLE_TOKEN_PARAMS = { + 'scope': 'email profile' +} +GOOGLE_AUTHORIZE_URL='https://accounts.google.com/o/oauth2/auth' +GOOGLE_BASE_URL='https://www.googleapis.com/oauth2/v1/' + #Default Auth BASIC_ENABLED = True SIGNUP_ENABLED = True diff --git a/run.py b/run.py index e159643..7fb4ae4 100755 --- a/run.py +++ b/run.py @@ -3,7 +3,7 @@ from app import app from config import PORT try: - from config import BIND_ADDRESS + from config import BIND_ADDRESS except: BIND_ADDRESS = '127.0.0.1' From b8e7eea8b9966fbdd1737bf5b71ed16626dce825 Mon Sep 17 00:00:00 2001 From: patito Date: Thu, 28 Sep 2017 15:05:52 +0100 Subject: [PATCH 2/2] Changed redirect URI --- config_template.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config_template.py b/config_template.py index cc4b983..e6b5313 100644 --- a/config_template.py +++ b/config_template.py @@ -69,7 +69,7 @@ GITHUB_OAUTH_AUTHORIZE = 'http://127.0.0.1:5000/oauth/authorize' GOOGLE_OAUTH_ENABLE = False GOOGLE_OAUTH_CLIENT_ID = ' ' GOOGLE_OAUTH_CLIENT_SECRET = ' ' -GOOGLE_REDIRECT_URI = '/Callback' +GOOGLE_REDIRECT_URI = '/user/authorized' GOOGLE_TOKEN_URL = 'https://accounts.google.com/o/oauth2/token' GOOGLE_TOKEN_PARAMS = { 'scope': 'email profile'