diff --git a/app/__init__.py b/app/__init__.py
index bcb3525..96e36d8 100644
--- a/app/__init__.py
+++ b/app/__init__.py
@@ -11,6 +11,7 @@ login_manager = LoginManager()
login_manager.init_app(app)
db = SQLAlchemy(app)
+
def enable_github_oauth(GITHUB_ENABLE):
if not GITHUB_ENABLE:
return None, None
@@ -46,7 +47,47 @@ def enable_github_oauth(GITHUB_ENABLE):
return oauth, github
+
oauth, github = enable_github_oauth(app.config.get('GITHUB_OAUTH_ENABLE'))
+def enable_google_oauth(GOOGLE_ENABLE):
+ if not GOOGLE_ENABLE:
+ return None
+ from flask_oauthlib.client import OAuth
+ oauth = OAuth(app)
+
+ google = oauth.remote_app(
+ 'google',
+ consumer_key=app.config['GOOGLE_OAUTH_CLIENT_ID'],
+ consumer_secret=app.config['GOOGLE_OAUTH_CLIENT_SECRET'],
+ request_token_params=app.config['GOOGLE_TOKEN_PARAMS'],
+ base_url=app.config['GOOGLE_BASE_URL'],
+ request_token_url=None,
+ access_token_method='POST',
+ access_token_url=app.config['GOOGLE_TOKEN_URL'],
+ authorize_url=app.config['GOOGLE_AUTHORIZE_URL'],
+ )
+
+ @app.route('/user/authorized')
+ def authorized():
+ resp = google.authorized_response()
+ if resp is None:
+ return 'Access denied: reason=%s error=%s' % (
+ request.args['error_reason'],
+ request.args['error_description']
+ )
+ session['google_token'] = (resp['access_token'], '')
+ return redirect(url_for('.login'))
+
+ @google.tokengetter
+ def get_google_oauth_token():
+ return session.get('google_token')
+
+ return google
+
+
+google = enable_google_oauth(app.config.get('GOOGLE_OAUTH_ENABLE'))
+
+
from app import views, models
diff --git a/app/templates/login.html b/app/templates/login.html
index 9527f22..ca32d04 100644
--- a/app/templates/login.html
+++ b/app/templates/login.html
@@ -98,6 +98,9 @@
+ {% if google_enabled %}
+ Google oauth login
+ {% endif %}
{% if github_enabled %}
Github oauth login
{% endif %}
diff --git a/app/views.py b/app/views.py
index 8cc8761..2023d53 100644
--- a/app/views.py
+++ b/app/views.py
@@ -17,7 +17,7 @@ from werkzeug import secure_filename
from werkzeug.security import gen_salt
from .models import User, Domain, Record, Server, History, Anonymous, Setting, DomainSetting
-from app import app, login_manager, github
+from app import app, login_manager, github, google
from lib import utils
@@ -160,6 +160,14 @@ def register():
else:
return render_template('errors/404.html'), 404
+
+@app.route('/google/login')
+def google_login():
+ if not app.config.get('GOOGLE_OAUTH_ENABLE'):
+ return abort(400)
+ return google.authorize(callback=url_for('authorized', _external=True))
+
+
@app.route('/github/login')
def github_login():
if not app.config.get('GITHUB_OAUTH_ENABLE'):
@@ -175,10 +183,30 @@ def login():
BASIC_ENABLED = app.config['BASIC_ENABLED']
SIGNUP_ENABLED = app.config['SIGNUP_ENABLED']
GITHUB_ENABLE = app.config.get('GITHUB_OAUTH_ENABLE')
+ GOOGLE_ENABLE = app.config.get('GOOGLE_OAUTH_ENABLE')
if g.user is not None and current_user.is_authenticated:
return redirect(url_for('dashboard'))
+ if 'google_token' in session:
+ user_data = google.get('userinfo').data
+ first_name = user_data['given_name']
+ surname = user_data['family_name']
+ email = user_data['email']
+ user = User.query.filter_by(username=email).first()
+ if not user:
+ # create user
+ user = User(username=email,
+ firstname=first_name,
+ lastname=surname,
+ plain_text_password=gen_salt(7),
+ email=email)
+ user.create_local_user()
+
+ session['user_id'] = user.id
+ login_user(user, remember = False)
+ return redirect(url_for('index'))
+
if 'github_token' in session:
me = github.get('user')
user_info = me.data
@@ -197,6 +225,7 @@ def login():
if request.method == 'GET':
return render_template('login.html',
github_enabled=GITHUB_ENABLE,
+ google_enabled=GOOGLE_ENABLE,
ldap_enabled=LDAP_ENABLED, login_title=LOGIN_TITLE,
basic_enabled=BASIC_ENABLED, signup_enabled=SIGNUP_ENABLED)
@@ -263,6 +292,7 @@ def login():
def logout():
session.pop('user_id', None)
session.pop('github_token', None)
+ session.pop('google_token', None)
logout_user()
return redirect(url_for('login'))
diff --git a/config_template.py b/config_template.py
index 288ff47..e6b5313 100644
--- a/config_template.py
+++ b/config_template.py
@@ -65,6 +65,18 @@ GITHUB_OAUTH_URL = 'http://127.0.0.1:5000/api/v3/'
GITHUB_OAUTH_TOKEN = 'http://127.0.0.1:5000/oauth/token'
GITHUB_OAUTH_AUTHORIZE = 'http://127.0.0.1:5000/oauth/authorize'
+# Google OAuth
+GOOGLE_OAUTH_ENABLE = False
+GOOGLE_OAUTH_CLIENT_ID = ' '
+GOOGLE_OAUTH_CLIENT_SECRET = ' '
+GOOGLE_REDIRECT_URI = '/user/authorized'
+GOOGLE_TOKEN_URL = 'https://accounts.google.com/o/oauth2/token'
+GOOGLE_TOKEN_PARAMS = {
+ 'scope': 'email profile'
+}
+GOOGLE_AUTHORIZE_URL='https://accounts.google.com/o/oauth2/auth'
+GOOGLE_BASE_URL='https://www.googleapis.com/oauth2/v1/'
+
#Default Auth
BASIC_ENABLED = True
SIGNUP_ENABLED = True
diff --git a/run.py b/run.py
index e159643..7fb4ae4 100755
--- a/run.py
+++ b/run.py
@@ -3,7 +3,7 @@ from app import app
from config import PORT
try:
- from config import BIND_ADDRESS
+ from config import BIND_ADDRESS
except:
BIND_ADDRESS = '127.0.0.1'