Show More
| @@ -477,121 +477,6 b' class RhodeCodeExternalAuthPlugin(RhodeC' | |||||
| 477 | return auth |
|
477 | return auth | |
| 478 |
|
478 | |||
| 479 |
|
479 | |||
| 480 | class AuthomaticBase(RhodeCodeExternalAuthPlugin): |
|
|||
| 481 |
|
||||
| 482 | # TODO: Think about how to create and store this secret string. |
|
|||
| 483 | # We need the secret for the authomatic library. It needs to be the same |
|
|||
| 484 | # across requests. |
|
|||
| 485 | def _get_authomatic_secret(self, length=40): |
|
|||
| 486 | secret = self.get_setting_by_name('secret') |
|
|||
| 487 | if secret is None or secret == 'None' or secret == '': |
|
|||
| 488 | from Crypto import Random, Hash |
|
|||
| 489 | secret_bytes = Random.new().read(length) |
|
|||
| 490 | secret_hash = Hash.SHA256.new() |
|
|||
| 491 | secret_hash.update(secret_bytes) |
|
|||
| 492 | secret = secret_hash.hexdigest() |
|
|||
| 493 | self.create_or_update_setting('secret', secret) |
|
|||
| 494 | Session.commit() |
|
|||
| 495 | secret = self.get_setting_by_name('secret') |
|
|||
| 496 | return secret |
|
|||
| 497 |
|
||||
| 498 | def get_authomatic(self): |
|
|||
| 499 | scope = [] |
|
|||
| 500 | if self.name == 'bitbucket': |
|
|||
| 501 | provider_class = oauth1.Bitbucket |
|
|||
| 502 | scope = ['account', 'email', 'repository', 'issue', 'issue:write'] |
|
|||
| 503 | elif self.name == 'github': |
|
|||
| 504 | provider_class = oauth2.GitHub |
|
|||
| 505 | scope = ['repo', 'public_repo', 'user:email'] |
|
|||
| 506 | elif self.name == 'google': |
|
|||
| 507 | provider_class = oauth2.Google |
|
|||
| 508 | scope = ['profile', 'email'] |
|
|||
| 509 | elif self.name == 'twitter': |
|
|||
| 510 | provider_class = oauth1.Twitter |
|
|||
| 511 |
|
||||
| 512 | authomatic_conf = { |
|
|||
| 513 | self.name: { |
|
|||
| 514 | 'class_': provider_class, |
|
|||
| 515 | 'consumer_key': self.get_setting_by_name('consumer_key'), |
|
|||
| 516 | 'consumer_secret': self.get_setting_by_name('consumer_secret'), |
|
|||
| 517 | 'scope': scope, |
|
|||
| 518 | 'access_headers': {'User-Agent': 'TestAppAgent'}, |
|
|||
| 519 | } |
|
|||
| 520 | } |
|
|||
| 521 | secret = self._get_authomatic_secret() |
|
|||
| 522 | return Authomatic(config=authomatic_conf, |
|
|||
| 523 | secret=secret) |
|
|||
| 524 |
|
||||
| 525 | def get_provider_result(self, request): |
|
|||
| 526 | """ |
|
|||
| 527 | Provides `authomatic.core.LoginResult` for provider and request |
|
|||
| 528 |
|
||||
| 529 | :param provider_name: |
|
|||
| 530 | :param request: |
|
|||
| 531 | :param config: |
|
|||
| 532 | :return: |
|
|||
| 533 | """ |
|
|||
| 534 | response = Response() |
|
|||
| 535 | adapter = WebObAdapter(request, response) |
|
|||
| 536 | authomatic_inst = self.get_authomatic() |
|
|||
| 537 | return authomatic_inst.login(adapter, self.name), response |
|
|||
| 538 |
|
||||
| 539 | def handle_social_data(self, session, user_id, social_data): |
|
|||
| 540 | """ |
|
|||
| 541 | Updates user tokens in database whenever necessary |
|
|||
| 542 | :param request: |
|
|||
| 543 | :param user: |
|
|||
| 544 | :param social_data: |
|
|||
| 545 | :return: |
|
|||
| 546 | """ |
|
|||
| 547 | if not self.is_active(): |
|
|||
| 548 | h.flash(_('This provider is currently disabled'), |
|
|||
| 549 | category='warning') |
|
|||
| 550 | return False |
|
|||
| 551 |
|
||||
| 552 | social_data = social_data |
|
|||
| 553 | update_identity = False |
|
|||
| 554 |
|
||||
| 555 | existing_row = ExternalIdentity.by_external_id_and_provider( |
|
|||
| 556 | social_data['user']['id'], |
|
|||
| 557 | social_data['credentials.provider'] |
|
|||
| 558 | ) |
|
|||
| 559 |
|
||||
| 560 | if existing_row: |
|
|||
| 561 | Session().delete(existing_row) |
|
|||
| 562 | update_identity = True |
|
|||
| 563 |
|
||||
| 564 | if not existing_row or update_identity: |
|
|||
| 565 | if not update_identity: |
|
|||
| 566 | h.flash(_('Your external identity is now ' |
|
|||
| 567 | 'connected with your account'), category='success') |
|
|||
| 568 |
|
||||
| 569 | if not social_data['user']['id']: |
|
|||
| 570 | h.flash(_('No external user id found? Perhaps permissions' |
|
|||
| 571 | 'for authentication are set incorrectly'), |
|
|||
| 572 | category='error') |
|
|||
| 573 | return False |
|
|||
| 574 |
|
||||
| 575 | ex_identity = ExternalIdentity() |
|
|||
| 576 | ex_identity.external_id = social_data['user']['id'] |
|
|||
| 577 | ex_identity.external_username = social_data['user']['user_name'] |
|
|||
| 578 | ex_identity.provider_name = social_data['credentials.provider'] |
|
|||
| 579 | ex_identity.access_token = social_data['credentials.token'] |
|
|||
| 580 | ex_identity.token_secret = social_data['credentials.token_secret'] |
|
|||
| 581 | ex_identity.alt_token = social_data['credentials.refresh_token'] |
|
|||
| 582 | ex_identity.local_user_id = user_id |
|
|||
| 583 | Session().add(ex_identity) |
|
|||
| 584 | session.pop('rhodecode.social_auth', None) |
|
|||
| 585 | return ex_identity |
|
|||
| 586 |
|
||||
| 587 | def callback_url(self): |
|
|||
| 588 | try: |
|
|||
| 589 | return url('social_auth', provider_name=self.name, qualified=True) |
|
|||
| 590 | except TypeError: |
|
|||
| 591 | pass |
|
|||
| 592 | return '' |
|
|||
| 593 |
|
||||
| 594 |
|
||||
| 595 | def loadplugin(plugin_id): |
|
480 | def loadplugin(plugin_id): | |
| 596 | """ |
|
481 | """ | |
| 597 | Loads and returns an instantiated authentication plugin. |
|
482 | Loads and returns an instantiated authentication plugin. | |
General Comments 0
You need to be logged in to leave comments.
Login now