Show More
| @@ -477,121 +477,6 b' class RhodeCodeExternalAuthPlugin(RhodeC' | |||
|
|
477 | 477 | return auth |
|
|
478 | 478 | |
|
|
479 | 479 | |
|
|
480 | class AuthomaticBase(RhodeCodeExternalAuthPlugin): | |
|
|
481 | ||
|
|
482 | # TODO: Think about how to create and store this secret string. | |
|
|
483 | # We need the secret for the authomatic library. It needs to be the same | |
|
|
484 | # across requests. | |
|
|
485 | def _get_authomatic_secret(self, length=40): | |
|
|
486 | secret = self.get_setting_by_name('secret') | |
|
|
487 | if secret is None or secret == 'None' or secret == '': | |
|
|
488 | from Crypto import Random, Hash | |
|
|
489 | secret_bytes = Random.new().read(length) | |
|
|
490 | secret_hash = Hash.SHA256.new() | |
|
|
491 | secret_hash.update(secret_bytes) | |
|
|
492 | secret = secret_hash.hexdigest() | |
|
|
493 | self.create_or_update_setting('secret', secret) | |
|
|
494 | Session.commit() | |
|
|
495 | secret = self.get_setting_by_name('secret') | |
|
|
496 | return secret | |
|
|
497 | ||
|
|
498 | def get_authomatic(self): | |
|
|
499 | scope = [] | |
|
|
500 | if self.name == 'bitbucket': | |
|
|
501 | provider_class = oauth1.Bitbucket | |
|
|
502 | scope = ['account', 'email', 'repository', 'issue', 'issue:write'] | |
|
|
503 | elif self.name == 'github': | |
|
|
504 | provider_class = oauth2.GitHub | |
|
|
505 | scope = ['repo', 'public_repo', 'user:email'] | |
|
|
506 | elif self.name == 'google': | |
|
|
507 | provider_class = oauth2.Google | |
|
|
508 | scope = ['profile', 'email'] | |
|
|
509 | elif self.name == 'twitter': | |
|
|
510 | provider_class = oauth1.Twitter | |
|
|
511 | ||
|
|
512 | authomatic_conf = { | |
|
|
513 | self.name: { | |
|
|
514 | 'class_': provider_class, | |
|
|
515 | 'consumer_key': self.get_setting_by_name('consumer_key'), | |
|
|
516 | 'consumer_secret': self.get_setting_by_name('consumer_secret'), | |
|
|
517 | 'scope': scope, | |
|
|
518 | 'access_headers': {'User-Agent': 'TestAppAgent'}, | |
|
|
519 | } | |
|
|
520 | } | |
|
|
521 | secret = self._get_authomatic_secret() | |
|
|
522 | return Authomatic(config=authomatic_conf, | |
|
|
523 | secret=secret) | |
|
|
524 | ||
|
|
525 | def get_provider_result(self, request): | |
|
|
526 | """ | |
|
|
527 | Provides `authomatic.core.LoginResult` for provider and request | |
|
|
528 | ||
|
|
529 | :param provider_name: | |
|
|
530 | :param request: | |
|
|
531 | :param config: | |
|
|
532 | :return: | |
|
|
533 | """ | |
|
|
534 | response = Response() | |
|
|
535 | adapter = WebObAdapter(request, response) | |
|
|
536 | authomatic_inst = self.get_authomatic() | |
|
|
537 | return authomatic_inst.login(adapter, self.name), response | |
|
|
538 | ||
|
|
539 | def handle_social_data(self, session, user_id, social_data): | |
|
|
540 | """ | |
|
|
541 | Updates user tokens in database whenever necessary | |
|
|
542 | :param request: | |
|
|
543 | :param user: | |
|
|
544 | :param social_data: | |
|
|
545 | :return: | |
|
|
546 | """ | |
|
|
547 | if not self.is_active(): | |
|
|
548 | h.flash(_('This provider is currently disabled'), | |
|
|
549 | category='warning') | |
|
|
550 | return False | |
|
|
551 | ||
|
|
552 | social_data = social_data | |
|
|
553 | update_identity = False | |
|
|
554 | ||
|
|
555 | existing_row = ExternalIdentity.by_external_id_and_provider( | |
|
|
556 | social_data['user']['id'], | |
|
|
557 | social_data['credentials.provider'] | |
|
|
558 | ) | |
|
|
559 | ||
|
|
560 | if existing_row: | |
|
|
561 | Session().delete(existing_row) | |
|
|
562 | update_identity = True | |
|
|
563 | ||
|
|
564 | if not existing_row or update_identity: | |
|
|
565 | if not update_identity: | |
|
|
566 | h.flash(_('Your external identity is now ' | |
|
|
567 | 'connected with your account'), category='success') | |
|
|
568 | ||
|
|
569 | if not social_data['user']['id']: | |
|
|
570 | h.flash(_('No external user id found? Perhaps permissions' | |
|
|
571 | 'for authentication are set incorrectly'), | |
|
|
572 | category='error') | |
|
|
573 | return False | |
|
|
574 | ||
|
|
575 | ex_identity = ExternalIdentity() | |
|
|
576 | ex_identity.external_id = social_data['user']['id'] | |
|
|
577 | ex_identity.external_username = social_data['user']['user_name'] | |
|
|
578 | ex_identity.provider_name = social_data['credentials.provider'] | |
|
|
579 | ex_identity.access_token = social_data['credentials.token'] | |
|
|
580 | ex_identity.token_secret = social_data['credentials.token_secret'] | |
|
|
581 | ex_identity.alt_token = social_data['credentials.refresh_token'] | |
|
|
582 | ex_identity.local_user_id = user_id | |
|
|
583 | Session().add(ex_identity) | |
|
|
584 | session.pop('rhodecode.social_auth', None) | |
|
|
585 | return ex_identity | |
|
|
586 | ||
|
|
587 | def callback_url(self): | |
|
|
588 | try: | |
|
|
589 | return url('social_auth', provider_name=self.name, qualified=True) | |
|
|
590 | except TypeError: | |
|
|
591 | pass | |
|
|
592 | return '' | |
|
|
593 | ||
|
|
594 | ||
|
|
595 | 480 | def loadplugin(plugin_id): |
|
|
596 | 481 | """ |
|
|
597 | 482 | Loads and returns an instantiated authentication plugin. |
General Comments 0
You need to be logged in to leave comments.
Login now