-
Notifications
You must be signed in to change notification settings - Fork 0
/
auth.py
185 lines (153 loc) · 6.54 KB
/
auth.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
import requests
import json
from flask import request
from flask import session as login_session
from flask import make_response
from oauth2client.client import flow_from_clientsecrets
from oauth2client.client import FlowExchangeError
from database_setup import User
from database_setup import session
# Json with credentials
CLIENT_ID = json.loads(
open('client_secrets.json', 'r').read())['web']['client_id']
APPLICATION_NAME = "Item Catalog Application"
def create_user(login_session):
""" User helper functions
Creates a new user in our db
"""
new_user = User(name=login_session['username'],
email=login_session['email'])
session.add(new_user)
session.commit()
user = session.query(User).filter_by(email=login_session['email']).one()
return user.id
def get_user_info(user_id):
""" Returns user object assoccieted with id number,
if user id passed into the method
"""
user = session.query(User).filter_by(id=user_id).one_or_none()
return user
def get_user_id(email):
""" Takes an email and reterns an id, if email belongs to a user
stored inour db
"""
try:
user = session.query(User).filter_by(email=email).one()
return user.id
except:
return None
# Google login
def google_connect():
# Validate state token
if request.args.get('state') != login_session['state']:
response = make_response(json.dumps('Invalid state parameter.'), 401)
response.headers['Content-Type'] = 'application/json'
return response
# Obtain authorization code
code = request.data
try:
# Upgrade the authorization code into a credentials object
oauth_flow = flow_from_clientsecrets('client_secrets.json', scope='',
redirect_uri='postmessage')
# oauth_flow.redirect_uri = 'postmessage'
credentials = oauth_flow.step2_exchange(code)
except FlowExchangeError:
response = make_response(
json.dumps('Failed to upgrade the authorization code.'), 401)
response.headers['Content-Type'] = 'application/json'
return response
# Check that the access token is valid.
access_token = credentials.access_token
url = 'https://www.googleapis.com/oauth2/v1/tokeninfo?access_token={}'
url = url.format(access_token)
# Create Get request containing the URL and access token
result = requests.get(url).json()
# If there was an error in the access token info, abort.
if result.get('error') is not None:
response = make_response(json.dumps(result.get('error')), 500)
response.headers['Content-Type'] = 'application/json'
return response
# Verify that the access token is used for the intended user.
gplus_id = credentials.id_token['sub']
if result['user_id'] != gplus_id:
response = make_response(
json.dumps("Token's user ID doesn't match given user ID."), 401)
response.headers['Content-Type'] = 'application/json'
return response
# Verify that the access token is valid for this app.
if result['issued_to'] != CLIENT_ID:
response = make_response(
json.dumps("Token's client ID does not match app's."), 401)
print("Token's client ID does not match app's.")
response.headers['Content-Type'] = 'application/json'
return response
# Check to see if user is already logged in
stored_access_token = login_session.get('access_token')
stored_gplus_id = login_session.get('gplus_id')
if stored_access_token is not None and gplus_id == stored_gplus_id:
response = make_response(json.dumps
('Current user is already connected.'), 200)
response.headers['Content-Type'] = 'application/json'
return response
# Store the access token in the session for later use.
login_session['access_token'] = credentials.access_token
login_session['gplus_id'] = gplus_id
# Get user info
userinfo_url = "https://www.googleapis.com/oauth2/v1/userinfo"
params = {'access_token': credentials.access_token, 'alt': 'json'}
answer = requests.get(userinfo_url, params=params)
data = answer.json()
login_session['username'] = data['name']
login_session['email'] = data['email']
login_session['picture'] = data['picture']
# Check if user exists, if it doesn't create a new one
user_id = get_user_id(login_session['email'])
if not user_id:
user_id = create_user(login_session)
login_session['user_id'] = user_id
# Response thet knows user's name and return their pictura
html = """
<h1>Welcome, {name}!</h1>
<img src="{picture}" style = "width: 300px;
height: 300px; border-radius: 150px;
-webkit-border-radius: 150px;-moz-border-radius: 150px;">
""".format(name=login_session['username'],
picture=login_session['picture'])
return html
# DISCONNECT - Revoke a current user's token and reset their login_session
def google_disconnect():
access_token = login_session.get('access_token')
if access_token is None:
print('Access Token is None')
response = make_response(json.dumps('Current user not connected.'),
401)
response.headers['Content-Type'] = 'application/json'
return response
print('In gdisconnect access token is %s', access_token)
print('User name is: ')
print(login_session['username'])
# Revoke access token
result = requests.post('https://accounts.google.com/o/oauth2/revoke',
params={'token': login_session['access_token']},
headers={'content-type':
'application/x-www-form-urlencoded'})
print('result is ')
print(result)
# Reset users session since otherwise it won't be possible to
# logout and login
del login_session['access_token']
del login_session['gplus_id']
del login_session['username']
del login_session['email']
del login_session['picture']
if result.status_code == 200:
# Reset the user's session
response = make_response(json.dumps('Successfully disconnected.'), 200)
response.headers['Content-Type'] = 'application/json'
return response
else:
# For whatever reason, the given token was invalid.
message = json.dumps('Failed to revoke token for given user.')
response = make_response(message, 400)
response.headers['Content-Type'] = 'application/json'
return response