oauth2: init

thomersch · Jan 12, 2024 · d5be1a5 · d5be1a5
1 parent 63adf92
commit d5be1a5
Show file tree

Hide file tree

Showing 8 changed files with 54 additions and 19 deletions.
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -3,6 +3,11 @@
   "service": "osmcal",
   "dockerComposeFile": "docker-compose.yml",
   "workspaceFolder": "/app",
-  "postCreateCommand": "make install && cat .devcontainer/start-message.text",
-  "shutdownAction": "stopCompose"
+  "postCreateCommand": "make install-dev && ln -s `poetry env info -p`/bin/black /usr/bin/black && cat .devcontainer/start-message.text",
+  "shutdownAction": "stopCompose",
+  "customizations": {
+    "vscode": {
+      "extensions": ["ms-python.python", "ms-python.black-formatter"]
+    }
+  }
 }
diff --git a/Makefile b/Makefile
@@ -11,6 +11,9 @@ devserver:
 install:
 	$(CALL) install --no-root
 
+install-dev:
+	$(CALL) install --no-root --with dev
+
 dep-update:
 	$(CALL) update
 

diff --git a/osmcal/oauth.py b/osmcal/oauth.py
@@ -0,0 +1,33 @@
+from django.conf import settings
+from django.urls import reverse
+from requests_oauthlib import OAuth2Session
+
+
+def get_oauth_session(request):
+    callback_uri = request.build_absolute_uri(reverse("oauth-callback"))
+    if settings.DEBUG:
+        # This simplifies the reverse proxy setup on dev:
+        # It's pretending we're using HTTPS with a correct configuration.
+        callback_uri = callback_uri.replace("http", "https")
+
+    return OAuth2Session(
+        settings.OAUTH2_OPENSTREETMAP_CLIENT_ID,
+        redirect_uri=callback_uri,
+        scope=["read_prefs"],
+    )
+
+
+def get_authenticated_session(request) -> OAuth2Session:
+    authorization_response = request.get_raw_uri()
+    if settings.DEBUG:
+        # This simplifies the reverse proxy setup on dev:
+        # It's pretending we're using HTTPS with a correct configuration.
+        authorization_response = authorization_response.replace("http", "https")
+
+    osm = get_oauth_session(request)
+    osm.fetch_token(
+        "https://www.openstreetmap.org/oauth2/token",
+        client_secret=settings.OAUTH2_OPENSTREETMAP_CLIENT_SECRET,
+        authorization_response=authorization_response,
+    )
+    return osm
diff --git a/osmcal/osmuser.py b/osmcal/osmuser.py
@@ -1,11 +1,10 @@
 from xml.etree import ElementTree as ET
 
 from django.contrib.gis.geos import Point
-from requests_oauthlib import OAuth1Session
+from requests_oauthlib import OAuth2Session
 
 
-def get_user_attributes(session: OAuth1Session) -> dict:
-    session.fetch_access_token("https://www.openstreetmap.org/oauth/access_token")
+def get_user_attributes(session: OAuth2Session) -> dict:
     userreq = session.get("https://api.openstreetmap.org/api/0.6/user/details")
 
     userxml = ET.fromstring(userreq.text)

diff --git a/osmcal/settings.py b/osmcal/settings.py
@@ -118,6 +118,9 @@
 OAUTH_OPENSTREETMAP_KEY = os.getenv("OSMCAL_OSM_KEY", "")
 OAUTH_OPENSTREETMAP_SECRET = os.getenv("OSMCAL_OSM_SECRET", "")
 
+OAUTH2_OPENSTREETMAP_CLIENT_ID = os.getenv("OSMCAL_OAUTH2_CLIENT_ID", "")
+OAUTH2_OPENSTREETMAP_CLIENT_SECRET = os.getenv("OSMCAL_OAUTH2_CLIENT_SECRET", "")
+
 AUTH_USER_MODEL = "osmcal.User"
 DEFAULT_AUTO_FIELD = "django.db.models.AutoField"
 

diff --git a/osmcal/views.py b/osmcal/views.py
@@ -22,7 +22,7 @@
 from django.views import View
 from django.views.generic.base import TemplateView
 from pytz import UTC
-from requests_oauthlib import OAuth1Session
+from osmcal import oauth
 
 from . import forms, osmuser
 from .ical import encode_event, encode_events
@@ -461,23 +461,15 @@ def get(self, request):
 
 
 def oauth_start(request):
-    osm = OAuth1Session(settings.OAUTH_OPENSTREETMAP_KEY, client_secret=settings.OAUTH_OPENSTREETMAP_SECRET)
-    req_token = osm.fetch_request_token("https://www.openstreetmap.org/oauth/request_token")
-    request.session["oauth_params"] = req_token
+    osm = oauth.get_oauth_session(request)
     if request.GET.get("next", None):
         request.session["next"] = request.GET["next"]
-    auth_url = osm.authorization_url("https://www.openstreetmap.org/oauth/authorize")
+    auth_url, _ = osm.authorization_url("https://www.openstreetmap.org/oauth2/authorize")
     return redirect(auth_url)
 
 
 def oauth_callback(request):
-    osm = OAuth1Session(
-        settings.OAUTH_OPENSTREETMAP_KEY,
-        client_secret=settings.OAUTH_OPENSTREETMAP_SECRET,
-        resource_owner_key=request.session.get("oauth_params")["oauth_token"],
-        resource_owner_secret=request.session.get("oauth_params")["oauth_token_secret"],
-        verifier="OSMNOPE",
-    )
+    osm = oauth.get_authenticated_session(request)
     osm_attrs = osmuser.get_user_attributes(osm)
 
     try:

diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -23,7 +23,7 @@ Babel = "~=2.9"
 django-background-tasks = "*"
 # django-background-tasks-updated = "==1.2.7" # pinned to a fork which supports Django 4
 
-[tool.poetry.dev-dependencies]
+[tool.poetry.group.dev.dependencies]
 PyYaml = "~=6.0"
 pylint = "*"
 black = "~=23.3.0"