diff options
| author | Bryan Newbold <bnewbold@robocracy.org> | 2019-01-03 20:45:29 -0800 |
|---|---|---|
| committer | Bryan Newbold <bnewbold@robocracy.org> | 2019-01-03 20:45:29 -0800 |
| commit | 422a8cc47489aa44b852ff0add1ef6ea63cfc1ff (patch) | |
| tree | 6640c13f10271cffe8e442e1fc75202d032121ca /python/fatcat_web/auth.py | |
| parent | 1cb3b1afa8df555d890cc556751222cf22c22696 (diff) | |
| download | fatcat-422a8cc47489aa44b852ff0add1ef6ea63cfc1ff.tar.gz fatcat-422a8cc47489aa44b852ff0add1ef6ea63cfc1ff.zip | |
several auth improvements
Diffstat (limited to 'python/fatcat_web/auth.py')
| -rw-r--r-- | python/fatcat_web/auth.py | 60 |
1 files changed, 54 insertions, 6 deletions
diff --git a/python/fatcat_web/auth.py b/python/fatcat_web/auth.py index f6672e87..385f5c49 100644 --- a/python/fatcat_web/auth.py +++ b/python/fatcat_web/auth.py @@ -1,27 +1,75 @@ from flask import Flask, render_template, send_from_directory, request, \ url_for, abort, g, redirect, jsonify, session -from fatcat_web import login_manager +from fatcat_web import login_manager, api +from flask_login import logout_user, login_user, UserMixin +import pymacaroons +def handle_logout(): + logout_user() + for k in ('editor', 'token'): + if k in session: + session.pop(k) + +def handle_token_login(token): + try: + m = pymacaroons.Macaroon.deserialize(token) + except pymacaroons.exceptions.MacaroonDeserializationException: + # TODO: what kind of Exceptions? + return abort(400) + # extract editor_id + editor_id = None + for caveat in m.first_party_caveats(): + caveat = caveat.caveat_id + if caveat.startswith(b"editor_id = "): + editor_id = caveat[12:].decode('utf-8') + if not editor_id: + abort(400) + # fetch editor info + editor = api.get_editor(editor_id).to_dict() + session['api_token'] = token + session['editor'] = editor + login_user(load_user(editor_id)) + return redirect("/") + # This will need to login/signup via fatcatd API, then set token in session def handle_oauth(remote, token, user_info): print(remote) if token: print(remote.name, token) if user_info: - # TODO: fetch api login/signup using user_info print(user_info) - # TODO: write token and username to session - # TODO: call login_user(load_user(editor_id)) + print(user_info.iss) + print(user_info.prefered_username) + + # fetch api login/signup using user_info + params = AuthOidc(remote.name, user_info.sub, user_info.iss) + resp = api.auth_oidc(params) + editor = resp['editor'] + api_token = resp['token'] + + # write token and username to session + session['api_token'] = api_token + session['editor'] = editor.editor_id + + # call login_user(load_user(editor_id)) + login_user(load_user(editor_id)) return redirect("/") + raise some_error @login_manager.user_loader def load_user(editor_id): - # NOTE: this should look for extra info in session, and update the user - # object with that. If session isn't loaded/valid, should return None + # looks for extra info in session, and updates the user object with that. + # If session isn't loaded/valid, should return None + if not 'editor' in session or not 'api_token' in session: + return None + editor = session['editor'] + token = session['api_token'] user = UserMixin() user.id = editor_id + user.username = editor['username'] + user.token = token return user |