diff options
-rw-r--r-- | python/fatcat_web/__init__.py | 25 | ||||
-rw-r--r-- | python/fatcat_web/auth.py | 11 | ||||
-rw-r--r-- | python/fatcat_web/routes.py | 17 | ||||
-rw-r--r-- | python/fatcat_web/templates/auth_login.html | 30 | ||||
-rw-r--r-- | python/fatcat_web/web_config.py | 9 |
5 files changed, 82 insertions, 10 deletions
diff --git a/python/fatcat_web/__init__.py b/python/fatcat_web/__init__.py index fa7d005a..d0d3eaf5 100644 --- a/python/fatcat_web/__init__.py +++ b/python/fatcat_web/__init__.py @@ -6,8 +6,9 @@ from flask_debugtoolbar import DebugToolbarExtension from flask_login import LoginManager from flask_wtf.csrf import CSRFProtect from flask_misaka import Misaka +from flask_mwoauth import MWOAuth from authlib.flask.client import OAuth -from loginpass import create_flask_blueprint, Gitlab +from loginpass import create_flask_blueprint, Gitlab, GitHub from raven.contrib.flask import Sentry import fatcat_client @@ -60,7 +61,25 @@ else: print("No privileged token found") priv_api = None +mwoauth = MWOAuth( + consumer_key=Config.WIKIPEDIA_CLIENT_ID, + consumer_secret=Config.WIKIPEDIA_CLIENT_SECRET, + default_return_to='wp_oauth_finish_login') +mwoauth.handshaker.user_agent = "fatcat.wiki;python_web_interface" +app.register_blueprint(mwoauth.bp, url_prefix='/auth/wikipedia') + from fatcat_web import routes, editing_routes, auth, cors, forms -gitlab_bp = create_flask_blueprint(Gitlab, oauth, auth.handle_oauth) -app.register_blueprint(gitlab_bp, url_prefix='/auth/gitlab') +if Config.ORCID_CLIENT_ID: + # XXX: + pass + #orcid_bp = create_flask_blueprint(ORCID, oauth, auth.handle_oauth) + #app.register_blueprint(orcid_bp, url_prefix='/auth/orcid') + +if Config.GITLAB_CLIENT_ID: + gitlab_bp = create_flask_blueprint(Gitlab, oauth, auth.handle_oauth) + app.register_blueprint(gitlab_bp, url_prefix='/auth/gitlab') + +if Config.GITHUB_CLIENT_ID: + github_bp = create_flask_blueprint(GitHub, oauth, auth.handle_oauth) + app.register_blueprint(github_bp, url_prefix='/auth/google') diff --git a/python/fatcat_web/auth.py b/python/fatcat_web/auth.py index b815d816..44a03f5f 100644 --- a/python/fatcat_web/auth.py +++ b/python/fatcat_web/auth.py @@ -127,6 +127,17 @@ def handle_ia_xauth(email, password): } return handle_oauth(remote, None, oauth_info) +def handle_wmoauth(username): + # pass off "as if" we did OAuth successfully + FakeOAuthRemote = namedtuple('FakeOAuthRemote', ['name', 'OAUTH_CONFIG']) + remote = FakeOAuthRemote(name='wikipedia', OAUTH_CONFIG={'api_base_url': "https://www.mediawiki.org/w"}) + oauth_info = { + 'preferred_username': username, + 'iss': "https://www.mediawiki.org/w", + 'sub': username, + } + return handle_oauth(remote, None, oauth_info) + @login_manager.user_loader def load_user(editor_id): # looks for extra info in session, and updates the user object with that. diff --git a/python/fatcat_web/routes.py b/python/fatcat_web/routes.py index f6b08f54..f14ca5f6 100644 --- a/python/fatcat_web/routes.py +++ b/python/fatcat_web/routes.py @@ -9,8 +9,8 @@ from flask_wtf.csrf import CSRFError from fatcat_client import Editgroup, EditgroupAnnotation from fatcat_client.rest import ApiException from fatcat_tools.transforms import * -from fatcat_web import app, api, auth_api, priv_api -from fatcat_web.auth import handle_token_login, handle_logout, load_user, handle_ia_xauth +from fatcat_web import app, api, auth_api, priv_api, mwoauth +from fatcat_web.auth import handle_token_login, handle_logout, load_user, handle_ia_xauth, handle_wmoauth from fatcat_web.cors import crossdomain from fatcat_web.search import * from fatcat_web.hacks import strip_extlink_xml, wayback_suffix @@ -673,6 +673,19 @@ def auth_account(): load_user(editor.editor_id) return render_template('auth_account.html') +@app.route('/auth/wikipedia/auth') +def wp_oauth_rewrite(): + """ + This is a dirty hack to rewrite '/auth/wikipedia/auth' to '/auth/wikipedia/oauth-callback' + """ + return redirect(b"/auth/wikipedia/oauth-callback?" + request.query_string, 307) + +@app.route('/auth/wikipedia/finish-login') +def wp_oauth_finish_login(): + wp_username = mwoauth.get_current_user(cached=True) + assert(wp_username) + return handle_wmoauth(wp_username) + ### Static Routes ########################################################### diff --git a/python/fatcat_web/templates/auth_login.html b/python/fatcat_web/templates/auth_login.html index bcb11680..c63b4227 100644 --- a/python/fatcat_web/templates/auth_login.html +++ b/python/fatcat_web/templates/auth_login.html @@ -13,6 +13,7 @@ Note that currently editor accounts are locked 1-to-1 with external identities. <a href="https://guide.fatcat.wiki/policies.html">Norms and Policies</a>. <br> +{% if config.IA_XAUTH_CLIENT_ID %} <a href="/auth/ia/login"> <div class="ui segment attached"> <h2 class="ui header"> @@ -24,7 +25,19 @@ Note that currently editor accounts are locked 1-to-1 with external identities. </h2> </div> </a> +{% else %} +<div class="ui segment attached"> + <h2 class="ui header"> + <i class="grey times circle icon"></i> + <div class="content"> + Internet Archive + <div class="sub header">not configured</div> + </div> + </h2> +</div> +{% endif %} +{% if config.ORCID_CLIENT_ID %} <a href="/auth/orcid/login"> <div class="ui segment attached"> <h2 class="ui header"> @@ -36,42 +49,49 @@ Note that currently editor accounts are locked 1-to-1 with external identities. </h2> </div> </a> +{% endif %} +{% if config.WIKIPEDIA_CLIENT_ID %} <a href="/auth/wikipedia/login"> <div class="ui segment attached"> <h2 class="ui header"> - <i class="wikipedia w icon"></i> + <i class="wikipedia w icon"></i> <div class="content"> Wikipedia - <div class="sub header">via OpenID Connect</div> + <div class="sub header">via OAuth</div> </div> </h2> </div> </a> +{% endif %} +{% if config.GITLAB_CLIENT_ID %} <a href="/auth/gitlab/login"> <div class="ui segment attached"> <h2 class="ui header"> <i class="orange gitlab icon"></i> <div class="content"> Gitlab - <div class="sub header">via OpenID Connect</div> + <div class="sub header">via OAuth</div> </div> </h2> </div> </a> +{% endif %} -<a href="/auth/google/login"> +{% if config.GITHUB_CLIENT_ID %} +<a href="/auth/github/login"> <div class="ui segment attached"> <h2 class="ui header"> <i class="red google icon"></i> <div class="content"> - Google + Github <div class="sub header">via OpenID Connect</div> </div> </h2> </div> </a> +{% endif %} {# alternative style <br> diff --git a/python/fatcat_web/web_config.py b/python/fatcat_web/web_config.py index b12cb114..e681b397 100644 --- a/python/fatcat_web/web_config.py +++ b/python/fatcat_web/web_config.py @@ -32,9 +32,18 @@ class Config(object): FLASK_SECRET_KEY = os.environ.get("FLASK_SECRET_KEY", default=None) SECRET_KEY = FLASK_SECRET_KEY + ORCID_CLIENT_ID = os.environ.get("ORCID_CLIENT_ID", default=None) + ORCID_CLIENT_SECRET = os.environ.get("ORCID_CLIENT_SECRET", default=None) + + WIKIPEDIA_CLIENT_ID = os.environ.get("WIKIPEDIA_CLIENT_ID", default=None) + WIKIPEDIA_CLIENT_SECRET = os.environ.get("WIKIPEDIA_CLIENT_SECRET", default=None) + GITLAB_CLIENT_ID = os.environ.get("GITLAB_CLIENT_ID", default=None) GITLAB_CLIENT_SECRET = os.environ.get("GITLAB_CLIENT_SECRET", default=None) + GITHUB_CLIENT_ID = os.environ.get("GITHUB_CLIENT_ID", default=None) + GITHUB_CLIENT_SECRET = os.environ.get("GITHUB_CLIENT_SECRET", default=None) + IA_XAUTH_URI = "https://archive.org/services/xauthn/" IA_XAUTH_CLIENT_ID = os.environ.get("IA_XAUTH_CLIENT_ID", default=None) IA_XAUTH_CLIENT_SECRET = os.environ.get("IA_XAUTH_CLIENT_SECRET", default=None) |