summaryrefslogtreecommitdiffstats
path: root/python/fatcat_web/auth.py
diff options
context:
space:
mode:
Diffstat (limited to 'python/fatcat_web/auth.py')
-rw-r--r--python/fatcat_web/auth.py60
1 files changed, 54 insertions, 6 deletions
diff --git a/python/fatcat_web/auth.py b/python/fatcat_web/auth.py
index f6672e87..385f5c49 100644
--- a/python/fatcat_web/auth.py
+++ b/python/fatcat_web/auth.py
@@ -1,27 +1,75 @@
from flask import Flask, render_template, send_from_directory, request, \
url_for, abort, g, redirect, jsonify, session
-from fatcat_web import login_manager
+from fatcat_web import login_manager, api
+from flask_login import logout_user, login_user, UserMixin
+import pymacaroons
+def handle_logout():
+ logout_user()
+ for k in ('editor', 'token'):
+ if k in session:
+ session.pop(k)
+
+def handle_token_login(token):
+ try:
+ m = pymacaroons.Macaroon.deserialize(token)
+ except pymacaroons.exceptions.MacaroonDeserializationException:
+ # TODO: what kind of Exceptions?
+ return abort(400)
+ # extract editor_id
+ editor_id = None
+ for caveat in m.first_party_caveats():
+ caveat = caveat.caveat_id
+ if caveat.startswith(b"editor_id = "):
+ editor_id = caveat[12:].decode('utf-8')
+ if not editor_id:
+ abort(400)
+ # fetch editor info
+ editor = api.get_editor(editor_id).to_dict()
+ session['api_token'] = token
+ session['editor'] = editor
+ login_user(load_user(editor_id))
+ return redirect("/")
+
# This will need to login/signup via fatcatd API, then set token in session
def handle_oauth(remote, token, user_info):
print(remote)
if token:
print(remote.name, token)
if user_info:
- # TODO: fetch api login/signup using user_info
print(user_info)
- # TODO: write token and username to session
- # TODO: call login_user(load_user(editor_id))
+ print(user_info.iss)
+ print(user_info.prefered_username)
+
+ # fetch api login/signup using user_info
+ params = AuthOidc(remote.name, user_info.sub, user_info.iss)
+ resp = api.auth_oidc(params)
+ editor = resp['editor']
+ api_token = resp['token']
+
+ # write token and username to session
+ session['api_token'] = api_token
+ session['editor'] = editor.editor_id
+
+ # call login_user(load_user(editor_id))
+ login_user(load_user(editor_id))
return redirect("/")
+
raise some_error
@login_manager.user_loader
def load_user(editor_id):
- # NOTE: this should look for extra info in session, and update the user
- # object with that. If session isn't loaded/valid, should return None
+ # looks for extra info in session, and updates the user object with that.
+ # If session isn't loaded/valid, should return None
+ if not 'editor' in session or not 'api_token' in session:
+ return None
+ editor = session['editor']
+ token = session['api_token']
user = UserMixin()
user.id = editor_id
+ user.username = editor['username']
+ user.token = token
return user