From 0840e5211309cd9e80ad7b2bbe82df3971423323 Mon Sep 17 00:00:00 2001
From: Bryan Newbold <bnewbold@robocracy.org>
Date: Tue, 9 Apr 2019 17:17:31 -0700
Subject: crude mostly-working wikipedia (mediawiki) login

---
 python/fatcat_web/__init__.py               | 25 +++++++++++++++++++++---
 python/fatcat_web/auth.py                   | 11 +++++++++++
 python/fatcat_web/routes.py                 | 17 ++++++++++++++--
 python/fatcat_web/templates/auth_login.html | 30 ++++++++++++++++++++++++-----
 python/fatcat_web/web_config.py             |  9 +++++++++
 5 files changed, 82 insertions(+), 10 deletions(-)

(limited to 'python')

diff --git a/python/fatcat_web/__init__.py b/python/fatcat_web/__init__.py
index fa7d005a..d0d3eaf5 100644
--- a/python/fatcat_web/__init__.py
+++ b/python/fatcat_web/__init__.py
@@ -6,8 +6,9 @@ from flask_debugtoolbar import DebugToolbarExtension
 from flask_login import LoginManager
 from flask_wtf.csrf import CSRFProtect
 from flask_misaka import Misaka
+from flask_mwoauth import MWOAuth
 from authlib.flask.client import OAuth
-from loginpass import create_flask_blueprint, Gitlab
+from loginpass import create_flask_blueprint, Gitlab, GitHub
 from raven.contrib.flask import Sentry
 import fatcat_client
 
@@ -60,7 +61,25 @@ else:
     print("No privileged token found")
     priv_api = None
 
+mwoauth = MWOAuth(
+    consumer_key=Config.WIKIPEDIA_CLIENT_ID,
+    consumer_secret=Config.WIKIPEDIA_CLIENT_SECRET,
+    default_return_to='wp_oauth_finish_login')
+mwoauth.handshaker.user_agent = "fatcat.wiki;python_web_interface"
+app.register_blueprint(mwoauth.bp, url_prefix='/auth/wikipedia')
+
 from fatcat_web import routes, editing_routes, auth, cors, forms
 
-gitlab_bp = create_flask_blueprint(Gitlab, oauth, auth.handle_oauth)
-app.register_blueprint(gitlab_bp, url_prefix='/auth/gitlab')
+if Config.ORCID_CLIENT_ID:
+    # XXX:
+    pass
+    #orcid_bp = create_flask_blueprint(ORCID, oauth, auth.handle_oauth)
+    #app.register_blueprint(orcid_bp, url_prefix='/auth/orcid')
+
+if Config.GITLAB_CLIENT_ID:
+    gitlab_bp = create_flask_blueprint(Gitlab, oauth, auth.handle_oauth)
+    app.register_blueprint(gitlab_bp, url_prefix='/auth/gitlab')
+
+if Config.GITHUB_CLIENT_ID:
+    github_bp = create_flask_blueprint(GitHub, oauth, auth.handle_oauth)
+    app.register_blueprint(github_bp, url_prefix='/auth/google')
diff --git a/python/fatcat_web/auth.py b/python/fatcat_web/auth.py
index b815d816..44a03f5f 100644
--- a/python/fatcat_web/auth.py
+++ b/python/fatcat_web/auth.py
@@ -127,6 +127,17 @@ def handle_ia_xauth(email, password):
     }
     return handle_oauth(remote, None, oauth_info)
 
+def handle_wmoauth(username):
+    # pass off "as if" we did OAuth successfully
+    FakeOAuthRemote = namedtuple('FakeOAuthRemote', ['name', 'OAUTH_CONFIG'])
+    remote = FakeOAuthRemote(name='wikipedia', OAUTH_CONFIG={'api_base_url': "https://www.mediawiki.org/w"})
+    oauth_info = {
+        'preferred_username': username,
+        'iss': "https://www.mediawiki.org/w",
+        'sub': username,
+    }
+    return handle_oauth(remote, None, oauth_info)
+
 @login_manager.user_loader
 def load_user(editor_id):
     # looks for extra info in session, and updates the user object with that.
diff --git a/python/fatcat_web/routes.py b/python/fatcat_web/routes.py
index f6b08f54..f14ca5f6 100644
--- a/python/fatcat_web/routes.py
+++ b/python/fatcat_web/routes.py
@@ -9,8 +9,8 @@ from flask_wtf.csrf import CSRFError
 from fatcat_client import Editgroup, EditgroupAnnotation
 from fatcat_client.rest import ApiException
 from fatcat_tools.transforms import *
-from fatcat_web import app, api, auth_api, priv_api
-from fatcat_web.auth import handle_token_login, handle_logout, load_user, handle_ia_xauth
+from fatcat_web import app, api, auth_api, priv_api, mwoauth
+from fatcat_web.auth import handle_token_login, handle_logout, load_user, handle_ia_xauth, handle_wmoauth
 from fatcat_web.cors import crossdomain
 from fatcat_web.search import *
 from fatcat_web.hacks import strip_extlink_xml, wayback_suffix
@@ -673,6 +673,19 @@ def auth_account():
     load_user(editor.editor_id)
     return render_template('auth_account.html')
 
+@app.route('/auth/wikipedia/auth')
+def wp_oauth_rewrite():
+    """
+    This is a dirty hack to rewrite '/auth/wikipedia/auth' to '/auth/wikipedia/oauth-callback'
+    """
+    return redirect(b"/auth/wikipedia/oauth-callback?" + request.query_string, 307)
+
+@app.route('/auth/wikipedia/finish-login')
+def wp_oauth_finish_login():
+    wp_username = mwoauth.get_current_user(cached=True)
+    assert(wp_username)
+    return handle_wmoauth(wp_username)
+
 
 ### Static Routes ###########################################################
 
diff --git a/python/fatcat_web/templates/auth_login.html b/python/fatcat_web/templates/auth_login.html
index bcb11680..c63b4227 100644
--- a/python/fatcat_web/templates/auth_login.html
+++ b/python/fatcat_web/templates/auth_login.html
@@ -13,6 +13,7 @@ Note that currently editor accounts are locked 1-to-1 with external identities.
 <a href="https://guide.fatcat.wiki/policies.html">Norms and Policies</a>.
 
 <br>
+{% if config.IA_XAUTH_CLIENT_ID %}
 <a href="/auth/ia/login">
 <div class="ui segment attached">
   <h2 class="ui header">
@@ -24,7 +25,19 @@ Note that currently editor accounts are locked 1-to-1 with external identities.
   </h2>
 </div>
 </a>
+{% else %}
+<div class="ui segment attached">
+  <h2 class="ui header">
+    <i class="grey times circle icon"></i>
+    <div class="content">
+      Internet Archive
+      <div class="sub header">not configured</div>
+    </div>
+  </h2>
+</div>
+{% endif %}
 
+{% if config.ORCID_CLIENT_ID %}
 <a href="/auth/orcid/login">
 <div class="ui segment attached">
   <h2 class="ui header">
@@ -36,42 +49,49 @@ Note that currently editor accounts are locked 1-to-1 with external identities.
   </h2>
 </div>
 </a>
+{% endif %}
 
+{% if config.WIKIPEDIA_CLIENT_ID %}
 <a href="/auth/wikipedia/login">
 <div class="ui segment attached">
   <h2 class="ui header">
-      <i class="wikipedia w icon"></i>
+    <i class="wikipedia w icon"></i>
     <div class="content">
       Wikipedia
-      <div class="sub header">via OpenID Connect</div>
+      <div class="sub header">via OAuth</div>
     </div>
   </h2>
 </div>
 </a>
+{% endif %}
 
+{% if config.GITLAB_CLIENT_ID %}
 <a href="/auth/gitlab/login">
 <div class="ui segment attached">
   <h2 class="ui header">
     <i class="orange gitlab icon"></i>
     <div class="content">
       Gitlab
-      <div class="sub header">via OpenID Connect</div>
+      <div class="sub header">via OAuth</div>
     </div>
   </h2>
 </div>
 </a>
+{% endif %}
 
-<a href="/auth/google/login">
+{% if config.GITHUB_CLIENT_ID %}
+<a href="/auth/github/login">
 <div class="ui segment attached">
   <h2 class="ui header">
     <i class="red google icon"></i>
     <div class="content">
-      Google
+      Github
       <div class="sub header">via OpenID Connect</div>
     </div>
   </h2>
 </div>
 </a>
+{% endif %}
 
 {# alternative style
 <br>
diff --git a/python/fatcat_web/web_config.py b/python/fatcat_web/web_config.py
index b12cb114..e681b397 100644
--- a/python/fatcat_web/web_config.py
+++ b/python/fatcat_web/web_config.py
@@ -32,9 +32,18 @@ class Config(object):
     FLASK_SECRET_KEY = os.environ.get("FLASK_SECRET_KEY", default=None)
     SECRET_KEY = FLASK_SECRET_KEY
 
+    ORCID_CLIENT_ID = os.environ.get("ORCID_CLIENT_ID", default=None)
+    ORCID_CLIENT_SECRET = os.environ.get("ORCID_CLIENT_SECRET", default=None)
+
+    WIKIPEDIA_CLIENT_ID = os.environ.get("WIKIPEDIA_CLIENT_ID", default=None)
+    WIKIPEDIA_CLIENT_SECRET = os.environ.get("WIKIPEDIA_CLIENT_SECRET", default=None)
+
     GITLAB_CLIENT_ID = os.environ.get("GITLAB_CLIENT_ID", default=None)
     GITLAB_CLIENT_SECRET = os.environ.get("GITLAB_CLIENT_SECRET", default=None)
 
+    GITHUB_CLIENT_ID = os.environ.get("GITHUB_CLIENT_ID", default=None)
+    GITHUB_CLIENT_SECRET = os.environ.get("GITHUB_CLIENT_SECRET", default=None)
+
     IA_XAUTH_URI = "https://archive.org/services/xauthn/"
     IA_XAUTH_CLIENT_ID = os.environ.get("IA_XAUTH_CLIENT_ID", default=None)
     IA_XAUTH_CLIENT_SECRET = os.environ.get("IA_XAUTH_CLIENT_SECRET", default=None)
-- 
cgit v1.2.3