sources/oauth: fix invalid headers, fix invalid function signature
This commit is contained in:
parent
2b5fddb7bf
commit
64d7b009ab
|
@ -1,8 +1,9 @@
|
||||||
"""OAuth Clients"""
|
"""OAuth Clients"""
|
||||||
import json
|
import json
|
||||||
from typing import Dict
|
from typing import Dict, Optional
|
||||||
from urllib.parse import parse_qs, urlencode
|
from urllib.parse import parse_qs, urlencode
|
||||||
|
|
||||||
|
from django.http import HttpRequest
|
||||||
from django.utils.crypto import constant_time_compare, get_random_string
|
from django.utils.crypto import constant_time_compare, get_random_string
|
||||||
from django.utils.encoding import force_text
|
from django.utils.encoding import force_text
|
||||||
from requests import Session
|
from requests import Session
|
||||||
|
@ -18,30 +19,26 @@ LOGGER = get_logger()
|
||||||
class BaseOAuthClient:
|
class BaseOAuthClient:
|
||||||
"""Base OAuth Client"""
|
"""Base OAuth Client"""
|
||||||
|
|
||||||
_session: Session = None
|
session: Session = None
|
||||||
|
|
||||||
def __init__(self, source, token=""): # nosec
|
def __init__(self, source, token=""): # nosec
|
||||||
self.source = source
|
self.source = source
|
||||||
self.token = token
|
self.token = token
|
||||||
self._session = Session()
|
self.session = Session()
|
||||||
self._session.headers.update({"User-Agent": "passbook %s" % __version__})
|
self.session.headers.update({"User-Agent": "passbook %s" % __version__})
|
||||||
|
|
||||||
def get_access_token(self, request, callback=None):
|
def get_access_token(self, request, callback=None):
|
||||||
"Fetch access token from callback request."
|
"Fetch access token from callback request."
|
||||||
raise NotImplementedError("Defined in a sub-class") # pragma: no cover
|
raise NotImplementedError("Defined in a sub-class") # pragma: no cover
|
||||||
|
|
||||||
def get_profile_info(self, raw_token):
|
def get_profile_info(self, token: Dict[str, str]):
|
||||||
"Fetch user profile information."
|
"Fetch user profile information."
|
||||||
try:
|
try:
|
||||||
token = json.loads(raw_token)
|
|
||||||
headers = {
|
headers = {
|
||||||
"Authorization": f"{token['token_type']} {token['access_token']}"
|
"Authorization": f"{token['token_type']} {token['access_token']}"
|
||||||
}
|
}
|
||||||
response = self.request(
|
response = self.session.request(
|
||||||
"get",
|
"get", self.source.profile_url, headers=headers,
|
||||||
self.source.profile_url,
|
|
||||||
token=token["access_token"],
|
|
||||||
headers=headers,
|
|
||||||
)
|
)
|
||||||
response.raise_for_status()
|
response.raise_for_status()
|
||||||
except RequestException as exc:
|
except RequestException as exc:
|
||||||
|
@ -67,10 +64,6 @@ class BaseOAuthClient:
|
||||||
"Parse token and secret from raw token response."
|
"Parse token and secret from raw token response."
|
||||||
raise NotImplementedError("Defined in a sub-class") # pragma: no cover
|
raise NotImplementedError("Defined in a sub-class") # pragma: no cover
|
||||||
|
|
||||||
def request(self, method, url, **kwargs):
|
|
||||||
"Build remote url request."
|
|
||||||
return self._session.request(method, url, **kwargs)
|
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def session_key(self):
|
def session_key(self):
|
||||||
"""Return Session Key"""
|
"""Return Session Key"""
|
||||||
|
@ -80,36 +73,48 @@ class BaseOAuthClient:
|
||||||
class OAuthClient(BaseOAuthClient):
|
class OAuthClient(BaseOAuthClient):
|
||||||
"""OAuth1 Client"""
|
"""OAuth1 Client"""
|
||||||
|
|
||||||
def get_access_token(self, request, callback=None):
|
_default_headers = {
|
||||||
|
"Accept": "application/json",
|
||||||
|
}
|
||||||
|
|
||||||
|
def get_access_token(
|
||||||
|
self, request: HttpRequest, callback=None
|
||||||
|
) -> Optional[Dict[str, str]]:
|
||||||
"Fetch access token from callback request."
|
"Fetch access token from callback request."
|
||||||
raw_token = request.session.get(self.session_key, None)
|
raw_token = request.session.get(self.session_key, None)
|
||||||
verifier = request.GET.get("oauth_verifier", None)
|
verifier = request.GET.get("oauth_verifier", None)
|
||||||
if raw_token is not None and verifier is not None:
|
if raw_token is not None and verifier is not None:
|
||||||
data = {"oauth_verifier": verifier}
|
data = {
|
||||||
|
"oauth_verifier": verifier,
|
||||||
|
"oauth_callback": callback,
|
||||||
|
"token": raw_token,
|
||||||
|
}
|
||||||
callback = request.build_absolute_uri(callback or request.path)
|
callback = request.build_absolute_uri(callback or request.path)
|
||||||
callback = force_text(callback)
|
callback = force_text(callback)
|
||||||
try:
|
try:
|
||||||
response = self.request(
|
response = self.session.request(
|
||||||
"post",
|
"post",
|
||||||
self.source.access_token_url,
|
self.source.access_token_url,
|
||||||
token=raw_token,
|
|
||||||
data=data,
|
data=data,
|
||||||
oauth_callback=callback,
|
headers=self._default_headers,
|
||||||
)
|
)
|
||||||
response.raise_for_status()
|
response.raise_for_status()
|
||||||
except RequestException as exc:
|
except RequestException as exc:
|
||||||
LOGGER.warning("Unable to fetch access token", exc=exc)
|
LOGGER.warning("Unable to fetch access token", exc=exc)
|
||||||
return None
|
return None
|
||||||
else:
|
else:
|
||||||
return response.text
|
return response.json()
|
||||||
return None
|
return None
|
||||||
|
|
||||||
def get_request_token(self, request, callback):
|
def get_request_token(self, request, callback):
|
||||||
"Fetch the OAuth request token. Only required for OAuth 1.0."
|
"Fetch the OAuth request token. Only required for OAuth 1.0."
|
||||||
callback = force_text(request.build_absolute_uri(callback))
|
callback = force_text(request.build_absolute_uri(callback))
|
||||||
try:
|
try:
|
||||||
response = self.request(
|
response = self.session.request(
|
||||||
"post", self.source.request_token_url, oauth_callback=callback
|
"post",
|
||||||
|
self.source.request_token_url,
|
||||||
|
data={"oauth_callback": callback},
|
||||||
|
headers=self._default_headers,
|
||||||
)
|
)
|
||||||
response.raise_for_status()
|
response.raise_for_status()
|
||||||
except RequestException as exc:
|
except RequestException as exc:
|
||||||
|
@ -154,7 +159,7 @@ class OAuthClient(BaseOAuthClient):
|
||||||
callback_uri=callback,
|
callback_uri=callback,
|
||||||
)
|
)
|
||||||
kwargs["auth"] = oauth
|
kwargs["auth"] = oauth
|
||||||
return super(OAuthClient, self).request(method, url, **kwargs)
|
return super(OAuthClient, self).session.request(method, url, **kwargs)
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def session_key(self):
|
def session_key(self):
|
||||||
|
@ -164,6 +169,10 @@ class OAuthClient(BaseOAuthClient):
|
||||||
class OAuth2Client(BaseOAuthClient):
|
class OAuth2Client(BaseOAuthClient):
|
||||||
"""OAuth2 Client"""
|
"""OAuth2 Client"""
|
||||||
|
|
||||||
|
_default_headers = {
|
||||||
|
"Accept": "application/json",
|
||||||
|
}
|
||||||
|
|
||||||
# pylint: disable=unused-argument
|
# pylint: disable=unused-argument
|
||||||
def check_application_state(self, request, callback):
|
def check_application_state(self, request, callback):
|
||||||
"Check optional state parameter."
|
"Check optional state parameter."
|
||||||
|
@ -197,15 +206,19 @@ class OAuth2Client(BaseOAuthClient):
|
||||||
LOGGER.warning("No code returned by the source")
|
LOGGER.warning("No code returned by the source")
|
||||||
return None
|
return None
|
||||||
try:
|
try:
|
||||||
response = self.request(
|
response = self.session.request(
|
||||||
"post", self.source.access_token_url, data=args, **request_kwargs
|
"post",
|
||||||
|
self.source.access_token_url,
|
||||||
|
data=args,
|
||||||
|
headers=self._default_headers,
|
||||||
|
**request_kwargs,
|
||||||
)
|
)
|
||||||
response.raise_for_status()
|
response.raise_for_status()
|
||||||
except RequestException as exc:
|
except RequestException as exc:
|
||||||
LOGGER.warning("Unable to fetch access token", exc=exc)
|
LOGGER.warning("Unable to fetch access token", exc=exc)
|
||||||
return None
|
return None
|
||||||
else:
|
else:
|
||||||
return response.text
|
return response.json()
|
||||||
|
|
||||||
# pylint: disable=unused-argument
|
# pylint: disable=unused-argument
|
||||||
def get_application_state(self, request, callback):
|
def get_application_state(self, request, callback):
|
||||||
|
@ -247,7 +260,7 @@ class OAuth2Client(BaseOAuthClient):
|
||||||
params = kwargs.get("params", {})
|
params = kwargs.get("params", {})
|
||||||
params["access_token"] = token
|
params["access_token"] = token
|
||||||
kwargs["params"] = params
|
kwargs["params"] = params
|
||||||
return super(OAuth2Client, self).request(method, url, **kwargs)
|
return super(OAuth2Client, self).session.request(method, url, **kwargs)
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def session_key(self):
|
def session_key(self):
|
||||||
|
|
|
@ -116,7 +116,7 @@ class AzureADOAuthSourceForm(OAuthSourceForm):
|
||||||
class Meta(OAuthSourceForm.Meta):
|
class Meta(OAuthSourceForm.Meta):
|
||||||
|
|
||||||
overrides = {
|
overrides = {
|
||||||
"provider_type": "azure_ad",
|
"provider_type": "azure-ad",
|
||||||
"request_token_url": "",
|
"request_token_url": "",
|
||||||
"authorization_url": "https://login.microsoftonline.com/common/oauth2/authorize",
|
"authorization_url": "https://login.microsoftonline.com/common/oauth2/authorize",
|
||||||
"access_token_url": "https://login.microsoftonline.com/common/oauth2/token",
|
"access_token_url": "https://login.microsoftonline.com/common/oauth2/token",
|
||||||
|
|
|
@ -89,13 +89,15 @@ class OAuthCallback(OAuthClientMixin, View):
|
||||||
client = self.get_client(self.source)
|
client = self.get_client(self.source)
|
||||||
callback = self.get_callback_url(self.source)
|
callback = self.get_callback_url(self.source)
|
||||||
# Fetch access token
|
# Fetch access token
|
||||||
raw_token = client.get_access_token(self.request, callback=callback)
|
token = client.get_access_token(self.request, callback=callback)
|
||||||
if raw_token is None:
|
if token is None:
|
||||||
return self.handle_login_failure(
|
return self.handle_login_failure(
|
||||||
self.source, "Could not retrieve token."
|
self.source, "Could not retrieve token."
|
||||||
)
|
)
|
||||||
|
if "error" in token:
|
||||||
|
return self.handle_login_failure(self.source, token["error"])
|
||||||
# Fetch profile info
|
# Fetch profile info
|
||||||
info = client.get_profile_info(raw_token)
|
info = client.get_profile_info(token)
|
||||||
if info is None:
|
if info is None:
|
||||||
return self.handle_login_failure(
|
return self.handle_login_failure(
|
||||||
self.source, "Could not retrieve profile."
|
self.source, "Could not retrieve profile."
|
||||||
|
@ -105,7 +107,7 @@ class OAuthCallback(OAuthClientMixin, View):
|
||||||
return self.handle_login_failure(self.source, "Could not determine id.")
|
return self.handle_login_failure(self.source, "Could not determine id.")
|
||||||
# Get or create access record
|
# Get or create access record
|
||||||
defaults = {
|
defaults = {
|
||||||
"access_token": raw_token,
|
"access_token": token.get("access_token"),
|
||||||
}
|
}
|
||||||
existing = UserOAuthSourceConnection.objects.filter(
|
existing = UserOAuthSourceConnection.objects.filter(
|
||||||
source=self.source, identifier=identifier
|
source=self.source, identifier=identifier
|
||||||
|
@ -113,13 +115,15 @@ class OAuthCallback(OAuthClientMixin, View):
|
||||||
|
|
||||||
if existing.exists():
|
if existing.exists():
|
||||||
connection = existing.first()
|
connection = existing.first()
|
||||||
connection.access_token = raw_token
|
connection.access_token = token.get("access_token")
|
||||||
UserOAuthSourceConnection.objects.filter(pk=connection.pk).update(
|
UserOAuthSourceConnection.objects.filter(pk=connection.pk).update(
|
||||||
**defaults
|
**defaults
|
||||||
)
|
)
|
||||||
else:
|
else:
|
||||||
connection = UserOAuthSourceConnection(
|
connection = UserOAuthSourceConnection(
|
||||||
source=self.source, identifier=identifier, access_token=raw_token
|
source=self.source,
|
||||||
|
identifier=identifier,
|
||||||
|
access_token=token.get("access_token"),
|
||||||
)
|
)
|
||||||
user = authenticate(
|
user = authenticate(
|
||||||
source=self.source, identifier=identifier, request=request
|
source=self.source, identifier=identifier, request=request
|
||||||
|
|
Reference in a new issue