-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathauth.py
154 lines (121 loc) · 4.84 KB
/
auth.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
import os
import sys
import logging
from google.appengine.ext import db
from google.appengine.api import users
from google.appengine.ext import webapp
from google.appengine.ext.webapp import template
from google.appengine.ext.webapp import util
path = os.path.join(os.path.dirname(__file__), 'lib')
sys.path.insert(0, path)
import config
from ningapi import NingError
class Credential(db.Model):
owner = db.UserProperty(required=True)
token_key = db.StringProperty(required=True)
token_secret = db.StringProperty(required=True)
email = db.EmailProperty(required=True)
class AuthConfig(webapp.RequestHandler):
def get(self):
"""Display a template for adding credentials"""
current_user = users.get_current_user()
query = Credential.all().filter("owner =", current_user)
if query.count() > 0:
logging.warn("%s already authorized" % current_user.email())
self.redirect("/auth/admin/view?failure=authorized")
return
error_code = self.request.get("failure", False)
if error_code == False:
error_message = None
elif error_code == "unauthorized":
error_message = "You must first authorize the application"
elif error_code == "missing":
error_message = "Enter an email address and password"
elif error_code == "1-23":
error_message = "Invalid email address"
elif error_code == "1-24":
error_message = "Invalid password"
else:
error_message = "Unknown error"
path = os.path.join(os.path.dirname(__file__),
'templates/auth-new.html')
template_values = {
"failure": error_message,
"success": self.request.get("success", False)
}
self.response.out.write(template.render(path, template_values))
def post(self):
email = self.request.get("email", None)
password = self.request.get("password", None)
if not email or not password:
logging.error("Missing email or password")
self.redirect("/auth/admin/new?failure=missing")
return
token = None
try:
ning_client = config.new_client()
token = ning_client.login(email, password)
except NingError, e:
logging.error("Unable to get token: %s" % str(e))
self.redirect("/auth/admin/new?failure=%s-%s" % (e.error_code,
e.error_subcode))
return
if not token:
logging.error("Can't add credntials: Missing token")
self.redirect("/auth/admin/new?failure=1")
return
cred = Credential(token_key=token.key, token_secret=token.secret,
owner=users.get_current_user(), email=email)
cred.put()
logging.info("Added new credentials: %s:%s" % (token.key,
token.secret))
self.redirect("/auth/admin/view?success=1")
class AuthBrowser(webapp.RequestHandler):
def get(self):
"""Display the list of credentials"""
credentials = []
current_user = users.get_current_user()
query = Credential.all().filter("owner =", current_user)
error_code = self.request.get("failure", False)
if error_code == False:
error_message = None
elif error_code == "authorized":
error_message = "You have already authorized this application"
else:
error_message = "Unknown error"
for credential in query:
credentials.append({
"email": credential.email,
"token_key": credential.token_key,
"token_secret": credential.token_secret})
path = os.path.join(os.path.dirname(__file__),
'templates/auth-browse.html')
template_values = {
"credentials": credentials,
"failure": error_message,
"success": self.request.get("success", False)
}
self.response.out.write(template.render(path, template_values))
return
def require_credentials(func):
"""Decorator that requires the user to have credentials"""
def wrapper(self, *args, **kw):
current_user = users.get_current_user()
query = Credential.all().filter("owner =", current_user)
if query.count() != 1:
logging.warning("%s missing credentials, redirecting" %
current_user.email())
self.redirect("/auth/admin/new?failure=unauthorized")
return
else:
func(self, *args, **kw)
return wrapper
def main():
application = webapp.WSGIApplication([
('/auth/admin/new', AuthConfig),
('/auth/admin/view', AuthBrowser),
],
debug=True)
util.run_wsgi_app(application)
if __name__ == '__main__':
main()