mirror of
https://github.com/janeczku/calibre-web
synced 2024-12-25 09:30:31 +00:00
New Oauth code
This commit is contained in:
parent
26a7d9ef30
commit
c6542fdec6
@ -56,10 +56,11 @@ feature_support = {
|
|||||||
# feature_support['rar'] = False
|
# feature_support['rar'] = False
|
||||||
|
|
||||||
try:
|
try:
|
||||||
from .oauth_bb import oauth_check
|
from .oauth_bb import oauth_check, oauthblueprints
|
||||||
feature_support['oauth'] = True
|
feature_support['oauth'] = True
|
||||||
except ImportError:
|
except ImportError:
|
||||||
feature_support['oauth'] = False
|
feature_support['oauth'] = False
|
||||||
|
oauthblueprints = []
|
||||||
oauth_check = {}
|
oauth_check = {}
|
||||||
|
|
||||||
|
|
||||||
@ -410,7 +411,7 @@ def _configuration_result(error_flash=None, gdriveError=None):
|
|||||||
flash(_(error_flash), category="error")
|
flash(_(error_flash), category="error")
|
||||||
show_login_button = False
|
show_login_button = False
|
||||||
|
|
||||||
return render_title_template("config_edit.html", config=config,
|
return render_title_template("config_edit.html", config=config, provider=oauthblueprints,
|
||||||
show_back_button=show_back_button, show_login_button=show_login_button,
|
show_back_button=show_back_button, show_login_button=show_login_button,
|
||||||
show_authenticate_google_drive=gdrive_authenticate,
|
show_authenticate_google_drive=gdrive_authenticate,
|
||||||
gdriveError=gdriveError, gdrivefolders=gdrivefolders, feature_support=feature_support,
|
gdriveError=gdriveError, gdrivefolders=gdrivefolders, feature_support=feature_support,
|
||||||
|
@ -84,11 +84,11 @@ class _Settings(_Base):
|
|||||||
|
|
||||||
config_login_type = Column(Integer, default=0)
|
config_login_type = Column(Integer, default=0)
|
||||||
|
|
||||||
config_oauth_provider = Column(Boolean)
|
config_oauth_provider = Column(Integer)
|
||||||
config_github_oauth_client_id = Column(String)
|
#config_github_oauth_client_id = Column(String)
|
||||||
config_github_oauth_client_secret = Column(String)
|
#config_github_oauth_client_secret = Column(String)
|
||||||
config_google_oauth_client_id = Column(String)
|
#config_google_oauth_client_id = Column(String)
|
||||||
config_google_oauth_client_secret = Column(String)
|
#config_google_oauth_client_secret = Column(String)
|
||||||
|
|
||||||
config_ldap_provider_url = Column(String, default='localhost')
|
config_ldap_provider_url = Column(String, default='localhost')
|
||||||
config_ldap_port = Column(SmallInteger, default=389)
|
config_ldap_port = Column(SmallInteger, default=389)
|
||||||
@ -310,3 +310,12 @@ def load_configuration(session):
|
|||||||
session.commit()
|
session.commit()
|
||||||
|
|
||||||
return _ConfigSQL(session)
|
return _ConfigSQL(session)
|
||||||
|
|
||||||
|
def load_oauth(session):
|
||||||
|
#_migrate_database(session)
|
||||||
|
|
||||||
|
if not session.query(OAuthProvider).count():
|
||||||
|
session.add(_Settings())
|
||||||
|
session.commit()
|
||||||
|
|
||||||
|
return _ConfigSQL(session)
|
||||||
|
@ -71,6 +71,7 @@ from .worker import TASK_EMAIL, TASK_CONVERT, TASK_UPLOAD, TASK_CONVERT_ANY
|
|||||||
log = logger.create()
|
log = logger.create()
|
||||||
|
|
||||||
|
|
||||||
|
# ToDo delete duplicate
|
||||||
def update_download(book_id, user_id):
|
def update_download(book_id, user_id):
|
||||||
check = ub.session.query(ub.Downloads).filter(ub.Downloads.user_id == user_id).filter(ub.Downloads.book_id ==
|
check = ub.session.query(ub.Downloads).filter(ub.Downloads.user_id == user_id).filter(ub.Downloads.book_id ==
|
||||||
book_id).first()
|
book_id).first()
|
||||||
|
100
cps/oauth_bb.py
100
cps/oauth_bb.py
@ -45,7 +45,7 @@ oauth = Blueprint('oauth', __name__)
|
|||||||
log = logger.create()
|
log = logger.create()
|
||||||
|
|
||||||
|
|
||||||
def github_oauth_required(f):
|
'''def github_oauth_required(f):
|
||||||
@wraps(f)
|
@wraps(f)
|
||||||
def inner(*args, **kwargs):
|
def inner(*args, **kwargs):
|
||||||
if config.config_login_type == constants.LOGIN_OAUTH_GITHUB:
|
if config.config_login_type == constants.LOGIN_OAUTH_GITHUB:
|
||||||
@ -72,6 +72,21 @@ def google_oauth_required(f):
|
|||||||
return response, 404
|
return response, 404
|
||||||
abort(404)
|
abort(404)
|
||||||
|
|
||||||
|
return inner'''
|
||||||
|
|
||||||
|
|
||||||
|
def oauth_required(f):
|
||||||
|
@wraps(f)
|
||||||
|
def inner(*args, **kwargs):
|
||||||
|
if config.config_oauth_provider:
|
||||||
|
return f(*args, **kwargs)
|
||||||
|
if request.is_xhr:
|
||||||
|
data = {'status': 'error', 'message': 'Not Found'}
|
||||||
|
response = make_response(json.dumps(data, ensure_ascii=False))
|
||||||
|
response.headers["Content-Type"] = "application/json; charset=utf-8"
|
||||||
|
return response, 404
|
||||||
|
abort(404)
|
||||||
|
|
||||||
return inner
|
return inner
|
||||||
|
|
||||||
|
|
||||||
@ -115,10 +130,62 @@ def logout_oauth_user():
|
|||||||
session.pop(oauth + '_oauth_user_id')
|
session.pop(oauth + '_oauth_user_id')
|
||||||
|
|
||||||
if ub.oauth_support:
|
if ub.oauth_support:
|
||||||
github_blueprint = make_github_blueprint(
|
oauthblueprints =[]
|
||||||
|
if not ub.session.query(ub.OAuthProvider).count():
|
||||||
|
oauth = ub.OAuthProvider()
|
||||||
|
oauth.provider_name = "github"
|
||||||
|
oauth.active = False
|
||||||
|
ub.session.add(oauth)
|
||||||
|
ub.session.commit()
|
||||||
|
oauth = ub.OAuthProvider()
|
||||||
|
oauth.provider_name = "google"
|
||||||
|
oauth.active = False
|
||||||
|
ub.session.add(oauth)
|
||||||
|
ub.session.commit()
|
||||||
|
'''new_scope = ub.OAuthScope(provider_id=oauth.id, scope="https://www.googleapis.com/auth/plus.me")
|
||||||
|
ub.session.add(new_scope)
|
||||||
|
ub.session.commit()
|
||||||
|
new_scope = ub.OAuthScope(provider_id=oauth.id, scope="https://www.googleapis.com/auth/userinfo.email")
|
||||||
|
ub.session.add(new_scope)
|
||||||
|
ub.session.commit()'''
|
||||||
|
|
||||||
|
ele1=dict(provider_name='Github',
|
||||||
|
active=False,
|
||||||
|
oauth_client_id=None,
|
||||||
|
scope=None,
|
||||||
|
oauth_client_secret=None,
|
||||||
|
obtain_link='https://github.com/settings/developers')
|
||||||
|
ele2=dict(provider_name='Google',
|
||||||
|
active=False,
|
||||||
|
scope=["https://www.googleapis.com/auth/plus.me", "https://www.googleapis.com/auth/userinfo.email"],
|
||||||
|
oauth_client_id=None,
|
||||||
|
oauth_client_secret=None,
|
||||||
|
obtain_link='https://github.com/settings/developers')
|
||||||
|
oauthblueprints.append(ele1)
|
||||||
|
oauthblueprints.append(ele2)
|
||||||
|
|
||||||
|
for element in oauthblueprints:
|
||||||
|
if element['provider_name'] == 'Github':
|
||||||
|
blueprint_func = make_github_blueprint
|
||||||
|
else:
|
||||||
|
blueprint_func = make_google_blueprint
|
||||||
|
blueprint = blueprint_func(
|
||||||
|
client_id=element['oauth_client_id'],
|
||||||
|
client_secret=element['oauth_client_secret'],
|
||||||
|
redirect_to="oauth."+element['provider_name']+"_login",
|
||||||
|
scope = element['scope']
|
||||||
|
)
|
||||||
|
element['blueprint']=blueprint
|
||||||
|
app.register_blueprint(blueprint, url_prefix="/login")
|
||||||
|
element['blueprint'].backend = OAuthBackend(ub.OAuth, ub.session, user=current_user, user_required=True)
|
||||||
|
if element['active']:
|
||||||
|
register_oauth_blueprint(element['blueprint'], element['provider_name'])
|
||||||
|
|
||||||
|
|
||||||
|
'''github_blueprint = make_github_blueprint(
|
||||||
client_id=config.config_github_oauth_client_id,
|
client_id=config.config_github_oauth_client_id,
|
||||||
client_secret=config.config_github_oauth_client_secret,
|
client_secret=config.config_github_oauth_client_secret,
|
||||||
redirect_to="oauth.github_login",)
|
redirect_to="oauth.github_login")
|
||||||
|
|
||||||
google_blueprint = make_google_blueprint(
|
google_blueprint = make_google_blueprint(
|
||||||
client_id=config.config_google_oauth_client_id,
|
client_id=config.config_google_oauth_client_id,
|
||||||
@ -134,16 +201,15 @@ if ub.oauth_support:
|
|||||||
app.register_blueprint(github_blueprint, url_prefix='/login')
|
app.register_blueprint(github_blueprint, url_prefix='/login')
|
||||||
|
|
||||||
github_blueprint.backend = OAuthBackend(ub.OAuth, ub.session, user=current_user, user_required=True)
|
github_blueprint.backend = OAuthBackend(ub.OAuth, ub.session, user=current_user, user_required=True)
|
||||||
google_blueprint.backend = OAuthBackend(ub.OAuth, ub.session, user=current_user, user_required=True)
|
google_blueprint.backend = OAuthBackend(ub.OAuth, ub.session, user=current_user, user_required=True)'''
|
||||||
|
|
||||||
|
'''if config.config_login_type == constants.LOGIN_OAUTH_GITHUB:
|
||||||
if config.config_login_type == constants.LOGIN_OAUTH_GITHUB:
|
|
||||||
register_oauth_blueprint(github_blueprint, 'GitHub')
|
register_oauth_blueprint(github_blueprint, 'GitHub')
|
||||||
if config.config_login_type == constants.LOGIN_OAUTH_GOOGLE:
|
if config.config_login_type == constants.LOGIN_OAUTH_GOOGLE:
|
||||||
register_oauth_blueprint(google_blueprint, 'Google')
|
register_oauth_blueprint(google_blueprint, 'Google')'''
|
||||||
|
|
||||||
|
|
||||||
@oauth_authorized.connect_via(github_blueprint)
|
@oauth_authorized.connect_via(oauthblueprints[0]['blueprint'])
|
||||||
def github_logged_in(blueprint, token):
|
def github_logged_in(blueprint, token):
|
||||||
if not token:
|
if not token:
|
||||||
flash(_(u"Failed to log in with GitHub."), category="error")
|
flash(_(u"Failed to log in with GitHub."), category="error")
|
||||||
@ -159,7 +225,7 @@ if ub.oauth_support:
|
|||||||
return oauth_update_token(blueprint, token, github_user_id)
|
return oauth_update_token(blueprint, token, github_user_id)
|
||||||
|
|
||||||
|
|
||||||
@oauth_authorized.connect_via(google_blueprint)
|
@oauth_authorized.connect_via(oauthblueprints[1]['blueprint'])
|
||||||
def google_logged_in(blueprint, token):
|
def google_logged_in(blueprint, token):
|
||||||
if not token:
|
if not token:
|
||||||
flash(_(u"Failed to log in with Google."), category="error")
|
flash(_(u"Failed to log in with Google."), category="error")
|
||||||
@ -278,7 +344,7 @@ if ub.oauth_support:
|
|||||||
|
|
||||||
|
|
||||||
# notify on OAuth provider error
|
# notify on OAuth provider error
|
||||||
@oauth_error.connect_via(github_blueprint)
|
@oauth_error.connect_via(oauthblueprints[0]['blueprint'])
|
||||||
def github_error(blueprint, error, error_description=None, error_uri=None):
|
def github_error(blueprint, error, error_description=None, error_uri=None):
|
||||||
msg = (
|
msg = (
|
||||||
u"OAuth error from {name}! "
|
u"OAuth error from {name}! "
|
||||||
@ -293,14 +359,14 @@ if ub.oauth_support:
|
|||||||
|
|
||||||
|
|
||||||
@oauth.route('/github')
|
@oauth.route('/github')
|
||||||
@github_oauth_required
|
@oauth_required
|
||||||
def github_login():
|
def github_login():
|
||||||
if not github.authorized:
|
if not github.authorized:
|
||||||
return redirect(url_for('github.login'))
|
return redirect(url_for('github.login'))
|
||||||
account_info = github.get('/user')
|
account_info = github.get('/user')
|
||||||
if account_info.ok:
|
if account_info.ok:
|
||||||
account_info_json = account_info.json()
|
account_info_json = account_info.json()
|
||||||
return bind_oauth_or_register(github_blueprint.name, account_info_json['id'], 'github.login')
|
return bind_oauth_or_register(oauthblueprints[0]['blueprint'].name, account_info_json['id'], 'github.login')
|
||||||
flash(_(u"GitHub Oauth error, please retry later."), category="error")
|
flash(_(u"GitHub Oauth error, please retry later."), category="error")
|
||||||
return redirect(url_for('web.login'))
|
return redirect(url_for('web.login'))
|
||||||
|
|
||||||
@ -308,23 +374,23 @@ if ub.oauth_support:
|
|||||||
@oauth.route('/unlink/github', methods=["GET"])
|
@oauth.route('/unlink/github', methods=["GET"])
|
||||||
@login_required
|
@login_required
|
||||||
def github_login_unlink():
|
def github_login_unlink():
|
||||||
return unlink_oauth(github_blueprint.name)
|
return unlink_oauth(oauthblueprints[0]['blueprint'].name)
|
||||||
|
|
||||||
|
|
||||||
@oauth.route('/login/google')
|
@oauth.route('/login/google')
|
||||||
@google_oauth_required
|
@oauth_required
|
||||||
def google_login():
|
def google_login():
|
||||||
if not google.authorized:
|
if not google.authorized:
|
||||||
return redirect(url_for("google.login"))
|
return redirect(url_for("google.login"))
|
||||||
resp = google.get("/oauth2/v2/userinfo")
|
resp = google.get("/oauth2/v2/userinfo")
|
||||||
if resp.ok:
|
if resp.ok:
|
||||||
account_info_json = resp.json()
|
account_info_json = resp.json()
|
||||||
return bind_oauth_or_register(google_blueprint.name, account_info_json['id'], 'google.login')
|
return bind_oauth_or_register(oauthblueprints[1]['blueprint'].name, account_info_json['id'], 'google.login')
|
||||||
flash(_(u"Google Oauth error, please retry later."), category="error")
|
flash(_(u"Google Oauth error, please retry later."), category="error")
|
||||||
return redirect(url_for('web.login'))
|
return redirect(url_for('web.login'))
|
||||||
|
|
||||||
|
|
||||||
@oauth_error.connect_via(google_blueprint)
|
@oauth_error.connect_via(oauthblueprints[1]['blueprint'])
|
||||||
def google_error(blueprint, error, error_description=None, error_uri=None):
|
def google_error(blueprint, error, error_description=None, error_uri=None):
|
||||||
msg = (
|
msg = (
|
||||||
u"OAuth error from {name}! "
|
u"OAuth error from {name}! "
|
||||||
@ -341,4 +407,4 @@ if ub.oauth_support:
|
|||||||
@oauth.route('/unlink/google', methods=["GET"])
|
@oauth.route('/unlink/google', methods=["GET"])
|
||||||
@login_required
|
@login_required
|
||||||
def google_login_unlink():
|
def google_login_unlink():
|
||||||
return unlink_oauth(google_blueprint.name)
|
return unlink_oauth(oauthblueprints[1]['blueprint'].name)
|
||||||
|
@ -37,10 +37,11 @@ $(document).on("change", "select[data-control]", function() {
|
|||||||
var showOrHide = parseInt($this.val());
|
var showOrHide = parseInt($this.val());
|
||||||
// var showOrHideLast = $("#" + name + " option:last").val()
|
// var showOrHideLast = $("#" + name + " option:last").val()
|
||||||
for (var i = 0; i < $(this)[0].length; i++) {
|
for (var i = 0; i < $(this)[0].length; i++) {
|
||||||
if (parseInt($(this)[0][i].value) === showOrHide) {
|
var element = parseInt($(this)[0][i].value);
|
||||||
$("[data-related=\"" + name + "-" + i + "\"]").show();
|
if (element === showOrHide) {
|
||||||
|
$("[data-related=" + name + "-" + element + "]").show();
|
||||||
} else {
|
} else {
|
||||||
$("[data-related=\"" + name + "-" + i + "\"]").hide();
|
$("[data-related=" + name + "-" + element + "]").hide();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
@ -195,8 +195,7 @@
|
|||||||
<option value="1" {% if config.config_login_type == 1 %}selected{% endif %}>{{_('Use LDAP Authentication')}}</option>
|
<option value="1" {% if config.config_login_type == 1 %}selected{% endif %}>{{_('Use LDAP Authentication')}}</option>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if feature_support['oauth'] %}
|
{% if feature_support['oauth'] %}
|
||||||
<option value="2" {% if config.config_login_type == 2 %}selected{% endif %}>{{_('Use GitHub OAuth')}}</option>
|
<option value="2" {% if config.config_login_type == 2 %}selected{% endif %}>{{_('Use OAuth')}}</option>
|
||||||
<option value="3" {% if config.config_login_type == 3 %}selected{% endif %}>{{_('Use Google OAuth')}}</option>
|
|
||||||
{% endif %}
|
{% endif %}
|
||||||
</select>
|
</select>
|
||||||
</div>
|
</div>
|
||||||
@ -256,19 +255,22 @@
|
|||||||
{% endif %}
|
{% endif %}
|
||||||
{% if feature_support['oauth'] %}
|
{% if feature_support['oauth'] %}
|
||||||
<div data-related="login-settings-2">
|
<div data-related="login-settings-2">
|
||||||
|
{% for prov in provider %}
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
<a href="https://github.com/settings/developers" target="_blank">{{_('Obtain GitHub OAuth Credential')}}</a>
|
<a href="{{prov['obtain_link']}}" target="_blank">{{_('Obtain %(provider)s OAuth Credential', provider=prov['provider_name'])}}</a>
|
||||||
</div>
|
</div>
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
<label for="config_github_oauth_client_id">{{_('GitHub OAuth Client Id')}}</label>
|
<label for="config_{{ prov['provider_name'] }}_oauth_client_id">{{_('%(provider)s OAuth Client Id', provider=prov['provider_name'])}}</label>
|
||||||
<input type="text" class="form-control" id="config_github_oauth_client_id" name="config_github_oauth_client_id" value="{% if config.config_github_oauth_client_id != None %}{{ config.config_github_oauth_client_id }}{% endif %}" autocomplete="off">
|
<input type="text" class="form-control" id="config_{{ prov['provider_name'] }}_oauth_client_id" name="config_{{ prov['provider_name'] }}_oauth_client_id" value="{% if prov['active'] %}{{ prov['oauth_client_id'] }}{% endif %}" autocomplete="off">
|
||||||
</div>
|
</div>
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
<label for="config_github_oauth_client_secret">{{_('GitHub OAuth Client Secret')}}</label>
|
<label for="config_{{ prov['provider_name'] }}_oauth_client_secret">{{_('%(provider)s OAuth Client Secret', provider=prov['provider_name'])}}</label>
|
||||||
<input type="text" class="form-control" id="config_github_oauth_client_secret" name="config_github_oauth_client_secret" value="{% if config.config_github_oauth_client_secret != None %}{{ config.config_github_oauth_client_secret }}{% endif %}" autocomplete="off">
|
<input type="text" class="form-control" id="config_{{ prov['provider_name'] }}_oauth_client_secret" name="config_{{ prov['provider_name'] }}_oauth_client_secret" value="{% if prov['active'] %}{{ prov['oauth_client_id'] }}{% endif %}" autocomplete="off">
|
||||||
</div>
|
</div>
|
||||||
|
{% endfor %}
|
||||||
</div>
|
</div>
|
||||||
<div data-related="login-settings-3">
|
|
||||||
|
<!--div data-related="login-settings-3">
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
<a href="https://console.developers.google.com/apis/credentials" target="_blank">{{_('Obtain Google OAuth Credential')}}</a>
|
<a href="https://console.developers.google.com/apis/credentials" target="_blank">{{_('Obtain Google OAuth Credential')}}</a>
|
||||||
</div>
|
</div>
|
||||||
@ -280,7 +282,7 @@
|
|||||||
<label for="config_google_oauth_client_secret">{{_('Google OAuth Client Secret')}}</label>
|
<label for="config_google_oauth_client_secret">{{_('Google OAuth Client Secret')}}</label>
|
||||||
<input type="text" class="form-control" id="config_google_oauth_client_secret" name="config_google_oauth_client_secret" value="{% if config.config_google_oauth_client_secret != None %}{{ config.config_google_oauth_client_secret }}{% endif %}" autocomplete="off">
|
<input type="text" class="form-control" id="config_google_oauth_client_secret" name="config_google_oauth_client_secret" value="{% if config.config_google_oauth_client_secret != None %}{{ config.config_google_oauth_client_secret }}{% endif %}" autocomplete="off">
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div-->
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
</div>
|
</div>
|
||||||
|
20
cps/ub.py
20
cps/ub.py
@ -186,6 +186,26 @@ if oauth_support:
|
|||||||
user_id = Column(Integer, ForeignKey(User.id))
|
user_id = Column(Integer, ForeignKey(User.id))
|
||||||
user = relationship(User)
|
user = relationship(User)
|
||||||
|
|
||||||
|
class OAuthProvider(Base):
|
||||||
|
__tablename__ = 'oauthProvider'
|
||||||
|
|
||||||
|
id = Column(Integer, primary_key=True)
|
||||||
|
provider_name = Column(String)
|
||||||
|
oauth_client_id = Column(String)
|
||||||
|
oauth_client_secret = Column(String)
|
||||||
|
active = Column(Boolean)
|
||||||
|
# scope = relationship('OAuthScope', backref='oauthProvider')
|
||||||
|
|
||||||
|
|
||||||
|
'''class OAuthScope(Base):
|
||||||
|
__tablename__ = 'oauthScope'
|
||||||
|
id = Column(Integer, primary_key=True)
|
||||||
|
scope = Column(String, unique=True)
|
||||||
|
provider_id = Column(Integer, ForeignKey('oauthProvider.id'))
|
||||||
|
|
||||||
|
def __repr__(self):
|
||||||
|
return u"{0}".format(self.scope)'''
|
||||||
|
|
||||||
|
|
||||||
# Class for anonymous user is derived from User base and completly overrides methods and properties for the
|
# Class for anonymous user is derived from User base and completly overrides methods and properties for the
|
||||||
# anonymous user
|
# anonymous user
|
||||||
|
@ -18,7 +18,11 @@ python-Levenshtein>=0.12.0
|
|||||||
|
|
||||||
# ldap login
|
# ldap login
|
||||||
python_ldap>=3.0.0
|
python_ldap>=3.0.0
|
||||||
flask-simpleldap
|
flask-simpleldap>1.3.0
|
||||||
|
|
||||||
|
#oauth
|
||||||
|
flask-dance>=0.13.0
|
||||||
|
sqlalchemy_utils>=0.33.5
|
||||||
|
|
||||||
# extracting metadata
|
# extracting metadata
|
||||||
lxml>=3.8.0
|
lxml>=3.8.0
|
||||||
|
Loading…
Reference in New Issue
Block a user