You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ponymail.apache.org by hu...@apache.org on 2020/09/07 21:04:48 UTC

[incubator-ponymail-foal] 04/05: Add Goopgle OAuth plugin

This is an automated email from the ASF dual-hosted git repository.

humbedooh pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-ponymail-foal.git

commit abc84f6fbac56b6011412946ae985acb9e171317
Author: Daniel Gruno <hu...@apache.org>
AuthorDate: Mon Sep 7 23:03:13 2020 +0200

    Add Goopgle OAuth plugin
---
 server/endpoints/oauth.py     |  8 +++++++-
 server/plugins/oauthGoogle.py | 26 ++++++++++++++++++++++++++
 server/requirements.txt       |  3 ++-
 3 files changed, 35 insertions(+), 2 deletions(-)

diff --git a/server/endpoints/oauth.py b/server/endpoints/oauth.py
index 19c0659..6cf928d 100644
--- a/server/endpoints/oauth.py
+++ b/server/endpoints/oauth.py
@@ -20,6 +20,7 @@
 import plugins.server
 import plugins.session
 import plugins.oauthGeneric
+import plugins.oauthGoogle
 import typing
 import aiohttp.web
 import hashlib
@@ -33,12 +34,17 @@ async def process(
 
     state = indata.get("state")
     code = indata.get("code")
+    id_token = indata.get('id_token')
     oauth_token = indata.get("oauth_token")
 
     rv = None
 
+    # Google OAuth - currently fetches email address only
+    if oauth_token and oauth_token.startswith("https://www.googleapis.com/") and id_token:
+        rv: typing.Optional[dict] = await plugins.oauthGoogle.process(indata, session, server)
+
     # Generic OAuth handler, only one we support for now. Works with ASF OAuth.
-    if state and code and oauth_token:
+    elif state and code and oauth_token:
         rv: typing.Optional[dict] = await plugins.oauthGeneric.process(indata, session, server)
 
     if rv:
diff --git a/server/plugins/oauthGoogle.py b/server/plugins/oauthGoogle.py
new file mode 100644
index 0000000..cc8a197
--- /dev/null
+++ b/server/plugins/oauthGoogle.py
@@ -0,0 +1,26 @@
+# Google OAuth plugin
+import plugins.server
+import plugins.session
+
+import requests
+from google.oauth2 import id_token
+from google.auth.transport import requests
+
+
+async def process(formdata, session, server: plugins.server.BaseServer):
+    js = None
+    request = requests.Request()
+
+    id_info = await server.runners.run(id_token.verify_oauth2_token,
+                                       formdata.get("id_token"),
+                                       request,
+                                       server.config.oauth.google_client_id
+                                       )
+
+    if id_info and "email" in id_info:
+        js = {
+            "email": id_info["email"],
+            "name": id_info["email"],
+            "oauth_domain": "www.googleapis.com",
+        }
+    return js
diff --git a/server/requirements.txt b/server/requirements.txt
index 04e56be..78ab9a6 100644
--- a/server/requirements.txt
+++ b/server/requirements.txt
@@ -7,4 +7,5 @@ certifi~=2020.6.20
 chardet~=3.0.4
 netaddr~=0.8.0
 formatflowed~=2.0.0
-requests~=2.24.0
\ No newline at end of file
+requests~=2.24.0
+google-auth~=1.21.1