You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ponymail.apache.org by hu...@apache.org on 2020/09/07 21:04:48 UTC
[incubator-ponymail-foal] 04/05: Add Goopgle OAuth plugin
This is an automated email from the ASF dual-hosted git repository.
humbedooh pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-ponymail-foal.git
commit abc84f6fbac56b6011412946ae985acb9e171317
Author: Daniel Gruno <hu...@apache.org>
AuthorDate: Mon Sep 7 23:03:13 2020 +0200
Add Goopgle OAuth plugin
---
server/endpoints/oauth.py | 8 +++++++-
server/plugins/oauthGoogle.py | 26 ++++++++++++++++++++++++++
server/requirements.txt | 3 ++-
3 files changed, 35 insertions(+), 2 deletions(-)
diff --git a/server/endpoints/oauth.py b/server/endpoints/oauth.py
index 19c0659..6cf928d 100644
--- a/server/endpoints/oauth.py
+++ b/server/endpoints/oauth.py
@@ -20,6 +20,7 @@
import plugins.server
import plugins.session
import plugins.oauthGeneric
+import plugins.oauthGoogle
import typing
import aiohttp.web
import hashlib
@@ -33,12 +34,17 @@ async def process(
state = indata.get("state")
code = indata.get("code")
+ id_token = indata.get('id_token')
oauth_token = indata.get("oauth_token")
rv = None
+ # Google OAuth - currently fetches email address only
+ if oauth_token and oauth_token.startswith("https://www.googleapis.com/") and id_token:
+ rv: typing.Optional[dict] = await plugins.oauthGoogle.process(indata, session, server)
+
# Generic OAuth handler, only one we support for now. Works with ASF OAuth.
- if state and code and oauth_token:
+ elif state and code and oauth_token:
rv: typing.Optional[dict] = await plugins.oauthGeneric.process(indata, session, server)
if rv:
diff --git a/server/plugins/oauthGoogle.py b/server/plugins/oauthGoogle.py
new file mode 100644
index 0000000..cc8a197
--- /dev/null
+++ b/server/plugins/oauthGoogle.py
@@ -0,0 +1,26 @@
+# Google OAuth plugin
+import plugins.server
+import plugins.session
+
+import requests
+from google.oauth2 import id_token
+from google.auth.transport import requests
+
+
+async def process(formdata, session, server: plugins.server.BaseServer):
+ js = None
+ request = requests.Request()
+
+ id_info = await server.runners.run(id_token.verify_oauth2_token,
+ formdata.get("id_token"),
+ request,
+ server.config.oauth.google_client_id
+ )
+
+ if id_info and "email" in id_info:
+ js = {
+ "email": id_info["email"],
+ "name": id_info["email"],
+ "oauth_domain": "www.googleapis.com",
+ }
+ return js
diff --git a/server/requirements.txt b/server/requirements.txt
index 04e56be..78ab9a6 100644
--- a/server/requirements.txt
+++ b/server/requirements.txt
@@ -7,4 +7,5 @@ certifi~=2020.6.20
chardet~=3.0.4
netaddr~=0.8.0
formatflowed~=2.0.0
-requests~=2.24.0
\ No newline at end of file
+requests~=2.24.0
+google-auth~=1.21.1