You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ponymail.apache.org by hu...@apache.org on 2020/09/07 02:40:50 UTC
[incubator-ponymail-foal] 05/05: Add OAuth endpoint
This is an automated email from the ASF dual-hosted git repository.
humbedooh pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-ponymail-foal.git
commit c46652b4bfc0b488404e5b9cf1d8a17c837ff462
Author: Daniel Gruno <hu...@apache.org>
AuthorDate: Mon Sep 7 04:38:36 2020 +0200
Add OAuth endpoint
---
server/endpoints/oauth.py | 66 +++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 66 insertions(+)
diff --git a/server/endpoints/oauth.py b/server/endpoints/oauth.py
new file mode 100644
index 0000000..b6d06c0
--- /dev/null
+++ b/server/endpoints/oauth.py
@@ -0,0 +1,66 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""Parent OAuth endpoint for Pony Mail codename Foal"""
+
+import plugins.server
+import plugins.session
+import plugins.oauthGeneric
+import typing
+import aiohttp.web
+
+
+async def process(
+ server: plugins.server.BaseServer,
+ session: plugins.session.SessionObject,
+ indata: dict,
+) -> typing.Union[dict, aiohttp.web.Response]:
+
+ state = indata.get("state")
+ code = indata.get("code")
+ oauth_token = indata.get("oauth_token")
+
+ # Generic OAuth handler, only one we support for now. Works with ASF OAuth.
+ if state and code and oauth_token:
+ rv: typing.Optional[dict] = plugins.oauthGeneric.process(indata, session)
+ if rv:
+ # Get UID, fall back to using email address
+ uid = rv.get("uid")
+ if not uid:
+ uid = rv.get("email")
+ if uid:
+ cookie = await plugins.session.set_session(
+ server,
+ uid=uid,
+ name=rv.get("name"),
+ email=rv.get("email"),
+ # Authoritative if OAuth domain is in the authoritative oauth section in ponymail.yaml
+ # Required for access to private emails
+ authoritative=rv.get('oauth_domain', 'generic') in server.config.oauth.authoritative_domains,
+ oauth_data=rv,
+ )
+ # This could be improved upon, instead of a raw response return value
+ return aiohttp.web.Response(
+ headers={
+ 'set-cookie': cookie,
+ 'content-type': 'application/json'
+ }, status=200, text='{"okay": true}'
+ )
+
+
+def register(server: plugins.server.BaseServer):
+ return plugins.server.Endpoint(process)