You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ponymail.apache.org by hu...@apache.org on 2020/09/07 21:04:44 UTC
[incubator-ponymail-foal] branch master updated (2391047 -> 46814a8)
This is an automated email from the ASF dual-hosted git repository.
humbedooh pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-ponymail-foal.git.
from 2391047 this is in progress
new f0d8cac Make oauth process async using server runners
new f196275 prep for multiple oauth responders
new 1e0584c add a google client id config option for oauth
new abc84f6 Add Goopgle OAuth plugin
new 46814a8 put a note in here for now
The 5 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
server/endpoints/oauth.py | 71 +++++++++++++++++++++++------------------
server/plugins/configuration.py | 3 ++
server/plugins/oauthGeneric.py | 6 ++--
server/plugins/oauthGoogle.py | 33 +++++++++++++++++++
server/requirements.txt | 3 +-
5 files changed, 80 insertions(+), 36 deletions(-)
create mode 100644 server/plugins/oauthGoogle.py
[incubator-ponymail-foal] 05/05: put a note in here for now
Posted by hu...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
humbedooh pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-ponymail-foal.git
commit 46814a81e5341901a480f6e57c8bf2b840e78ac6
Author: Daniel Gruno <hu...@apache.org>
AuthorDate: Mon Sep 7 23:04:09 2020 +0200
put a note in here for now
---
server/plugins/oauthGoogle.py | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/server/plugins/oauthGoogle.py b/server/plugins/oauthGoogle.py
index cc8a197..4f94843 100644
--- a/server/plugins/oauthGoogle.py
+++ b/server/plugins/oauthGoogle.py
@@ -1,4 +1,11 @@
-# Google OAuth plugin
+"""
+Google OAuth plugin:
+Requires ponymail.yaml to have an oauth section like so:
+
+oauth:
+ google_client_id: your-client-id-here
+
+"""
import plugins.server
import plugins.session
[incubator-ponymail-foal] 02/05: prep for multiple oauth responders
Posted by hu...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
humbedooh pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-ponymail-foal.git
commit f19627520bde3531bbeab6e81b6a4aa8e7809586
Author: Daniel Gruno <hu...@apache.org>
AuthorDate: Mon Sep 7 22:57:18 2020 +0200
prep for multiple oauth responders
---
server/endpoints/oauth.py | 63 +++++++++++++++++++++++++----------------------
1 file changed, 33 insertions(+), 30 deletions(-)
diff --git a/server/endpoints/oauth.py b/server/endpoints/oauth.py
index ec7a30c..19c0659 100644
--- a/server/endpoints/oauth.py
+++ b/server/endpoints/oauth.py
@@ -35,39 +35,42 @@ async def process(
code = indata.get("code")
oauth_token = indata.get("oauth_token")
+ rv = None
+
# Generic OAuth handler, only one we support for now. Works with ASF OAuth.
if state and code and oauth_token:
- rv: typing.Optional[dict] = plugins.oauthGeneric.process(indata, session)
- if rv:
- # Get UID, fall back to using email address
- uid = rv.get("uid")
- if not uid:
- uid = rv.get("email")
- if uid:
- cid = hashlib.shake_128(
- ("%s-%s" % (rv.get("oauth_domain", "generic"), uid)).encode(
- "ascii", "ignore"
- )
- ).hexdigest(16)
- cookie = await plugins.session.set_session(
- server,
- cid,
- uid=uid,
- name=rv.get("name") or rv.get("fullname"),
- email=rv.get("email"),
- # Authoritative if OAuth domain is in the authoritative oauth section in ponymail.yaml
- # Required for access to private emails
- authoritative=rv.get("oauth_domain", "generic")
- in server.config.oauth.authoritative_domains,
- oauth_provider=rv.get("oauth_domain", "generic"),
- oauth_data=rv,
- )
- # This could be improved upon, instead of a raw response return value
- return aiohttp.web.Response(
- headers={"set-cookie": cookie, "content-type": "application/json"},
- status=200,
- text='{"okay": true}',
+ rv: typing.Optional[dict] = await plugins.oauthGeneric.process(indata, session, server)
+
+ if rv:
+ # Get UID, fall back to using email address
+ uid = rv.get("uid")
+ if not uid:
+ uid = rv.get("email")
+ if uid:
+ cid = hashlib.shake_128(
+ ("%s-%s" % (rv.get("oauth_domain", "generic"), uid)).encode(
+ "ascii", "ignore"
)
+ ).hexdigest(16)
+ cookie = await plugins.session.set_session(
+ server,
+ cid,
+ uid=uid,
+ name=rv.get("name") or rv.get("fullname"),
+ email=rv.get("email"),
+ # Authoritative if OAuth domain is in the authoritative oauth section in ponymail.yaml
+ # Required for access to private emails
+ authoritative=rv.get("oauth_domain", "generic")
+ in server.config.oauth.authoritative_domains,
+ oauth_provider=rv.get("oauth_domain", "generic"),
+ oauth_data=rv,
+ )
+ # This could be improved upon, instead of a raw response return value
+ return aiohttp.web.Response(
+ headers={"set-cookie": cookie, "content-type": "application/json"},
+ status=200,
+ text='{"okay": true}',
+ )
def register(server: plugins.server.BaseServer):
[incubator-ponymail-foal] 03/05: add a google client id config
option for oauth
Posted by hu...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
humbedooh pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-ponymail-foal.git
commit 1e0584c02584afbe970cac084a1e1659e28f9d8b
Author: Daniel Gruno <hu...@apache.org>
AuthorDate: Mon Sep 7 23:01:44 2020 +0200
add a google client id config option for oauth
---
server/plugins/configuration.py | 3 +++
1 file changed, 3 insertions(+)
diff --git a/server/plugins/configuration.py b/server/plugins/configuration.py
index a622fdf..24bda0b 100644
--- a/server/plugins/configuration.py
+++ b/server/plugins/configuration.py
@@ -16,9 +16,12 @@ class TaskConfig:
class OAuthConfig:
authoritative_domains: list
+ google_client_id: str
def __init__(self, subyaml: dict):
self.authoritative_domains = subyaml.get('authoritative_domains', [])
+ self.google_client_id = subyaml.get('google_client_id', '')
+
class DBConfig:
hostname: str
[incubator-ponymail-foal] 04/05: Add Goopgle OAuth plugin
Posted by hu...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
humbedooh pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-ponymail-foal.git
commit abc84f6fbac56b6011412946ae985acb9e171317
Author: Daniel Gruno <hu...@apache.org>
AuthorDate: Mon Sep 7 23:03:13 2020 +0200
Add Goopgle OAuth plugin
---
server/endpoints/oauth.py | 8 +++++++-
server/plugins/oauthGoogle.py | 26 ++++++++++++++++++++++++++
server/requirements.txt | 3 ++-
3 files changed, 35 insertions(+), 2 deletions(-)
diff --git a/server/endpoints/oauth.py b/server/endpoints/oauth.py
index 19c0659..6cf928d 100644
--- a/server/endpoints/oauth.py
+++ b/server/endpoints/oauth.py
@@ -20,6 +20,7 @@
import plugins.server
import plugins.session
import plugins.oauthGeneric
+import plugins.oauthGoogle
import typing
import aiohttp.web
import hashlib
@@ -33,12 +34,17 @@ async def process(
state = indata.get("state")
code = indata.get("code")
+ id_token = indata.get('id_token')
oauth_token = indata.get("oauth_token")
rv = None
+ # Google OAuth - currently fetches email address only
+ if oauth_token and oauth_token.startswith("https://www.googleapis.com/") and id_token:
+ rv: typing.Optional[dict] = await plugins.oauthGoogle.process(indata, session, server)
+
# Generic OAuth handler, only one we support for now. Works with ASF OAuth.
- if state and code and oauth_token:
+ elif state and code and oauth_token:
rv: typing.Optional[dict] = await plugins.oauthGeneric.process(indata, session, server)
if rv:
diff --git a/server/plugins/oauthGoogle.py b/server/plugins/oauthGoogle.py
new file mode 100644
index 0000000..cc8a197
--- /dev/null
+++ b/server/plugins/oauthGoogle.py
@@ -0,0 +1,26 @@
+# Google OAuth plugin
+import plugins.server
+import plugins.session
+
+import requests
+from google.oauth2 import id_token
+from google.auth.transport import requests
+
+
+async def process(formdata, session, server: plugins.server.BaseServer):
+ js = None
+ request = requests.Request()
+
+ id_info = await server.runners.run(id_token.verify_oauth2_token,
+ formdata.get("id_token"),
+ request,
+ server.config.oauth.google_client_id
+ )
+
+ if id_info and "email" in id_info:
+ js = {
+ "email": id_info["email"],
+ "name": id_info["email"],
+ "oauth_domain": "www.googleapis.com",
+ }
+ return js
diff --git a/server/requirements.txt b/server/requirements.txt
index 04e56be..78ab9a6 100644
--- a/server/requirements.txt
+++ b/server/requirements.txt
@@ -7,4 +7,5 @@ certifi~=2020.6.20
chardet~=3.0.4
netaddr~=0.8.0
formatflowed~=2.0.0
-requests~=2.24.0
\ No newline at end of file
+requests~=2.24.0
+google-auth~=1.21.1
[incubator-ponymail-foal] 01/05: Make oauth process async using
server runners
Posted by hu...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
humbedooh pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-ponymail-foal.git
commit f0d8cacd620c756a109aea7708f8c92d238f1f64
Author: Daniel Gruno <hu...@apache.org>
AuthorDate: Mon Sep 7 22:56:54 2020 +0200
Make oauth process async using server runners
---
server/plugins/oauthGeneric.py | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/server/plugins/oauthGeneric.py b/server/plugins/oauthGeneric.py
index e3eb57b..fd3ff9d 100644
--- a/server/plugins/oauthGeneric.py
+++ b/server/plugins/oauthGeneric.py
@@ -3,16 +3,14 @@ import re
import requests
-def process(formdata, session):
+async def process(formdata, session, server):
js = None
m = re.match(r"https?://(.+)/", formdata["oauth_token"])
if m:
oauth_domain = m.group(1)
headers = {"User-Agent": "Pony Mail OAuth Agent/0.1"}
- rv = requests.post(formdata["oauth_token"], headers=headers, data=formdata)
- # try:
+ rv = await server.runners.run(requests.post, formdata["oauth_token"], headers=headers, data=formdata)
js = rv.json()
js["oauth_domain"] = oauth_domain
js['authoritative'] = True
-
return js