-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathauthentication.py
59 lines (52 loc) · 2.53 KB
/
authentication.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
import config
import json
import tornado.auth
import tornado.web
class GoogleOAuth2LoginHandler(tornado.web.RequestHandler, tornado.auth.GoogleOAuth2Mixin):
@tornado.gen.coroutine
def get(self):
if self.get_current_user():
# 'someone hit login page but they already logged in'
self.redirect('/')
return
if self.get_argument('code', False):
# 'someone hit login page with oauth2 token'
user = yield self.get_authenticated_user(redirect_uri='http://localhost:8888/auth/#', code=self.get_argument('code'))
if not user:
# 'not user'
self.clear_all_cookies()
raise tornado.web.HTTPError(500, 'Google authentication failed')
access_token = str(user['access_token'])
http_client = self.get_auth_http_client()
response = yield http_client.fetch('https://www.googleapis.com/oauth2/v1/userinfo?access_token='+access_token)
if not response:
self.clear_all_cookies()
raise tornado.web.HTTPError(500, 'Google authentication failed')
user = json.loads(response.body)
#TODO: Determine if user['email'] exists in our member table. If so, auth'd. If not, not.
#For now, this simple check:
if not user['email'].split('@')[-1] == config.settings["oauth2"]["requiredDomain"]:
# 'User ' + user['email'] + ' is not authorized to use this application.'
self.clear_all_cookies()
self.redirect('/')
return
# 'User ' + user['email'] + ' logged in via OAuth2.'
self.set_secure_cookie(config.settings["authCookie"]["name"], user['email'], 1)
self.redirect('/')
return
elif self.get_secure_cookie(config.settings["authCookie"]["name"]):
# 'someone hit login page but already has auth session cookie'
self.redirect('/')
return
else:
# 'someone hit login page directly'
yield self.authorize_redirect(
redirect_uri='http://localhost:8888/auth/#',
client_id=config.settings["oauth2"]["clientId"],
scope=['email'],
response_type='code',
extra_params={'approval_prompt': 'auto'})
class LogoutHandler(tornado.web.RequestHandler):
def get(self):
self.clear_cookie(config.settings["authCookie"]["name"])
self.render('logout.html', title='Logged Out')