quay/oauth/services/google.py

from oauth.base import OAuthEndpoint
from oauth.login import OAuthLoginService

def _get_email_username(email_address):
  username = email_address
  at = username.find('@')
  if at > 0:
    username = username[0:at]

  return username

class GoogleOAuthService(OAuthLoginService):
  def __init__(self, config, key_name):
    super(GoogleOAuthService, self).__init__(config, key_name)

  def login_enabled(self, config):
    return config.get('FEATURE_GOOGLE_LOGIN', False)

  def service_id(self):
    return 'google'

  def service_name(self):
    return 'Google'

  def get_icon(self):
    return 'fa-google'

  def get_login_scopes(self):
    return ['openid', 'email']

  def authorize_endpoint(self):
    return OAuthEndpoint('https://accounts.google.com/o/oauth2/auth',
                         params=dict(response_type='code'))

  def token_endpoint(self):
    return OAuthEndpoint('https://accounts.google.com/o/oauth2/token')

  def user_endpoint(self):
    return OAuthEndpoint('https://www.googleapis.com/oauth2/v1/userinfo')

  def requires_form_encoding(self):
    return True

  def validate_client_id_and_secret(self, http_client, url_scheme_and_hostname):
    # To verify the Google client ID and secret, we hit the
    # https://www.googleapis.com/oauth2/v3/token endpoint with an invalid request. If the client
    # ID or secret are invalid, we get returned a 403 Unauthorized. Otherwise, we get returned
    # another response code.
    url = 'https://www.googleapis.com/oauth2/v3/token'
    data = {
      'code': 'fakecode',
      'client_id': self.client_id(),
      'client_secret': self.client_secret(),
      'grant_type': 'authorization_code',
      'redirect_uri': 'http://example.com'
    }

    result = http_client.post(url, data=data, timeout=5)
    return result.status_code != 401

  def get_public_config(self):
    return  {
      'CLIENT_ID': self.client_id(),
      'AUTHORIZE_ENDPOINT': self.authorize_endpoint().to_url()
    }

  def get_login_service_id(self, user_info):
    return user_info['id']

  def get_login_service_username(self, user_info):
    return _get_email_username(user_info['email'])

  def get_verified_user_email(self, app_config, http_client, token, user_info):
    if not user_info.get('verified_email', False):
      return None

    return user_info['email']

  def service_verify_user_info_for_login(self, app_config, http_client, token, user_info):
    # Nothing to do.
    pass
initial import for Open Source 🎉 2019-11-12 16:09:47 +00:00			`from oauth.base import OAuthEndpoint`
			`from oauth.login import OAuthLoginService`

			`def _get_email_username(email_address):`
			`username = email_address`
			`at = username.find('@')`
			`if at > 0:`
			`username = username[0:at]`

			`return username`

			`class GoogleOAuthService(OAuthLoginService):`
			`def __init__(self, config, key_name):`
			`super(GoogleOAuthService, self).__init__(config, key_name)`

			`def login_enabled(self, config):`
			`return config.get('FEATURE_GOOGLE_LOGIN', False)`

			`def service_id(self):`
			`return 'google'`

			`def service_name(self):`
			`return 'Google'`

			`def get_icon(self):`
			`return 'fa-google'`

			`def get_login_scopes(self):`
			`return ['openid', 'email']`

			`def authorize_endpoint(self):`
			`return OAuthEndpoint('https://accounts.google.com/o/oauth2/auth',`
			`params=dict(response_type='code'))`

			`def token_endpoint(self):`
			`return OAuthEndpoint('https://accounts.google.com/o/oauth2/token')`

			`def user_endpoint(self):`
			`return OAuthEndpoint('https://www.googleapis.com/oauth2/v1/userinfo')`

			`def requires_form_encoding(self):`
			`return True`

			`def validate_client_id_and_secret(self, http_client, url_scheme_and_hostname):`
			`# To verify the Google client ID and secret, we hit the`
			`# https://www.googleapis.com/oauth2/v3/token endpoint with an invalid request. If the client`
			`# ID or secret are invalid, we get returned a 403 Unauthorized. Otherwise, we get returned`
			`# another response code.`
			`url = 'https://www.googleapis.com/oauth2/v3/token'`
			`data = {`
			`'code': 'fakecode',`
			`'client_id': self.client_id(),`
			`'client_secret': self.client_secret(),`
			`'grant_type': 'authorization_code',`
			`'redirect_uri': 'http://example.com'`
			`}`

			`result = http_client.post(url, data=data, timeout=5)`
			`return result.status_code != 401`

			`def get_public_config(self):`
			`return {`
			`'CLIENT_ID': self.client_id(),`
			`'AUTHORIZE_ENDPOINT': self.authorize_endpoint().to_url()`
			`}`

			`def get_login_service_id(self, user_info):`
			`return user_info['id']`

			`def get_login_service_username(self, user_info):`
			`return _get_email_username(user_info['email'])`

			`def get_verified_user_email(self, app_config, http_client, token, user_info):`
			`if not user_info.get('verified_email', False):`
			`return None`

			`return user_info['email']`

			`def service_verify_user_info_for_login(self, app_config, http_client, token, user_info):`
			`# Nothing to do.`
			`pass`