quay/oauth/services/google.py

from oauth.base import OAuthEndpoint
from oauth.login import OAuthLoginService

def _get_email_username(email_address):
  username = email_address
  at = username.find('@')
  if at > 0:
    username = username[0:at]

  return username

class GoogleOAuthService(OAuthLoginService):
  def __init__(self, config, key_name):
    super(GoogleOAuthService, self).__init__(config, key_name)

  def login_enabled(self, config):
    return config.get('FEATURE_GOOGLE_LOGIN', False)

  def service_id(self):
    return 'google'

  def service_name(self):
    return 'Google'

  def get_icon(self):
    return 'fa-google'

  def get_login_scopes(self):
    return ['openid', 'email']

  def authorize_endpoint(self):
    return OAuthEndpoint('https://accounts.google.com/o/oauth2/auth',
                         params=dict(response_type='code'))

  def token_endpoint(self):
    return OAuthEndpoint('https://accounts.google.com/o/oauth2/token')

  def user_endpoint(self):
    return OAuthEndpoint('https://www.googleapis.com/oauth2/v1/userinfo')

  def requires_form_encoding(self):
    return True

  def validate_client_id_and_secret(self, http_client, url_scheme_and_hostname):
    # To verify the Google client ID and secret, we hit the
    # https://www.googleapis.com/oauth2/v3/token endpoint with an invalid request. If the client
    # ID or secret are invalid, we get returned a 403 Unauthorized. Otherwise, we get returned
    # another response code.
    url = 'https://www.googleapis.com/oauth2/v3/token'
    data = {
      'code': 'fakecode',
      'client_id': self.client_id(),
      'client_secret': self.client_secret(),
      'grant_type': 'authorization_code',
      'redirect_uri': 'http://example.com'
    }

    result = http_client.post(url, data=data, timeout=5)
    return result.status_code != 401

  def get_public_config(self):
    return  {
      'CLIENT_ID': self.client_id(),
      'AUTHORIZE_ENDPOINT': self.authorize_endpoint().to_url()
    }

  def get_login_service_id(self, user_info):
    return user_info['id']

  def get_login_service_username(self, user_info):
    return _get_email_username(user_info['email'])

  def get_verified_user_email(self, app_config, http_client, token, user_info):
    if not user_info.get('verified_email', False):
      return None

    return user_info['email']

  def service_verify_user_info_for_login(self, app_config, http_client, token, user_info):
    # Nothing to do.
    pass