2021-05-07 02:37:30 +03:00
|
|
|
# -*- coding: utf-8 -*-
|
|
|
|
# Copyright 2021 Google Inc.
|
|
|
|
#
|
|
|
|
# Licensed under the Apache License, Version 2.0 (the "License")
|
|
|
|
# you may not use this file except in compliance with the License.
|
|
|
|
# You may obtain a copy of the License at
|
|
|
|
#
|
|
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
#
|
|
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
# See the License for the specific language governing permissions and
|
|
|
|
# limitations under the License.
|
|
|
|
|
|
|
|
import logging
|
|
|
|
|
2024-01-09 23:43:59 +03:00
|
|
|
import google.oauth2.id_token
|
2021-05-07 02:37:30 +03:00
|
|
|
from google.auth.transport import requests
|
|
|
|
|
|
|
|
from framework import basehandlers
|
2022-03-26 02:46:40 +03:00
|
|
|
from framework import users
|
2021-05-07 03:29:03 +03:00
|
|
|
import settings
|
2021-05-07 02:37:30 +03:00
|
|
|
|
2022-03-10 23:22:19 +03:00
|
|
|
|
2021-05-07 02:37:30 +03:00
|
|
|
class LoginAPI(basehandlers.APIHandler):
|
2022-05-13 17:58:47 +03:00
|
|
|
"""Create a session using the credential generated by Sign-In With Google."""
|
2021-05-07 02:37:30 +03:00
|
|
|
|
2023-03-22 02:34:54 +03:00
|
|
|
def do_get(self, **kwargs):
|
|
|
|
"""Reject unneeded GET requests without triggering Error Reporting."""
|
|
|
|
self.abort(405, valid_methods=['POST'])
|
|
|
|
|
2022-10-16 09:39:35 +03:00
|
|
|
def do_post(self, **kwargs):
|
2024-01-09 23:43:59 +03:00
|
|
|
token = self.get_param('credential')
|
2022-03-15 02:30:50 +03:00
|
|
|
message = "Unable to Authenticate. Please sign in again."
|
2021-05-07 02:37:30 +03:00
|
|
|
|
|
|
|
try:
|
2024-01-09 23:43:59 +03:00
|
|
|
idinfo = google.oauth2.id_token.verify_oauth2_token(
|
2021-05-07 03:29:03 +03:00
|
|
|
token, requests.Request(),
|
|
|
|
settings.GOOGLE_SIGN_IN_CLIENT_ID)
|
2022-03-26 02:46:40 +03:00
|
|
|
users.add_signed_user_info_to_session(idinfo['email'])
|
2022-07-20 19:42:46 +03:00
|
|
|
self._update_last_visit_field(idinfo['email'])
|
2021-05-07 02:37:30 +03:00
|
|
|
message = "Done"
|
|
|
|
# print(idinfo['email'], file=sys.stderr)
|
|
|
|
except ValueError:
|
|
|
|
message = "Invalid token"
|
|
|
|
|
|
|
|
return {'message': message}
|
2023-06-28 05:21:37 +03:00
|
|
|
|
|
|
|
|
|
|
|
TESTING_ACCOUNTS = ['example@chromium.org']
|
|
|
|
|
|
|
|
|
|
|
|
class MockLogin(basehandlers.APIHandler):
|
|
|
|
"""Create a session using a testing account."""
|
|
|
|
|
|
|
|
def do_post(self, **kwargs):
|
|
|
|
if not settings.DEV_MODE and not settings.UNIT_TEST_MODE:
|
|
|
|
self.abort(status=403,
|
|
|
|
msg="This can only be used in a development environment.")
|
|
|
|
|
|
|
|
email = self.get_param('email', default=TESTING_ACCOUNTS[0])
|
|
|
|
if email not in TESTING_ACCOUNTS:
|
|
|
|
self.abort(status=403,
|
|
|
|
msg="This can only be used with specific testing accounts.")
|
|
|
|
|
|
|
|
users.add_signed_user_info_to_session(email)
|
|
|
|
return {'message': f'Signed in as {email}'}
|