chromium-dashboard/api/login_api.py

# -*- coding: utf-8 -*-
# Copyright 2021 Google Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License")
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

import logging

from google.oauth2 import id_token
from google.auth.transport import requests

from framework import basehandlers
from framework import users
import settings


class LoginAPI(basehandlers.APIHandler):
  """Create a session using the credential generated by Sign-In With Google."""

  def do_get(self, **kwargs):
    """Reject unneeded GET requests without triggering Error Reporting."""
    self.abort(405, valid_methods=['POST'])

  def do_post(self, **kwargs):
    # TODO(jrobbins): Remove id_token after next deployment.
    token = (self.get_param('id_token', required=False) or
             self.get_param('credential'))
    message = "Unable to Authenticate. Please sign in again."

    try:
      idinfo = id_token.verify_oauth2_token(
          token, requests.Request(),
          settings.GOOGLE_SIGN_IN_CLIENT_ID)
      users.add_signed_user_info_to_session(idinfo['email'])
      self._update_last_visit_field(idinfo['email'])
      message = "Done"
      # print(idinfo['email'], file=sys.stderr)
    except ValueError:
      message = "Invalid token"

    return {'message': message}


TESTING_ACCOUNTS = ['example@chromium.org']


class MockLogin(basehandlers.APIHandler):
  """Create a session using a testing account."""

  def do_post(self, **kwargs):
    if not settings.DEV_MODE and not settings.UNIT_TEST_MODE:
      self.abort(status=403,
          msg="This can only be used in a development environment.")

    email = self.get_param('email', default=TESTING_ACCOUNTS[0])
    if email not in TESTING_ACCOUNTS:
      self.abort(status=403,
          msg="This can only be used with specific testing accounts.")

    users.add_signed_user_info_to_session(email)
    return {'message': f'Signed in as {email}'}
20210418 google sign in (#1275) * Added Google Platform Library * Added Meta Element for Client ID * Added Google Sign-In Button * Authenticating the id_token on our backend * Saving id_token in flask session, using the id_token to fetch the current user and replaced the usages of AppEngine Users API (not from _tests.py) Correct the flow on pressing SignIn and SignOut * Code refactor * Added Comment for is_current_user_admin * Supporting GAE Users library for post request * Made some fixes * Changed Admin User condition * Reloading only on 200 response code * Do not require sign in and xsrf token while sending post request for login * Sign Out using Google Sign In if cookie is not set after login * Clearing the session if the id_token stored in the session variable becomes invalid or expires * Replaced GAE Users from tests * Replaced GAE users with framework users in tests.py 2021-05-07 02:37:30 +03:00			`# -- coding: utf-8 --`
			`# Copyright 2021 Google Inc.`
			`#`
			`# Licensed under the Apache License, Version 2.0 (the "License")`
			`# you may not use this file except in compliance with the License.`
			`# You may obtain a copy of the License at`
			`#`
			`# http://www.apache.org/licenses/LICENSE-2.0`
			`#`
			`# Unless required by applicable law or agreed to in writing, software`
			`# distributed under the License is distributed on an "AS IS" BASIS,`
			`# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`# See the License for the specific language governing permissions and`
			`# limitations under the License.`

			`import logging`

			`from google.oauth2 import id_token`
			`from google.auth.transport import requests`

			`from framework import basehandlers`
Refresh user session when refreshing XSRF token. (#1804) * Refresh user session when refreshing XSRF token. * Refresh the user session on each page navigation, and fix a bug in XSRF refresh. 2022-03-26 02:46:40 +03:00			`from framework import users`
Fix tests as suggested by shivamag00. (#1309) 2021-05-07 03:29:03 +03:00			`import settings`
20210418 google sign in (#1275) * Added Google Platform Library * Added Meta Element for Client ID * Added Google Sign-In Button * Authenticating the id_token on our backend * Saving id_token in flask session, using the id_token to fetch the current user and replaced the usages of AppEngine Users API (not from _tests.py) Correct the flow on pressing SignIn and SignOut * Code refactor * Added Comment for is_current_user_admin * Supporting GAE Users library for post request * Made some fixes * Changed Admin User condition * Reloading only on 200 response code * Do not require sign in and xsrf token while sending post request for login * Sign Out using Google Sign In if cookie is not set after login * Clearing the session if the id_token stored in the session variable becomes invalid or expires * Replaced GAE Users from tests * Replaced GAE users with framework users in tests.py 2021-05-07 02:37:30 +03:00
Use new session contents (#1773) * Use new session contents * Added unit tests 2022-03-10 23:22:19 +03:00
20210418 google sign in (#1275) * Added Google Platform Library * Added Meta Element for Client ID * Added Google Sign-In Button * Authenticating the id_token on our backend * Saving id_token in flask session, using the id_token to fetch the current user and replaced the usages of AppEngine Users API (not from _tests.py) Correct the flow on pressing SignIn and SignOut * Code refactor * Added Comment for is_current_user_admin * Supporting GAE Users library for post request * Made some fixes * Changed Admin User condition * Reloading only on 200 response code * Do not require sign in and xsrf token while sending post request for login * Sign Out using Google Sign In if cookie is not set after login * Clearing the session if the id_token stored in the session variable becomes invalid or expires * Replaced GAE Users from tests * Replaced GAE users with framework users in tests.py 2021-05-07 02:37:30 +03:00			`class LoginAPI(basehandlers.APIHandler):`
Remove backward compat with Google Sign-In. (#1883) 2022-05-13 17:58:47 +03:00			`"""Create a session using the credential generated by Sign-In With Google."""`
20210418 google sign in (#1275) * Added Google Platform Library * Added Meta Element for Client ID * Added Google Sign-In Button * Authenticating the id_token on our backend * Saving id_token in flask session, using the id_token to fetch the current user and replaced the usages of AppEngine Users API (not from _tests.py) Correct the flow on pressing SignIn and SignOut * Code refactor * Added Comment for is_current_user_admin * Supporting GAE Users library for post request * Made some fixes * Changed Admin User condition * Reloading only on 200 response code * Do not require sign in and xsrf token while sending post request for login * Sign Out using Google Sign In if cookie is not set after login * Clearing the session if the id_token stored in the session variable becomes invalid or expires * Replaced GAE Users from tests * Replaced GAE users with framework users in tests.py 2021-05-07 02:37:30 +03:00
Reject login/out GETs with 405 response. (#2846) 2023-03-22 02:34:54 +03:00			`def do_get(self, **kwargs):`
			`"""Reject unneeded GET requests without triggering Error Reporting."""`
			`self.abort(405, valid_methods=['POST'])`

Change existing handler classes to properly override request methods (#2342) * Change methods to properly override * Update comments_api.py * Update comments_api.py 2022-10-16 09:39:35 +03:00			`def do_post(self, **kwargs):`
Accept either old or new login requests during transition. (#1785) * Accept either old or new login requests during transition. * Made suggested edit * Update api/login_api.py Co-authored-by: Kyle Ju <kyleju@google.com> 2022-03-15 02:30:50 +03:00			`# TODO(jrobbins): Remove id_token after next deployment.`
			`token = (self.get_param('id_token', required=False) or`
			`self.get_param('credential'))`
			`message = "Unable to Authenticate. Please sign in again."`
20210418 google sign in (#1275) * Added Google Platform Library * Added Meta Element for Client ID * Added Google Sign-In Button * Authenticating the id_token on our backend * Saving id_token in flask session, using the id_token to fetch the current user and replaced the usages of AppEngine Users API (not from _tests.py) Correct the flow on pressing SignIn and SignOut * Code refactor * Added Comment for is_current_user_admin * Supporting GAE Users library for post request * Made some fixes * Changed Admin User condition * Reloading only on 200 response code * Do not require sign in and xsrf token while sending post request for login * Sign Out using Google Sign In if cookie is not set after login * Clearing the session if the id_token stored in the session variable becomes invalid or expires * Replaced GAE Users from tests * Replaced GAE users with framework users in tests.py 2021-05-07 02:37:30 +03:00
			`try:`
Use new session contents (#1773) * Use new session contents * Added unit tests 2022-03-10 23:22:19 +03:00			`idinfo = id_token.verify_oauth2_token(`
Fix tests as suggested by shivamag00. (#1309) 2021-05-07 03:29:03 +03:00			`token, requests.Request(),`
			`settings.GOOGLE_SIGN_IN_CLIENT_ID)`
Refresh user session when refreshing XSRF token. (#1804) * Refresh user session when refreshing XSRF token. * Refresh the user session on each page navigation, and fix a bug in XSRF refresh. 2022-03-26 02:46:40 +03:00			`users.add_signed_user_info_to_session(idinfo['email'])`
update last_visit on token refresh or login (#2051) 2022-07-20 19:42:46 +03:00			`self._update_last_visit_field(idinfo['email'])`
20210418 google sign in (#1275) * Added Google Platform Library * Added Meta Element for Client ID * Added Google Sign-In Button * Authenticating the id_token on our backend * Saving id_token in flask session, using the id_token to fetch the current user and replaced the usages of AppEngine Users API (not from _tests.py) Correct the flow on pressing SignIn and SignOut * Code refactor * Added Comment for is_current_user_admin * Supporting GAE Users library for post request * Made some fixes * Changed Admin User condition * Reloading only on 200 response code * Do not require sign in and xsrf token while sending post request for login * Sign Out using Google Sign In if cookie is not set after login * Clearing the session if the id_token stored in the session variable becomes invalid or expires * Replaced GAE Users from tests * Replaced GAE users with framework users in tests.py 2021-05-07 02:37:30 +03:00			`message = "Done"`
			`# print(idinfo['email'], file=sys.stderr)`
			`except ValueError:`
			`message = "Invalid token"`

			`return {'message': message}`
Allow mock login to test accounts. (#3121) 2023-06-28 05:21:37 +03:00

			`TESTING_ACCOUNTS = ['example@chromium.org']`


			`class MockLogin(basehandlers.APIHandler):`
			`"""Create a session using a testing account."""`

			`def do_post(self, **kwargs):`
			`if not settings.DEV_MODE and not settings.UNIT_TEST_MODE:`
			`self.abort(status=403,`
			`msg="This can only be used in a development environment.")`

			`email = self.get_param('email', default=TESTING_ACCOUNTS[0])`
			`if email not in TESTING_ACCOUNTS:`
			`self.abort(status=403,`
			`msg="This can only be used with specific testing accounts.")`

			`users.add_signed_user_info_to_session(email)`
			`return {'message': f'Signed in as {email}'}`