anoopmb
/
frappe
1
0
Vork 0
Code Kwesties 0 Pull-aanvragen 0 Publicaties 0 Wiki Activiteit
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
10914 Commits
1 Branch
314 MiB
 
 
 
 
 
 
Tree: a16e6a143f
Branches Labels
${ item.name }
Maak branch ${ searchTerm }
van 'a16e6a143f'
${ noResults }
frappe/frappe/integration_broker/oauth2.py

186 regels
6.2 KiB
Ruw Blame Geschiedenis 

  1. from __future__ import unicode_literals

  2. import frappe, json

  3. from frappe.oauth import OAuthWebRequestValidator, WebApplicationServer

  4. from oauthlib.oauth2 import FatalClientError, OAuth2Error

  5. from urllib import quote, urlencode

  6. from werkzeug import url_fix

  7. from urlparse import urlparse

  8. from frappe.integrations.doctype.oauth_provider_settings.oauth_provider_settings import get_oauth_settings

  9. from frappe import _

  10. 

  11. #Variables required across requests

  12. oauth_validator = OAuthWebRequestValidator()

  13. oauth_server  = WebApplicationServer(oauth_validator)

  14. credentials = None

  15. 

  16. def get_urlparams_from_kwargs(param_kwargs):

  17. 	arguments = param_kwargs

  18. 	if arguments.get("data"):

  19. 		arguments.pop("data")

  20. 	if arguments.get("cmd"):

  21. 		arguments.pop("cmd")

  22. 

  23. 	return urlencode(arguments)

  24. 

  25. @frappe.whitelist()

  26. def approve(*args, **kwargs):

  27. 	r = frappe.request

  28. 	uri = url_fix(r.url.replace("+"," "))

  29. 	http_method = r.method

  30. 	body = r.get_data()

  31. 	headers = r.headers

  32. 

  33. 	try:

  34. 		scopes, credentials = oauth_server.validate_authorization_request(uri, http_method, body, headers)

  35. 

  36. 		headers, body, status = oauth_server.create_authorization_response(uri=credentials['redirect_uri'], \

  37. 				body=body, headers=headers, scopes=scopes, credentials=credentials)

  38. 		uri = headers.get('Location', None)

  39. 

  40. 		frappe.local.response["type"] = "redirect"

  41. 		frappe.local.response["location"] = uri

  42. 

  43. 	except FatalClientError as e:

  44. 		return e

  45. 	except OAuth2Error as e:

  46. 		return e

  47. 

  48. @frappe.whitelist(allow_guest=True)

  49. def authorize(*args, **kwargs):

  50. 	#Fetch provider URL from settings

  51. 	oauth_settings = get_oauth_settings()

  52. 	params = get_urlparams_from_kwargs(kwargs)

  53. 	request_url = urlparse(frappe.request.url)

  54. 	success_url = request_url.scheme + "://" + request_url.netloc + "/api/method/frappe.integration_broker.oauth2.approve?" + params

  55. 	failure_url = frappe.form_dict["redirect_uri"] + "?error=access_denied" 

  56. 

  57. 	if frappe.session['user']=='Guest':

  58. 		#Force login, redirect to preauth again.

  59. 		frappe.local.response["type"] = "redirect"

  60. 		frappe.local.response["location"] = "/login?redirect-to=/api/method/frappe.integration_broker.oauth2.authorize?" + quote(params)

  61. 

  62. 	elif frappe.session['user']!='Guest':

  63. 		try:

  64. 			r = frappe.request

  65. 			uri = url_fix(r.url)

  66. 			http_method = r.method

  67. 			body = r.get_data()

  68. 			headers = r.headers

  69. 

  70. 			scopes, credentials = oauth_server.validate_authorization_request(uri, http_method, body, headers)

  71. 

  72. 			skip_auth = frappe.db.get_value("OAuth Client", credentials['client_id'], "skip_authorization")

  73. 			unrevoked_tokens = frappe.get_all("OAuth Bearer Token", filters={"status":"Active"})

  74. 

  75. 			if skip_auth or (oauth_settings["skip_authorization"] == "Auto" and len(unrevoked_tokens)):

  76. 

  77. 				frappe.local.response["type"] = "redirect"

  78. 				frappe.local.response["location"] = success_url

  79. 			else:

  80. 				#Show Allow/Deny screen.

  81. 				response_html_params = frappe._dict({

  82. 					"client_id": frappe.db.get_value("OAuth Client", kwargs['client_id'], "app_name"),

  83. 					"success_url": success_url,

  84. 					"failure_url": failure_url,

  85. 					"details": scopes

  86. 				})

  87. 				resp_html = frappe.render_template("templates/includes/oauth_confirmation.html", response_html_params)

  88. 				frappe.respond_as_web_page("Confirm Access", resp_html)

  89. 

  90. 		except FatalClientError as e:

  91. 			return e

  92. 		except OAuth2Error as e:

  93. 			return e

  94. 

  95. @frappe.whitelist(allow_guest=True)

  96. def get_token(*args, **kwargs):

  97. 	r = frappe.request

  98. 

  99. 	uri = url_fix(r.url)

  100. 	http_method = r.method

  101. 	body = r.form

  102. 	headers = r.headers

  103. 	

  104. 	#Check whether frappe server URL is set

  105. 	frappe_server_url = frappe.db.get_value("Social Login Keys", None, "frappe_server_url") or None

  106. 	if not frappe_server_url:

  107. 		frappe.throw(_("Define Frappe Server URL in Social Login Keys"))

  108. 

  109. 	try:

  110. 		headers, body, status = oauth_server.create_token_response(uri, http_method, body, headers, credentials)

  111. 		out = frappe._dict(json.loads(body))

  112. 		if not out.error and "openid" in out.scope:

  113. 			token_user = frappe.db.get_value("OAuth Bearer Token", out.access_token, "user")

  114. 			token_client = frappe.db.get_value("OAuth Bearer Token", out.access_token, "client")

  115. 			client_secret = frappe.db.get_value("OAuth Client", token_client, "client_secret")

  116. 			if token_user in ["Guest", "Administrator"]:

  117. 				frappe.throw(_("Logged in as Guest or Administrator"))

  118. 			import hashlib

  119. 			id_token_header = {

  120. 				"typ":"jwt",

  121. 				"alg":"HS256"

  122. 			}

  123. 			id_token = {

  124. 				"aud": token_client,

  125. 				"exp": int((frappe.db.get_value("OAuth Bearer Token", out.access_token, "expiration_time") - frappe.utils.datetime.datetime(1970, 1, 1)).total_seconds()),

  126. 				"sub": frappe.db.get_value("User", token_user, "frappe_userid"),

  127. 				"iss": frappe_server_url,

  128. 				"at_hash": frappe.oauth.calculate_at_hash(out.access_token, hashlib.sha256)

  129. 			}

  130. 			import jwt

  131. 			id_token_encoded = jwt.encode(id_token, client_secret, algorithm='HS256', headers=id_token_header)

  132. 			out.update({"id_token":id_token_encoded})

  133. 		frappe.local.response = out

  134. 	except FatalClientError as e:

  135. 		return e

  136. 

  137. 

  138. @frappe.whitelist(allow_guest=True)

  139. def revoke_token(*args, **kwargs):

  140. 	r = frappe.request

  141. 	uri = url_fix(r.url)

  142. 	http_method = r.method

  143. 	body = r.form

  144. 	headers = r.headers

  145. 	

  146. 	headers, body, status = oauth_server.create_revocation_response(uri, headers=headers, body=body, http_method=http_method)

  147. 	

  148. 	frappe.local.response['http_status_code'] = status

  149. 	if status == 200:

  150. 		return "success"

  151. 	else:

  152. 		return "bad request"

  153. 

  154. @frappe.whitelist()

  155. def openid_profile(*args, **kwargs):

  156. 	picture = None

  157. 	first_name, last_name, avatar, name, frappe_userid = frappe.db.get_value("User", frappe.session.user, ["first_name", "last_name", "user_image", "name", "frappe_userid"])

  158. 	request_url = urlparse(frappe.request.url)

  159. 

  160. 	if avatar:

  161. 		if validate_url(avatar):

  162. 			picture = avatar

  163. 		else:

  164. 			picture = request_url.scheme + "://" + request_url.netloc + avatar

  165. 

  166. 	user_profile = frappe._dict({

  167. 			"sub": frappe_userid,

  168. 			"name": " ".join(filter(None, [first_name, last_name])),

  169. 			"given_name": first_name,

  170. 			"family_name": last_name,

  171. 			"email": name,

  172. 			"picture": picture

  173. 		})

  174. 	

  175. 	frappe.local.response = user_profile

  176. 

  177. def validate_url(url_string):

  178. 	from urlparse import urlparse

  179. 	try:

  180. 		result = urlparse(url_string)

  181. 		if result.scheme and result.scheme in ["http", "https", "ftp", "ftps"]:

  182. 			return True

  183. 		else:

  184. 			return False

  185. 	except:

  186. 		return False