app-MAIL-temp/app/auth/views/github.py

from flask import request, session, redirect, flash, url_for
from requests_oauthlib import OAuth2Session

from app.auth.base import auth_bp
from app.auth.views.login_utils import after_login
from app.config import GITHUB_CLIENT_ID, GITHUB_CLIENT_SECRET, URL
from app.extensions import db
from app.log import LOG
from app.models import User, SocialAuth
from app.utils import encode_url

_authorization_base_url = "https://github.com/login/oauth/authorize"
_token_url = "https://github.com/login/oauth/access_token"

# need to set explicitly redirect_uri instead of leaving the lib to pre-fill redirect_uri
# when served behind nginx, the redirect_uri is localhost... and not the real url
_redirect_uri = URL + "/auth/github/callback"


@auth_bp.route("/github/login")
def github_login():
    next_url = request.args.get("next")
    if next_url:
        redirect_uri = _redirect_uri + "?next=" + encode_url(next_url)
    else:
        redirect_uri = _redirect_uri

    github = OAuth2Session(
        GITHUB_CLIENT_ID, scope=["user:email"], redirect_uri=redirect_uri
    )
    authorization_url, state = github.authorization_url(_authorization_base_url)

    # State is used to prevent CSRF, keep this for later.
    session["oauth_state"] = state
    return redirect(authorization_url)


@auth_bp.route("/github/callback")
def github_callback():
    # user clicks on cancel
    if "error" in request.args:
        flash("Please use another sign in method then", "warning")
        return redirect("/")

    github = OAuth2Session(
        GITHUB_CLIENT_ID,
        state=session["oauth_state"],
        scope=["user:email"],
        redirect_uri=_redirect_uri,
    )
    github.fetch_token(
        _token_url,
        client_secret=GITHUB_CLIENT_SECRET,
        authorization_response=request.url,
    )

    # a dict with "name", "login"
    github_user_data = github.get("https://api.github.com/user").json()

    # return list of emails
    # {
    #     'email': 'abcd@gmail.com',
    #     'primary': False,
    #     'verified': True,
    #     'visibility': None
    # }
    emails = github.get("https://api.github.com/user/emails").json()

    # only take the primary email
    email = None

    for e in emails:
        if e.get("verified") and e.get("primary"):
            email = e.get("email")
            break

    if not email:
        LOG.error(f"cannot get email for github user {github_user_data} {emails}")
        flash(
            "Cannot get a valid email from Github, please another way to login/sign up",
            "error",
        )
        return redirect(url_for("auth.login"))

    email = email.strip().lower()
    user = User.get_by(email=email)

    if not user:
        flash(
            "Sorry you cannot sign up via Github, please use email/password sign-up instead",
            "error",
        )
        return redirect(url_for("auth.register"))

    if not SocialAuth.get_by(user_id=user.id, social="github"):
        SocialAuth.create(user_id=user.id, social="github")
        db.session.commit()

    # The activation link contains the original page, for ex authorize page
    next_url = request.args.get("next") if request.args else None

    return after_login(user, next_url)
use can_be_used_as_personal_email when user registers or change emails 2020-01-26 13:51:43 +01:00			`from flask import request, session, redirect, flash, url_for`
add github login 2019-07-07 22:46:03 +02:00			`from requests_oauthlib import OAuth2Session`

			`from app.auth.base import auth_bp`
Optimize imports 2020-05-09 20:49:38 +02:00			`from app.auth.views.login_utils import after_login`
			`from app.config import GITHUB_CLIENT_ID, GITHUB_CLIENT_SECRET, URL`
add github login 2019-07-07 22:46:03 +02:00			`from app.extensions import db`
			`from app.log import LOG`
save which social network user uses in SocialAuth table 2020-02-27 16:16:12 +01:00			`from app.models import User, SocialAuth`
better notify_admin message 2019-08-30 22:12:31 +02:00			`from app.utils import encode_url`
add github login 2019-07-07 22:46:03 +02:00
redirect user to next after login with github/google 2019-07-08 19:33:28 +02:00			`_authorization_base_url = "https://github.com/login/oauth/authorize"`
			`_token_url = "https://github.com/login/oauth/access_token"`
add github login 2019-07-07 22:46:03 +02:00
set explicitly the redirect_uri 2019-07-07 22:56:55 +02:00			`# need to set explicitly redirect_uri instead of leaving the lib to pre-fill redirect_uri`
			`# when served behind nginx, the redirect_uri is localhost... and not the real url`
redirect user to next after login with github/google 2019-07-08 19:33:28 +02:00			`_redirect_uri = URL + "/auth/github/callback"`
set explicitly the redirect_uri 2019-07-07 22:56:55 +02:00
add github login 2019-07-07 22:46:03 +02:00
			`@auth_bp.route("/github/login")`
			`def github_login():`
redirect user to next after login with github/google 2019-07-08 19:33:28 +02:00			`next_url = request.args.get("next")`
			`if next_url:`
			`redirect_uri = _redirect_uri + "?next=" + encode_url(next_url)`
			`else:`
			`redirect_uri = _redirect_uri`

set explicitly the redirect_uri 2019-07-07 22:56:55 +02:00			`github = OAuth2Session(`
			`GITHUB_CLIENT_ID, scope=["user:email"], redirect_uri=redirect_uri`
			`)`
redirect user to next after login with github/google 2019-07-08 19:33:28 +02:00			`authorization_url, state = github.authorization_url(_authorization_base_url)`
add github login 2019-07-07 22:46:03 +02:00
			`# State is used to prevent CSRF, keep this for later.`
			`session["oauth_state"] = state`
			`return redirect(authorization_url)`


			`@auth_bp.route("/github/callback")`
			`def github_callback():`
handle the case user clicks on cancel 2019-07-11 20:14:18 +02:00			`# user clicks on cancel`
			`if "error" in request.args:`
fix typos and improve messages showing at the end users 2019-12-26 14:00:17 +01:00			`flash("Please use another sign in method then", "warning")`
handle the case user clicks on cancel 2019-07-11 20:14:18 +02:00			`return redirect("/")`

add github login 2019-07-07 22:46:03 +02:00			`github = OAuth2Session(`
set explicitly the redirect_uri 2019-07-07 22:56:55 +02:00			`GITHUB_CLIENT_ID,`
			`state=session["oauth_state"],`
			`scope=["user:email"],`
redirect user to next after login with github/google 2019-07-08 19:33:28 +02:00			`redirect_uri=_redirect_uri,`
add github login 2019-07-07 22:46:03 +02:00			`)`
make sure to use lowercase for alias email 2020-05-20 18:12:14 +02:00			`github.fetch_token(`
redirect user to next after login with github/google 2019-07-08 19:33:28 +02:00			`_token_url,`
add github login 2019-07-07 22:46:03 +02:00			`client_secret=GITHUB_CLIENT_SECRET,`
			`authorization_response=request.url,`
			`)`

			`# a dict with "name", "login"`
			`github_user_data = github.get("https://api.github.com/user").json()`

			`# return list of emails`
			`# {`
			`# 'email': 'abcd@gmail.com',`
			`# 'primary': False,`
			`# 'verified': True,`
			`# 'visibility': None`
			`# }`
			`emails = github.get("https://api.github.com/user/emails").json()`

			`# only take the primary email`
			`email = None`

			`for e in emails:`
use github email that is "verified" and "primary" 2020-03-05 16:45:49 +01:00			`if e.get("verified") and e.get("primary"):`
add github login 2019-07-07 22:46:03 +02:00			`email = e.get("email")`
			`break`

			`if not email:`
show error if no such email exists from Github 2020-03-05 16:46:02 +01:00			`LOG.error(f"cannot get email for github user {github_user_data} {emails}")`
			`flash(`
			`"Cannot get a valid email from Github, please another way to login/sign up",`
			`"error",`
			`)`
			`return redirect(url_for("auth.login"))`
add github login 2019-07-07 22:46:03 +02:00
make sure to strip and lower email in input 2020-04-15 21:12:45 +02:00			`email = email.strip().lower()`
add github login 2019-07-07 22:46:03 +02:00			`user = User.get_by(email=email)`

Redirect user to MFA page if they enable MFA 2019-12-27 15:35:22 +01:00			`if not user:`
disable sign-up via social login 2020-05-07 22:01:14 +02:00			`flash(`
			`"Sorry you cannot sign up via Github, please use email/password sign-up instead",`
			`"error",`
fix name can be absent in github data https://sentry.io/organizations/son/issues/1201398007/?project=1478143&query=is%3Aunresolved 2019-11-17 11:32:51 +01:00			`)`
disable sign-up via social login 2020-05-07 22:01:14 +02:00			`return redirect(url_for("auth.register"))`
add github login 2019-07-07 22:46:03 +02:00
save which social network user uses in SocialAuth table 2020-02-27 16:16:12 +01:00			`if not SocialAuth.get_by(user_id=user.id, social="github"):`
			`SocialAuth.create(user_id=user.id, social="github")`
			`db.session.commit()`

add github login 2019-07-07 22:46:03 +02:00			`# The activation link contains the original page, for ex authorize page`
Redirect user to MFA page if they enable MFA 2019-12-27 15:35:22 +01:00			`next_url = request.args.get("next") if request.args else None`

			`return after_login(user, next_url)`