Merge pull request #5 from thomasDOTde/feature-google-oauth

Feature google oauth
thomasDOTwtf · Nov 1, 2017 · 1d705e6 · 1d705e6
2 parents 05196ee + c6a0270
commit 1d705e6
Show file tree

Hide file tree

Showing 5 changed files with 89 additions and 2 deletions.
diff --git a/app/__init__.py b/app/__init__.py
@@ -11,6 +11,7 @@
 login_manager.init_app(app)
 db = SQLAlchemy(app)
 
+
 def enable_github_oauth(GITHUB_ENABLE):
     if not GITHUB_ENABLE:
         return None, None
@@ -46,7 +47,47 @@ def get_github_oauth_token():
 
     return oauth, github
 
+
 oauth, github = enable_github_oauth(app.config.get('GITHUB_OAUTH_ENABLE'))
 
 
+def enable_google_oauth(GOOGLE_ENABLE):
+    if not GOOGLE_ENABLE:
+        return None
+    from flask_oauthlib.client import OAuth
+    oauth = OAuth(app)
+
+    google = oauth.remote_app(
+        'google',
+        consumer_key=app.config['GOOGLE_OAUTH_CLIENT_ID'],
+        consumer_secret=app.config['GOOGLE_OAUTH_CLIENT_SECRET'],
+        request_token_params=app.config['GOOGLE_TOKEN_PARAMS'],
+        base_url=app.config['GOOGLE_BASE_URL'],
+        request_token_url=None,
+        access_token_method='POST',
+        access_token_url=app.config['GOOGLE_TOKEN_URL'],
+        authorize_url=app.config['GOOGLE_AUTHORIZE_URL'],
+    )
+
+    @app.route('/user/authorized')
+    def authorized():
+        resp = google.authorized_response()
+        if resp is None:
+            return 'Access denied: reason=%s error=%s' % (
+                request.args['error_reason'],
+                request.args['error_description']
+            )
+        session['google_token'] = (resp['access_token'], '')
+        return redirect(url_for('.login'))
+
+    @google.tokengetter
+    def get_google_oauth_token():
+        return session.get('google_token')
+
+    return google
+
+
+google = enable_google_oauth(app.config.get('GOOGLE_OAUTH_ENABLE'))
+
+
 from app import views, models
diff --git a/app/templates/login.html b/app/templates/login.html
@@ -98,6 +98,9 @@
         <!-- /.col -->
       </div>
     </form>
+    {% if google_enabled %}
+    <a href="{{ url_for('google_login') }}">Google oauth login</a>
+    {% endif %}
     {% if saml_enabled %}
     <br>
     <a href="{{ url_for('saml_login') }}">SAML login</a>

diff --git a/app/views.py b/app/views.py
@@ -17,7 +17,7 @@
 from werkzeug.security import gen_salt
 
 from .models import User, Domain, Record, Server, History, Anonymous, Setting, DomainSetting
-from app import app, login_manager, github
+from app import app, login_manager, github, google
 from lib import utils
 
 from onelogin.saml2.auth import OneLogin_Saml2_Auth
@@ -162,6 +162,14 @@ def register():
     else:
         return render_template('errors/404.html'), 404
 
+
+@app.route('/google/login')
+def google_login():
+    if not app.config.get('GOOGLE_OAUTH_ENABLE'):
+        return abort(400)
+    return google.authorize(callback=url_for('authorized', _external=True))
+
+
 @app.route('/github/login')
 def github_login():
     if not app.config.get('GITHUB_OAUTH_ENABLE'):
@@ -242,11 +250,31 @@ def login():
     BASIC_ENABLED = app.config['BASIC_ENABLED']
     SIGNUP_ENABLED = app.config['SIGNUP_ENABLED']
     GITHUB_ENABLE = app.config.get('GITHUB_OAUTH_ENABLE')
+    GOOGLE_ENABLE = app.config.get('GOOGLE_OAUTH_ENABLE')
     SAML_ENABLED = app.config.get('SAML_ENABLED')
 
     if g.user is not None and current_user.is_authenticated:
         return redirect(url_for('dashboard'))
 
+    if 'google_token' in session:
+        user_data = google.get('userinfo').data
+        first_name = user_data['given_name']
+        surname = user_data['family_name']
+        email = user_data['email']
+        user = User.query.filter_by(username=email).first()
+        if not user:
+            # create user
+            user = User(username=email,
+                        firstname=first_name,
+                        lastname=surname,
+                        plain_text_password=gen_salt(7),
+                        email=email)
+            user.create_local_user()
+
+        session['user_id'] = user.id
+        login_user(user, remember = False)
+        return redirect(url_for('index'))
+
     if 'github_token' in session:
         me = github.get('user')
         user_info = me.data
@@ -266,6 +294,7 @@ def login():
     if request.method == 'GET':
         return render_template('login.html',
                                github_enabled=GITHUB_ENABLE,
+                               google_enabled=GOOGLE_ENABLE,
                                saml_enabled=SAML_ENABLED,
                                ldap_enabled=LDAP_ENABLED, login_title=LOGIN_TITLE,
                                basic_enabled=BASIC_ENABLED, signup_enabled=SIGNUP_ENABLED)
@@ -354,6 +383,7 @@ def login():
 def logout():
     session.pop('user_id', None)
     session.pop('github_token', None)
+    session.pop('google_token', None)
     session.clear()
     logout_user()
     return redirect(url_for('login'))

diff --git a/config_template.py b/config_template.py
@@ -65,6 +65,19 @@
 GITHUB_OAUTH_TOKEN = 'http://127.0.0.1:5000/oauth/token'
 GITHUB_OAUTH_AUTHORIZE = 'http://127.0.0.1:5000/oauth/authorize'
 
+
+# Google OAuth
+GOOGLE_OAUTH_ENABLE = False
+GOOGLE_OAUTH_CLIENT_ID = ' '
+GOOGLE_OAUTH_CLIENT_SECRET = ' '
+GOOGLE_REDIRECT_URI = '/user/authorized'
+GOOGLE_TOKEN_URL = 'https://accounts.google.com/o/oauth2/token'
+GOOGLE_TOKEN_PARAMS = {
+    'scope': 'email profile'
+}
+GOOGLE_AUTHORIZE_URL='https://accounts.google.com/o/oauth2/auth'
+GOOGLE_BASE_URL='https://www.googleapis.com/oauth2/v1/'
+
 # SAML Authnetication
 SAML_ENABLED = False
 SAML_DEBUG = True

diff --git a/run.py b/run.py
@@ -3,7 +3,7 @@
 from config import PORT
 
 try:
-	from config import BIND_ADDRESS 
+	from config import BIND_ADDRESS
 except:
 	BIND_ADDRESS = '127.0.0.1'