Source code for flask_unchained.bundles.oauth.views.oauth_controller

from flask import abort, request, session
from flask_unchained import (
    Controller, injectable, lazy_gettext as _, route, url_for)
from http import HTTPStatus

from ...security import SecurityService, UserManager, anonymous_user_required

from ..extensions import OAuth
from ..services import OAuthService



[docs]class OAuthController(Controller):
    oauth: OAuth = injectable
    oauth_service: OAuthService = injectable
    security_service: SecurityService = injectable
    user_manager: UserManager = injectable

    @route('/login/<string:remote_app>')
    @anonymous_user_required(msg='You are already logged in', category='success')
    def login(self, remote_app):
        provider = getattr(self.oauth, remote_app)
        return provider.authorize(callback=url_for(
            'o_auth_controller.authorized', remote_app=remote_app,
            _external=True, _scheme='https'))

    def logout(self):
        session.pop('oauth_token', None)
        self.security_service.logout_user()
        self.flash(_('flask_unchained.bundles.security:flash.logout'),
                   category='success')
        return self.redirect('SECURITY_POST_LOGOUT_REDIRECT_ENDPOINT')

    @route('/authorized/<string:remote_app>')
    @anonymous_user_required(msg='You are already logged in', category='success')
    def authorized(self, remote_app):
        provider = getattr(self.oauth, remote_app)
        resp = provider.authorized_response()
        if resp is None or resp.get('access_token') is None:
            abort(HTTPStatus.UNAUTHORIZED,
                  'errorCode={error} error={description}'.format(
                      error=request.args['error'],
                      description=request.args['error_description'],
                  ))

        session['oauth_token'] = resp['access_token']

        email, data = self.oauth_service.get_user_details(provider)
        user, created = self.user_manager.get_or_create(email=email,
                                                        defaults=data,
                                                        commit=True)
        if created:
            self.security_service.register_user(
                user, _force_login_without_confirmation=True)
        else:
            self.security_service.login_user(user, force=True)

        self.oauth_service.on_authorized(provider)
        self.flash(_('flask_unchained.bundles.security:flash.login'),
                   category='success')
        return self.redirect('SECURITY_POST_LOGIN_REDIRECT_ENDPOINT')