| #!/usr/bin/env python3 |
| # -*- coding: utf-8 -*- |
| # Licensed to the Apache Software Foundation (ASF) under one or more |
| # contributor license agreements. See the NOTICE file distributed with |
| # this work for additional information regarding copyright ownership. |
| # The ASF licenses this file to You under the Apache License, Version 2.0 |
| # (the "License"); you may not use this file except in compliance with |
| # the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| |
| """Parent OAuth endpoint for ASF Infra Boxer""" |
| |
| import plugins.basetypes |
| import plugins.session |
| import plugins.oauthGeneric |
| import plugins.oauthGithub |
| import plugins.projects |
| import typing |
| import aiohttp.web |
| import hashlib |
| |
| |
| async def process( |
| server: plugins.basetypes.Server, |
| session: plugins.session.SessionObject, |
| indata: dict, |
| ) -> typing.Union[dict, aiohttp.web.Response]: |
| |
| state = indata.get("state") |
| code = indata.get("code") |
| |
| rv: typing.Optional[dict] = None |
| oatype = None |
| # GitHub OAuth - Fetches name and email |
| if indata.get('key', '') == 'github' and code: |
| rv = await plugins.oauthGithub.process(indata, session, server) |
| oatype = "github" |
| |
| # Generic OAuth handler, only one we support for now. Works with ASF OAuth. |
| elif state and code: |
| rv = await plugins.oauthGeneric.process(indata, session, server) |
| oatype = "apache" |
| |
| if rv and oatype == "apache": |
| ghid = None |
| person = plugins.projects.Committer(asf_id=rv["uid"], linkdb=server.database.client) |
| if person and person.github_login: |
| ghid = person.github_login |
| if person not in server.data.people: |
| server.data.people.append(person) |
| is_admin = person.asf_id in server.config.oauth.admins |
| is_member = rv.get("isMember", False) |
| cookie = await plugins.session.set_session(server, uid=rv["uid"], name=rv["fullname"], email=rv["email"], github_login=ghid, admin=is_admin, member=is_member) |
| return aiohttp.web.Response( |
| headers={"set-cookie": cookie, "content-type": "application/json"}, status=200, text='{"okay": true}', |
| ) |
| elif rv and oatype == "github" and session.credentials: |
| session.credentials.github_login = rv["login"] |
| session.credentials.github_id = rv["id"] |
| |
| if session.credentials.uid in server.data.people: |
| print(f"Removing stale GitHub link entry for {session.credentials.uid}") |
| server.data.people.remove(session.credentials.uid) |
| |
| person = plugins.projects.Committer( |
| asf_id=session.credentials.uid, |
| linkdb=server.database.client, |
| ) |
| person.github_login = session.credentials.github_login |
| person.github_id = session.credentials.github_id |
| person.real_name = session.credentials.name |
| person.github_mfa = session.credentials.github_login in server.data.mfa and server.data.mfa[session.credentials.github_login] |
| person.save(server.database.client) |
| server.data.people.append(person) |
| return { |
| "okay": True, |
| "message": f"Authed as {session.credentials.github_login}" |
| } |
| return {"okay": False, "message": "Could not process OAuth login!"} |
| |
| |
| def register(server: plugins.basetypes.Server): |
| return plugins.basetypes.Endpoint(process) |