Last active
November 17, 2017 13:46
-
-
Save pmcao/22d1c6f04ebd662c4baf83d7a6d1e9dd to your computer and use it in GitHub Desktop.
SVAuth Python Platform
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
""" | |
SVAuth Python Platform | |
Time-stamp: <2017-11-17 07:40:51 phuong> | |
""" | |
import os | |
import requests | |
import json | |
from flask import Flask, request, session, redirect, render_template, make_response | |
CHECK_AUTHCODE_URL = "https://authjs.westus.cloudapp.azure.com:3020/CheckAuthCode?authcode={}" | |
RELYING_PARTY = "https://svauth-python-adapter.herokuapp.com?py" | |
START_URL = "https://authjs.westus.cloudapp.azure.com:3020/login/Facebook?conckey={}&concdst={}" | |
AUTHORIZED_USERS = ["Phuong Cao"] | |
def init_session(): | |
""" | |
Init an empty session | |
""" | |
if "UserID" not in session: | |
session["UserID"] = "" | |
def init_token(): | |
""" | |
Init a token key used to validate user profile returned from the public agent | |
""" | |
import hashlib | |
MAX_TOKEN_LENGTH = 38 | |
sid_sha256 = hashlib.sha256( | |
request.cookies.get('session').encode('utf-8')).hexdigest() | |
token = sid_sha256[:MAX_TOKEN_LENGTH] | |
session["token"] = sid_sha256[:MAX_TOKEN_LENGTH] | |
return token | |
def validate_user(resp): | |
if resp['userProfile']["FullName"] not in AUTHORIZED_USERS: | |
raise Exception("unauthorized") | |
if ('conckey' not in resp) or \ | |
(session["token"] != resp['conckey']): | |
raise Exception("invalid token") | |
def populate_user_profile(resp): | |
fields = ["UserID", "FullName", "Email", "Authority"] | |
for field in fields: | |
session[field] = resp['userProfile'][field] | |
def request_user_profile(authcode): | |
return json.loads( | |
requests.get(CHECK_AUTHCODE_URL.format(authcode), verify=False).text) | |
app = Flask(__name__) | |
@app.route('/', methods=['GET']) | |
def index(): | |
""" | |
Show an index page with social login buttons | |
""" | |
init_session() | |
resp = make_response(render_template("index.html")) | |
return resp | |
@app.route('/logout', methods=['GET']) | |
def logout(): | |
""" | |
Clear session data | |
""" | |
session.clear() | |
return redirect("/") | |
@app.route('/start', methods=['GET']) | |
def start(): | |
""" | |
Start the login flow by contacting the remote svauth agent | |
""" | |
token = init_token() | |
return redirect(START_URL.format(token, RELYING_PARTY)) | |
@app.route('/SVAuth/adapters/py/RemoteCreateNewSession.py', methods=['GET']) | |
def remote_create_new_session(): | |
""" | |
Retrieve an authentication code from public agent | |
Request user profile from svauth public agent | |
Populate user profile to current session | |
""" | |
resp = request_user_profile(request.args.get("authcode")) | |
validate_user(resp) | |
populate_user_profile(resp) | |
return redirect("/") | |
if __name__ == '__main__': | |
app.debug = True | |
app.secret_key = os.urandom(24) | |
app.run(host='0.0.0.0', port=int(os.environ.get('PORT', 80))) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment