Source code for ferris3.oauth2

from __future__ import absolute_import
from google.appengine.ext import ndb
import hashlib
import endpoints
import os
from oauth2client.client import AccessTokenCredentials



[docs]def get_endpoints_credentials():
    """
    Gets the oauth2 credentials from the user authenticated to Google Cloud Endpoints.

    Presently, this does not work for Android and iOS clients. We are open to patches to fix it.
    """
    user = endpoints.get_current_user()
    if not user:
        return False

    if not 'HTTP_AUTHORIZATION' in os.environ:
        return False

    token = os.environ['HTTP_AUTHORIZATION'].split(' ').pop()
    credentials = AccessTokenCredentials(token, 'appengine:ferris')

    return credentials



def _get_config():
    from . import settings
    config = settings.get('oauth2_service_account')
    if not config:
        raise RuntimeError("OAuth2 Service Account is not configured correctly")
    return config


try:
    from oauth2client.client import SignedJwtAssertionCredentials
except ImportError:
    SignedJwtAssertionCredentials = None

from oauth2client.appengine import StorageByKeyName, CredentialsNDBProperty



[docs]def build_service_account_credentials(scope, user=None):
    """
    Builds service account credentials using the configuration stored in :mod:`~ferris3.settings`
    and masquerading as the provided user.
    """
    if not SignedJwtAssertionCredentials:
        raise EnvironmentError("Service account can not be used because PyCrypto is not available. Please install PyCrypto.")

    config = _get_config()

    if not isinstance(scope, (list, tuple)):
        scope = [scope]

    key = _generate_storage_key(config['client_email'], scope, user)
    storage = StorageByKeyName(ServiceAccountStorage, key, 'credentials')

    creds = SignedJwtAssertionCredentials(
        service_account_name=config['client_email'],
        private_key=config['private_key'],
        scope=scope,
        prn=user)
    creds.set_store(storage)

    return creds



class ServiceAccountStorage(ndb.Model):
    """
    Tracks access tokens in the database. The key is
    based on the scopes, user, and clientid
    """
    credentials = CredentialsNDBProperty()

    @classmethod
    def _get_kind(cls):
        return '_ferris_OAuth2ServiceAccountStorage'


def _generate_storage_key(client_id, scopes, user):
    s = u"%s%s%s" % (client_id, sorted(scopes), user)
    hash = hashlib.sha1(s.encode())
    return hash.hexdigest()