Skip to content

irul / opensipkd-base

Go to a project
Commit fede081c by aagusti
Options

perbaikan google signin

1 parent d6402179
Inline Side-by-side
Showing 2 changed files with 23 additions and 5 deletions
opensipkd/base/views/base_google.py
import logging
from google.auth.transport import requests from google.auth.transport import requests
from google.oauth2 import id_token from google.oauth2 import id_token
from opensipkd.base import get_params from opensipkd.base import get_params
...@@ -7,6 +9,8 @@ from opensipkd.models import User ...@@ -7,6 +9,8 @@ from opensipkd.models import User
from opensipkd.tools import get_settings from opensipkd.tools import get_settings
import json import json
_logging = logging.getLogger(__name__)
def validate_user(request, idinfo): def validate_user(request, idinfo):
""" """
...@@ -49,7 +53,7 @@ def google_oauth2(request): ...@@ -49,7 +53,7 @@ def google_oauth2(request):
@view_config(route_name='googlesignin', renderer='json') @view_config(route_name='googlesignin', renderer='json')
def googlesignin(request): def googlesignin(request, data=None):
# (Receive token by HTTPS POST) # (Receive token by HTTPS POST)
# ... # ...
CLIENT_IDS = request.google_signin_client_ids CLIENT_IDS = request.google_signin_client_ids
...@@ -59,15 +63,29 @@ def googlesignin(request): ...@@ -59,15 +63,29 @@ def googlesignin(request):
# idinfo = id_token.verify_oauth2_token(token, requests.Request(), CLIENT_ID) # idinfo = id_token.verify_oauth2_token(token, requests.Request(), CLIENT_ID)
# Or, if multiple clients access the backend server: # Or, if multiple clients access the backend server:
gtoken = json.loads(request.params['id_token']) id_token = "id_token" in request.params and request.params[
'id_token'] or None
gtoken = None
if id_token:
gtoken = json.loads(id_token)
else:
if data and "id_token" in data:
gtoken = data["id_token"]
_logging.debug(gtoken)
if not gtoken:
raise Exception("Gtoken not found")
# idinfo = id_token.verify_oauth2_token(gtoken, requests.Request()) # idinfo = id_token.verify_oauth2_token(gtoken, requests.Request())
# test # test
import jwt import jwt
idinfo = jwt.decode(gtoken["credential"], options={"verify_signature": False}) # KEY, algorithms=["RS256"]) # idinfo = jwt.decode(gtoken["credential"], options={
"verify_signature": False}) # KEY, algorithms=["RS256"]) #
_logging.debug(CLIENT_IDS)
_logging.debug(idinfo)
if idinfo['aud'] not in CLIENT_IDS or idinfo['azp'] not in CLIENT_IDS: if idinfo['aud'] not in CLIENT_IDS or idinfo['azp'] not in CLIENT_IDS:
raise ValueError('Could not verify audience.') raise ValueError('Could not verify audience.')
if idinfo['iss'] not in ['accounts.google.com', 'https://accounts.google.com']: if idinfo['iss'] not in ['accounts.google.com',
'https://accounts.google.com']:
raise ValueError('Wrong issuer.') raise ValueError('Wrong issuer.')
return idinfo return idinfo
opensipkd/base/views/register.py
...@@ -223,7 +223,7 @@ class Registrasi(BaseView): ...@@ -223,7 +223,7 @@ class Registrasi(BaseView):
err_captcha() err_captcha()
user = request.user user = request.user
if not "email" in value and "id_info" in session: if "email" not in value and "id_info" in session:
value["email"] = session["id_info"]["email"] value["email"] = session["id_info"]["email"]
if not user and ( if not user and (
......
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!