mygpo/web/auth.py

   1 #
   2 # This file is part of my.gpodder.org.
   3 #
   4 # my.gpodder.org is free software: you can redistribute it and/or modify it
   5 # under the terms of the GNU Affero General Public License as published by
   6 # the Free Software Foundation, either version 3 of the License, or (at your
   7 # option) any later version.
   8 #
   9 # my.gpodder.org is distributed in the hope that it will be useful, but
  10 # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  11 # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public
  12 # License for more details.
  13 #
  14 # You should have received a copy of the GNU Affero General Public License
  15 # along with my.gpodder.org. If not, see <http://www.gnu.org/licenses/>.
  16 #
  17
  18 from django.contrib.auth.backends import ModelBackend
  19 from django.core.validators import validate_email
  20 from django.core.exceptions import ValidationError
  21 from django.conf import settings
  22 from django.contrib.sites.models import RequestSite
  23 from django.core.urlresolvers import reverse
  24
  25 from mygpo.users.models import User
  26
  27
  28 class EmailAuthenticationBackend(ModelBackend):
  29     def authenticate(self, username=None, password=None):
  30         try:
  31             validate_email(username)
  32
  33             user = User.get_user_by_email(username)
  34             if not user:
  35                 return None
  36
  37             return user if user.check_password(password) else None
  38
  39         except ValidationError:
  40             return None
  41
  42     def get_user(self, username):
  43         return User.get_user(username)
  44
  45
  46 def get_google_oauth_flow(request):
  47     """ Prepare an OAuth 2.0 flow
  48
  49     https://developers.google.com/api-client-library/python/guide/aaa_oauth """
  50
  51     from oauth2client.client import OAuth2WebServerFlow
  52
  53     site = RequestSite(request)
  54
  55     callback = 'http{s}://{domain}{callback}'.format(
  56         s='s' if request.is_secure() else '',
  57         domain=site.domain,
  58         callback=reverse('login-google-callback'))
  59
  60     flow = OAuth2WebServerFlow(
  61         client_id=settings.GOOGLE_CLIENT_ID,
  62         client_secret=settings.GOOGLE_CLIENT_SECRET,
  63         scope='https://www.googleapis.com/auth/userinfo.email',
  64         redirect_uri=callback)
  65
  66     return flow