Coverage for webapp/login/oauth_views.py: 42%

31 statements  

« prev     ^ index     » next       coverage.py v7.14.1, created at 2026-06-15 22:43 +0000

1import os 

2 

3import flask 

4from webapp.decorators import login_required 

5from webapp.api.requests import Session 

6from urllib.parse import urlencode 

7from werkzeug.exceptions import BadRequest 

8 

9oauth = flask.Blueprint( 

10 "oauth", __name__, template_folder="/templates", static_folder="/static" 

11) 

12 

13 

14@oauth.route("/github/auth", methods=["GET"]) 

15@login_required 

16def github_auth(): 

17 """ 

18 Redirect to authorize our Github application and request 

19 access to the user's data. 

20 """ 

21 redirect_path = flask.request.args.get("back") 

22 

23 if redirect_path and redirect_path.startswith("/"): 

24 flask.session["github_auth_redirect"] = redirect_path 

25 

26 params = { 

27 "client_id": os.getenv("GITHUB_CLIENT_ID"), 

28 "scope": "admin:repo_hook read:org", 

29 "state": flask.session["csrf_token"], 

30 } 

31 

32 return flask.redirect( 

33 f"https://github.com/login/oauth/authorize?{urlencode(params)}" 

34 ) 

35 

36 

37@oauth.route("/github/auth/verify", methods=["GET"]) 

38@login_required 

39def github_login_verify(): 

40 """ 

41 Handles response after the redirect to Github. This response determines 

42 if the user has allowed this application access. If we were then we send 

43 a POST request for the access_key used to authenticate requests to Github. 

44 """ 

45 url_to_redirect = flask.session.pop( 

46 "github_auth_redirect", flask.url_for("snapcraft.homepage") 

47 ) 

48 

49 state = flask.request.args.get("state") 

50 

51 # Avoid CSRF attacks 

52 if state != flask.session["csrf_token"]: 

53 flask.flash("Invalid request", "negative") 

54 return flask.redirect(url_to_redirect) 

55 

56 data = { 

57 "code": flask.request.args.get("code"), 

58 "client_id": os.getenv("GITHUB_CLIENT_ID"), 

59 "client_secret": os.getenv("GITHUB_CLIENT_SECRET"), 

60 } 

61 

62 session = Session() 

63 response = session.request( 

64 method="POST", 

65 url="https://github.com/login/oauth/access_token", 

66 json=data, 

67 headers={"Accept": "application/json"}, 

68 ) 

69 

70 data = response.json() 

71 

72 if "error" in data: 

73 raise BadRequest(data["error_description"], response=response) 

74 

75 flask.session["github_auth_secret"] = data["access_token"] 

76 

77 return flask.redirect(url_to_redirect)