sms-proj/google_auth.py

#!/usr/bin/env python3
#This comes from https://www.mattbutton.com/2019/01/05/google-authentication-with-python-and-flask/
#With the nessicary mods for my program.

import functools
import os

#from flask import Flask, request, session, render_template, flash
import flask
import pprint
import configparser
import appdb
from authlib.client import OAuth2Session
import google.oauth2.credentials
import googleapiclient.discovery
import atom.data
import gdata.data
import gdata.contacts.client
import gdata.contacts.data
#from oauth2client import GOOGLE_TOKEN_URI

config = configparser.ConfigParser()
config.read('config.ini')
app_debug = config.get("app","debug")

ACCESS_TOKEN_URI = 'https://www.googleapis.com/oauth2/v4/token'
AUTHORIZATION_URL = 'https://accounts.google.com/o/oauth2/v2/auth?prompt=consent'

AUTHORIZATION_SCOPE = ['openid', 'https://www.googleapis.com/auth/userinfo.email',
                     'https://www.googleapis.com/auth/userinfo.profile',
                     'https://www.googleapis.com/auth/contacts.readonly',
                     'https://www.googleapis.com/auth/user.phonenumbers.read']

AUTH_REDIRECT_URI = config.get("auth","FN_AUTH_REDIRECT_URI")
BASE_URI = config.get("auth","FN_BASE_URI")
CLIENT_ID = config.get("auth","FN_CLIENT_ID")
CLIENT_SECRET = config.get("auth","FN_CLIENT_SECRET")
 
#FN_FLASK_SECRET_KEY 
AUTH_TOKEN_KEY = 'auth_token'
AUTH_STATE_KEY = 'auth_state'

app = flask.Blueprint('google_auth', __name__)
#app = flask.Flask(__name__)
#if app_debug == '1':
app.debug = True
##else:
#app.debug = False
    

def is_logged_in():
    return True if AUTH_TOKEN_KEY in flask.session else False

def build_credentials():
    if not is_logged_in():
        raise Exception('User must be logged in')

    oauth2_tokens = flask.session[AUTH_TOKEN_KEY]
    pprint.pprint(oauth2_tokens)
    return google.oauth2.credentials.Credentials(
                oauth2_tokens['access_token'],
                refresh_token=oauth2_tokens['refresh_token'],
                client_id=CLIENT_ID,
                client_secret=CLIENT_SECRET,
                token_uri=ACCESS_TOKEN_URI)

def get_user_info():
    credentials = build_credentials()
    oauth2_client = googleapiclient.discovery.build(
                        'oauth2', 'v2',
                        credentials=credentials)
    return oauth2_client.userinfo().get().execute()

def getGoogleId():
    if 'gid' in flask.session:
        gid = flask.session['gid']
    else:
        return False
    pprint.pprint ("Google ID from Storage is:")
    pprint.pprint (gid)
    return gid

def getRefreshToken():
    oauth2_tokens = flask.session[AUTH_TOKEN_KEY]
    return oauth2_tokens['refresh_token']

def no_cache(view):
    @functools.wraps(view)
    def no_cache_impl(*args, **kwargs):
        response = flask.make_response(view(*args, **kwargs))
        response.headers['Cache-Control'] = 'no-store, no-cache, must-revalidate, max-age=0'
        response.headers['Pragma'] = 'no-cache'
        response.headers['Expires'] = '-1'
        return response

    return functools.update_wrapper(no_cache_impl, view)

def getGoogleContacts():
    #userInfo = get_user_info()
    gd_client = gdata.contacts.client.ContactsClient(source='TheWords.faith')
    feed = gd_client.GetContacts()
    if not feed:
        return "Unable to run 'GetContacts()'"
    
    for i, entry in enumerate(feed.entry):
        print( '\n%s %s' % (i+1, entry.name.full_name.text))
    if entry.content:
        print( '    %s' % (entry.content.text))
    # Display the primary email address for the contact.
    for email in entry.email:
        if email.primary and email.primary == 'true':
            print ('    %s' % (email.address))
    # Show the contact groups that this contact is a member of.
    for group in entry.group_membership_info:
        print ('    Member of group: %s' % (group.href))
    # Display extended properties.
    for extended_property in entry.extended_property:
        if extended_property.value:
            value = extended_property.value
        else:
            value = extended_property.GetXmlBlob()
    print( '    Extended Property - %s: %s' % (extended_property.name, value))

@app.route('/google/login')
@no_cache
def login():
    session = OAuth2Session(CLIENT_ID, CLIENT_SECRET,
                            scope=AUTHORIZATION_SCOPE,
                            redirect_uri=AUTH_REDIRECT_URI)
  
    uri, state = session.create_authorization_url(AUTHORIZATION_URL,access_type='offline',include_granted_scopes='true')
    flask.session[AUTH_STATE_KEY] = state
    flask.session.permanent = True
    return flask.redirect(uri, code=302)

@app.route('/google/auth')
@no_cache
def google_auth_redirect():
    req_state = flask.request.args.get('state', default=None, type=None)
    pprint.pprint(req_state)

    if req_state != flask.session[AUTH_STATE_KEY]:
        response = flask.make_response('Invalid state parameter', 401)
        return response
    
    session = OAuth2Session(CLIENT_ID, CLIENT_SECRET,
                            scope=AUTHORIZATION_SCOPE,
                            state=flask.session[AUTH_STATE_KEY],
                            redirect_uri=AUTH_REDIRECT_URI)
    oauth2_tokens = session.fetch_token(
                        ACCESS_TOKEN_URI,            
                        authorization_response=flask.request.url)
    flask.session[AUTH_TOKEN_KEY] = oauth2_tokens
    
    userInfo = get_user_info()
    if app_debug == '1':
        pprint.pprint("User info")
        pprint.pprint(userInfo)
    flask.session['gid'] = userInfo['id']
    flask.session['gmail'] = userInfo['email']
    appdb.setRefreshToken(oauth2_tokens['refresh_token'],userInfo['id'])
    return flask.redirect(BASE_URI, code=302)

@app.route('/google/logout')
@no_cache
def logout():
    flask.session.pop(AUTH_TOKEN_KEY, None)
    flask.session.pop(AUTH_STATE_KEY, None)

    return flask.redirect(BASE_URI, code=302)
Added auth callbacks Callback script for auths 6 years ago			`#!/usr/bin/env python3`
			`#This comes from https://www.mattbutton.com/2019/01/05/google-authentication-with-python-and-flask/`
			`#With the nessicary mods for my program.`

			`import functools`
			`import os`

Testing... We're getting closer to getting auth to work. 6 years ago			`#from flask import Flask, request, session, render_template, flash`
			`import flask`
Okies 6 years ago			`import pprint`
Fixed dependancies Fixed the config import. 6 years ago			`import configparser`
Minor debugging 6 years ago			`import appdb`
Added auth callbacks Callback script for auths 6 years ago			`from authlib.client import OAuth2Session`
			`import google.oauth2.credentials`
			`import googleapiclient.discovery`
Added contact print test 6 years ago			`import atom.data`
			`import gdata.data`
			`import gdata.contacts.client`
			`import gdata.contacts.data`
			`#from oauth2client import GOOGLE_TOKEN_URI`
Added auth callbacks Callback script for auths 6 years ago
Fixed dependancies Fixed the config import. 6 years ago			`config = configparser.ConfigParser()`
			`config.read('config.ini')`
			`app_debug = config.get("app","debug")`

Nonsense 6 years ago			`ACCESS_TOKEN_URI = 'https://www.googleapis.com/oauth2/v4/token'`
Added more authing Added more auth requirements 6 years ago			`AUTHORIZATION_URL = 'https://accounts.google.com/o/oauth2/v2/auth?prompt=consent'`
Added auth callbacks Callback script for auths 6 years ago
Debugging info everywhere now... But I think I've pinpointed the error to the get user info function. 6 years ago			`AUTHORIZATION_SCOPE = ['openid', 'https://www.googleapis.com/auth/userinfo.email',`
Added contacts read 6 years ago			`'https://www.googleapis.com/auth/userinfo.profile',`
Commiting to main Minor changes here and there such as using deny.html more. 6 years ago			`'https://www.googleapis.com/auth/contacts.readonly',`
			`'https://www.googleapis.com/auth/user.phonenumbers.read']`
Added auth callbacks Callback script for auths 6 years ago
			`AUTH_REDIRECT_URI = config.get("auth","FN_AUTH_REDIRECT_URI")`
			`BASE_URI = config.get("auth","FN_BASE_URI")`
			`CLIENT_ID = config.get("auth","FN_CLIENT_ID")`
			`CLIENT_SECRET = config.get("auth","FN_CLIENT_SECRET")`
Fixed dependancies Fixed the config import. 6 years ago
Testing... We're getting closer to getting auth to work. 6 years ago			`#FN_FLASK_SECRET_KEY`
Added auth callbacks Callback script for auths 6 years ago			`AUTH_TOKEN_KEY = 'auth_token'`
			`AUTH_STATE_KEY = 'auth_state'`

Testing... We're getting closer to getting auth to work. 6 years ago			`app = flask.Blueprint('google_auth', __name__)`
			`#app = flask.Flask(__name__)`
			`#if app_debug == '1':`
			`app.debug = True`
			`##else:`
			`#app.debug = False`

gruigr grumble 6 years ago

Added auth callbacks Callback script for auths 6 years ago			`def is_logged_in():`
			`return True if AUTH_TOKEN_KEY in flask.session else False`

			`def build_credentials():`
			`if not is_logged_in():`
			`raise Exception('User must be logged in')`

			`oauth2_tokens = flask.session[AUTH_TOKEN_KEY]`
Commiting in the middle of a debug, I think the code is close to right but I can't figure out where refresh_token comes from, so it isn't showing up and I can't auth thing! 6 years ago			`pprint.pprint(oauth2_tokens)`
Added auth callbacks Callback script for auths 6 years ago			`return google.oauth2.credentials.Credentials(`
			`oauth2_tokens['access_token'],`
			`refresh_token=oauth2_tokens['refresh_token'],`
			`client_id=CLIENT_ID,`
			`client_secret=CLIENT_SECRET,`
			`token_uri=ACCESS_TOKEN_URI)`

			`def get_user_info():`
			`credentials = build_credentials()`
			`oauth2_client = googleapiclient.discovery.build(`
			`'oauth2', 'v2',`
			`credentials=credentials)`
			`return oauth2_client.userinfo().get().execute()`

I think I did this right 6 years ago			`def getGoogleId():`
I'm still learning syntax 6 years ago			`if 'gid' in flask.session:`
Ugh 6 years ago			`gid = flask.session['gid']`
			`else:`
			`return False`
Adding error page This is different than a deny page 6 years ago			`pprint.pprint ("Google ID from Storage is:")`
			`pprint.pprint (gid)`
I think I did this right 6 years ago			`return gid`

Authentication Leap More authentication stuff. More templates, and authentication on making sure a DID belongs to a specific person. Next will be able to list what user owns what DIDs in a clickable list. 6 years ago			`def getRefreshToken():`
			`oauth2_tokens = flask.session[AUTH_TOKEN_KEY]`
			`return oauth2_tokens['refresh_token']`

Added auth callbacks Callback script for auths 6 years ago			`def no_cache(view):`
			`@functools.wraps(view)`
			`def no_cache_impl(args, *kwargs):`
Testing... We're getting closer to getting auth to work. 6 years ago			`response = flask.make_response(view(args, *kwargs))`
Added auth callbacks Callback script for auths 6 years ago			`response.headers['Cache-Control'] = 'no-store, no-cache, must-revalidate, max-age=0'`
			`response.headers['Pragma'] = 'no-cache'`
			`response.headers['Expires'] = '-1'`
			`return response`

			`return functools.update_wrapper(no_cache_impl, view)`

Name conflict 6 years ago			`def getGoogleContacts():`
Commiting to main Minor changes here and there such as using deny.html more. 6 years ago			`#userInfo = get_user_info()`
Stuff, pushing back to local 6 years ago			`gd_client = gdata.contacts.client.ContactsClient(source='TheWords.faith')`
Added contact print test 6 years ago			`feed = gd_client.GetContacts()`
Commiting to main Minor changes here and there such as using deny.html more. 6 years ago			`if not feed:`
			`return "Unable to run 'GetContacts()'"`

Added contact print test 6 years ago			`for i, entry in enumerate(feed.entry):`
Stuff, pushing back to local 6 years ago			`print( '\n%s %s' % (i+1, entry.name.full_name.text))`
Added contact print test 6 years ago			`if entry.content:`
Stuff, pushing back to local 6 years ago			`print( ' %s' % (entry.content.text))`
Added contact print test 6 years ago			`# Display the primary email address for the contact.`
			`for email in entry.email:`
			`if email.primary and email.primary == 'true':`
Stuff, pushing back to local 6 years ago			`print (' %s' % (email.address))`
Added contact print test 6 years ago			`# Show the contact groups that this contact is a member of.`
			`for group in entry.group_membership_info:`
Stuff, pushing back to local 6 years ago			`print (' Member of group: %s' % (group.href))`
Added contact print test 6 years ago			`# Display extended properties.`
			`for extended_property in entry.extended_property:`
			`if extended_property.value:`
			`value = extended_property.value`
			`else:`
			`value = extended_property.GetXmlBlob()`
Stuff, pushing back to local 6 years ago			`print( ' Extended Property - %s: %s' % (extended_property.name, value))`
Added contact print test 6 years ago
Added auth callbacks Callback script for auths 6 years ago			`@app.route('/google/login')`
			`@no_cache`
			`def login():`
			`session = OAuth2Session(CLIENT_ID, CLIENT_SECRET,`
			`scope=AUTHORIZATION_SCOPE,`
			`redirect_uri=AUTH_REDIRECT_URI)`

Debugging info everywhere now... But I think I've pinpointed the error to the get user info function. 6 years ago			`uri, state = session.create_authorization_url(AUTHORIZATION_URL,access_type='offline',include_granted_scopes='true')`
Added auth callbacks Callback script for auths 6 years ago			`flask.session[AUTH_STATE_KEY] = state`
			`flask.session.permanent = True`
			`return flask.redirect(uri, code=302)`

			`@app.route('/google/auth')`
			`@no_cache`
			`def google_auth_redirect():`
			`req_state = flask.request.args.get('state', default=None, type=None)`
Okies 6 years ago			`pprint.pprint(req_state)`
Debugging in progress 6 years ago
Added auth callbacks Callback script for auths 6 years ago			`if req_state != flask.session[AUTH_STATE_KEY]:`
			`response = flask.make_response('Invalid state parameter', 401)`
			`return response`

			`session = OAuth2Session(CLIENT_ID, CLIENT_SECRET,`
			`scope=AUTHORIZATION_SCOPE,`
			`state=flask.session[AUTH_STATE_KEY],`
			`redirect_uri=AUTH_REDIRECT_URI)`
Commiting in the middle of a debug, I think the code is close to right but I can't figure out where refresh_token comes from, so it isn't showing up and I can't auth thing! 6 years ago			`oauth2_tokens = session.fetch_token(`
Added auth callbacks Callback script for auths 6 years ago			`ACCESS_TOKEN_URI,`
			`authorization_response=flask.request.url)`
I dont know what im doing 6 years ago			`flask.session[AUTH_TOKEN_KEY] = oauth2_tokens`
Minor debugging 6 years ago
Added contact print test 6 years ago			`userInfo = get_user_info()`
Starting settings Starting out on the /settings page as well as making the verbosity a lil less verbose by checking for debug. 6 years ago			`if app_debug == '1':`
			`pprint.pprint("User info")`
			`pprint.pprint(userInfo)`
I think I did this right 6 years ago			`flask.session['gid'] = userInfo['id']`
Starting settings Starting out on the /settings page as well as making the verbosity a lil less verbose by checking for debug. 6 years ago			`flask.session['gmail'] = userInfo['email']`
Loading user info in auth 6 years ago			`appdb.setRefreshToken(oauth2_tokens['refresh_token'],userInfo['id'])`
Added auth callbacks Callback script for auths 6 years ago			`return flask.redirect(BASE_URI, code=302)`

			`@app.route('/google/logout')`
			`@no_cache`
			`def logout():`
			`flask.session.pop(AUTH_TOKEN_KEY, None)`
			`flask.session.pop(AUTH_STATE_KEY, None)`

Commiting in the middle of a debug, I think the code is close to right but I can't figure out where refresh_token comes from, so it isn't showing up and I can't auth thing! 6 years ago			`return flask.redirect(BASE_URI, code=302)`