Skip to content

Commit

Permalink
Merge pull request #1652 from alexandermendes/fix-spa-oauth
Browse files Browse the repository at this point in the history 
Fix spa oauth
  • Loading branch information
@teleyinex
teleyinex committed Sep 6, 2017
2 parents 94a36bd + 745a9a8 commit 1675777
Show file tree
Hide file tree
Showing 12 changed files with 114 additions and 83 deletions.
4 changes: 2 additions & 2 deletions doc/conf.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,9 +72,9 @@
# built documents.
#
# The short X.Y version.
version = 'v2.6.3'
version = 'v2.6.4'
# The full version, including alpha/beta/rc tags.
release = 'v2.6.3'
release = 'v2.6.4'

# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.
Expand Down
10 changes: 10 additions & 0 deletions pybossa/util.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -120,6 +120,16 @@ def redirect_content_type(url, status=None):
else:
return redirect(url)


def url_for_app_type(endpoint, **values):
"""Generate a URL for an SPA, or otherwise."""
spa_server_name = current_app.config.get('SPA_SERVER_NAME')
if spa_server_name:
values.pop('_external', None)
return spa_server_name + url_for(endpoint, **values)
return url_for(endpoint, **values)


def jsonpify(f):
"""Wrap JSONified output for JSONP."""
@wraps(f)
Expand Down
14 changes: 4 additions & 10 deletions pybossa/view/account.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@
from pybossa.util import get_user_signup_method
from pybossa.util import redirect_content_type
from pybossa.util import get_avatar_url
from pybossa.util import url_for_app_type
from pybossa.cache import users as cached_users
from pybossa.auth import ensure_authorized_to
from pybossa.jobs import send_mail
Expand Down Expand Up @@ -229,8 +230,7 @@ def signout():
def get_email_confirmation_url(account):
"""Return confirmation url for a given user email."""
key = signer.dumps(account, salt='account-validation')
confirm_url = url_for('.confirm_account', key=key, _external=True)
return confirm_url
return url_for_app_type('.confirm_account', key=key, _external=True)


@blueprint.route('/confirm-email')
Expand Down Expand Up @@ -715,14 +715,8 @@ def forgot_password():
else:
userdict = {'user': user.name, 'password': user.passwd_hash}
key = signer.dumps(userdict, salt='password-reset')
recovery_url = url_for('.reset_password',
key=key, _external=True)
if current_app.config.get('SPA_SERVER_NAME'):
print "HOLA"
server_name = current_app.config.get('SPA_SERVER_NAME')
recovery_url = server_name + url_for('.reset_password',
key=key)
print recovery_url
recovery_url = url_for_app_type('.reset_password',
key=key, _external=True)
msg['body'] = render_template(
'/account/email/forgot_password.md',
user=user, recovery_url=recovery_url)
Expand Down
15 changes: 9 additions & 6 deletions pybossa/view/facebook.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@
from pybossa.core import facebook, user_repo, newsletter
from pybossa.model.user import User
from pybossa.util import get_user_signup_method, username_from_full_name
from pybossa.util import url_for_app_type
# Required to access the config parameters outside a context as we are using
# Flask 0.8
# See http://goo.gl/tbhgF for more info
Expand Down Expand Up @@ -53,7 +54,7 @@ def get_facebook_token(): # pragma: no cover
def oauth_authorized(): # pragma: no cover
"""Authorize facebook login."""
resp = facebook.oauth.authorized_response()
next_url = request.args.get('next') or url_for('home.home')
next_url = request.args.get('next') or url_for_app_type('home.home')
if resp is None:
flash(u'You denied the request to sign in.', 'error')
flash(u'Reason: ' + request.args['error_reason'] +
Expand Down Expand Up @@ -115,19 +116,21 @@ def manage_user_login(user, user_data, next_url):
msg, method = get_user_signup_method(user)
flash(msg, 'info')
if method == 'local':
return redirect(url_for('account.forgot_password'))
return redirect(url_for_app_type('account.forgot_password'))
else:
return redirect(url_for('account.signin'))
return redirect(url_for_app_type('account.signin'))
else:
return redirect(url_for('account.signin'))
return redirect(url_for_app_type('account.signin'))
else:
login_user(user, remember=True)
flash("Welcome back %s" % user.fullname, 'success')
request_email = (user.email_addr == user.name)
if request_email:
flash("Please update your e-mail address in your profile page")
return redirect(url_for('account.update_profile', name=user.name))
return redirect(url_for_app_type('account.update_profile',
name=user.name))
if (not request_email and user.newsletter_prompted is False
and newsletter.is_initialized()):
return redirect(url_for('account.newsletter_subscribe', next=next_url))
return redirect(url_for_app_type('account.newsletter_subscribe',
next=next_url))
return redirect(next_url)
3 changes: 2 additions & 1 deletion pybossa/view/flickr.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@
from flask import (Blueprint, request, url_for, flash, redirect, session,
current_app, Response)
from pybossa.core import flickr
from pybossa.util import url_for_app_type
from pybossa.flickr_client import FlickrClient
from flask_oauthlib.client import OAuthException

Expand All @@ -36,7 +37,7 @@ def login():
@blueprint.route('/revoke-access')
def logout():
"""Log out."""
next_url = request.args.get('next') or url_for('home.home')
next_url = request.args.get('next') or url_for_app_type('home.home')
_remove_credentials(session)
return redirect(next_url)

Expand Down
15 changes: 8 additions & 7 deletions pybossa/view/google.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@
from pybossa.core import google, user_repo, newsletter
from pybossa.model.user import User
from pybossa.util import get_user_signup_method, username_from_full_name
from pybossa.util import url_for_app_type
# Required to access the config parameters outside a context as we are using
# Flask 0.8
# See http://goo.gl/tbhgF for more info
Expand Down Expand Up @@ -57,14 +58,14 @@ def get_google_token(): # pragma: no cover
def oauth_authorized(): # pragma: no cover
"""Authorize Oauth."""
resp = google.oauth.authorized_response()
next_url = url_for('home.home')
next_url = url_for_app_type('home.home')

if resp is None or request.args.get('error'):
flash(u'You denied the request to sign in.', 'error')
flash(u'Reason: ' + request.args['error'], 'error')
if request.args.get('error'):
current_app.logger.error(resp)
return redirect(url_for('account.signin'))
return redirect(url_for_app_type('account.signin'))
return redirect(next_url)
if isinstance(resp, OAuthException):
flash('Access denied: %s' % resp.message)
Expand All @@ -77,7 +78,7 @@ def oauth_authorized(): # pragma: no cover
except requests.exceptions.http_error:
# Unauthorized - bad token
if r.status_code == 401:
return redirect(url_for('account.signin'))
return redirect(url_for_app_type('account.signin'))
return r.content

access_token = resp['access_token']
Expand Down Expand Up @@ -136,13 +137,13 @@ def manage_user_login(user, user_data, next_url):
msg, method = get_user_signup_method(user)
flash(msg, 'info')
if method == 'local':
return redirect(url_for('account.forgot_password'))
return redirect(url_for_app_type('account.forgot_password'))
else:
return redirect(url_for('account.signin'))
return redirect(url_for_app_type('account.signin'))
else:
login_user(user, remember=True)
flash("Welcome back %s" % user.fullname, 'success')
if user.newsletter_prompted is False and newsletter.is_initialized():
return redirect(url_for('account.newsletter_subscribe',
next=next_url))
return redirect(url_for_app_type('account.newsletter_subscribe',
next=next_url))
return redirect(next_url)
15 changes: 8 additions & 7 deletions pybossa/view/twitter.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@

from pybossa.core import twitter, user_repo, newsletter
from pybossa.model.user import User
from pybossa.util import get_user_signup_method
from pybossa.util import get_user_signup_method, url_for_app_type

blueprint = Blueprint('twitter', __name__)

Expand Down Expand Up @@ -68,7 +68,7 @@ def oauth_authorized(): # pragma: no cover
redirect back unless the user clicks on the application name.
"""
resp = twitter.oauth.authorized_response()
next_url = request.args.get('next') or url_for('home.home')
next_url = request.args.get('next') or url_for_app_type('home.home')
if resp is None:
flash(u'You denied the request to sign in.', 'error')
return redirect(next_url)
Expand Down Expand Up @@ -124,21 +124,22 @@ def manage_user_login(user, user_data, next_url):
msg, method = get_user_signup_method(user)
flash(msg, 'info')
if method == 'local':
return redirect(url_for('account.forgot_password'))
return redirect(url_for_app_type('account.forgot_password'))
else:
return redirect(url_for('account.signin'))
return redirect(url_for_app_type('account.signin'))

login_user(user, remember=True)
flash("Welcome back %s" % user.fullname, 'success')
if ((user.email_addr != user.name) and user.newsletter_prompted is False
and newsletter.is_initialized()):
return redirect(url_for('account.newsletter_subscribe',
next=next_url))
return redirect(url_for_app_type('account.newsletter_subscribe',
next=next_url))
if user.email_addr != user.name:
return redirect(next_url)
else:
flash("Please update your e-mail address in your profile page")
return redirect(url_for('account.update_profile', name=user.name))
return redirect(url_for_app_type('account.update_profile',
name=user.name))


def manage_user_no_login(access_token, next_url):
Expand Down
2 changes: 1 addition & 1 deletion setup.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@

setup(
name = 'pybossa',
version = '2.6.3',
version = '2.6.4',
packages = find_packages(),
install_requires = requirements,
# only needed when installing directly from setup.py (PyPi, eggs?) and pointing to e.g. a git repo.
Expand Down
21 changes: 21 additions & 0 deletions test/test_util.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -356,6 +356,27 @@ def test_redirect_content_type_json_html(
err_msg = "jsonify should not be called"
assert mockjsonify.called is False, err_msg

@with_context
@patch('pybossa.util.url_for')
def test_url_for_app_type_spa(self, mock_url_for):
"""Test that the correct SPA URL is returned"""
spa_name = 'http://local.com'
fake_endpoint = '/example'
mock_url_for.return_value = fake_endpoint
with patch.dict(self.flask_app.config, {'SPA_SERVER_NAME': spa_name}):
spa_url = util.url_for_app_type('home.home')
expected = spa_name + fake_endpoint
assert spa_url == expected, spa_url

@with_context
@patch('pybossa.util.url_for')
def test_url_for_app_type_mvc(self, mock_url_for):
"""Test that the correct MVC URL is returned"""
fake_endpoint = '/example'
mock_url_for.return_value = fake_endpoint
spa_url = util.url_for_app_type('home.home')
assert spa_url == fake_endpoint, spa_url

def test_pretty_date(self):
"""Test pretty_date works."""
now = datetime.now()
Expand Down
40 changes: 20 additions & 20 deletions test/test_view/test_facebook.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -120,10 +120,10 @@ def test_manage_user_without_email_newsletter(self, newsletter):
@patch('pybossa.view.facebook.newsletter', autospec=True)
@patch('pybossa.view.facebook.login_user', return_value=True)
@patch('pybossa.view.facebook.flash', return_value=True)
@patch('pybossa.view.facebook.url_for', return_value=True)
@patch('pybossa.view.facebook.url_for_app_type', return_value=True)
@patch('pybossa.view.facebook.redirect', return_value=True)
def test_manage_login_user_local(self, redirect,
url_for, flash,
url_for_app_type, flash,
login_user,
newsletter):
"""Test manage login user works."""
Expand All @@ -132,16 +132,16 @@ def test_manage_login_user_local(self, redirect,
user_data = dict(name=user.name, email=user.email_addr)
next_url = '/'
manage_user_login(None, user_data, next_url)
url_for.assert_called_once_with('account.forgot_password')
url_for_app_type.assert_called_once_with('account.forgot_password')

@with_context
@patch('pybossa.view.facebook.newsletter', autospec=True)
@patch('pybossa.view.facebook.login_user', return_value=True)
@patch('pybossa.view.facebook.flash', return_value=True)
@patch('pybossa.view.facebook.url_for', return_value=True)
@patch('pybossa.view.facebook.url_for_app_type', return_value=True)
@patch('pybossa.view.facebook.redirect', return_value=True)
def test_manage_login_user_google_token(self, redirect,
url_for, flash,
url_for_app_type, flash,
login_user,
newsletter):
"""Test manage login user works."""
Expand All @@ -150,30 +150,30 @@ def test_manage_login_user_google_token(self, redirect,
user_data = dict(name=user.name, email=user.email_addr)
next_url = '/'
manage_user_login(None, user_data, next_url)
url_for.assert_called_once_with('account.signin')
url_for_app_type.assert_called_once_with('account.signin')

@with_context
@patch('pybossa.view.facebook.newsletter', autospec=True)
@patch('pybossa.view.facebook.login_user', return_value=True)
@patch('pybossa.view.facebook.flash', return_value=True)
@patch('pybossa.view.facebook.url_for', return_value=True)
@patch('pybossa.view.facebook.url_for_app_type', return_value=True)
@patch('pybossa.view.facebook.redirect', return_value=True)
def test_manage_login_user_empty(self, redirect,
url_for, flash,
url_for_app_type, flash,
login_user,
newsletter):
"""Test manage login user works."""
newsletter.app = True
user_data = dict(name='algo', email='email')
next_url = '/'
manage_user_login(None, user_data, next_url)
url_for.assert_called_once_with('account.signin')
url_for_app_type.assert_called_once_with('account.signin')

@with_context
@patch('pybossa.view.facebook.newsletter', autospec=True)
@patch('pybossa.view.facebook.login_user', return_value=True)
@patch('pybossa.view.facebook.flash', return_value=True)
@patch('pybossa.view.facebook.url_for', return_value=True)
@patch('pybossa.view.facebook.url_for_app_type', return_value=True)
@patch('pybossa.view.facebook.redirect', return_value=True)
def test_manage_login_user_empty_no_email(self, redirect,
url_for, flash,
Expand All @@ -190,10 +190,10 @@ def test_manage_login_user_empty_no_email(self, redirect,
@patch('pybossa.view.facebook.newsletter', autospec=True)
@patch('pybossa.view.facebook.login_user', return_value=True)
@patch('pybossa.view.facebook.flash', return_value=True)
@patch('pybossa.view.facebook.url_for', return_value=True)
@patch('pybossa.view.facebook.url_for_app_type', return_value=True)
@patch('pybossa.view.facebook.redirect', return_value=True)
def test_manage_login_user_update_email(self, redirect,
url_for, flash,
url_for_app_type, flash,
login_user,
newsletter):
"""Test manage login user works."""
Expand All @@ -203,17 +203,17 @@ def test_manage_login_user_update_email(self, redirect,
next_url = '/'
manage_user_login(user, user_data, next_url)
login_user.assert_called_once_with(user, remember=True)
url_for.assert_called_once_with('account.update_profile',
name=user.name)
url_for_app_type.assert_called_once_with('account.update_profile',
name=user.name)

@with_context
@patch('pybossa.view.facebook.newsletter', autospec=True)
@patch('pybossa.view.facebook.login_user', return_value=True)
@patch('pybossa.view.facebook.flash', return_value=True)
@patch('pybossa.view.facebook.url_for', return_value=True)
@patch('pybossa.view.facebook.url_for_app_type', return_value=True)
@patch('pybossa.view.facebook.redirect', return_value=True)
def test_manage_login_user_good_email(self, redirect,
url_for, flash,
url_for_app_type, flash,
login_user,
newsletter):
"""Test manage login user with good email works."""
Expand All @@ -223,17 +223,17 @@ def test_manage_login_user_good_email(self, redirect,
next_url = '/'
manage_user_login(user, user_data, next_url)
login_user.assert_called_once_with(user, remember=True)
url_for.assert_called_once_with('account.newsletter_subscribe',
next=next_url)
url_for_app_type.assert_called_once_with('account.newsletter_subscribe',
next=next_url)

@with_context
@patch('pybossa.view.facebook.newsletter', autospec=True)
@patch('pybossa.view.facebook.login_user', return_value=True)
@patch('pybossa.view.facebook.flash', return_value=True)
@patch('pybossa.view.facebook.url_for', return_value=True)
@patch('pybossa.view.facebook.url_for_app_type', return_value=True)
@patch('pybossa.view.facebook.redirect', return_value=True)
def test_manage_login_user_already_asked(self, redirect,
url_for, flash,
url_for_app_type, flash,
login_user,
newsletter):
"""Test manage login user already asked works."""
Expand Down
Loading

0 comments on commit 1675777

Please sign in to comment.