Ailur-Archives
/
hectabit-oauth2
Archived
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Please work

This commit is contained in:
Tracker-Friendly 2024-03-29 11:02:22 +00:00
parent f1697695f2
commit cce409ad51
4 changed files with 65 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
main
View File

@ -75,7 +75,8 @@ def check_username_taken(username):
async def oauth2_token_refresh(secret, appId): async def oauth2_token_refresh(secret, appId):
while True: while True:
conn = get_db_connection() conn = get_db_connection()
conn.execute("UPDATE logins SET code = ?, nextcode = ? WHERE appId = ? AND secret = ?", (str(conn.execute("SELECT nextcode FROM logins WHERE appId = ? AND secret = ?", (str(appId), str(secret))).fetchone())), str(secrets.token_hex(512)), str(appId), str(secret)) conn.execute("UPDATE logins SET code = ?, nextcode = ? WHERE appId = ? AND secret = ?", (str(conn.execute("SELECT nextcode FROM logins WHERE appId = ? AND secret = ?", (str(appId), str(secret))).fetchone()[0])), str(secrets.token_hex(512)), str(appId), str(secret))
conn.execute("UPDATE logins SET secret = ?, nextsecret = ? WHERE appId = ? AND secret = ?", (str(conn.execute("SELECT nextsecret FROM logins WHERE appId = ? AND secret = ?", (str(appId), str(secret))).fetchone()[0])), str(secrets.token_hex(512)), str(appId), str(secret))
await asyncio.sleep(3600) await asyncio.sleep(3600)
# Disable CORS # Disable CORS
@ -199,7 +200,7 @@ async def apiopeniduserinfo():
access_token = request.headers.get('Authorization').split(' ')[1] access_token = request.headers.get('Authorization').split(' ')[1]
conn = get_db_connection() conn = get_db_connection()
userid = int(conn.execute("SELECT creator FROM logins WHERE code = ?", (str(access_token),)).fetchone()) userid = int(conn.execute("SELECT creator FROM logins WHERE code = ?", (str(access_token),)).fetchone()[0])
user = get_user(userid) user = get_user(userid)
datatemplate = { datatemplate = {
@ -220,12 +221,13 @@ async def apiauthenticate():
conn = get_db_connection() conn = get_db_connection()
secretkey = str(secrets.token_hex(512)) secretkey = str(secrets.token_hex(512))
appidcheck = str(conn.execute("SELECT appId FROM oauth WHERE appId = ?", (str(appId),)).fetchone()) appidcheck = str(conn.execute("SELECT appId FROM oauth WHERE appId = ?", (str(appId),)).fetchone()[0])
if not str(appidcheck) == str(appId): if not str(appidcheck) == str(appId):
return {}, 401 return {}, 401
conn.execute("INSERT INTO logins (appId, secret, code, nextcode, creator, openid) VALUES (?, ?, ?, ?, ?, ?)", conn.execute("INSERT INTO logins (appId, secret, newsecret, code, nextcode, creator, openid) VALUES (?, ?, ?, ?, ?, ?, ?)",
(str(appId), str(secretkey), str(secrets.token_hex(512)), str(secrets.token_hex(512)), int(user["id"]), str(secrets.token_hex(512)))) (str(appId), str(secretkey), str(secret.token_hex(512)), str(secrets.token_hex(512)), str(secrets.token_hex(512)), int(user["id"]), str(secrets.token_hex(512))))
conn.commit() conn.commit()
conn.close() conn.close()
@ -237,30 +239,34 @@ async def apiauthenticate():
@app.route("/api/tokenauth", methods=("GET", "POST")) @app.route("/api/tokenauth", methods=("GET", "POST"))
async def apitokenexchange(): async def apitokenexchange():
if request.method == "POST": if request.method == "POST":
data = await request.get_json() data = await request.form
secret = data["client_secret"] secret = data["client_secret"]
appId = data["client_id"] appId = data["client_id"]
code = data["code"] code = data["code"]
conn = get_db_connection() conn = get_db_connection()
access_token = {
"access_token": str(conn.execute("SELECT secret FROM logins WHERE appId = ? AND code = ?", (str(appId), str(code))).fetchone()),
"token_type": "bearer",
"expires_in": 3600,
"refresh_token": str(conn.execute("SELECT nextcode FROM logins WHERE appId = ? AND code = ?", (str(appId), str(code))).fetchone()),
"id_token": str(conn.execute("SELECT openid FROM logins WHERE appId = ? AND code = ?", (str(appId), str(code))).fetchone())
}
appidcheck = str(conn.execute("SELECT appId FROM oauth WHERE appId = ?", (str(appId),)).fetchone()) appidcheck = str(conn.execute("SELECT appId FROM oauth WHERE appId = ?", (str(appId),)).fetchone()[0])
if not str(appidcheck) == str(appId): if not str(appidcheck) == str(appId):
return {}, 401 return {}, 401
secretcheck = str(conn.execute("SELECT secret FROM oauth WHERE appId = ?", (str(appId),)).fetchone()) secretcheck = str(conn.execute("SELECT secret FROM oauth WHERE appId = ?", (str(appId),)).fetchone()[0])
if not str(secretcheck) == str(secret): if not str(secretcheck) == str(secret):
return {}, 402 return {}, 402
newkey = str(secrets.token_hex(512))
conn.execute("UPDATE logins SET secret = ?, nextsecret = ? WHERE appId = ? AND secret = ?", (str(newkey), str(secrets.token_hex(512)), str(appId), str(secret)))
access_token = {
"access_token": str(conn.execute("SELECT code FROM logins WHERE appId = ? AND secret = ?", (str(appId), str(code))).fetchone()[0]),
"token_type": "bearer",
"expires_in": 3600,
"refresh_token": newkey,
"id_token": str(conn.execute("SELECT openid FROM logins WHERE appId = ? AND secret = ?", (str(appId), str(code))).fetchone()[0])
}
if secretkey: if secretkey:
asyncio.run(oauth2_token_refresh(str(conn.execute("SELECT secret FROM logins WHERE appId = ? AND code = ?", (str(appId), str(code))).fetchone()), appId)) asyncio.run(oauth2_token_refresh(str(conn.execute("SELECT secret FROM logins WHERE appId = ? AND code = ?", (str(appId), str(code))).fetchone()[0]), appId))
return access_token, 200 return access_token, 200
else: else:
return {}, 400 return {}, 400
@ -274,13 +280,13 @@ async def apicreateauth():
secret = str(secrets.token_hex(512)) secret = str(secrets.token_hex(512))
conn = get_db_connection() conn = get_db_connection()
while True: while True:
if not secret == str(conn.execute("SELECT secret FROM oauth WHERE secret = ?", (str(secret),)).fetchone()): if not secret == str(conn.execute("SELECT secret FROM oauth WHERE secret = ?", (str(secret),)).fetchone()[0]):
break break
else: else:
secret = str(secrets.token_hex(512)) secret = str(secrets.token_hex(512))
continue continue
if appId == str(conn.execute("SELECT secret FROM oauth WHERE appId = ?", (str(appId),)).fetchone()): if appId == str(conn.execute("SELECT secret FROM oauth WHERE appId = ?", (str(appId),)).fetchone()[0]):
return 401 return 401
userCookie = get_session(secretKey) userCookie = get_session(secretKey)

2
schema.sql
View File

@ -29,6 +29,8 @@ CREATE TABLE logins (
secret TEXT NOT NULL, secret TEXT NOT NULL,
code TEXT NOT NULL, code TEXT NOT NULL,
nextcode TEXT NOT NULL, nextcode TEXT NOT NULL,
refresh TEXT NOT NULL,
nextrefresh TEXT NOT NULL,
creator INTEGER NOT NULL, creator INTEGER NOT NULL,
openid TEXT NOT NULL openid TEXT NOT NULL
); );

6
templates/main.html
View File

@ -9,6 +9,7 @@
<h1>Sending data...</h1> <h1>Sending data...</h1>
<script> <script>
function oauth() {
// Function to parse URL parameters // Function to parse URL parameters
function getUrlParameter(name) { function getUrlParameter(name) {
name = name.replace(/[[]/, '\\[').replace(/[\]]/, '\\]'); name = name.replace(/[[]/, '\\[').replace(/[\]]/, '\\]');
@ -43,13 +44,16 @@
.then(response => { .then(response => {
async function doStuff() { async function doStuff() {
let code = await response.text() let code = await response.text()
window.location.replace(redirect_uri + "?code=" + code + "&state=" + state) console.log(code)
console.log(redirect_uri + "?code=" + code + "&state=" + state)
} }
doStuff() doStuff()
}) })
.catch(error => { .catch(error => {
alert("Error sending data: " + error.message); alert("Error sending data: " + error.message);
}); });
}
//oauth()
</script> </script>
</body> </body>
</html> </html>

2
templates/openid.json
View File

@ -1,7 +1,7 @@
{ {
"issuer": "https://auth.hectabit.org", "issuer": "https://auth.hectabit.org",
"authorization_endpoint": "https://auth.hectabit.org/login", "authorization_endpoint": "https://auth.hectabit.org/login",
"token_endpoint": "https://auth.hectabit.org/authtoken", "token_endpoint": "https://auth.hectabit.org/api/tokenauth",
"userinfo_endpoint": "https://auth.hectabit.org/userinfo", "userinfo_endpoint": "https://auth.hectabit.org/userinfo",
"response_types_supported": ["code"], "response_types_supported": ["code"],
"subject_types_supported": ["public"] "subject_types_supported": ["public"]