AuthorizationRequestHandler.py 5.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136
  1. # Copyright (c) 2019 Ultimaker B.V.
  2. # Cura is released under the terms of the LGPLv3 or higher.
  3. from http.server import BaseHTTPRequestHandler
  4. from threading import Lock # To turn an asynchronous call synchronous.
  5. from typing import Optional, Callable, Tuple, Dict, Any, List, TYPE_CHECKING
  6. from urllib.parse import parse_qs, urlparse
  7. from cura.OAuth2.Models import AuthenticationResponse, ResponseData, HTTP_STATUS
  8. from UM.i18n import i18nCatalog
  9. if TYPE_CHECKING:
  10. from cura.OAuth2.Models import ResponseStatus
  11. from cura.OAuth2.AuthorizationHelpers import AuthorizationHelpers
  12. catalog = i18nCatalog("cura")
  13. class AuthorizationRequestHandler(BaseHTTPRequestHandler):
  14. """This handler handles all HTTP requests on the local web server.
  15. It also requests the access token for the 2nd stage of the OAuth flow.
  16. """
  17. def __init__(self, request, client_address, server) -> None:
  18. super().__init__(request, client_address, server)
  19. # These values will be injected by the HTTPServer that this handler belongs to.
  20. self.authorization_helpers: Optional[AuthorizationHelpers] = None
  21. self.authorization_callback: Optional[Callable[[AuthenticationResponse], None]] = None
  22. self.verification_code: Optional[str] = None
  23. self.state: Optional[str] = None
  24. # CURA-6609: Some browser seems to issue a HEAD instead of GET request as the callback.
  25. def do_HEAD(self) -> None:
  26. self.do_GET()
  27. def do_GET(self) -> None:
  28. # Extract values from the query string.
  29. parsed_url = urlparse(self.path)
  30. query = parse_qs(parsed_url.query)
  31. # Handle the possible requests
  32. if parsed_url.path == "/callback":
  33. server_response, token_response = self._handleCallback(query)
  34. else:
  35. server_response = self._handleNotFound()
  36. token_response = None
  37. # Send the data to the browser.
  38. self._sendHeaders(server_response.status, server_response.content_type, server_response.redirect_uri)
  39. if server_response.data_stream:
  40. # If there is data in the response, we send it.
  41. self._sendData(server_response.data_stream)
  42. if token_response and self.authorization_callback is not None:
  43. # Trigger the callback if we got a response.
  44. # This will cause the server to shut down, so we do it at the very end of the request handling.
  45. self.authorization_callback(token_response)
  46. def _handleCallback(self, query: Dict[Any, List]) -> Tuple[ResponseData, Optional[AuthenticationResponse]]:
  47. """Handler for the callback URL redirect.
  48. :param query: Dict containing the HTTP query parameters.
  49. :return: HTTP ResponseData containing a success page to show to the user.
  50. """
  51. code = self._queryGet(query, "code")
  52. state = self._queryGet(query, "state")
  53. if state != self.state:
  54. token_response = AuthenticationResponse(
  55. success = False,
  56. err_message = catalog.i18nc("@message", "The provided state is not correct.")
  57. )
  58. elif code and self.authorization_helpers is not None and self.verification_code is not None:
  59. token_response = AuthenticationResponse(
  60. success = False,
  61. err_message = catalog.i18nc("@message", "Timeout when authenticating with the account server.")
  62. )
  63. # If the code was returned we get the access token.
  64. lock = Lock()
  65. lock.acquire()
  66. def callback(response: AuthenticationResponse) -> None:
  67. nonlocal token_response
  68. token_response = response
  69. lock.release()
  70. self.authorization_helpers.getAccessTokenUsingAuthorizationCode(code, self.verification_code, callback)
  71. lock.acquire(timeout = 60) # Block thread until request is completed (which releases the lock). If not acquired, the timeout message stays.
  72. elif self._queryGet(query, "error_code") == "user_denied":
  73. # Otherwise we show an error message (probably the user clicked "Deny" in the auth dialog).
  74. token_response = AuthenticationResponse(
  75. success = False,
  76. err_message = catalog.i18nc("@message", "Please give the required permissions when authorizing this application.")
  77. )
  78. else:
  79. # We don't know what went wrong here, so instruct the user to check the logs.
  80. token_response = AuthenticationResponse(
  81. success = False,
  82. error_message = catalog.i18nc("@message", "Something unexpected happened when trying to log in, please try again.")
  83. )
  84. if self.authorization_helpers is None:
  85. return ResponseData(), token_response
  86. return ResponseData(
  87. status = HTTP_STATUS["REDIRECT"],
  88. data_stream = b"Redirecting...",
  89. redirect_uri = self.authorization_helpers.settings.AUTH_SUCCESS_REDIRECT if token_response.success else
  90. self.authorization_helpers.settings.AUTH_FAILED_REDIRECT
  91. ), token_response
  92. @staticmethod
  93. def _handleNotFound() -> ResponseData:
  94. """Handle all other non-existing server calls."""
  95. return ResponseData(status = HTTP_STATUS["NOT_FOUND"], content_type = "text/html", data_stream = b"Not found.")
  96. def _sendHeaders(self, status: "ResponseStatus", content_type: str, redirect_uri: str = None) -> None:
  97. self.send_response(status.code, status.message)
  98. self.send_header("Content-type", content_type)
  99. if redirect_uri:
  100. self.send_header("Location", redirect_uri)
  101. self.end_headers()
  102. def _sendData(self, data: bytes) -> None:
  103. self.wfile.write(data)
  104. @staticmethod
  105. def _queryGet(query_data: Dict[Any, List], key: str, default: Optional[str] = None) -> Optional[str]:
  106. """Convenience helper for getting values from a pre-parsed query string"""
  107. return query_data.get(key, [default])[0]