Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code

Delta Between Two Patch Sets: modules/rietveld/files/wrapper.py

Issue 6155422901731328: Run Rietveld using the AppEngine SDK (Closed)
Left Patch Set: Enabled OAuth verification as well Created June 3, 2015, 6:22 p.m.
Right Patch Set: Addressed comments and added caching Created June 4, 2015, 9:19 p.m.
Left:
Right:
Use n/p to move between diff chunks; N/P to move between comments.
Jump to:
Left: Side by side diff | Download
Right: Side by side diff | Download
« no previous file with change/comment | « modules/rietveld/files/site.conf ('k') | modules/rietveld/manifests/init.pp » ('j') | no next file with change/comment »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
LEFTRIGHT
1 #!/usr/bin/env python 1 #!/usr/bin/env python
2 2
3 from ConfigParser import SafeConfigParser 3 from ConfigParser import SafeConfigParser
4 import hashlib 4 import hashlib
5 import hmac 5 import hmac
6 import json 6 import json
7 import os 7 import os
8 import re 8 import re
9 import sys 9 import sys
10 import urllib 10 import urllib
11 11
12 OAUTH2_AUTHURL = 'https://accounts.google.com/o/oauth2/auth' 12 OAUTH2_AUTHURL = 'https://accounts.google.com/o/oauth2/auth'
13 OAUTH2_TOKENURL = 'https://accounts.google.com/o/oauth2/token' 13 OAUTH2_TOKENURL = 'https://accounts.google.com/o/oauth2/token'
14 OAUTH2_DATAURL = 'https://www.googleapis.com/plus/v1/people/me' 14 OAUTH2_DATAURL = 'https://www.googleapis.com/plus/v1/people/me'
15 OAUTH2_SCOPE = 'email' 15 OAUTH2_SCOPE = 'email'
16
17 OAUTH2_TOKEN_EXPIRATION = 5 * 60
16 18
17 def setup_paths(engine_dir): 19 def setup_paths(engine_dir):
18 sys.path.append(engine_dir) 20 sys.path.append(engine_dir)
19 21
20 import wrapper_util 22 import wrapper_util
21 paths = wrapper_util.Paths(engine_dir) 23 paths = wrapper_util.Paths(engine_dir)
22 script_name = os.path.basename(__file__) 24 script_name = os.path.basename(__file__)
23 sys.path[0:0] = paths.script_paths(script_name) 25 sys.path[0:0] = paths.script_paths(script_name)
24 return script_name, paths.script_file(script_name) 26 return script_name, paths.script_file(script_name)
25 27
(...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after
80 url += '?' + urllib.urlencode(data) 82 url += '?' + urllib.urlencode(data)
81 data = None 83 data = None
82 else: 84 else:
83 data = urllib.urlencode(data) 85 data = urllib.urlencode(data)
84 response = urllib.urlopen(url, data) 86 response = urllib.urlopen(url, data)
85 try: 87 try:
86 return json.loads(response.read()) 88 return json.loads(response.read())
87 finally: 89 finally:
88 response.close() 90 response.close()
89 91
92 token_cache = {}
90 def get_user_info(access_token): 93 def get_user_info(access_token):
91 get_params = { 94 email, is_admin, expiration = token_cache.get(access_token, (None, None, 0))
92 'access_token': access_token, 95 now = time.mktime(time.gmtime())
93 } 96 if now > expiration:
94 data = request('GET', OAUTH2_DATAURL, get_params) 97 get_params = {
95 emails = [e for e in data.get('emails') if e['type'] == 'account'] 98 'access_token': access_token,
96 if not emails: 99 }
97 return None, None 100 data = request('GET', OAUTH2_DATAURL, get_params)
98 101 emails = [e for e in data.get('emails') if e['type'] == 'account']
99 email = emails[0]['value'] 102 if not emails:
100 return email, email in admins 103 return None, None
104
105 email = emails[0]['value']
106 is_admin = email in admins
107
108 for token, (_, _, expiration) in token_cache.items():
109 if now > expiration:
110 del token_cache[token]
111 token_cache[access_token] = (email, is_admin, now + OAUTH2_TOKEN_EXPIRATIO N)
112 return email, is_admin
101 113
102 def get(self): 114 def get(self):
103 def error(text): 115 def error(text):
104 self.response.status = 200 116 self.response.status = 200
105 self.response.headers['Content-Type'] = 'text/plain' 117 self.response.headers['Content-Type'] = 'text/plain'
106 self.response.write(text.encode('utf-8')) 118 self.response.write(text.encode('utf-8'))
107 119
108 def redirect(url): 120 def redirect(url):
109 self.response.status = 302 121 self.response.status = 302
110 self.response.status_message = 'Found' 122 self.response.status_message = 'Found'
(...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after
157 error('Authorization failed: ' + self.request.get('error')) 169 error('Authorization failed: ' + self.request.get('error'))
158 else: 170 else:
159 code = self.request.get('code') 171 code = self.request.get('code')
160 if code: 172 if code:
161 login_step2(code, self.request.get('state') or base_url) 173 login_step2(code, self.request.get('state') or base_url)
162 else: 174 else:
163 login_step1(continue_url or base_url) 175 login_step1(continue_url or base_url)
164 176
165 login.Handler.get = get 177 login.Handler.get = get
166 178
167 from google.appengine.api.user_service_stub import UserServiceStub 179 from google.appengine.api import user_service_stub, user_service_pb
168 from google.appengine.api import user_service_pb
169 from google.appengine.runtime import apiproxy_errors 180 from google.appengine.runtime import apiproxy_errors
170 def _Dynamic_GetOAuthUser(self, request, response, request_id): 181 def _Dynamic_GetOAuthUser(self, request, response, request_id):
171 environ = self.request_data.get_request_environ(request_id) 182 environ = self.request_data.get_request_environ(request_id)
172 match = re.search(r'^OAuth (\S+)', environ.get('HTTP_AUTHORIZATION', '')) 183 match = re.search(r'^OAuth (\S+)', environ.get('HTTP_AUTHORIZATION', ''))
173 if not match: 184 if not match:
174 raise apiproxy_errors.ApplicationError( 185 raise apiproxy_errors.ApplicationError(
175 user_service_pb.UserServiceError.OAUTH_INVALID_REQUEST) 186 user_service_pb.UserServiceError.OAUTH_INVALID_REQUEST)
176 187
177 email, is_admin = get_user_info(match.group(1)) 188 email, is_admin = get_user_info(match.group(1))
178 if not email: 189 if not email:
179 raise apiproxy_errors.ApplicationError( 190 raise apiproxy_errors.ApplicationError(
180 user_service_pb.UserServiceError.OAUTH_INVALID_TOKEN) 191 user_service_pb.UserServiceError.OAUTH_INVALID_TOKEN)
181 192
193 # User ID is based on email address, see appengine.tools.devappserver2.login
194 user_id_digest = hashlib.md5(email.lower()).digest()
195 user_id = '1' + ''.join(['%02d' % ord(x) for x in user_id_digest])[:20]
Sebastian Noack 2015/06/04 21:51:43 WTF this algorithm, but I suppose we have to use i
Wladimir Palant 2015/06/04 23:19:54 Luckily, it doesn't seem to matter - Rietveld work
196
182 response.set_email(email) 197 response.set_email(email)
183 response.set_user_id(0) 198 response.set_user_id(user_id)
184 response.set_auth_domain(environ.get('HTTP_HOST')) 199 response.set_auth_domain(user_service_stub._DEFAULT_AUTH_DOMAIN)
185 response.set_is_admin(is_admin) 200 response.set_is_admin(is_admin)
186 response.set_client_id(client_id) 201 response.set_client_id(client_id)
187 response.add_scopes(OAUTH2_SCOPE) 202 response.add_scopes(OAUTH2_SCOPE)
188 203
189 UserServiceStub._Dynamic_GetOAuthUser = _Dynamic_GetOAuthUser 204 user_service_stub.UserServiceStub._Dynamic_GetOAuthUser = _Dynamic_GetOAuthUse r
190 205
191 206
192 if __name__ == '__main__': 207 if __name__ == '__main__':
193 engine_dir = '/opt/google_appengine' 208 engine_dir = '/opt/google_appengine'
194 storage_path = '/var/lib/rietveld' 209 storage_path = '/var/lib/rietveld'
195 210
196 script_name, script_file = setup_paths(engine_dir) 211 script_name, script_file = setup_paths(engine_dir)
197 adjust_server_id() 212 adjust_server_id()
198 fix_request_scheme() 213 fix_request_scheme()
199 214
200 if script_name == 'dev_appserver.py': 215 if script_name == 'dev_appserver.py':
201 config = read_config(os.path.join(storage_path, 'config.ini')) 216 config = read_config(os.path.join(storage_path, 'config.ini'))
202 217
203 set_storage_path(storage_path) 218 set_storage_path(storage_path)
204 replace_runtime() 219 replace_runtime()
205 protect_cookies(config.get('main', 'cookie_secret')) 220 protect_cookies(config.get('main', 'cookie_secret'))
206 enable_oauth2( 221 enable_oauth2(
207 config.get('oauth2', 'client_id'), 222 config.get('oauth2', 'client_id'),
208 config.get('oauth2', 'client_secret'), 223 config.get('oauth2', 'client_secret'),
209 config.get('main', 'admins').split() 224 config.get('main', 'admins').split()
210 ) 225 )
211 226
212 execfile(script_file) 227 execfile(script_file)
LEFTRIGHT

Powered by Google App Engine
This is Rietveld