rebble-auth-py/auth/discourse.py at dce80df67c03c623ad5204fe00069e63013ffd1d · pebble-dev/rebble-auth-py · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
import pydiscourse
from pydiscourse.sso import sso_validate, sso_payload

from flask import Blueprint, request, abort, redirect, render_template
from flask_login import login_required, current_user

from auth.models import db, User
from auth.settings import config

discourse_blueprint = Blueprint("discourse", __name__)

@discourse_blueprint.route("/", methods=['GET', 'POST'])
@login_required
def discourse_sso_view():
    payload = request.args.get('sso')
    signature = request.args.get('sig')
    try:
        nonce = sso_validate(payload, signature, config['DISCOURSE_SECRET'])
    except pydiscourse.exceptions.DiscourseError:
        abort(401, 'No SSO payload or signature.')

    if request.method == 'GET':
        return render_template('discourse.html', user=current_user)
    else:
        if 'deny' in request.form:
            return redirect(config['DISCOURSE_URL'])

        username = request.form.get('username')
        if username and username != '':
            if current_user.username:
                abort(400, 'You already have a username set on the Rebble Developer Forum.')
            if not User.is_valid_username(username):
                abort(400, 'Username must only contain letters, numbers, dashes, dots and underscores, and must not be a system username.')
            if User.query.filter_by(username=username).count() != 0:
                abort(400, 'Username is already taken.')
            User.query.filter_by(id=current_user.id).update({'username': username})
            db.session.commit()
        elif not current_user.username:
            abort(400, 'You need to choose a username.')

    url = sso_redirect_url(nonce, current_user)
    return redirect(config['DISCOURSE_URL'] + url)

def sso_redirect_url(nonce, user):
    attributes = {
        'nonce': nonce,
        'email': user.email,
        'external_id': user.id,
        'name': user.name,
        'username': user.username
    }

    if 'wizard' in user.groups:
        attributes['admin'] = 'true'

    add_groups = []
    remove_groups = []

    if user.has_active_sub:
        add_groups.append('subscribers')
    else:
        remove_groups.append('subscribers')

    if user.pebble_dev_portal_uid:
        # TODO: Check if the user has any public apps
        add_groups.append('developers')
        attributes['website'] = f"https://apps.rebble.io/developer/{user.pebble_dev_portal_uid}"

    if add_groups != []:
        attributes['add_groups'] = ','.join(add_groups)
    if remove_groups != []:
        attributes['remove_groups'] = ','.join(remove_groups)
    return "/session/sso_login?%s" % sso_payload(config['DISCOURSE_SECRET'], **attributes)

def init_app(app):
    app.register_blueprint(discourse_blueprint, url_prefix='/discourse')