| 1234567891011121314151617181920212223242526272829303132333435363738394041424344 |
- """
- Authentication backend that checks credentials against an oauth2 server auth endpoint
- """
- from radicale import auth
- from radicale.log import logger
- import requests
- from requests.utils import quote
- class Auth(auth.BaseAuth):
- def __init__(self, configuration):
- super().__init__(configuration)
- self._endpoint = configuration.get("auth", "oauth2_token_endpoint")
- logger.warning("Using oauth2 token endpoint: %s" % (self._endpoint))
- def login(self, login, password):
- """Validate credentials.
- Sends login credentials to oauth auth endpoint and checks that a token is returned
- """
- try:
- # authenticate to authentication endpoint and return login if ok, else ""
- req_params = {
- "username": login,
- "password": password,
- "grant_type": "password",
- "client_id": "radicale",
- }
- req_headers = {"Content-Type": "application/x-www-form-urlencoded"}
- response = requests.post(
- self._endpoint, data=req_params, headers=req_headers
- )
- if (
- response.status_code == requests.codes.ok
- and "access_token" in response.json()
- ):
- return login
- except OSError as e:
- raise RuntimeError(
- "Failed to authenticate against oauth server %r: %s"
- % (self._endpoint, e)
- ) from e
- logger.warning("User %s failed to authenticate" % (str(login)))
- return ""
|
