[Python-modules-commits] [python-social-auth] 24/32: Merge branch 'bitbucket-oauth2' of https://github.com/mark-adams/python-social-auth into mark-adams-bitbucket-oauth2
Wolfgang Borgert
debacle at moszumanska.debian.org
Sat Dec 24 15:13:49 UTC 2016
This is an automated email from the git hooks/post-receive script.
debacle pushed a commit to tag v0.2.12
in repository python-social-auth.
commit d013b934a4f7815b76b9f1cbd2182cf7b8dc0640
Merge: b3572de 2853cfb
Author: Matías Aguirre <matiasaguirre at gmail.com>
Date: Thu Jul 9 16:10:52 2015 -0300
Merge branch 'bitbucket-oauth2' of https://github.com/mark-adams/python-social-auth into mark-adams-bitbucket-oauth2
Conflicts:
docs/backends/bitbucket.rst
social/backends/bitbucket.py
docs/backends/bitbucket.rst | 46 ++++++++----
social/backends/bitbucket.py | 84 ++++++++++++++++------
social/backends/oauth.py | 8 +++
social/tests/backends/test_bitbucket.py | 121 ++++++++++++++++++++++++--------
4 files changed, 197 insertions(+), 62 deletions(-)
diff --cc docs/backends/bitbucket.rst
index 6572d7a,00809a3..1cb69dd
--- a/docs/backends/bitbucket.rst
+++ b/docs/backends/bitbucket.rst
@@@ -1,36 -1,37 +1,56 @@@
Bitbucket
=========
- Bitbucket works similar to Twitter OAuth.
+ Bitbucket supports both OAuth2 and OAuth1 logins.
- - Register a new application by emailing ``support at bitbucket.org`` with an
- application name and a bit of a description,
+ 1. Register a new OAuth Consumer by following the instructions in the
+ Bitbucket documentation: `OAuth on Bitbucket`_
+
+ Note: For OAuth2, your consumer MUST have the "account" scope otherwise
+ the user profile information (username, name, etc.) won't be accessible.
+
+ 2. Configure the appropriate settings for OAuth2 or OAuth1 (see below).
+
++
+ OAuth2
+ ------
- Fill ``Consumer Key`` and ``Consumer Secret`` values in the settings::
- SOCIAL_AUTH_BITBUCKET_KEY = ''
- SOCIAL_AUTH_BITBUCKET_SECRET = ''
+ SOCIAL_AUTH_BITBUCKET_OAUTH2_KEY = '<your-consumer-key>'
+ SOCIAL_AUTH_BITBUCKET_OAUTH2_SECRET = '<your-consumer-secret>'
+
+ - If you would like to restrict access to only users with verified e-mail
+ addresses, set ``SOCIAL_AUTH_BITBUCKET_OAUTH2_VERIFIED_EMAILS_ONLY = True``
++ By default the setting is set to ``False`` since it's possible for a
++ project to gather this information by other methods.
++
+ OAuth1
+ ------
+ - OAuth1 works similarly to OAuth2, but you must fill in the following settings
+ instead::
- Settings
- --------
+ SOCIAL_AUTH_BITBUCKET_KEY = '<your-consumer-key>'
+ SOCIAL_AUTH_BITBUCKET_SECRET = '<your-consumer-secret>'
- Sometimes Bitbucket users don't have a verified email address, making it
- impossible to get the basic user information to continue the auth process.
- It's possible to avoid these users with this setting::
+ - If you would like to restrict access to only users with verified e-mail
- addresses, set ``SOCIAL_AUTH_BITBUCKET_VERIFIED_EMAILS_ONLY = True``
++ addresses, set ``SOCIAL_AUTH_BITBUCKET_VERIFIED_EMAILS_ONLY = True``.
++ By default the setting is set to ``False`` since it's possible for a
++ project to gather this information by other methods.
+
- SOCIAL_AUTH_BITBUCKET_VERIFIED_EMAILS_ONLY = True
+
- By default the setting is set to ``False`` since it's possible for a project to
- gather this information by other methods.
++User ID
++-------
+
+Bitbucket recommends the use of UUID_ as the user identifier instead
+of ``username`` since they can change and impose a security risk. For
+that reason ``UUID`` is used by default, but for backward
+compatibility reasons, it's possible to get the old behavior again by
+defining this setting::
+
+ SOCIAL_AUTH_BITBUCKET_USERNAME_AS_ID = True
+.. _UUID: https://confluence.atlassian.com/display/BITBUCKET/Use+the+Bitbucket+REST+APIs
+ .. _OAuth on Bitbucket: https://confluence.atlassian.com/display/BITBUCKET/OAuth+on+Bitbucket
diff --cc social/backends/bitbucket.py
index 2d78501,fd63880..fd6d02c
--- a/social/backends/bitbucket.py
+++ b/social/backends/bitbucket.py
@@@ -3,28 -3,17 +3,23 @@@ Bitbucket OAuth2 and OAuth1 backends, d
http://psa.matiasaguirre.net/docs/backends/bitbucket.html
"""
from social.exceptions import AuthForbidden
- from social.backends.oauth import BaseOAuth1
+ from social.backends.oauth import BaseOAuth1, BaseOAuth2
- class BitbucketOAuth(BaseOAuth1):
- """Bitbucket OAuth authentication backend"""
- name = 'bitbucket'
+ class BitbucketOAuthBase(object):
- # Bitbucket usernames can change. The account ID should always be the UUID
- # See: https://confluence.atlassian.com/display/BITBUCKET/Use+the+Bitbucket+REST+APIs
ID_KEY = 'uuid'
- AUTHORIZATION_URL = 'https://bitbucket.org/api/1.0/oauth/authenticate'
- REQUEST_TOKEN_URL = 'https://bitbucket.org/api/1.0/oauth/request_token'
- ACCESS_TOKEN_URL = 'https://bitbucket.org/api/1.0/oauth/access_token'
+ def get_user_id(self, details, response):
+ id_key = self.ID_KEY
+ if self.setting('USERNAME_AS_ID', False):
+ id_key = 'username'
+ return response.get(id_key)
+
def get_user_details(self, response):
"""Return user details from Bitbucket account"""
- fullname, first_name, last_name = self.get_user_names(response['display_name'])
+ fullname, first_name, last_name = self.get_user_names(
+ response['display_name']
+ )
return {'username': response.get('username', ''),
'email': response.get('email', ''),
@@@ -32,11 -21,10 +27,9 @@@
'first_name': first_name,
'last_name': last_name}
- def user_data(self, access_token):
+ def user_data(self, access_token, *args, **kwargs):
"""Return user data provided"""
- emails = self.get_json('https://api.bitbucket.org/2.0/user/emails',
- auth=self.oauth_auth(access_token))
-
+ emails = self._get_emails(access_token)
-
email = None
for address in reversed(emails['values']):
@@@ -44,15 -32,68 +37,66 @@@
if address['is_primary']:
break
-- if self.setting('VERIFIED_EMAILS_ONLY', False) and not address['is_confirmed']:
-- raise AuthForbidden(
-- self, 'Bitbucket account has no verified email'
-- )
-
- user = self.get_json('https://api.bitbucket.org/2.0/user',
- auth=self.oauth_auth(access_token))
++ if self.setting('VERIFIED_EMAILS_ONLY', False) and \
++ not address['is_confirmed']:
++ raise AuthForbidden(self, 'Bitbucket account has no verified email')
+ user = self._get_user(access_token)
-
if email:
user['email'] = email
--
return user
+
+ def _get_user(self, access_token=None):
- raise NotImplementedError
++ raise NotImplementedError('Implement in subclass')
+
+ def _get_emails(self, access_token=None):
- raise NotImplementedError
++ raise NotImplementedError('Implement in subclass')
+
+
+ class BitbucketOAuth2(BitbucketOAuthBase, BaseOAuth2):
+ name = 'bitbucket-oauth2'
+ SCOPE_SEPARATOR = ' '
+ AUTHORIZATION_URL = 'https://bitbucket.org/site/oauth2/authorize'
+ ACCESS_TOKEN_URL = 'https://bitbucket.org/site/oauth2/access_token'
+ ACCESS_TOKEN_METHOD = 'POST'
+ REDIRECT_STATE = False
+ EXTRA_DATA = [
+ ('scopes', 'scopes'),
+ ('expires_in', 'expires'),
+ ('token_type', 'token_type'),
+ ('refresh_token', 'refresh_token')
+ ]
+
+ def auth_complete_credentials(self):
+ return self.get_key_and_secret()
+
+ def _get_user(self, access_token=None):
+ return self.get_json('https://api.bitbucket.org/2.0/user',
+ params={'access_token': access_token})
+
+ def _get_emails(self, access_token=None):
+ return self.get_json('https://api.bitbucket.org/2.0/user/emails',
+ params={'access_token': access_token})
+
+ def refresh_token(self, *args, **kwargs):
- raise NotImplementedError('Refresh tokens for Bitbucket have not been implemented')
++ raise NotImplementedError('Refresh tokens for Bitbucket have '
++ 'not been implemented')
+
+
+ class BitbucketOAuth(BitbucketOAuthBase, BaseOAuth1):
+ """Bitbucket OAuth authentication backend"""
+ name = 'bitbucket'
+ AUTHORIZATION_URL = 'https://bitbucket.org/api/1.0/oauth/authenticate'
+ REQUEST_TOKEN_URL = 'https://bitbucket.org/api/1.0/oauth/request_token'
+ ACCESS_TOKEN_URL = 'https://bitbucket.org/api/1.0/oauth/access_token'
+
+ def oauth_auth(self, *args, **kwargs):
+ return super(BitbucketOAuth, self).oauth_auth(*args, **kwargs)
+
+ def _get_user(self, access_token=None):
+ return self.get_json('https://api.bitbucket.org/2.0/user',
+ auth=self.oauth_auth(access_token))
+
+ def _get_emails(self, access_token=None):
+ return self.get_json('https://api.bitbucket.org/2.0/user/emails',
+ auth=self.oauth_auth(access_token))
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/python-modules/packages/python-social-auth.git
More information about the Python-modules-commits
mailing list