From 1fd423e20f6b6a6f4ea8e8868fe6fb81e011965e Mon Sep 17 00:00:00 2001 From: Adarnof Date: Mon, 13 Jun 2016 00:16:27 +0000 Subject: [PATCH] Discord OAuth Integration (#468) * Implement Discord OAuth - extend group caching to Discord - use bot token to manipulate api - migrate to official API Addresses #419 * Remove virtualenv wrapper * Discord OAuth integration playtest corrections Closes #419 --- alliance_auth/settings.py.example | 18 ++- alliance_auth/urls.py | 2 + alliance_auth/wsgi.py | 5 + celerytask/tasks.py | 4 +- requirements.txt | 1 + services/admin.py | 3 + services/managers/discord_manager.py | 176 ++++++++++++++++++++++- services/models.py | 6 +- services/views.py | 70 ++++----- stock/templates/registered/services.html | 8 ++ util/context_processors.py | 2 +- 11 files changed, 240 insertions(+), 55 deletions(-) diff --git a/alliance_auth/settings.py.example b/alliance_auth/settings.py.example index b5cc70ac..fd3b32b6 100644 --- a/alliance_auth/settings.py.example +++ b/alliance_auth/settings.py.example @@ -437,13 +437,19 @@ TEAMSPEAK3_PUBLIC_URL = os.environ.get('AA_TEAMSPEAK3_PUBLIC_URL', 'yourdomain.c ###################################### # Discord Configuration ###################################### -# DISCORD_SERVER_ID - ID of the server to manage -# DISCORD_USER_EMAIL - email of the server management user -# DISCORD_USER_PASSWORD - password of the server management user +# DISCORD_GUILD_ID - ID of the guild to manage +# DISCORD_BOT_TOKEN - oauth token of the app bot user +# DISCORD_INVITE_CODE - invite code to the server +# DISCORD_APP_ID - oauth app client ID +# DISCORD_APP_SECRET - oauth app secret +# DISCORD_CALLBACK_URL - oauth callback url ###################################### -DISCORD_SERVER_ID = os.environ.get('AA_DISCORD_SERVER_ID', '') -DISCORD_USER_EMAIL = os.environ.get('AA_DISCORD_USER_EMAIL', '') -DISCORD_USER_PASSWORD = os.environ.get('AA_DISCORD_USER_PASSWORD', '') +DISCORD_GUILD_ID = os.environ.get('AA_DISCORD_GUILD_ID', '') +DISCORD_BOT_TOKEN = os.environ.get('AA_DISCORD_BOT_TOKEN', '') +DISCORD_INVITE_CODE = os.environ.get('AA_DISCORD_INVITE_CODE', '') +DISCORD_APP_ID = os.environ.get('AA_DISCORD_APP_ID', '') +DISCORD_APP_SECRET = os.environ.get('AA_DISCORD_APP_SECRET', '') +DISCORD_CALLBACK_URL = os.environ.get('AA_DISCORD_CALLBACK_URL', 'http://mydomain.com/discord_callback') ###################################### # Discourse Configuration diff --git a/alliance_auth/urls.py b/alliance_auth/urls.py index def77686..98f4d6ea 100755 --- a/alliance_auth/urls.py +++ b/alliance_auth/urls.py @@ -145,6 +145,8 @@ urlpatterns = patterns('', url(r'^activate_discord/$', 'services.views.activate_discord', name='auth_activate_discord'), url(r'^deactivate_discord/$', 'services.views.deactivate_discord', name='auth_deactivate_discord'), url(r'^reset_discord/$', 'services.views.reset_discord', name='auth_reset_discord'), + url(r'^discord_callback/$', 'services.views.discord_callback', name='auth_discord_callback'), + url(r'^discord_add_bot/$', 'services.views.discord_add_bot', name='auth_discord_add_bot'), # Discourse Service Control url(r'^activate_discourse/$', 'services.views.activate_discourse', name='auth_activate_discourse'), diff --git a/alliance_auth/wsgi.py b/alliance_auth/wsgi.py index 2e8555c7..cd1742c0 100644 --- a/alliance_auth/wsgi.py +++ b/alliance_auth/wsgi.py @@ -13,4 +13,9 @@ os.environ.setdefault("DJANGO_SETTINGS_MODULE", "alliance_auth.settings") from django.core.wsgi import get_wsgi_application +# virtualenv wrapper +#activate_env=os.path.join(os.path.dirname(os.path.abspath(__file__)), 'env/bin/activate_this.py') +#execfile(activate_env, dict(__file__=activate_env)) + + application = get_wsgi_application() diff --git a/celerytask/tasks.py b/celerytask/tasks.py index c4128331..4a4aa8f9 100644 --- a/celerytask/tasks.py +++ b/celerytask/tasks.py @@ -11,7 +11,7 @@ from services.managers.phpbb3_manager import Phpbb3Manager from services.managers.ipboard_manager import IPBoardManager from services.managers.xenforo_manager import XenForoManager from services.managers.teamspeak3_manager import Teamspeak3Manager -from services.managers.discord_manager import DiscordManager, DiscordAPIManager +from services.managers.discord_manager import DiscordOAuthManager from services.managers.discourse_manager import DiscourseManager from services.managers.smf_manager import smfManager from services.models import AuthTS @@ -212,7 +212,7 @@ def update_discord_groups(pk): groups.append('empty') logger.debug("Updating user %s discord groups to %s" % (user, groups)) try: - DiscordManager.update_groups(authserviceinfo.discord_uid, groups) + DiscordOAuthManager.update_groups(authserviceinfo.discord_uid, groups) except: logger.exception("Discord group sync failed for %s, retrying in 10 mins" % user) raise self.retry(countdown = 60 * 10) diff --git a/requirements.txt b/requirements.txt index fd3dec95..23106c9a 100755 --- a/requirements.txt +++ b/requirements.txt @@ -8,6 +8,7 @@ requests>=2.9.1 bcrypt zeroc-ice slugify +requests-oauthlib # Django Stuff # django==1.6.5 diff --git a/services/admin.py b/services/admin.py index bfca9f2c..51e178ec 100644 --- a/services/admin.py +++ b/services/admin.py @@ -2,6 +2,7 @@ from django.contrib import admin from .models import AuthTS from .models import DiscordAuthToken from .models import MumbleUser +from .models import GroupCache class AuthTSgroupAdmin(admin.ModelAdmin): fields = ['auth_group','ts_group'] @@ -12,3 +13,5 @@ admin.site.register(AuthTS, AuthTSgroupAdmin) admin.site.register(DiscordAuthToken) admin.site.register(MumbleUser) + +admin.site.register(GroupCache) diff --git a/services/managers/discord_manager.py b/services/managers/discord_manager.py index b3540534..93d7b793 100644 --- a/services/managers/discord_manager.py +++ b/services/managers/discord_manager.py @@ -5,9 +5,11 @@ import re import os import urllib import base64 -from services.models import DiscordAuthToken - +from services.models import DiscordAuthToken, GroupCache +from requests_oauthlib import OAuth2Session import logging +import datetime +from django.utils import timezone logger = logging.getLogger(__name__) @@ -445,3 +447,173 @@ class DiscordManager: except: logger.exception("An unhandled exception has occured.") return False + +AUTH_URL = "https://discordapp.com/api/oauth2/authorize" +TOKEN_URL = "https://discordapp.com/api/oauth2/token" + +# kick, manage roles +BOT_PERMISSIONS = 0x00000002 + 0x10000000 + +# get user ID, accept invite +SCOPES = [ + 'identify', + 'guilds.join', +] + +GROUP_CACHE_MAX_AGE = datetime.timedelta(minutes=30) + +class DiscordOAuthManager: + @staticmethod + def generate_bot_add_url(): + return AUTH_URL + '?client_id=' + settings.DISCORD_APP_ID + '&scope=bot&permissions=' + str(BOT_PERMISSIONS) + + @staticmethod + def generate_oauth_redirect_url(): + oauth = OAuth2Session(settings.DISCORD_APP_ID, redirect_uri=settings.DISCORD_CALLBACK_URL, scope=SCOPES) + url, state = oauth.authorization_url(AUTH_URL) + return url + + @staticmethod + def _process_callback_code(code): + oauth = OAuth2Session(settings.DISCORD_APP_ID, redirect_uri=settings.DISCORD_CALLBACK_URL) + token = oauth.fetch_token(TOKEN_URL, client_secret=settings.DISCORD_APP_SECRET, code=code) + return token + + @staticmethod + def add_user(code): + try: + token = DiscordOAuthManager._process_callback_code(code)['access_token'] + logger.debug(token) + logger.debug("Received token from OAuth") + + custom_headers = {'accept': 'application/json', 'authorization': 'Bearer ' + token} + path = DISCORD_URL + "/invites/" + str(settings.DISCORD_INVITE_CODE) + r = requests.post(path, headers=custom_headers) + logger.debug("Got status code %s after accepting Discord invite" % r.status_code) + r.raise_for_status() + + path = DISCORD_URL + "/users/@me" + r = requests.get(path, headers=custom_headers) + logger.debug("Got status code %s after retrieving Discord profile" % r.status_code) + r.raise_for_status() + + user_id = r.json()['id'] + logger.info("Added Discord user ID %s to server." % user_id) + return user_id + except: + logger.exception("Failed to add Discord user") + return None + + @staticmethod + def delete_user(user_id): + try: + custom_headers = {'accept': 'application/json', 'authorization': 'Bearer ' + settings.DISCORD_BOT_TOKEN} + path = DISCORD_URL + "/guilds/" + str(settings.DISCORD_GUILD_ID) + "/members/" + str(user_id) + r = requests.delete(path, headers=custom_headers) + logger.debug("Got status code %s after removing Discord user ID %s" % (r.status_code, user_id)) + r.raise_for_status() + return True + except: + logger.exception("Failed to remove Discord user %s" % user_id) + try: + # user maybe already left server? + custom_headers = {'accept': 'application/json', 'authorization': 'Bearer ' + settings.DISCORD_BOT_TOKEN} + path = DISCORD_URL + "/guilds/" + str(settings.DISCORD_GUILD_ID) + "/members/" + r = requests.get(path, headers=custom_headers) + members = r.json() + users = [str(m['user']['id']) == str(user_id) for m in members] + if True in users: + logger.error("Unable to remove Discord user %s" % user_id) + return False + else: + logger.warn("Discord user %s alredy left server." % user_id) + return True + except: + logger.exception("Failed to locate Discord user") + return False + + @staticmethod + def __get_groups(): + custom_headers = {'accept': 'application/json', 'authorization': settings.DISCORD_BOT_TOKEN} + path = DISCORD_URL + "/guilds/" + str(settings.DISCORD_GUILD_ID) + "/roles" + r = requests.get(path, headers=custom_headers) + logger.debug("Got status code %s after retrieving Discord roles" % r.status_code) + r.raise_for_status() + return r.json() + + @staticmethod + def __update_group_cache(): + GroupCache.objects.filter(service="discord").delete() + cache = GroupCache.objects.create(service="discord") + cache.groups = json.dumps(DiscordOAuthManager.__get_groups()) + cache.save() + return cache + + @staticmethod + def __get_group_cache(): + if not GroupCache.objects.filter(service="discord").exists(): + DiscordOAuthManager.__update_group_cache() + cache = GroupCache.objects.get(service="discord") + age = timezone.now() - cache.created + if age > GROUP_CACHE_MAX_AGE: + logger.debug("Group cache has expired. Triggering update.") + cache = DiscordOAuthManager.__update_group_cache() + return json.loads(cache.groups) + + @staticmethod + def __group_name_to_id(name): + cache = DiscordOAuthManager.__get_group_cache() + for g in cache: + if g['name'] == name: + return g['id'] + logger.debug("Group %s not found on Discord. Creating" % name) + DiscordOAuthManager.__create_group(name) + return DiscordOAuthManager.__group_name_to_id(name) + + @staticmethod + def __group_id_to_name(id): + cache = DiscordOAuthManager.__get_group_cache() + for g in cache: + if g['id'] == id: + return g['name'] + raise KeyError("Group ID %s not found on Discord" % id) + + @staticmethod + def __generate_role(): + custom_headers = {'accept':'application/json', 'authorization': settings.DISCORD_BOT_TOKEN} + path = DISCORD_URL + "/guilds/" + str(settings.DISCORD_GUILD_ID) + "/roles" + r = requests.post(path, headers=custom_headers) + logger.debug("Received status code %s after generating new role." % r.status_code) + r.raise_for_status() + return r.json() + + @staticmethod + def __edit_role(role_id, name, color=0, hoist=True, permissions=36785152): + custom_headers = {'content-type':'application/json', 'authorization': settings.DISCORD_BOT_TOKEN} + data = { + 'color': color, + 'hoist': hoist, + 'name': name, + 'permissions': permissions, + } + path = DISCORD_URL + "/guilds/" + str(settings.DISCORD_GUILD_ID) + "/roles/" + str(role_id) + r = requests.patch(path, headers=custom_headers, data=json.dumps(data)) + logger.debug("Received status code %s after editing role id %s" % (r.status_code, role_id)) + r.raise_for_status() + return r.json() + + @staticmethod + def __create_group(name): + role = DiscordOAuthManager.__generate_role() + new_role = DiscordOAuthManager.__edit_role(role['id'], name) + DiscordOAuthManager.__update_group_cache() + + @staticmethod + def update_groups(user_id, groups): + custom_headers = {'content-type':'application/json', 'authorization': settings.DISCORD_BOT_TOKEN} + group_ids = [DiscordOAuthManager.__group_name_to_id(g) for g in groups] + path = DISCORD_URL + "/guilds/" + str(settings.DISCORD_GUILD_ID) + "/members/" + str(user_id) + data = {'roles': group_ids} + r = requests.patch(path, headers=custom_headers, json=data) + logger.debug("Received status code %s after setting user roles" % r.status_code) + r.raise_for_status() diff --git a/services/models.py b/services/models.py index 47b3cdd8..3ff5c786 100644 --- a/services/models.py +++ b/services/models.py @@ -50,8 +50,12 @@ class MumbleUser(models.Model): class GroupCache(models.Model): SERVICE_CHOICES = ( ("discourse", "discourse"), + ("discord", "discord"), ) created = models.DateTimeField(auto_now_add=True) - groups = models.TextField(blank=True, null=True) + groups = models.TextField(default={}) service = models.CharField(max_length=254, choices=SERVICE_CHOICES, unique=True) + + def __str__(self): + return self.service diff --git a/services/views.py b/services/views.py index 2ff4854e..a1d74688 100755 --- a/services/views.py +++ b/services/views.py @@ -14,7 +14,7 @@ from managers.mumble_manager import MumbleManager from managers.ipboard_manager import IPBoardManager from managers.xenforo_manager import XenForoManager from managers.teamspeak3_manager import Teamspeak3Manager -from managers.discord_manager import DiscordManager +from managers.discord_manager import DiscordOAuthManager from managers.discourse_manager import DiscourseManager from managers.ips4_manager import Ips4Manager from managers.smf_manager import smfManager @@ -129,6 +129,8 @@ def services_view(request): def service_blue_alliance_test(user): return check_if_user_has_permission(user, 'member') or check_if_user_has_permission(user, 'blue_member') +def superuser_test(user): + return user.is_superuser @login_required @user_passes_test(service_blue_alliance_test) @@ -504,7 +506,7 @@ context_instance=RequestContext(request)) def deactivate_discord(request): logger.debug("deactivate_discord called by user %s" % request.user) authinfo = AuthServicesInfoManager.get_auth_service_info(request.user) - result = DiscordManager.delete_user(authinfo.discord_uid) + result = DiscordOAuthManager.delete_user(authinfo.discord_uid) if result: AuthServicesInfoManager.update_user_discord_info("", request.user) logger.info("Succesfully deactivated discord for user %s" % request.user) @@ -517,7 +519,7 @@ def deactivate_discord(request): def reset_discord(request): logger.debug("reset_discord called by user %s" % request.user) authinfo = AuthServicesInfoManager.get_auth_service_info(request.user) - result = DiscordManager.delete_user(authinfo.discord_uid) + result = DiscordOAuthManager.delete_user(authinfo.discord_uid) if result: AuthServicesInfoManager.update_user_discord_info("",request.user) logger.info("Succesfully deleted discord user for user %s - forwarding to discord activation." % request.user) @@ -529,47 +531,29 @@ def reset_discord(request): @user_passes_test(service_blue_alliance_test) def activate_discord(request): logger.debug("activate_discord called by user %s" % request.user) - success = False - if request.method == 'POST': - logger.debug("Received POST request with form.") - form = DiscordForm(request.POST) - logger.debug("Form is valid: %s" % form.is_valid()) - if form.is_valid(): - email = form.cleaned_data['email'] - logger.debug("Form contains email address beginning with %s" % email[0:3]) - password = form.cleaned_data['password'] - logger.debug("Form contains password of length %s" % len(password)) - update_avatar = form.cleaned_data['update_avatar'] - logger.debug("Form contains update_avatar set to %r" % bool(update_avatar)) - try: - user_id = DiscordManager.add_user(email, password, request.user) - logger.debug("Received discord uid %s" % user_id) - if user_id != "": - AuthServicesInfoManager.update_user_discord_info(user_id, request.user) - logger.debug("Updated discord id %s for user %s" % (user_id, request.user)) - update_discord_groups.delay(request.user.pk) - logger.debug("Updated discord groups for user %s." % request.user) - success = True - logger.info("Succesfully activated discord for user %s" % request.user) - if (update_avatar): - authinfo = AuthServicesInfoManager.get_auth_service_info(request.user) - char_id = authinfo.main_char_id - avatar_updated = DiscordManager.update_user_avatar(email, password, request.user, char_id) - if (avatar_updated): - logger.debug("Updated user %s discord avatar." % request.user) - else: - logger.debug("Could not set user %s discord avatar." %request.user) - return HttpResponseRedirect("/services/") - except: - logger.exception("An unhandled exception has occured.") - pass - else: - logger.debug("Request is not type POST - providing empty form.") - form = DiscordForm() + return HttpResponseRedirect(DiscordOAuthManager.generate_oauth_redirect_url()) - logger.debug("Rendering form for user %s with success %s" % (request.user, success)) - context = {'form': form, 'success': success} - return render_to_response('registered/discord.html', context, context_instance=RequestContext(request)) +@login_required +@user_passes_test(service_blue_alliance_test) +def discord_callback(request): + logger.debug("Received Discord callback for activation of user %s" % request.user) + code = request.GET.get('code', None) + if not code: + logger.warn("Did not receive OAuth code from callback of user %s" % request.user) + return HttpResponseRedirect("/services/") + user_id = DiscordOAuthManager.add_user(code) + if user_id: + AuthServicesInfoManager.update_user_discord_info(user_id, request.user) + update_discord_groups.delay(request.user.pk) + logger.info("Succesfully activated Discord for user %s" % request.user) + else: + logger.error("Failed to activate Discord for user %s" % request.user) + return HttpResponseRedirect("/services/") + +@login_required +@user_passes_test(superuser_test) +def discord_add_bot(request): + return HttpResponseRedirect(DiscordOAuthManager.generate_bot_add_url()) @login_required @user_passes_test(service_blue_alliance_test) diff --git a/stock/templates/registered/services.html b/stock/templates/registered/services.html index d6b26a04..285e3d36 100755 --- a/stock/templates/registered/services.html +++ b/stock/templates/registered/services.html @@ -9,6 +9,14 @@ {% block content %}

Available Services

+ {% if ENABLE_AUTH_DISCORD or ENABLE_BLUE_DISCORD %} + {% if request.user.is_superuser %} +
+ Link Discord Server +
+
+ {% endif %} + {% endif %} {% if perms.auth.blue_member %} diff --git a/util/context_processors.py b/util/context_processors.py index 2c55052a..aeba5a38 100755 --- a/util/context_processors.py +++ b/util/context_processors.py @@ -57,7 +57,7 @@ def domain_url(request): 'ENABLE_BLUE_XENFORO': settings.ENABLE_BLUE_XENFORO, 'TEAMSPEAK3_PUBLIC_URL': settings.TEAMSPEAK3_PUBLIC_URL, 'JACK_KNIFE_URL': settings.JACK_KNIFE_URL, - 'DISCORD_SERVER_ID': settings.DISCORD_SERVER_ID, + 'DISCORD_SERVER_ID': settings.DISCORD_GUILD_ID, 'KILLBOARD_URL': settings.KILLBOARD_URL, 'DISCOURSE_URL': settings.DISCOURSE_URL, 'IPS4_URL': settings.IPS4_URL,