Revert the X-GOOGLE-TOKEN mech to not perform HTTP requests.

Added new example for how to retrieve a Google token, following
the best case, non-browser, workflow. Other thirdparty auth
mechs (Facebook, MSN) follow a similar pattern of using an
access token.
This commit is contained in:
Lance Stout 2012-01-23 23:58:40 -08:00
parent f06589c913
commit 13158e3cdf
2 changed files with 248 additions and 57 deletions

247
examples/thirdpary_auth.py Normal file
View file

@ -0,0 +1,247 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""
SleekXMPP: The Sleek XMPP Library
Copyright (C) 2010 Nathanael C. Fritz
This file is part of SleekXMPP.
See the file LICENSE for copying permission.
"""
import sys
import logging
import getpass
from optparse import OptionParser
try:
from httplib import HTTPSConnection
from urllib import urlencode
except ImportError:
from urllib.parse import urlencode
from http.client import HTTPSConnection
import sleekxmpp
from sleekxmpp.xmlstream import JID
# Python versions before 3.0 do not use UTF-8 encoding
# by default. To ensure that Unicode is handled properly
# throughout SleekXMPP, we will set the default encoding
# ourselves to UTF-8.
if sys.version_info < (3, 0):
reload(sys)
sys.setdefaultencoding('utf8')
else:
raw_input = input
class ThirdPartyAuthBot(sleekxmpp.ClientXMPP):
"""
A simple SleekXMPP bot that will echo messages it
receives, along with a short thank you message.
This version uses a thirdpary service for authentication,
such as Facebook or Google.
"""
def __init__(self, jid, password):
sleekxmpp.ClientXMPP.__init__(self, jid, password)
# The X-GOOGLE-TOKEN mech is ranked lower than PLAIN
# due to Google only allowing a single SASL attempt per
# connection. So PLAIN will be used for TLS connections,
# and X-GOOGLE-TOKEN for non-TLS connections. To use
# X-GOOGLE-TOKEN with a TLS connection, explicitly select
# it using:
#
# sleekxmpp.ClientXMPP.__init__(self, jid, password,
# sasl_mech="X-GOOGLE-TOKEN")
# The session_start event will be triggered when
# the bot establishes its connection with the server
# and the XML streams are ready for use. We want to
# listen for this event so that we we can initialize
# our roster.
self.add_event_handler("session_start", self.start)
# The message event is triggered whenever a message
# stanza is received. Be aware that that includes
# MUC messages and error messages.
self.add_event_handler("message", self.message)
def start(self, event):
"""
Process the session_start event.
Typical actions for the session_start event are
requesting the roster and broadcasting an initial
presence stanza.
Arguments:
event -- An empty dictionary. The session_start
event does not provide any additional
data.
"""
self.send_presence()
self.get_roster()
def message(self, msg):
"""
Process incoming message stanzas. Be aware that this also
includes MUC messages and error messages. It is usually
a good idea to check the messages's type before processing
or sending replies.
Arguments:
msg -- The received message stanza. See the documentation
for stanza objects and the Message stanza to see
how it may be used.
"""
if msg['type'] in ('chat', 'normal'):
msg.reply("Thanks for sending\n%(body)s" % msg).send()
if __name__ == '__main__':
# Setup the command line arguments.
optp = OptionParser()
# Output verbosity options.
optp.add_option('-q', '--quiet', help='set logging to ERROR',
action='store_const', dest='loglevel',
const=logging.ERROR, default=logging.INFO)
optp.add_option('-d', '--debug', help='set logging to DEBUG',
action='store_const', dest='loglevel',
const=logging.DEBUG, default=logging.INFO)
optp.add_option('-v', '--verbose', help='set logging to COMM',
action='store_const', dest='loglevel',
const=5, default=logging.INFO)
# JID and password options.
optp.add_option("-j", "--jid", dest="jid",
help="JID to use")
optp.add_option("-p", "--password", dest="password",
help="password to use")
opts, args = optp.parse_args()
# Setup logging.
logging.basicConfig(level=opts.loglevel,
format='%(levelname)-8s %(message)s')
if opts.jid is None:
opts.jid = raw_input("Username: ")
if opts.password is None:
opts.password = getpass.getpass("Password: ")
access_token = None
# Since documentation on how to work with Google tokens
# can be difficult to find, we'll demo a basic version
# here. Note that responses could refer to a Captcha
# URL that would require a browser.
# Using Facebook or MSN's custom authentication requires
# a browser, but the process is the same once a token
# has been retrieved.
# Request an access token from Google:
try:
conn = HTTPSConnection('www.google.com')
except:
print('Could not connect to Google')
sys.exit()
params = urlencode({
'accountType': 'GOOGLE',
'service': 'mail',
'Email': JID(opts.jid).bare,
'Passwd': opts.password
})
headers = {
'Content-Type': 'application/x-www-form-urlencoded'
}
try:
conn.request('POST', '/accounts/ClientLogin', params, headers)
resp = conn.getresponse().read()
data = {}
for line in resp.split():
k, v = line.split(b'=', 1)
data[k] = v
except Exception as e:
print('Could not retrieve login data')
sys.exit()
if b'SID' not in data:
print('Required data not found')
sys.exit()
params = urlencode({
'SID': data[b'SID'],
'LSID': data[b'LSID'],
'service': 'mail'
})
try:
conn.request('POST', '/accounts/IssueAuthToken', params, headers)
resp = conn.getresponse()
data = resp.read().split()
except:
print('Could not retrieve auth data')
sys.exit()
if not data:
print('Could not retrieve token')
sys.exit()
access_token = data[0]
# Setup the ThirdPartyAuthBot and register plugins. Note that while plugins
# may have interdependencies, the order in which you register them does not
# matter.
# If using MSN, the JID should be "user@messenger.live.com", which will
# be overridden on session bind.
# We're using an access token instead of a password, so we'll use `''` as
# a password argument filler.
xmpp = ThirdPartyAuthBot(opts.jid, '')
xmpp.credentials['access_token'] = access_token
# The credentials dictionary is used to provide additional authentication
# beyond just a password.
xmpp.register_plugin('xep_0030') # Service Discovery
xmpp.register_plugin('xep_0004') # Data Forms
xmpp.register_plugin('xep_0060') # PubSub
# MSN will kill connections that have been inactive for even
# short periods of time. So use pings to keep the session alive,
# whitespace keepalives do not work.
xmpp.register_plugin('xep_0199', {'keepalive': True, 'frequency': 60})
# If you are working with an OpenFire server, you may need
# to adjust the SSL version used:
# xmpp.ssl_version = ssl.PROTOCOL_SSLv3
# If you want to verify the SSL certificates offered by a server:
# xmpp.ca_certs = "path/to/ca/cert"
# Connect to the XMPP server and start processing XMPP stanzas.
# Google only allows one SASL attempt per connection, so in order to
# enable the X-GOOGLE-TOKEN mechanism, we'll disable TLS.
if xmpp.connect(use_tls=False):
# If you do not have the dnspython library installed, you will need
# to manually specify the name of the server if it does not match
# the one in the JID. For example, to use Google Talk you would
# need to use:
#
# if xmpp.connect(('talk.google.com', 5222)):
# ...
xmpp.process(block=True)
print("Done")
else:
print("Unable to connect.")

View file

@ -1,72 +1,16 @@
import sys
import logging
try:
from httplib import HTTPSConnection
from urllib import urlencode
except ImportError:
from urllib.parse import urlencode
from http.client import HTTPSConnection
from sleekxmpp.thirdparty.suelta.util import bytes from sleekxmpp.thirdparty.suelta.util import bytes
from sleekxmpp.thirdparty.suelta.sasl import Mechanism, register_mechanism from sleekxmpp.thirdparty.suelta.sasl import Mechanism, register_mechanism
from sleekxmpp.thirdparty.suelta.exceptions import SASLError, SASLCancelled from sleekxmpp.thirdparty.suelta.exceptions import SASLError, SASLCancelled
log = logging.getLogger(__name__)
class X_GOOGLE_TOKEN(Mechanism): class X_GOOGLE_TOKEN(Mechanism):
def __init__(self, sasl, name): def __init__(self, sasl, name):
super(X_GOOGLE_TOKEN, self).__init__(sasl, name) super(X_GOOGLE_TOKEN, self).__init__(sasl, name)
self.check_values(['email', 'password', 'access_token']) self.check_values(['email', 'access_token'])
def process(self, challenge=None): def process(self, challenge=None):
if not self.values.get('access_token', False):
log.debug("SASL: Requesting auth token from Google")
try:
conn = HTTPSConnection('www.google.com')
except:
raise SASLError(self.sasl, 'Could not connect to Google')
params = urlencode({
'accountType': 'GOOGLE',
'service': 'mail',
'Email': self.values['email'],
'Passwd': self.values['password']
})
headers = {
'Content-Type': 'application/x-www-form-urlencoded'
}
try:
conn.request('POST', '/accounts/ClientLogin', params, headers)
resp = conn.getresponse().read()
data = {}
for line in resp.split():
k, v = line.split(b'=', 1)
data[k] = v
except Exception as e:
raise e
#raise SASLError(self.sasl, 'Could not retrieve login data')
if b'SID' not in data:
raise SASLError(self.sasl, 'Required data not found')
params = urlencode({
'SID': data[b'SID'],
'LSID': data[b'LSID'],
'service': 'mail'
})
try:
conn.request('POST', '/accounts/IssueAuthToken', params, headers)
resp = conn.getresponse()
data = resp.read().split()
except:
raise SASLError(self.sasl, 'Could not retrieve auth data')
if not data:
raise SASLError(self.sasl, 'Could not retrieve token')
self.values['access_token'] = data[0]
email = bytes(self.values['email']) email = bytes(self.values['email'])
token = bytes(self.values['access_token']) token = bytes(self.values['access_token'])
return b'\x00' + email + b'\x00' + token return b'\x00' + email + b'\x00' + token