Support GitHub login. (#2567)

This commit is contained in:
Oliver Chang 2022-03-15 14:28:06 +11:00 committed by GitHub
parent fb88290102
commit b4390aa910
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 32 additions and 9 deletions

View File

@ -43,9 +43,7 @@
"polymer": "Polymer/polymer#^2.1.0",
"test-fixture": "PolymerElements/test-fixture#^3.0.0",
"web-component-tester": "Polymer/web-component-tester#^6.5.1",
"shadycss": "^1.0.6",
"firebaseui": "^3.6.0",
"firebase": "^5.9.4"
"shadycss": "^1.0.6"
},
"resolutions": {
"iron-flex-layout": "^2.0.0",
@ -65,7 +63,6 @@
"iron-collapse": "^2.0.0",
"polymer": "^2.1.0",
"iron-selector": "^2.0.0",
"paper-ripple": "^2.0.0",
"firebase": "^5.9.4"
"paper-ripple": "^2.0.0"
}
}

View File

@ -46,6 +46,10 @@ firebase:
# API key for Firebase (public).
api_key: firebase-api-key
# auth_domain: login.custom-domain.com
auth_providers:
- google.com
# - github.com
stacktrace:
# Stack frames to ignore when determining the crash signature.

View File

@ -154,7 +154,21 @@ def get_current_user():
logs.log_warn('Invalid session cookie.')
return None
if not decoded_claims.get('email_verified'):
allowed_firebase_providers = local_config.ProjectConfig().get(
'firebase.auth_providers', ['google.com'])
firebase_info = decoded_claims.get('firebase', {})
sign_in_provider = firebase_info.get('sign_in_provider')
if sign_in_provider not in allowed_firebase_providers:
logs.log_error(f'Firebase provider {sign_in_provider} is not enabled.')
return None
# Per https://docs.github.com/en/authentication/
# keeping-your-account-and-data-secure/authorizing-oauth-apps
# GitHub requires emails to be verified before an OAuth app can be
# authorized, so we make an exception.
if (not decoded_claims.get('email_verified') and
sign_in_provider != 'github.com'):
return None
email = decoded_claims.get('email')

View File

@ -92,6 +92,7 @@ def get_default_builder():
builder.add('img-src', 'www.gstatic.com')
builder.add('connect-src', 'securetoken.googleapis.com')
builder.add('connect-src', 'www.googleapis.com')
builder.add('connect-src', 'identitytoolkit.googleapis.com')
builder.add('frame-src', auth.auth_domain())
# External style. Used for fonts, charting libraries.

View File

@ -17,9 +17,10 @@
{% block import_element %}
{% raw %}
<script src="/private/bower_components/webcomponentsjs/webcomponents-lite.js"></script>
<script src="/private/bower_components/firebase/firebase.js"></script>
<script src="/private/bower_components/firebaseui/dist/firebaseui.js"></script>
<link type="text/css" rel="stylesheet" href="/private/bower_components/firebaseui/dist/firebaseui.css">
<script src="https://www.gstatic.com/firebasejs/9.1.3/firebase-app-compat.js"></script>
<script src="https://www.gstatic.com/firebasejs/9.1.3/firebase-auth-compat.js"></script>
<script src="https://www.gstatic.com/firebasejs/ui/6.0.0/firebase-ui-auth.js"></script>
<link type="text/css" rel="stylesheet" href="https://www.gstatic.com/firebasejs/ui/6.0.0/firebase-ui-auth.css" />
<link rel="import" href="/private/bower_components/polymer/polymer.html">
<link rel="import" href="/private/bower_components/iron-icons/iron-icons.html">
<link rel="import" href="/private/bower_components/iron-icon/iron-icon.html">
@ -57,6 +58,12 @@
prompt: 'select_account',
},
},
{
provider: firebase.auth.GithubAuthProvider.PROVIDER_ID,
scopes: [
'user:email',
]
},
],
callbacks: {
signInSuccessWithAuthResult: function(authResult, redirectUrl) {