add Microsoft OAuth

2025-11-25 03:15:05 +08:00 · 2023-02-09 20:14:42 +01:00
parent 3e6664d9fc
commit 1cd55ac11b
2 changed files with 38 additions and 1 deletions
--- a/yyetsweb/handler.py
+++ b/yyetsweb/handler.py
@@ -1096,3 +1096,38 @@ class TwitterOAuth2LoginHandler(TwitterMixin, OAuth2Handler):
            # Save the user using e.g. set_secure_cookie()
        else:
            await self.authorize_redirect(extra_params={"x_auth_access_type": "read"})
+
+
+class MSOAuth2LoginHandler(OAuth2Handler):
+    _OAUTH_AUTHORIZE_URL = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize"
+    _OAUTH_ACCESS_TOKEN_URL = "https://login.microsoftonline.com/common/oauth2/v2.0/token"
+    _OAUTH_API_REQUEST_URL = "https://graph.microsoft.com/v1.0/me"
+
+    def get(self):
+        settings = self.settings.get("ms_oauth")
+        client_id = settings.get("key")
+        client_secret = settings.get("secret")
+        redirect_uri = os.getenv("DOMAIN") + self.request.path
+
+        code = self.get_argument('code', None)
+        if code:
+            body = {"client_id": client_id, "client_secret": client_secret, "code": code,
+                    "grant_type": "authorization_code", "redirect_uri": redirect_uri}
+            access = requests.post(self._OAUTH_ACCESS_TOKEN_URL, data=body,
+                                   headers={"Accept": "application/json"}).json()
+            resp = requests.get(self._OAUTH_API_REQUEST_URL,
+                                headers={"Authorization": "Bearer {}".format(access["access_token"])}
+                                ).json()
+            email = resp["userPrincipalName"]
+            logging.info("User %s login with Microsoft now...", email)
+            result = self.add_oauth_user(email, "Microsoft")
+            if result["status"] == "success":
+                self.set_secure_cookie("username", email, 365)
+            self.redirect("/login?" + urlencode(result))
+
+        else:
+            self.authorize_redirect(
+                redirect_uri=redirect_uri,
+                client_id=client_id,
+                scope=["https://graph.microsoft.com/User.Read"],
+                response_type='code')
--- a/yyetsweb/server.py
+++ b/yyetsweb/server.py
@@ -24,7 +24,7 @@ import dump_db
 from Mongo import OtherMongoResource, ResourceLatestMongoResource
 from handler import (AnnouncementHandler, BlacklistHandler, CaptchaHandler,
                     CategoryHandler, CommentChildHandler, CommentHandler,
-                     CommentNewestHandler, CommentReactionHandler,
+                     CommentNewestHandler, CommentReactionHandler, MSOAuth2LoginHandler,
                     DBDumpHandler, DoubanHandler, DoubanReportHandler,
                     GitHubOAuth2LoginHandler, GoogleOAuth2LoginHandler,
                     GrafanaIndexHandler, GrafanaQueryHandler,
@@ -73,6 +73,7 @@ class RunServer:
        (r'/auth/github', GitHubOAuth2LoginHandler),
        (r'/auth/google', GoogleOAuth2LoginHandler),
        (r'/auth/twitter', TwitterOAuth2LoginHandler),
+        (r'/auth/microsoft', MSOAuth2LoginHandler),

        (r'/(.*\.html|.*\.js|.*\.css|.*\.png|.*\.jpg|.*\.ico|.*\.gif|.*\.woff2|.*\.gz|.*\.zip|'
         r'.*\.svg|.*\.json|.*\.txt)',
@@ -85,6 +86,7 @@ class RunServer:
        "login_url": "/login",
        "google_oauth": {"key": os.getenv("GOOGLE_CLIENT_ID"), "secret": os.getenv("GOOGLE_CLIENT_SECRET")},
        "github_oauth": {"key": os.getenv("GITHUB_CLIENT_ID"), "secret": os.getenv("GITHUB_CLIENT_SECRET")},
+        "ms_oauth": {"key": os.getenv("MS_CLIENT_ID"), "secret": os.getenv("MS_CLIENT_SECRET")},
        "twitter_consumer_key": os.getenv("TWITTER_CONSUMER_KEY"),
        "twitter_consumer_secret": os.getenv("TWITTER_CONSUMER_SECRET"),
    }