ADD Github SSO for linking github account

api/anubis/config.py

@@ -41,8 +41,12 @@ def __init__(self):
             self.CACHE_TYPE = 'NullCache'
 
         # OAuth
-        self.OAUTH_CONSUMER_KEY = os.environ.get("OAUTH_CONSUMER_KEY", default="DEBUG")
-        self.OAUTH_CONSUMER_SECRET = os.environ.get("OAUTH_CONSUMER_SECRET", default="DEBUG")
+        self.OAUTH_NYU_CONSUMER_KEY = os.environ.get("OAUTH_NYU_CONSUMER_KEY", default="DEBUG")
+        self.OAUTH_NYU_CONSUMER_SECRET = os.environ.get("OAUTH_NYU_CONSUMER_SECRET", default="DEBUG")
+
+        # Github OAuth
+        self.OAUTH_GITHUB_CLIENT_KEY = os.environ.get("OAUTH_GITHUB_CLIENT_KEY", default="DEBUG")
+        self.OAUTH_GITHUB_CLIENT_SECRET = os.environ.get("OAUTH_GITHUB_CLIENT_SECRET", default="DEBUG")
 
         # Logger
         self.LOGGER_NAME = os.environ.get("LOGGER_NAME", default="anubis-api")

api/anubis/utils/auth/oauth.py

@@ -3,14 +3,31 @@
 from anubis.config import config
 
 oauth = OAuth()
-OAUTH_REMOTE_APP = oauth.remote_app(
+OAUTH_REMOTE_APP_NYU = oauth.remote_app(
     "nyu",
     base_url="https://auth.nyu.edu/oauth2/",
     authorize_url="https://auth.nyu.edu/oauth2/authorize",
     request_token_url=None,
     request_token_params={"scope": "openid"},
     access_token_url="https://auth.nyu.edu/oauth2/token",
-    access_token_params={"client_id": config.OAUTH_CONSUMER_KEY},
-    consumer_key=config.OAUTH_CONSUMER_KEY,
-    consumer_secret=config.OAUTH_CONSUMER_SECRET,
+    access_token_params={"client_id": config.OAUTH_NYU_CONSUMER_KEY},
+    consumer_key=config.OAUTH_NYU_CONSUMER_KEY,
+    consumer_secret=config.OAUTH_NYU_CONSUMER_SECRET,
 )
+
+OAUTH_REMOTE_APP_GITHUB = oauth.remote_app(
+    "github",
+    base_url="https://github.com/login/oauth/",
+    authorize_url="https://github.com/login/oauth/authorize",
+    request_token_url=None,
+    request_token_params={
+        "scope": "read:user"
+    },
+    access_token_url="https://github.com/login/oauth/access_token",
+    access_token_params={
+        "client_id": config.OAUTH_GITHUB_CLIENT_KEY,
+        "client_secret": config.OAUTH_GITHUB_CLIENT_SECRET,
+    },
+    consumer_key=config.OAUTH_GITHUB_CLIENT_KEY,
+    consumer_secret=config.OAUTH_GITHUB_CLIENT_SECRET,
+)

api/anubis/views/public/__init__.py

@@ -1,6 +1,7 @@
 def register_public_views(app):
     from anubis.views.public.auth import auth_
-    from anubis.views.public.auth import oauth_
+    from anubis.views.public.auth import nyu_oauth_
+    from anubis.views.public.auth import github_oauth_
     from anubis.views.public.ide import ide
     from anubis.views.public.repos import repos_
     from anubis.views.public.webhook import webhook
@@ -16,7 +17,8 @@ def register_public_views(app):
 
     views = [
         auth_,
-        oauth_,
+        nyu_oauth_,
+        github_oauth_,
         ide,
         repos_,
         webhook,

api/anubis/views/public/auth.py

@@ -1,8 +1,9 @@
 import base64
 import json
 import os
+import requests
 
-from flask import Blueprint, make_response, redirect, request
+from flask import Blueprint, make_response, redirect, request, url_for
 
 from anubis.models import User, db
 from anubis.utils.auth.http import require_user, require_admin
@@ -13,17 +14,23 @@
 from anubis.utils.http import error_response, success_response
 from anubis.lms.courses import get_course_context
 from anubis.lms.submissions import fix_dangling
-from anubis.utils.auth.oauth import OAUTH_REMOTE_APP as provider
+from anubis.utils.auth.oauth import OAUTH_REMOTE_APP_NYU as nyu_provider
+from anubis.utils.auth.oauth import OAUTH_REMOTE_APP_GITHUB as github_provider
 
 auth_ = Blueprint("public-auth", __name__, url_prefix="/public/auth")
-oauth_ = Blueprint("public-oauth", __name__, url_prefix="/public")
+nyu_oauth_ = Blueprint("public-oauth", __name__, url_prefix="/public")
+github_oauth_ = Blueprint(
+    "public-github-oauth",
+    __name__,
+    url_prefix="/public/github"
+)
 
 
 @auth_.route("/login")
 def public_login():
     if is_debug():
         return "AUTH"
-    return provider.authorize(
+    return nyu_provider.authorize(
         callback="https://anubis.osiris.services/api/public/oauth"
     )
 
@@ -35,7 +42,7 @@ def public_logout():
     return r
 
 
-@oauth_.route("/oauth")
+@nyu_oauth_.route("/oauth")
 def public_oauth():
     """
     This is the endpoint NYU oauth sends the user to after
@@ -52,13 +59,13 @@ def public_oauth():
     next_url = request.args.get("next") or "/courses"
 
     # Get the authorized response from NYU oauth
-    resp = provider.authorized_response()
+    resp = nyu_provider.authorized_response()
     if resp is None or "access_token" not in resp:
         return "Access Denied"
 
     # This is the data we get from NYU's oauth. It has basic information
     # on who is logging in
-    user_data = provider.get("userinfo?schema=openid", token=(resp["access_token"],))
+    user_data = nyu_provider.get("userinfo?schema=openid", token=(resp["access_token"],))
 
     # Load the netid name from the response
     netid = user_data.data["netid"]
@@ -89,6 +96,55 @@ def public_oauth():
     return r
 
 
+@github_oauth_.route("/link")
+@require_user()
+def public_github_link():
+    return github_provider.authorize(
+        callback="https://anubis.osiris.services/api/public/github/oauth"
+    )
+
+
+@github_oauth_.route("/oauth")
+@require_user()
+def public_github_oauth():
+    """
+    This is the endpoint Github OAuth sends the user to after
+    authentication. Here we need to verify the oauth response,
+    and update user's Github username to the database.
+
+    :return:
+    """
+
+    # Get the authorized response from Github OAuth
+    resp = github_provider.authorized_response()
+    if resp is None or "access_token" not in resp:
+        return "Access Denied"
+
+    # Setup headers and url
+    github_api_headers = {
+        "authorization": "bearer " + resp["access_token"],
+        "accept": "application/vnd.github.v3+json"
+    }
+    github_api_url = "https://api.github.com/user"
+
+    try:
+        # Request Github User API
+        github_user_info = requests.get(
+            github_api_url,
+            headers=github_api_headers,
+        ).json()
+
+        # Set github username and commit
+        current_user.github_username = github_user_info["login"]
+        db.session.add(current_user)
+        db.session.commit()
+
+        # Notify them with status
+        return success_response({"status": "github username updated"})
+    except:
+        return error_response({"status": "fail to update github username"})
+
+
 @auth_.route("/whoami")
 def public_whoami():
     """

k8s/chart/templates/api.yml

@@ -65,16 +65,26 @@ spec:
             secretKeyRef:
               name: api
               key: secret-key
-        - name: "OAUTH_CONSUMER_KEY"
+        - name: "OAUTH_NYU_CONSUMER_KEY"
           valueFrom:
             secretKeyRef:
               name: oauth
-              key: consumer-key
-        - name: "OAUTH_CONSUMER_SECRET"
+              key: nyu-consumer-key
+        - name: "OAUTH_NYU_CONSUMER_SECRET"
           valueFrom:
             secretKeyRef:
               name: oauth
-              key: consumer-secret
+              key: nyu-consumer-secret
+        - name: "OAUTH_GITHUB_CLIENT_KEY"
+          valueFrom:
+            secretKeyRef:
+              name: oauth
+              key: github-client-key
+        - name: "OAUTH_GITHUB_CLIENT_SECRET"
+          valueFrom:
+            secretKeyRef:
+              name: oauth
+              key: github-client-secret
         - name: "DATABASE_URI"
           valueFrom:
             secretKeyRef: