metabrainz · MonkeyDo · Jul 28, 2021 · Jul 29, 2021 · Jul 29, 2021 · Jul 29, 2021
diff --git a/admin/sql/oauth/create_tables.sql b/admin/sql/oauth/create_tables.sql
@@ -0,0 +1,96 @@
+CREATE TABLE oauth."user" (
+        id INTEGER GENERATED BY DEFAULT AS IDENTITY,
+        name TEXT NOT NULL,
+        email TEXT,
+        unconfirmed_email TEXT,
+        website TEXT,
+        member_since TIMESTAMP WITH TIME ZONE,
+        email_confirm_date TIMESTAMP WITH TIME ZONE,
+        last_login_date TIMESTAMP WITH TIME ZONE,
+        last_updated TIMESTAMP WITH TIME ZONE,
+        birth_date DATE,
+        gender INTEGER,
+        password TEXT NOT NULL,
+        ha1 TEXT NOT NULL,
+        deleted BOOLEAN,
+        PRIMARY KEY (id)
+);
+
+
+
+CREATE TABLE oauth.scope (
+        id INTEGER GENERATED BY DEFAULT AS IDENTITY,
+        name TEXT NOT NULL,
+        description TEXT NOT NULL,
+        PRIMARY KEY (id)
+);
+
+
+
+CREATE TABLE oauth.client (
+        id INTEGER GENERATED BY DEFAULT AS IDENTITY,
+        client_id TEXT NOT NULL,
+        client_secret TEXT,
+        owner_id INTEGER NOT NULL,
+        name TEXT NOT NULL,
+        description TEXT NOT NULL,
+        website TEXT,
+        redirect_uris TEXT[] NOT NULL,
+        client_id_issued_at TIMESTAMP WITH TIME ZONE NOT NULL,
+        PRIMARY KEY (id),
+        FOREIGN KEY(owner_id) REFERENCES oauth."user" (id) ON DELETE CASCADE
+);
+
+
+CREATE TABLE oauth.code (
+        id INTEGER GENERATED BY DEFAULT AS IDENTITY,
+        user_id INTEGER NOT NULL,
+        client_id INTEGER NOT NULL,
+        code TEXT NOT NULL,
+        redirect_uri TEXT NOT NULL,
+        response_type TEXT NOT NULL,
+        code_challenge TEXT,
+        code_challenge_method TEXT,
+        granted_at TIMESTAMP WITH TIME ZONE NOT NULL,
+        PRIMARY KEY (id),
+        FOREIGN KEY(user_id) REFERENCES oauth."user" (id) ON DELETE CASCADE,
+        FOREIGN KEY(client_id) REFERENCES oauth.client (id) ON DELETE CASCADE,
+        UNIQUE (code)
+);
+
+
+CREATE TABLE oauth.token (
+        id INTEGER GENERATED BY DEFAULT AS IDENTITY,
+        user_id INTEGER NOT NULL,
+        client_id INTEGER NOT NULL,
+        access_token TEXT NOT NULL,
+        refresh_token TEXT,
+        issued_at TIMESTAMP WITH TIME ZONE,
+        expires_in INTEGER,
+        revoked BOOLEAN,
+        PRIMARY KEY (id),
+        FOREIGN KEY(user_id) REFERENCES oauth."user" (id) ON DELETE CASCADE,
+        FOREIGN KEY(client_id) REFERENCES oauth.client (id) ON DELETE CASCADE,
+        UNIQUE (access_token)
+);
+
+
+CREATE INDEX ix_oauth_token_refresh_token ON oauth.token (refresh_token);
+
+CREATE TABLE oauth.l_token_scope (
+        id INTEGER GENERATED BY DEFAULT AS IDENTITY,
+        token_id INTEGER NOT NULL,
+        scope_id INTEGER NOT NULL,
+        PRIMARY KEY (id),
+        FOREIGN KEY(token_id) REFERENCES oauth.token (id) ON DELETE CASCADE,
+        FOREIGN KEY(scope_id) REFERENCES oauth.scope (id) ON DELETE CASCADE
+);
+
+CREATE TABLE oauth.l_code_scope (
+        id INTEGER GENERATED BY DEFAULT AS IDENTITY,
+        code_id INTEGER NOT NULL,
+        scope_id INTEGER NOT NULL,
+        PRIMARY KEY (id),
+        FOREIGN KEY(code_id) REFERENCES oauth.code (id) ON DELETE CASCADE,
+        FOREIGN KEY(scope_id) REFERENCES oauth.scope (id) ON DELETE CASCADE
+);
diff --git a/config.py.example b/config.py.example
@@ -34,9 +34,16 @@ PAYPAL_BUSINESS = "[email protected]"
 # Stripe
 # https://stripe.com/docs/tutorials/dashboard#api-keys
 STRIPE_KEYS = {
-    "SECRET": "",
-    "PUBLISHABLE": "",
-    "WEBHOOK_SECRET": ""
+    "USD": {
+        "SECRET": "",
+        "PUBLISHABLE": "",
+        "WEBHOOK_SECRET": ""
+    },
+    "EUR": {
+        "SECRET": "",
+        "PUBLISHABLE": "",
+        "WEBHOOK_SECRET": ""
+    }
 }
 
 # if developing payment integration locally, change this to your localhost url

diff --git a/consul_config.py.ctmpl b/consul_config.py.ctmpl
@@ -39,9 +39,16 @@ PAYPAL_ACCOUNT_IDS = {
 PAYPAL_BUSINESS = '''{{template "KEY" "payments/paypal/business_email"}}'''
 
 STRIPE_KEYS = {
-    "SECRET": '''{{template "KEY" "payments/stripe/secret"}}''',
-    "PUBLISHABLE": '''{{template "KEY" "payments/stripe/publishable"}}''',
-    "WEBHOOK_SECRET": '''{{template "KEY" "payments/stripe/webhook_secret"}}''',
+    "USD": {
+        "SECRET": '''{{template "KEY" "payments/stripe/secret"}}''',
+        "PUBLISHABLE": '''{{template "KEY" "payments/stripe/publishable"}}''',
+        "WEBHOOK_SECRET": '''{{template "KEY" "payments/stripe/webhook_secret"}}''',
+    },
+    "EUR": {
+        "SECRET": '''{{template "KEY" "payments/stripe-eu/secret"}}''',
+        "PUBLISHABLE": '''{{template "KEY" "payments/stripe-eu/publishable"}}''',
+        "WEBHOOK_SECRET": '''{{template "KEY" "payments/stripe-eu/webhook_secret"}}''',
+    },
 }
 
 # MusicBrainz Base URL must have a trailing slash.

diff --git a/docker/docker-compose.dev.yml b/docker/docker-compose.dev.yml
@@ -12,6 +12,8 @@ services:
       dockerfile: Dockerfile
       target: metabrainz-dev
     command: python manage.py runserver -h 0.0.0.0 -p 80
+    environment:
+      AUTHLIB_INSECURE_TRANSPORT: true
     volumes:
       - ../data/replication_packets:/data/replication_packets
       - ../data/json_dumps:/data/json_dumps

diff --git a/frontend/css/auth-page.less b/frontend/css/auth-page.less
@@ -0,0 +1,72 @@
+#auth-page {
+
+	font-style: normal;
+	font-weight: 400;
+	min-height: 500px;
+	background: linear-gradient(90deg, #3B9766 0%, #FFA500 100%);
+	margin: 0 -1em;
+	padding: 2em;
+
+	.form-label{
+		font-weight: normal;
+	}
+
+	.icon-pills {
+		display: flex;
+		justify-content: space-evenly;
+		margin-bottom: 2rem;
+	}
+	.icon-pill {
+		background: #D9D9D9;
+		box-shadow: 0px 4px 4px rgba(0, 0, 0, 0.2);
+		border-radius: 50%;
+		text-align: center;
+		width:50px;
+		height: 50px;
+		display: flex;
+		align-items: center;
+		justify-content: center;
+		img {
+			width:65%;
+		}
+	}
+
+	.auth-page-container {
+		max-width: 400px;
+		margin-left: auto;
+		margin-right: auto;
+	}
+	.auth-card-container {
+		background: #E7E7E7;
+		box-shadow: 0px 4px 4px rgba(0, 0, 0, 0.2);
+		border-radius: 3px;
+	}
+	.auth-card {
+		h1,h2,h3,h4,h5,h6{
+			font-weight: bold;
+		}
+		background: #FFFFFF;
+		box-shadow: 0px 4px 4px rgba(0, 0, 0, 0.2);
+		padding: 1rem;
+		border-radius: 3px;
+	}
+	.auth-card-bottom {
+		display: flex;
+		align-items: center;
+		justify-content: space-between;
+	}
+	.auth-card-footer {
+		padding: 1rem;
+		font-size: 1.3rem;
+		line-height: 1.6rem;
+		color: #808080;
+	}
+	.main-action-button {
+		display: block;
+		font-size: 1.1em;
+		margin: 1em auto;
+	}
+	.modal-content {
+		padding:1.5em;
+	}
+}
diff --git a/frontend/css/main.less b/frontend/css/main.less
@@ -1,5 +1,6 @@
 @import "theme/theme.less";
 @import "carousel.less";
+@import "auth-page.less";
 
 @icon-font-path:"/static/fonts/";
 

diff --git a/frontend/css/theme/boostrap/boostrap.less b/frontend/css/theme/boostrap/boostrap.less
@@ -43,7 +43,7 @@
 //@import "close.less";
 
 // Components w/ JavaScript
-//@import "modals.less";
+@import "modals.less";
 @import "tooltip.less";
 //@import "popovers.less";
 @import "carousel.less";

diff --git a/frontend/img/projects/critiquebrainz-crate.png b/frontend/img/projects/critiquebrainz-crate.png
diff --git a/frontend/img/projects/listenbrainz-crate.png b/frontend/img/projects/listenbrainz-crate.png
diff --git a/frontend/img/projects/musicbrainz-crate.png b/frontend/img/projects/musicbrainz-crate.png
diff --git a/frontend/js/src/forms/ProfileEdit.tsx → ...end/js/src/forms/SupporterProfileEdit.tsx b/frontend/js/src/forms/ProfileEdit.tsx → ...end/js/src/forms/SupporterProfileEdit.tsx
@@ -5,21 +5,21 @@ import * as Yup from "yup";
 import { getPageProps } from "../utils";
 import { Dataset, DatasetsInput, TextInput } from "./utils";
 
-type ProfileEditProps = {
+type SupporterProfileEditProps = {
   datasets: Dataset[];
   is_commercial: boolean;
   csrf_token: string;
   initial_form_data: any;
   initial_errors: any;
 };
 
-function ProfileEdit({
+function SupporterProfileEdit({
   datasets,
   is_commercial,
   csrf_token,
   initial_form_data,
   initial_errors,
-}: ProfileEditProps): JSX.Element {
+}: SupporterProfileEditProps): JSX.Element {
   return (
     <>
       <h1 className="page-title">Your Profile</h1>
@@ -104,7 +104,7 @@ document.addEventListener("DOMContentLoaded", () => {
 
   const renderRoot = createRoot(domContainer!);
   renderRoot.render(
-    <ProfileEdit
+    <SupporterProfileEdit
       datasets={datasets}
       is_commercial={is_commercial}
       csrf_token={csrf_token}

diff --git a/metabrainz/__init__.py b/metabrainz/__init__.py
@@ -9,6 +9,15 @@
 from metabrainz.admin.quickbooks.views import QuickBooksView
 from time import sleep
 
+from metabrainz.new_oauth.authorization_grant import AuthorizationCodeGrant
+from metabrainz.new_oauth.provider import authorization_server, revoke_token
+
+from authlib.oauth2.rfc6749 import ImplicitGrant
+from authlib.oauth2.rfc7636 import CodeChallenge
+
+from metabrainz.new_oauth.authorization_grant import AuthorizationCodeGrant
+from metabrainz.new_oauth.refresh_grant import RefreshTokenGrant
+
 from metabrainz.utils import get_global_props
 
 # Check to see if we're running under a docker deployment. If so, don't second guess
@@ -51,10 +60,10 @@ def create_app(debug=None, config_path=None):
                 '..', 'config.py'
             ))
 
-    # Load configuration files: If we're running under a docker deployment, wait until 
+    # Load configuration files: If we're running under a docker deployment, wait until
     # the consul configuration is available.
     if deploy_env:
-        consul_config = os.path.join( os.path.dirname(os.path.realpath(__file__)), 
+        consul_config = os.path.join( os.path.dirname(os.path.realpath(__file__)),
             '..', 'consul_config.py')
 
         print("loading consul %s" % consul_config)
@@ -132,6 +141,8 @@ def create_app(debug=None, config_path=None):
         LOGO_UPLOAD_SET,
     ])
 
+    config_oauth(app)
+
     # Blueprints
     _register_blueprints(app)
 
@@ -169,8 +180,6 @@ def create_app(debug=None, config_path=None):
     if app.config["QUICKBOOKS_CLIENT_ID"]:
         admin.add_view(QuickBooksView(name='Invoices', endpoint="quickbooks/", category='Quickbooks'))
 
-    stripe.api_key = app.config["STRIPE_KEYS"]["SECRET"]
-
     return app
 
 
@@ -206,9 +215,21 @@ def _register_blueprints(app):
 
     from metabrainz.oauth.views import oauth_bp
     app.register_blueprint(oauth_bp, url_prefix='/oauth')
+    from metabrainz.new_oauth.views import new_oauth_bp
+    app.register_blueprint(new_oauth_bp, url_prefix='/new-oauth')
     from metabrainz.api.views.index import api_index_bp
     app.register_blueprint(api_index_bp, url_prefix='/api')
     from metabrainz.api.views.supporter import api_supporter_bp
     app.register_blueprint(api_supporter_bp, url_prefix='/api/supporter')
     from metabrainz.api.views.musicbrainz import api_musicbrainz_bp
     app.register_blueprint(api_musicbrainz_bp, url_prefix='/api/musicbrainz')
+
+
+def config_oauth(app):
+    authorization_server.init_app(app)
+
+    authorization_server.register_grant(AuthorizationCodeGrant, [CodeChallenge(required=False)])
+    authorization_server.register_grant(ImplicitGrant)
+    authorization_server.register_grant(RefreshTokenGrant)
+    authorization_server.register_endpoint(revoke_token)
+
diff --git a/metabrainz/admin/forms.py b/metabrainz/admin/forms.py
@@ -1,7 +1,7 @@
 from flask_wtf import FlaskForm
 from flask_wtf.file import FileField, FileAllowed
 from wtforms import StringField, BooleanField, SelectField, TextAreaField
-from wtforms.fields.html5 import EmailField, URLField, DecimalField
+from wtforms.fields import EmailField, URLField, DecimalField
 from metabrainz.model import supporter
 from metabrainz.db import tier as db_tier
 from flask_uploads import UploadSet, IMAGES