summaryrefslogtreecommitdiff
path: root/examples/thirdparty_auth.py
blob: 504048a9da46c43dab8d529bc179795cb8b3931b (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
#!/usr/bin/env python3
# -*- coding: utf-8 -*-

"""
    Slixmpp: The Slick XMPP Library
    Copyright (C) 2010  Nathanael C. Fritz
    This file is part of Slixmpp.

    See the file LICENSE for copying permission.
"""

import sys
import logging
import getpass
from optparse import OptionParser

try:
    from httplib import HTTPSConnection
    from urllib import urlencode
except ImportError:
    from urllib.parse import urlencode
    from http.client import HTTPSConnection

import slixmpp
from slixmpp.xmlstream import JID


class ThirdPartyAuthBot(slixmpp.ClientXMPP):

    """
    A simple Slixmpp bot that will echo messages it
    receives, along with a short thank you message.

    This version uses a thirdpary service for authentication,
    such as Facebook or Google.
    """

    def __init__(self, jid, password):
        slixmpp.ClientXMPP.__init__(self, jid, password)

        # The X-GOOGLE-TOKEN mech is ranked lower than PLAIN
        # due to Google only allowing a single SASL attempt per
        # connection. So PLAIN will be used for TLS connections,
        # and X-GOOGLE-TOKEN for non-TLS connections. To use
        # X-GOOGLE-TOKEN with a TLS connection, explicitly select
        # it using:
        #
        # slixmpp.ClientXMPP.__init__(self, jid, password,
        #                               sasl_mech="X-GOOGLE-TOKEN")

        # The session_start event will be triggered when
        # the bot establishes its connection with the server
        # and the XML streams are ready for use. We want to
        # listen for this event so that we we can initialize
        # our roster.
        self.add_event_handler("session_start", self.start)

        # The message event is triggered whenever a message
        # stanza is received. Be aware that that includes
        # MUC messages and error messages.
        self.add_event_handler("message", self.message)

    def start(self, event):
        """
        Process the session_start event.

        Typical actions for the session_start event are
        requesting the roster and broadcasting an initial
        presence stanza.

        Arguments:
            event -- An empty dictionary. The session_start
                     event does not provide any additional
                     data.
        """
        self.send_presence()
        self.get_roster()

    def message(self, msg):
        """
        Process incoming message stanzas. Be aware that this also
        includes MUC messages and error messages. It is usually
        a good idea to check the messages's type before processing
        or sending replies.

        Arguments:
            msg -- The received message stanza. See the documentation
                   for stanza objects and the Message stanza to see
                   how it may be used.
        """
        if msg['type'] in ('chat', 'normal'):
            msg.reply("Thanks for sending\n%(body)s" % msg).send()


if __name__ == '__main__':
    # Setup the command line arguments.
    optp = OptionParser()

    # Output verbosity options.
    optp.add_option('-q', '--quiet', help='set logging to ERROR',
                    action='store_const', dest='loglevel',
                    const=logging.ERROR, default=logging.INFO)
    optp.add_option('-d', '--debug', help='set logging to DEBUG',
                    action='store_const', dest='loglevel',
                    const=logging.DEBUG, default=logging.INFO)
    optp.add_option('-v', '--verbose', help='set logging to COMM',
                    action='store_const', dest='loglevel',
                    const=5, default=logging.INFO)

    # JID and password options.
    optp.add_option("-j", "--jid", dest="jid",
                    help="JID to use")
    optp.add_option("-p", "--password", dest="password",
                    help="password to use")

    opts, args = optp.parse_args()

    # Setup logging.
    logging.basicConfig(level=opts.loglevel,
                        format='%(levelname)-8s %(message)s')

    if opts.jid is None:
        opts.jid = input("Username: ")
    if opts.password is None:
        opts.password = getpass.getpass("Password: ")

    
    access_token = None

    # Since documentation on how to work with Google tokens
    # can be difficult to find, we'll demo a basic version
    # here. Note that responses could refer to a Captcha
    # URL that would require a browser.

    # Using Facebook or MSN's custom authentication requires
    # a browser, but the process is the same once a token
    # has been retrieved.

    # Request an access token from Google:
    try:
        conn = HTTPSConnection('www.google.com')
    except:
        print('Could not connect to Google')
        sys.exit()

    params = urlencode({
        'accountType': 'GOOGLE',
        'service': 'mail',
        'Email': JID(opts.jid).bare,
        'Passwd': opts.password
    })
    headers = {
        'Content-Type': 'application/x-www-form-urlencoded' 
    }
    try:
        conn.request('POST', '/accounts/ClientLogin', params, headers)
        resp = conn.getresponse().read()
        data = {}
        for line in resp.split():
            k, v = line.split(b'=', 1)
            data[k] = v
    except Exception as e:
        print('Could not retrieve login data')
        sys.exit()

    if b'SID' not in data:
        print('Required data not found')
        sys.exit()


    params = urlencode({
        'SID': data[b'SID'],
        'LSID': data[b'LSID'],
        'service': 'mail'
    })
    try:
        conn.request('POST', '/accounts/IssueAuthToken', params, headers)
        resp = conn.getresponse()
        data = resp.read().split()
    except:
        print('Could not retrieve auth data')
        sys.exit()

    if not data:
        print('Could not retrieve token')
        sys.exit()

    access_token = data[0]


    # Setup the ThirdPartyAuthBot and register plugins. Note that while plugins
    # may have interdependencies, the order in which you register them does not
    # matter.

    # If using MSN, the JID should be "user@messenger.live.com", which will
    # be overridden on session bind.

    # We're using an access token instead of a password, so we'll use `''` as
    # a password argument filler.

    xmpp = ThirdPartyAuthBot(opts.jid, '')  
    xmpp.credentials['access_token'] = access_token

    # The credentials dictionary is used to provide additional authentication
    # information beyond just a password.
    
    xmpp.register_plugin('xep_0030') # Service Discovery
    xmpp.register_plugin('xep_0004') # Data Forms
    xmpp.register_plugin('xep_0060') # PubSub

    # MSN will kill connections that have been inactive for even
    # short periods of time. So use pings to keep the session alive;
    # whitespace keepalives do not work.
    xmpp.register_plugin('xep_0199', {'keepalive': True, 'frequency': 60})

    # If you are working with an OpenFire server, you may need
    # to adjust the SSL version used:
    # xmpp.ssl_version = ssl.PROTOCOL_SSLv3

    # If you want to verify the SSL certificates offered by a server:
    # xmpp.ca_certs = "path/to/ca/cert"

    # Connect to the XMPP server and start processing XMPP stanzas.
    # Google only allows one SASL attempt per connection, so in order to 
    # enable the X-GOOGLE-TOKEN mechanism, we'll disable TLS.
    xmpp.connect()
    xmpp.process()