Merge branch 'master' of https://github.com/shuffle/python-apps

frikky · frikky · commit 41a00bbfc8ce · 2025-04-02T11:43:08.000+02:00
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,12 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+
+version: 2
+updates:
+  - package-ecosystem: "" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "weekly"
+ 
diff --git a/gws/1.0.0/Dockerfile b/gws/1.0.0/Dockerfile
@@ -0,0 +1,26 @@
+# Base our app image off of the WALKOFF App SDK image
+FROM frikky/shuffle:app_sdk as base
+
+# We're going to stage away all of the bloat from the build tools so lets create a builder stage
+FROM base as builder
+
+# Install all alpine build tools needed for our pip installs
+RUN apk --no-cache add --update alpine-sdk libffi libffi-dev musl-dev openssl-dev
+
+# Install all of our pip packages in a single directory that we can copy to our base image later
+RUN mkdir /install
+WORKDIR /install
+COPY requirements.txt /requirements.txt
+RUN pip install --prefix="/install" -r /requirements.txt
+
+# Switch back to our base image and copy in all of our built packages and source code
+FROM base
+COPY --from=builder /install /usr/local
+COPY src /app
+
+# Install any binary dependencies needed in our final image
+# RUN apk --no-cache add --update my_binary_dependency
+
+# Finally, lets run our app!
+WORKDIR /app
+CMD python app.py --log-level DEBUG
diff --git a/gws/1.0.0/README.md b/gws/1.0.0/README.md
@@ -0,0 +1,40 @@
+## Google Workspace
+An app for interacting with Google Workspace or GWS.
+## Requirements
+1) Enable the Admin SDK API from GCP console.
+     - Login to Google cloud (Make sure you are using the same administrator acount that you're using for Google Workspace) and In the navigation menu on the left-hand side, click on “APIs & Services” > “Library”.
+     - In the API Library, use the search bar to find the "Admin SDK". Click on it to open the API page.
+     - Click the “Enable” button to activate the Admin SDK API for your project.
+  2) Create a Service account.
+	   - Go to the navigation menu, and select “IAM & Admin” > “Service Accounts”.
+	   - Click on “Create Service Account” at the top of the page.
+       - Enter a service account name and description, then click “Create”. 
+       - You can skip the permission part here as we will be adding persmissions from GWS console later on.
+       - In the service account details page, click on “Keys”.
+		- Click on “Add Key” and select “Create new key”.
+		-	Choose “JSON” as the key type and click “Create”. This will download the JSON key file which contains the “client_id”. Note down this client ID.
+
+  3) Subject (Email address associated with the service account)
+       - Note down the email address associated with the service account you just created it'll be used in the authentication in Shuffle.
+  4) Adding permissions to the service account from GWS console.
+	    - Signin to the Google Workspace admin console.
+		- In the Admin console, locate the sidebar and navigate to Security > API controls. This area allows you to manage third-party and internal application access to your Google Workspace data.
+		- Under the Domain-wide delegation section, click on “Manage Domain Wide Delegation” to view and configure client access.
+		- If the service account client ID is not listed, you will add it; if it is already listed but you need to update permissions, click on the service account’s client ID. To add a new client ID:
+			- Click on Add new.
+			- Enter the Client ID of the service account you noted earlier when creating the service account in GCP.
+			- In the OAuth Scopes field, enter the scopes required for your service account to function correctly. OAuth Scopes specify the permissions that your application requests. 
+		- Depending on the actions you want to use below are the OAuth scopes required.
+
+| Action              | OAuth Scope                                                                                                                                 |
+|---------------------|---------------------------------------------------------------------------------------------------------------------------------------------|
+| Reset User Password | `https://www.googleapis.com/auth/admin.directory.user`                                                                                      |
+| Suspend User        | `https://www.googleapis.com/auth/admin.directory.user`                                                                                      |
+| Get User Devices    |`https://www.googleapis.com/auth/admin.directory.device.mobile` |
+| Reactivate User     | `https://www.googleapis.com/auth/admin.directory.user`                                                                                      
+
+## Authentication
+1) Upload the Service account JSON file in to the Shuffle files and copy the file id.
+2) Now, Inside the GWS app authentication in Shuffle; use the file id you just copied and in subject use the email address asscoitate with your service account.
+
+
diff --git a/gws/1.0.0/api.yaml b/gws/1.0.0/api.yaml
diff --git a/gws/1.0.0/requirements.txt b/gws/1.0.0/requirements.txt
@@ -0,0 +1,6 @@
+requests==2.25.1
+google-auth==1.28.0
+google-auth-oauthlib==0.4.3
+google-auth-httplib2==0.0.4
+google-api-python-client==2.0.2
+
diff --git a/gws/1.0.0/src/app.py b/gws/1.0.0/src/app.py
@@ -0,0 +1,130 @@
+import socket
+import asyncio
+import time
+import random
+import json
+import requests
+import secrets
+import string
+
+from walkoff_app_sdk.app_base import AppBase
+
+from google.oauth2 import service_account
+from googleapiclient.discovery import build
+
+
+class Gws(AppBase):
+    __version__ = "1.0.0"
+    app_name = "Google Workspace"
+
+    def __init__(self, redis, logger, console_logger=None):
+        """
+        Each app should have this __init__ to set up Redis and logging.
+        :param redis:
+        :param logger:
+        :param console_logger:
+        """
+        super().__init__(redis, logger, console_logger)
+        
+    def reset_user_password(self, service_account_file_id, subject ,user_email,new_password):
+        service_account_file = self.get_file(service_account_file_id)
+        service_account_info = service_account_file['data'].decode()
+
+        def generate_secure_password(length=12):
+            characters = string.ascii_letters + string.digits + string.punctuation
+            secure_password = ''.join(secrets.choice(characters) for i in range(length))
+            return secure_password
+                
+        if new_password == "":
+            print("Generating new password")
+            new_password = generate_secure_password()
+
+        try:
+            service_account_info = json.loads(service_account_info)
+        except Exception as e:
+            print(f"Error loading service account file: {e}")
+            return {"success": False, "message": f"Error loading service account file: {e}"}
+
+        SCOPES = ['https://www.googleapis.com/auth/admin.directory.user']
+
+        creds = service_account.Credentials.from_service_account_info(service_account_info, scopes=SCOPES,subject=subject)
+        service = build('admin', 'directory_v1', credentials=creds)
+
+        try:
+            result = service.users().update(userKey=user_email, body={'password': new_password}).execute()
+            return {"success": True, "message": f"Password for {user_email} reset successfully.", "new_password": new_password}
+        except Exception as e:
+            return {"success": False, "message": f"Error resetting password: {e}"}
+    
+    def get_user_devices(self, service_account_file_id, subject ,user_email, customer_id):
+        service_account_file = self.get_file(service_account_file_id)
+        service_account_info = service_account_file['data'].decode()
+
+        try:
+            service_account_info = json.loads(service_account_info)
+        except Exception as e:
+            print(f"Error loading service account file: {e}")
+            return {"success": False, "message": f"Error loading service account file: {e}"}
+        
+        SCOPES = ['https://www.googleapis.com/auth/admin.directory.device.mobile']
+
+        creds = service_account.Credentials.from_service_account_info(service_account_info, scopes=SCOPES,subject=subject)
+        service = build('admin', 'directory_v1', credentials=creds)
+
+        query = f'email:{user_email}'
+
+        try:
+            results = service.mobiledevices().list(customerId=customer_id, query=query).execute()
+            devices = results.get('mobiledevices', [])
+        except Exception as e:
+            return {"success": False, "message": f"Error getting devices: {e}"}
+        
+        return {"success": True, "message": f"Devices for {user_email} retrieved successfully.", "devices": devices}
+    
+    def suspend_user(self, service_account_file_id, subject ,user_email):
+        service_account_file = self.get_file(service_account_file_id)
+        service_account_info = service_account_file['data'].decode()
+
+        try:
+            service_account_info = json.loads(service_account_info)
+        except Exception as e:
+            print(f"Error loading service account file: {e}")
+            return {"success": False, "message": f"Error loading service account file: {e}"}
+        
+        SCOPES = ['https://www.googleapis.com/auth/admin.directory.user']
+
+        creds = service_account.Credentials.from_service_account_info(service_account_info, scopes=SCOPES,subject=subject)
+        service = build('admin', 'directory_v1', credentials=creds)
+
+        try:
+            result = service.users().update(userKey=user_email,body={'suspended': True}).execute()
+        except Exception as e:
+            return {"success": False, "message": f"Error suspending user: {e}"}
+
+        return {"success": True, "message": f"{user_email} suspended successfully."}
+    
+    def reactivate_user(self, service_account_file_id, subject ,user_email):
+        service_account_file = self.get_file(service_account_file_id)
+        service_account_info = service_account_file['data'].decode()
+
+        try:
+            service_account_info = json.loads(service_account_info)
+        except Exception as e:
+            print(f"Error loading service account file: {e}")
+            return {"success": False, "message": f"Error loading service account file: {e}"}
+        
+        SCOPES = ['https://www.googleapis.com/auth/admin.directory.user']
+
+        creds = service_account.Credentials.from_service_account_info(service_account_info, scopes=SCOPES,subject=subject)
+        service = build('admin', 'directory_v1', credentials=creds)
+
+        try:
+            result = service.users().update(userKey=user_email,body={'suspended': False}).execute()
+        except Exception as e:
+            return {"success": False, "message": f"Error reactivating user: {e}"}
+
+        return {"success": True, "message": f"{user_email} reactivated successfully."}
+
+
+if __name__ == "__main__":
+    Gws.run()
