def login(request):
"""
Log a user in. Creates an access_token using a persona
assertion and the client secret. Sets this access token as a cookie.
'target_url' based as a GET parameter determines where the user is
redirected.
"""
target_url = request.POST.get('target_url')
assertion = request.POST.get('Assertion')
postdata = {
'Assertion': assertion,
'ClientSecret':settings.CLIENT_SECRET
}
url = build_url(request.get_host(), ['auth'])
try:
response = requests.post(url, data=postdata, headers={})
except RequestException:
return ErrorView.server_error(request)
access_token = response.json()['data']
if access_token is None:
return ErrorView.server_error(request)
response = HttpResponseRedirect(target_url if target_url != '' else '/')
expires = datetime.datetime.fromtimestamp(2 ** 31 - 1)
response.set_cookie('access_token', access_token, expires=expires, httponly=True)
return response
def logout(request):
"""
Log a user out.
Issues a DELETE request to the backend for the user's access_token, and
issues a delete cookie header in response to clear the user's
access_token cookie.
"""
response = redirect('/')
if request.COOKIES.has_key('access_token'):
response.set_cookie('access_token',
'',
expires="Thu, 01 Jan 1970 00:00:00 GMT")
url = build_url(request.get_host(), ['auth', request.access_token])
try:
requests.post(url,
params={
'method': 'DELETE',
'access_token': request.access_token
})
except RequestException:
return ErrorView.server_error(request)
return response
def csv(request, event_id):
"""
Downloads a CSV file containing event attendees.
"""
return redirect(
build_url(request.get_host(), ["events", "%s", "attendeescsv"]) %
(event_id, ) + "?access_token=" + request.access_token, )
def login(request):
"""
Log a user in using auth0
Creates an access_token using an auth0 code and state.
Sets this access token as a cookie.
'target_url' based as a GET parameter determines where the user is
redirected.
"""
code = request.GET.get('code')
state = request.GET.get('state')
target_url = request.GET.get('target_url')
postdata = {
'Code': code,
'State': state,
'ClientSecret': settings.CLIENT_SECRET
}
url = build_url(request.get_host(), ['auth0'])
try:
response = requests.post(url, data=postdata, headers={})
except RequestException:
return ErrorView.server_error(request)
access_token = response.json()['data']
if access_token is None or access_token == '':
return ErrorView.server_error(request)
if target_url is None or target_url == '':
target_url = state
if target_url is None or target_url == '':
target_url = '/'
# Add cachebuster as the unauth'd page may be very aggressively cached
pr = urlparse(target_url)
qs = parse_qs(pr[4])
qs.update({'cachebuster': id_generator()})
target_url = urlunparse(
(pr[0], pr[1], pr[2], pr[3], urlencode(qs), pr[5]))
# Redirect and set cookie
resp = HttpResponseRedirect(target_url)
expires = datetime.datetime.fromtimestamp(2**31 - 1)
resp.set_cookie('access_token',
access_token,
expires=expires,
httponly=True)
return resp
def testEmptyFragments(self):
url = build_url((BuildURLTests.subdomain_key + settings.API_DOMAIN_NAME), [])
assert (
url
== settings.API_SCHEME
+ BuildURLTests.subdomain_key
+ settings.API_DOMAIN_NAME
+ "/"
+ settings.API_PATH
+ "/"
+ settings.API_VERSION
)
def csv(request, event_id):
"""
Downloads a CSV file containing event attendees.
"""
return redirect(
build_url(
request.get_host(),
["events", "%s", "attendeescsv"]
) % (
event_id,
) + "?access_token=" + request.access_token,
)
def testIntFragment(self):
url = build_url((BuildURLTests.subdomain_key + settings.API_DOMAIN_NAME), [1, 2, 3])
assert (
url
== settings.API_SCHEME
+ BuildURLTests.subdomain_key
+ settings.API_DOMAIN_NAME
+ "/"
+ settings.API_PATH
+ "/"
+ settings.API_VERSION
+ "/1/2/3"
)
def testWithNoSeparator(self):
url = build_url((BuildURLTests.subdomain_key + settings.API_DOMAIN_NAME), ["resource", "1", "extra"])
assert (
url
== settings.API_SCHEME
+ BuildURLTests.subdomain_key
+ settings.API_DOMAIN_NAME
+ "/"
+ settings.API_PATH
+ "/"
+ settings.API_VERSION
+ "/resource/1/extra"
)
def login(request):
"""
Log a user in using auth0
Creates an access_token using an auth0 code and state.
Sets this access token as a cookie.
'target_url' based as a GET parameter determines where the user is
redirected.
"""
code = request.GET.get('code')
state = request.GET.get('state')
target_url = request.GET.get('target_url')
postdata = {
'Code': code,
'State': state,
'ClientSecret': settings.CLIENT_SECRET
}
url = build_url(request.get_host(), ['auth0'])
try:
response = requests.post(url, data=postdata, headers={})
except RequestException:
return ErrorView.server_error(request)
access_token = response.json()['data']
if access_token is None or access_token == '':
return ErrorView.server_error(request)
if target_url is None or target_url == '':
target_url = state
if target_url is None or target_url == '':
target_url = '/'
# Add cachebuster as the unauth'd page may be very aggressively cached
pr = urlparse(target_url)
qs = parse_qs(pr[4])
qs.update({'cachebuster': id_generator()})
target_url = urlunparse((pr[0], pr[1], pr[2], pr[3], urlencode(qs), pr[5]))
# Redirect and set cookie
resp = HttpResponseRedirect(target_url)
expires = datetime.datetime.fromtimestamp(2 ** 31 - 1)
resp.set_cookie('access_token', access_token, expires=expires, httponly=True)
return resp
def logout(request):
"""
Log a user out. Issues a DELETE request to the backend for the
user's access_token, and issues a delete cookie header in response to
clear the user's access_token cookie.
"""
response = redirect('/')
if request.COOKIES.has_key('access_token'):
response.set_cookie('access_token', '', expires="Thu, 01 Jan 1970 00:00:00 GMT")
url = build_url(request.get_host(), ['auth', request.access_token])
try:
requests.post(url, params={'method': 'DELETE', 'access_token': request.access_token})
except RequestException:
return ErrorView.server_error(request)
return response
def login(request):
"""
Log a user in using Persona.
Creates an access_token using a persona assertion and the client secret.
Sets this access token as a cookie.
'target_url' based as a GET parameter determines where the user is
redirected.
"""
target_url = request.POST.get('target_url')
assertion = request.POST.get('Assertion')
postdata = {
'Assertion': assertion,
'ClientSecret': settings.CLIENT_SECRET
}
url = build_url(request.get_host(), ['auth'])
try:
response = requests.post(url, data=postdata, headers={})
except RequestException:
return ErrorView.server_error(request)
access_token = response.json()['data']
if access_token is None or access_token == '':
return ErrorView.server_error(request)
if target_url is None or target_url == '':
target_url = '/'
response = HttpResponseRedirect(target_url)
expires = datetime.datetime.fromtimestamp(2**31 - 1)
response.set_cookie('access_token',
access_token,
expires=expires,
httponly=True)
return response
def testFailCustomDomains(self):
with self.assertRaises(APIException):
build_url((BuildURLTests.subdomain_key + 'example.org'),
['resource', '1', 'ex/tra'])
def testFailCustomDomains(self):
with self.assertRaises(APIException):
build_url((BuildURLTests.subdomain_key + "example.org"), ["resource", "1", "ex/tra"])
def testFailCustomDomains(self):
with self.assertRaises(APIException):
build_url((BuildURLTests.subdomain_key + 'example.org'), ['resource', '1', 'ex/tra'])
def testInvalidFragment(self):
with self.assertRaises(AssertionError):
build_url((BuildURLTests.subdomain_key + settings.API_DOMAIN_NAME), ['resource', '1', 'ex/tra'])
def testWithNoSeparator(self):
url = build_url((BuildURLTests.subdomain_key + settings.API_DOMAIN_NAME), ['resource', '1', 'extra'])
assert url == settings.API_SCHEME + BuildURLTests.subdomain_key +\
settings.API_DOMAIN_NAME + '/' + settings.API_PATH + '/' + settings.API_VERSION + '/resource/1/extra'
def testInvalidFragment(self):
with self.assertRaises(AssertionError):
build_url((BuildURLTests.subdomain_key + settings.API_DOMAIN_NAME),
['resource', '1', 'ex/tra'])
def testIntFragment(self):
url = build_url(
(BuildURLTests.subdomain_key + settings.API_DOMAIN_NAME),
[1, 2, 3])
assert url == settings.API_SCHEME + BuildURLTests.subdomain_key +\
settings.API_DOMAIN_NAME + '/' + settings.API_PATH + '/' + settings.API_VERSION + '/1/2/3'
def testEmptyFragments(self):
url = build_url(
(BuildURLTests.subdomain_key + settings.API_DOMAIN_NAME), [])
assert url == settings.API_SCHEME + BuildURLTests.subdomain_key +\
settings.API_DOMAIN_NAME + '/' + settings.API_PATH + '/' + settings.API_VERSION
def testWithNoSeparator(self):
url = build_url(
(BuildURLTests.subdomain_key + settings.API_DOMAIN_NAME),
['resource', '1', 'extra'])
assert url == settings.API_SCHEME + BuildURLTests.subdomain_key +\
settings.API_DOMAIN_NAME + '/' + settings.API_PATH + '/' + settings.API_VERSION + '/resource/1/extra'