Beispiel #1
0
 def gconnect(self):
     ''' Ensures that google authenticated our website user and stores their
     credentials and information in a temporary session.
     '''
     # Get the OAuth2 code and try to retrieve credentials with it
     code = request.data
     try:
         oauth_flow = flow_from_clientsecrets(os.path.join(
             os.path.dirname(__file__), '../google_cs.json'),
                                              scope='')
         oauth_flow.redirect_uri = 'postmessage'
         credentials = oauth_flow.step2_exchange(code)
     except FlowExchangeError:
         return self.invalid_response(
             'Failed to upgrade the authorization code', status_code=401)
     # Check the access token
     access_token = credentials.access_token
     url = (
         'https://www.googleapis.com/oauth2/v1/tokeninfo?access_token={0}'.
         format(access_token))
     h = httplib2.Http()
     result = json.loads(h.request(url, 'get')[1])
     if result.get('error') is not None:
         return self.invalid_response(result.get('error'), status_code=500)
     # Get the users Google ID and check it against the access token user id
     google_id = credentials.id_token['sub']
     if result['user_id'] != google_id:
         return self.invalid_response('The IDs do not match.',
                                      status_code=401)
     # Get the user's data
     userinfo_url = 'https://www.googleapis.com/oauth2/v1/userinfo'
     params = {'access_token': credentials.access_token, 'alt': 'json'}
     answer = requests.get(userinfo_url, params=params)
     data = answer.json()
     # Try to use the currently logged in user
     user = g.get('user')
     # If no user is logged in, see if a user exists
     if user is None:
         user = g.db.query(Users).filter_by(email=data['email']).first()
     # If no user exists, create one
     if user is None:
         user = Users(name=data['name'],
                      email=data['email'],
                      provider='google')
         g.db.add(user)
         g.db.commit()
     else:
         user.provider = 'google'
         g.db.add(user)
         g.db.commit()
     # Store the user data in the session
     session['user_id'] = user.id
     session['access_token'] = access_token
     # Notify the user and redirect to the home page
     flash('Successfully logged in as {0}'.format(user.name), "success")
     return redirect(url_for('landing'))
Beispiel #2
0
 def fbconnect(self):
     ''' Connects to Facebook '''
     data = request.get_json()
     if data.get('id'):
         del data['id']
     # Get the user or create a new one
     user = g.db.query(Users).filter_by(email=data['email']).first()
     if user is None:
         user = Users(**data)
         user.provider = 'facebook'
         g.db.add(user)
         g.db.commit()
     else:
         user.provider = 'facebook'
         g.db.add(user)
         g.db.commit()
     # Store the user data in the session
     session['user_id'] = user.id
     return redirect(url_for('landing'))