class CheckTokenTestCase(TestCase):
def setUp(self):
super(CheckTokenTestCase, self).setUp()
self.alice = User(username="******")
self.alice.set_password("secret-token")
self.alice.save()
def test_it_redirects(self):
r = self.client.get("/accounts/check_token/alice/secret-token/")
assert r.status_code == 302
# After login, password should be unusable
self.alice.refresh_from_db()
assert not self.alice.has_usable_password()
def test_it_redirects_already_logged_in(self):
# Login
self.client.get("/accounts/check_token/alice/secret-token/")
# Login again, when already authenticated
r = self.client.get("/accounts/check_token/alice/secret-token/")
assert r.status_code == 302
def test_it_redirects_bad_login(self):
# Login with a bad token
r = self.client.get("/accounts/check_token/alice/invalid-token/")
assert r.status_code == 302
assert r.url.endswith(reverse("hc-login"))
assert self.client.session["bad_link"]
def github_callback(request):
state = request.session['tmp_oauth_state']
if state != request.GET['state']:
raise Http404('State did not match')
access_token = github_oauth.get_access_token(request.GET['code'], state)
g = Github(access_token.token)
gu = g.get_user()
target_username = gu.login
try:
user = User.objects.get(username=target_username)
except User.DoesNotExist:
user = User(username=target_username)
user.set_unusable_password()
user.save()
if user.has_usable_password():
return HttpResponse(status=400)
login(request, user)
orgs = []
for org in gu.get_orgs():
orgs.append(org.login)
request.session['github_orgs'] = orgs
return HttpResponseRedirect(
reverse('ui',
kwargs={
'provider': 'github.com',
'scope': user.username
}))
def callback(request):
if request.user.is_authenticated():
return redirect('/')
if request.method != 'GET':
messages.error(request, 'Invalid request.')
return redirect('/')
if 'oauth_verifier' not in request.GET:
messages.error(request, """
You need to grant the application access to your blog.
""")
return redirect('/')
# Get the access token for the user
try:
req_access = Tumblr(
settings.OAUTH_CONSUMER_KEY,
settings.OAUTH_SECRET_KEY,
request.session['token_key'],
request.session['token_secret'],
request.GET['oauth_verifier'],
)
except KeyError:
messages.error(request, tryagain(
"Sorry, your session already expired."
))
return redirect('/')
access_token = req_access.request_qsl(Tumblr.ACCESS_TOKEN, 'POST')
if not ('oauth_token' in access_token and
'oauth_token_secret' in access_token):
messages.error(request, tryagain(
"Sorry, we were unable to retrieve access tokens for your account."
))
return redirect('/')
# Get the user's name
req_username = Tumblr(
settings.OAUTH_CONSUMER_KEY,
settings.OAUTH_SECRET_KEY,
access_token['oauth_token'],
access_token['oauth_token_secret'],
)
try:
userinfo = req_username.request_json(Tumblr.USER_INFO, 'GET')
except ValueError:
messages.warning(request, tryagain(
"Tumblr returned a malformed message when we asked for your name."
))
return redirect('/')
if not str(userinfo['meta']['status']).startswith('2'):
messages.warning(request, tryagain(
"Tumblr refused to give us your name for some reason."
))
return redirect('/')
name = userinfo['response']['user']['name']
# Cleanup
for key in request.session.keys():
del request.session[key]
request.session['blogs'] = [blog['name']
for blog in userinfo['response']['user']['blogs']]
# Check for duplicate user
try:
user = User.objects.get(username__exact=name)
# Log in existing user
except User.DoesNotExist:
# Save the user's information
user = User(username=name)
user.save()
profile = user.get_profile()
profile.save()
# Save user tokens
request.session['oauth_token'] = access_token['oauth_token']
request.session['oauth_token_secret'] = access_token['oauth_token_secret']
# Hack - authenticate the user despite having no password
user.backend = 'django.contrib.auth.backends.ModelBackend'
login(request, user)
if user.has_usable_password():
return redirect('/')
else:
return redirect('/setpassword')
