def auth_return(request):
oauth2_flow = oauth2.OAuth2Flow()
domains = oauth2_flow.get_domains()
flow = oauth2.OAuth2Flow().get_flow(domains[1])
# disable SSL certificate validation for exchanging access code
http = httplib2.Http()
http.disable_ssl_certificate_validation = True
credential = flow.step2_exchange(request.GET.get('code'), http)
credential_token = json.loads(credential.to_json())['id_token']
if credential_token['email_verified'] and credential_token['hd'] in domains:
email = credential_token['email']
crypter = oauth2.Crypter()
encrypted_email = crypter.encrypt(email)
encrypted_domain = crypter.encrypt(credential_token['hd'])
encrypted_token = crypter.encrypt(credential.access_token)
response = HttpResponseRedirect('/')
# cookie expires after a week
response.set_cookie('login', encrypted_email, max_age=7 * 24 * 60 * 60)
response.set_cookie('domain_url', encrypted_domain, max_age=7 * 24 * 60 * 60)
response.set_cookie('user_id', email, max_age=7 * 24 * 60 * 60)
response.set_cookie('token', encrypted_token)
return response
else:
messages.add_message(request, SIGNIN, 'Authentication failed.')
response = HttpResponseRedirect('/logout/')
def signin(request):
oauth2_flow = oauth2.OAuth2Flow()
context = {
'domains': oauth2_flow.get_domains(),
'STATIC_URL': PinballConfig.STATIC_URL
}
if request.method == 'POST' and 'signin-domain' in request.POST.keys():
domain = request.POST.get('signin-domain')
if not oauth2_flow.domain_authenticated(domain):
messages.add_message(request,
SIGNIN,
'Domain not authorized: %s.' % domain,
fail_silently=True)
return render(request,
'signin.html',
context,
content_type='text/html')
else:
flow = oauth2_flow.get_flow(domain)
auth_uri = flow.step1_get_authorize_url()
return HttpResponseRedirect(auth_uri)
else:
return render(request,
'signin.html',
context,
content_type='text/html')