def current_oauth_map_from_session_unsafe():
# We have to use plain 'ole cookie handling before we switch over to a Flask-only
# app, at which point we can strictly rely on Flask sessions.
session_cookie_name = "session"
session_cookie_value = cookie_util.get_cookie_value(session_cookie_name)
if session_cookie_value and App.flask_secret_key:
# Strip double quotes
if session_cookie_value.startswith("\""):
session_cookie_value = session_cookie_value[1:-1]
# Fake little Flask request object to load up the Flask session cookie.
fake_request = RequestMock(
cookies={session_cookie_name: unicode(session_cookie_value)})
# Flask's sessions are secured by the secret key.
session_cookie = Session.load_cookie(fake_request,
session_cookie_name,
secret_key=App.flask_secret_key)
if session_cookie and session_cookie.has_key("oam"):
oauth_map_id = session_cookie["oam"]
oauth_map = OAuthMap.get_by_id_safe(oauth_map_id)
if oauth_map:
return oauth_map
return None
def current_oauth_map_from_session_unsafe():
# We have to use plain 'ole cookie handling before we switch over to a Flask-only
# app, at which point we can strictly rely on Flask sessions.
session_cookie_name = "session"
session_cookie_value = cookie_util.get_cookie_value(session_cookie_name)
if session_cookie_value and App.flask_secret_key:
# Strip double quotes
if session_cookie_value.startswith("\""):
session_cookie_value = session_cookie_value[1:-1]
# Fake little Flask request object to load up the Flask session cookie.
fake_request = RequestMock(cookies={session_cookie_name: unicode(session_cookie_value)})
# Flask's sessions are secured by the secret key.
session_cookie = Session.load_cookie(fake_request, session_cookie_name, secret_key=App.flask_secret_key)
if session_cookie and session_cookie.has_key("oam"):
oauth_map_id = session_cookie["oam"]
oauth_map = OAuthMap.get_by_id_safe(oauth_map_id)
if oauth_map:
return oauth_map
return None
def request_token_callback(provider, oauth_map_id):
oauth_map = OAuthMap.get_by_id_safe(oauth_map_id)
if not oauth_map:
return oauth_error_response(OAuthError("Unable to find OAuthMap by id during request token callback."))
if provider == "google":
return google_request_token_handler(oauth_map)
elif provider == "facebook":
return facebook_request_token_handler(oauth_map)
def request_token_callback(provider, oauth_map_id):
oauth_map = OAuthMap.get_by_id_safe(oauth_map_id)
if not oauth_map:
return oauth_error_response(OAuthError("Unable to find OAuthMap by id during request token callback."))
if provider == "google":
return google_request_token_handler(oauth_map)
elif provider == "facebook":
return facebook_request_token_handler(oauth_map)
def google_token_callback():
oauth_map = OAuthMap.get_by_id_safe(request.values.get("oauth_map_id"))
if not oauth_map:
return oauth_error_response(OAuthError("Unable to find OAuthMap by id."))
if oauth_map.google_verification_code:
return oauth_error_response(OAuthError("Request token already has google verification code."))
oauth_map.google_verification_code = request.values.get("oauth_verifier")
try:
oauth_map = retrieve_google_access_token(oauth_map)
except OAuthError, e:
return oauth_error_response(e)
def facebook_token_callback():
oauth_map = OAuthMap.get_by_id_safe(request.values.get("oauth_map_id"))
if not oauth_map:
return oauth_error_response(OAuthError("Unable to find OAuthMap by id."))
if oauth_map.facebook_authorization_code:
return oauth_error_response(OAuthError("Request token already has facebook authorization code."))
oauth_map.facebook_authorization_code = request.values.get("code")
try:
oauth_map = retrieve_facebook_access_token(oauth_map)
except OAuthError, e:
return oauth_error_response(e)
def facebook_token_callback():
oauth_map = OAuthMap.get_by_id_safe(request.values.get("oauth_map_id"))
if not oauth_map:
return oauth_error_response(OAuthError(
"Unable to find OAuthMap by id."))
if oauth_map.facebook_authorization_code:
return oauth_error_response(OAuthError(
"Request token already has facebook authorization code."))
oauth_map.facebook_authorization_code = request.values.get("code")
try:
oauth_map = retrieve_facebook_access_token(oauth_map)
except OAuthBadRequestError, e:
return pretty_error_response('Unable to log in with Facebook.')
def post(self):
"""POST submissions are for username/password based logins to
acquire an OAuth access token.
"""
identifier = self.request_string('identifier')
password = self.request_string('password')
if not identifier or not password:
self.render_login_page("Please enter your username and password.")
return
user_data = UserData.get_from_username_or_email(identifier.strip())
if not user_data or not user_data.validate_password(password):
# TODO(benkomalo): IP-based throttling of failed logins?
self.render_login_page("Your login or password is incorrect.")
return
# Successful login - convert to an OAuth access_token
oauth_map_id = self.request_string("oauth_map_id", default="")
oauth_map = OAuthMap.get_by_id_safe(oauth_map_id)
if not oauth_map:
self.render_login_page("Unable to find OAuthMap by id.")
return
# Mint the token and persist to the oauth_map
oauth_map.khan_auth_token = AuthToken.for_user(user_data).value
oauth_map.put()
# Flush the "apply phase" of the above put() to ensure that subsequent
# retrievals of this OAuthmap returns fresh data. GAE's HRD can
# otherwise take a second or two to propagate the data, and the
# following authorize endpoint redirect below could happen quicker
# than that in some cases.
oauth_map = OAuthMap.get(oauth_map.key())
# Need to redirect back to the http authorize endpoint
return auth_util.authorize_token_redirect(oauth_map, force_http=True)
def post(self):
"""POST submissions are for username/password based logins to
acquire an OAuth access token.
"""
identifier = self.request_string('identifier')
password = self.request_string('password')
if not identifier or not password:
self.render_login_page("Please enter your username and password.")
return
user_data = UserData.get_from_username_or_email(identifier.strip())
if not user_data or not user_data.validate_password(password):
# TODO(benkomalo): IP-based throttling of failed logins?
self.render_login_page("Your login or password is incorrect.")
return
# Successful login - convert to an OAuth access_token
oauth_map_id = self.request_string("oauth_map_id", default="")
oauth_map = OAuthMap.get_by_id_safe(oauth_map_id)
if not oauth_map:
self.render_login_page("Unable to find OAuthMap by id.")
return
# Mint the token and persist to the oauth_map
oauth_map.khan_auth_token = AuthToken.for_user(user_data).value
oauth_map.put()
# Flush the "apply phase" of the above put() to ensure that subsequent
# retrievals of this OAuthmap returns fresh data. GAE's HRD can
# otherwise take a second or two to propagate the data, and the
# following authorize endpoint redirect below could happen quicker
# than that in some cases.
oauth_map = OAuthMap.get(oauth_map.key())
# Need to redirect back to the http authorize endpoint
return auth_util.authorize_token_redirect(oauth_map, force_http=True)