def authorize(request):
""" OAuth authorization.
Exchange request token for an access token,
login user and store token in user session.
"""
# request token
request_token = request.session.get("request_token", None)
if not request_token:
return http.HttpResponse("No un-authed token cookie")
del request.session["request_token"]
# exchange request token for access token
client = OAuthClient(request.application)
client.set_token_from_string(request_token)
verifier = request.GET.get("oauth_verifier")
access_token = client.fetch_access_token(verifier=verifier)
# authorize and login user
from typepadapp.auth import authenticate, login
authed_user = authenticate(oauth_client=client)
login(request, authed_user)
# store the token key / secret in the database so we can recover
# it later if the session expires
# store the token key / secret in the database so we can recover
# it later if the session expires
sst = request.GET["session_sync_token"]
token = Token.get(sst)
if token is None:
token = Token()
token.session_sync_token = sst
token.key = access_token.key
token.secret = access_token.secret
token.save()
created = True
else:
created = False
if created:
# this is a new user or at least a new session sync token
signals.member_joined.send(sender=authorize, instance=authed_user, group=request.group, token=token)
else:
# update token with current access token
token.key = access_token.key
token.secret = access_token.secret
token.save()
# oauth token in authed user session
request.session["oauth_token"] = token
# go to the welcome url, next url, or home.
abs_home_url = request.build_absolute_uri(HOME_URL)
next_url = request.GET.get("next", abs_home_url)
if settings.WELCOME_URL is not None:
if not next_url or next_url == abs_home_url:
next_url = settings.WELCOME_URL
return http.HttpResponseRedirect(next_url)
