def verify_token(): ExtUser = current_app.mongodb_conn.ExtUser # fake data # # user = ExtUser.find_one() # if not user: # user = ExtUser() # user['scope'] = u'tester/testapp' # user['open_id'] = u'test-open-id' # user.save() # g.curr_user = user # # return open_id = current_app.sup_oauth.load_ext_token(request.headers) if not open_id: raise AuthFailed('invalid open id') user = ExtUser.find_one_activated_by_open_id(open_id) if user is None: raise AuthFailed("User Not Exist") if not user['access_token'] or user['expires_at'] < now(): try: assert bool(user['refresh_token']) resp = current_app.sup_oauth.\ refresh_access_token(user['refresh_token']) assert 'access_token' in resp except Exception: current_app.logger.warn( "Refresh token failed:\n{}".format(traceback.format_exc())) raise AuthFailed('refresh token failed') try: profile = current_app.sup_oauth.\ get_profile(resp['access_token']) except: profile = None user['access_token'] = resp['access_token'] user['expires_at'] = resp['expires_in'] + now() user['owner'] = resp['owner'] user['app'] = resp['app'] user['token_type'] = resp['token_type'] if profile: user['display_name'] = profile['display_name'] user['title'] = profile['title'] user['locale'] = profile['locale'] user['description'] = profile['description'] user['type'] = profile['type'] user['snapshot'] = profile['snapshot'] user['scope'] = pre_process_scope(profile['owner_alias'], profile['app_alias']) user.save() g.curr_user = user
def verify_token(): ExtUser = current_app.mongodb_conn.ExtUser # fake data # if current_app.use_fake_data: # user = ExtUser.find_one() # if not user: # user = ExtUser() # user['scope'] = u'tester/testapp' # user['open_id'] = u'test-open-id' # user.save() # g.curr_user = user # return open_id = current_app.sup_oauth.load_ext_token(request.headers) if not open_id: raise AuthFailed('invalid open id') user = ExtUser.find_one_activated_by_open_id(open_id) if user is None: raise AuthFailed("User Not Exist") if not user['access_token'] or user['expires_at'] < now(): try: assert bool(user['refresh_token']) resp = current_app.sup_oauth.\ refresh_access_token(user['refresh_token']) assert 'access_token' in resp except Exception: raise AuthFailed('refresh token failed') try: profile = current_app.sup_oauth.\ get_profile(resp['access_token']) except: profile = None user['access_token'] = resp['access_token'] user['expires_at'] = resp['expires_in'] + now() user['owner'] = resp['owner'] user['app'] = resp['app'] user['token_type'] = resp['token_type'] if profile: user['display_name'] = profile['display_name'] user['title'] = profile['title'] user['locale'] = profile['locale'] user['description'] = profile['description'] user['type'] = profile['type'] user['snapshot'] = profile['snapshot'] user['scope'] = pre_process_scope(profile['owner_alias'], profile['app_alias']) user.save() g.curr_user = user
def visit_remove_comment(group_key, comment_id): Struct.ObjectId(comment_id, 'comment_id') author_id = get_args('author_id') author_token = get_args('author_token') if not author_id: author_id = _get_default_author_id() comment = _visit_get_comment(comment_id, group_key) if not comment['anonymous']: pass # todo # verify member elif author_id != comment['author_id']: raise CommentNotAuthor comment.delete() return { "id": comment_id, "updated": now(), "deleted": 1, }
def get_oauth_access_token(open_id): Struct.Id(open_id) state = get_param('state', Struct.Sid, True) code = get_param('code', Struct.Sid, True) if not current_app.sup_oauth.match_random_string(state, open_id): raise UserStateInvalid ExtUser = current_app.mongodb_conn.ExtUser user = ExtUser.find_one_by_open_id(open_id) if not user: user = ExtUser() user['open_id'] = open_id try: resp = current_app.sup_oauth.get_access_token(code) print resp assert 'access_token' in resp except Exception as e: raise RequestAccessTokenFailed('access') try: profile = current_app.sup_oauth.get_profile(resp['access_token']) except current_app.sup_oauth.OAuthInvalidAccessToken as e: raise RequestAccessTokenFailed('profile') except Exception as e: raise UserProfileFailed(str(e)) try: ext_token = current_app.sup_oauth.generate_ext_token(open_id) except Exception as e: raise UserTokenFailed(str(e)) user['access_token'] = resp['access_token'] user['refresh_token'] = resp['refresh_token'] user['expires_at'] = resp['expires_in']+now() user['token_type'] = resp['token_type'] user['status'] = ExtUser.STATUS_ACTIVATED user['display_name'] = profile['display_name'] user['title'] = profile['title'] user['locale'] = profile['locale'] user['description'] = profile['description'] user['type'] = profile['type'] user['snapshot'] = profile['snapshot'] user['scope'] = pre_process_scope(profile['owner_alias'], profile['app_alias']) user.save() logged_user = output_user(user) logged_user['token'] = ext_token return logged_user
def get_oauth_access_token(open_id): Struct.Id(open_id) state = get_param('state', Struct.Sid, True) code = get_param('code', Struct.Sid, True) if not current_app.sup_oauth.match_random_string(state, open_id): raise UserStateInvalid ExtUser = current_app.mongodb_conn.ExtUser user = ExtUser.find_one_by_open_id(open_id) if not user: user = ExtUser() user['open_id'] = open_id try: resp = current_app.sup_oauth.get_access_token(code) print resp assert 'access_token' in resp except Exception as e: raise RequestAccessTokenFailed('access') try: profile = current_app.sup_oauth.get_profile(resp['access_token']) except current_app.sup_oauth.OAuthInvalidAccessToken as e: raise RequestAccessTokenFailed('profile') except Exception as e: raise UserProfileFailed(str(e)) try: ext_token = current_app.sup_oauth.generate_ext_token(open_id) except Exception as e: raise UserTokenFailed(str(e)) user['access_token'] = resp['access_token'] user['refresh_token'] = resp['refresh_token'] user['expires_at'] = resp['expires_in'] + now() user['token_type'] = resp['token_type'] user['status'] = ExtUser.STATUS_ACTIVATED user['display_name'] = profile['display_name'] user['title'] = profile['title'] user['locale'] = profile['locale'] user['description'] = profile['description'] user['type'] = profile['type'] user['snapshot'] = profile['snapshot'] user['scope'] = pre_process_scope(profile['owner_alias'], profile['app_alias']) user.save() logged_user = output_user(user) logged_user['token'] = ext_token return logged_user
def get_image(): file = request.files.get('grec_file') if not file: raise Exception("upload grec file, please!") file_ext = os.path.splitext(file.filename)[-1] temp_file_name = "{}{}".format(now(), file_ext) file_path = os.path.join(current_app.config['TEMP_DIR'], temp_file_name) file.save(file_path) return file_path
def limit_comments(max_comment, min_time): comments = current_app.mongodb_conn.\ Comment.find_by_gkey_eid_aid(group_key, comment_extension['_id'], author_id, max_comment) _comm_cursor = comments.skip(max_comment-1) _comm = next(_comm_cursor, None) if current_app.debug: min_time = 60 if _comm: if now() - _comm['creation'] < min_time: raise RequestBlocked("overrun")
def limit_comments(max_comment, min_time): comments = current_app.mongodb_conn.\ Comment.find_by_gkey_eid_aid(group_key, comment_extension['_id'], author_id, max_comment) _comm_cursor = comments.skip(max_comment - 1) _comm = next(_comm_cursor, None) if current_app.debug: min_time = 60 if _comm: if now() - _comm['creation'] < min_time: raise RequestBlocked("overrun")
def update_post(post_id): Struct.ObjectId(post_id) title = get_param('title', Struct.Attr, required=True) content = get_param('content', Struct.Text, required=True) post = current_app.mongodb_conn.Post.\ find_one_by_id_and_open_id(post_id, g.curr_user["open_id"]) if not post: raise PostNotFound post["title"] = title post["content"] = content post["update_time"] = now() post.save() return output_post(post)
def get_access_token(code=None): user = g.curr_user access_token = user["access_token"] refresh_token = user["refresh_token"] expires_in = g.curr_user["expires_in"] if not code and access_token and refresh_token and expires_in: if now() < expires_in: return access_token else: try: resp = current_app.sup_oauth.refresh_access_token( refresh_token) assert "access_token" in resp except Exception as e: raise RequestAccessTokenFailed(str(e)) _save_token(user, resp) return resp["access_token"] try: resp = current_app.sup_oauth.get_access_token(code) assert "access_token" in resp except Exception as e: raise RequestAccessTokenFailed(str(e)) _save_token(user, resp) return resp["access_token"]
def save(self, *args, **kwargs): self['updated'] = now() return super(CommentGroup, self).save(*args, **kwargs)
def save(self, *args, **kwargs): self['updated'] = now() return super(ExtUser, self).save(*args, **kwargs)
def _save_token(user, resp): user["access_token"] = resp["access_token"] user["refresh_token"] = resp["refresh_token"] user["expires_in"] = now() + resp["expires_in"] user.save()
def save(self, *args, **kwargs): self["updated"] = now() return super(CommentExtension, self).save(*args, **kwargs)
def save(self, *args, **kwargs): self["updated"] = now() return super(CommentGroup, self).save(*args, **kwargs)
def save(self, *args, **kwargs): self['updated'] = now() return super(CommentExtension, self).save(*args, **kwargs)