def login():
form = LoginForm()
if request.method == 'POST':
if form.validate_on_submit():
email = request.form.get('email')
password = request.form.get('password')
token = api.get_token(email, password)['access_token']
res = api.get('/user/', token=token)
user_id = res['user']['_id']
email = res['user']['email']
user = User(user_id)
user.email = email
session[str(user_id)] = user
login_user(user)
next = request.args.get('next')
if not next_is_valid(next):
return abort(401)
return redirect(next or url_for('user.user'))
return abort(400)
return render_template('auth/login.html', form=form)
def facebook_authorized():
resp = facebook.authorized_response()
if resp is None:
# return 'Access denied: reason=%s error=%s' % (
# request.args['error_reason'],
# request.args['error_description']
# )
return abort(401)
if isinstance(resp, OAuthException):
# return 'Access denied: %s' % resp.message
return abort(401)
access_token = resp['access_token']
session['facebook_token'] = (access_token, '')
try:
me = facebook.get('/me?fields=id')
facebook_id = me.data['id']
token = api.get_token(facebook_id, access_token)['access_token']
res = api.get('/user/', token=token)
user_id = res['user']['_id']
email = res['user']['email']
user = User(user_id)
user.email = email
login_user(user)
session[str(user_id)] = user
except client.OAuthException:
return abort(401)
# client_id = request.args.get('client_id')
# scope = request.args.get('scope')
# redirect_uri = request.args.get('redirect_uri')
# response_type = request.args.get('response_type')
return redirect(request.args.get('next'))