def gdisconnect(): access_token = login_session.get('access_token') if access_token is None: return Util.custom_make_response( json.dumps(_('current_user_not_connected')), 401) # noqa url = 'https://accounts.google.com/o/oauth2/revoke?token=%s' % \ login_session['access_token'] del login_session['user_id'] del login_session['access_token'] del login_session['gplus_id'] del login_session['username'] del login_session['email'] del login_session['picture'] h = httplib2.Http() result, content = h.request(url, 'GET') response_code = 0 response_msg = '' if result['status'] == '200': response_code = 200 response_msg = 'successfully_disconnected' else: response_code = 400 response_msg = _('failed_to_revoke_token_for_given_user') return Util.custom_make_response(json.dumps(response_msg), response_code)
def gconnect(): # Validate state token if request.args.get('state') != login_session['state']: return Util.custom_make_response( json.dumps(_('invalid_state_parameter')), 401) # noqa # Obtain authorization code code = request.data try: # Upgrade the authorization code into a credentials object oauth_flow = flow_from_clientsecrets(Config.CLIENT_SECRET_JSON, scope='') oauth_flow.redirect_uri = 'postmessage' credentials = oauth_flow.step2_exchange(code) except FlowExchangeError: return Util.custom_make_response( json.dumps(_('failed_to_upgrade_the_authorization_code')), 401) # noqa # Check that the access token is valid. access_token = credentials.access_token url = ('https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=%s' % access_token) h = httplib2.Http() result = json.loads(h.request(url, 'GET')[1]) # If there was an error in the access token info, abort. if result.get('error') is not None: return Util.custom_make_response(json.dumps(result.get('error')), 500) # Verify that the access token is used for the intended user. gplus_id = credentials.id_token['sub'] if result['user_id'] != gplus_id: return Util.custom_make_response( json.dumps(_("tokens_user_id_doesnt_match_given_user_id")), 401) # noqa # Verify that the access token is valid for this app. if result['issued_to'] != CLIENT_ID: return Util.custom_make_response( json.dumps(_("tokens_client_id_does_not_match_apps")), 401) # noqa # Get user info userinfo_url = "https://www.googleapis.com/oauth2/v1/userinfo" params = {'access_token': credentials.access_token, 'alt': 'json'} answer = requests.get(userinfo_url, params=params) data = answer.json() user = User.check_new_user(name=data['name'], email=data['email'], picture=data['picture']) if user is None or not user.id: return Util.custom_make_response(json.dumps(_("invalid_user")), 401) login_session['user_id'] = user.id login_session['username'] = data['name'] login_session['picture'] = data['picture'] login_session['email'] = data['email'] login_session['access_token'] = credentials.access_token login_session['gplus_id'] = gplus_id return '1'