def gdisconnect():
access_token = login_session.get('access_token')
if access_token is None:
return Util.custom_make_response(
json.dumps(_('current_user_not_connected')), 401) # noqa
url = 'https://accounts.google.com/o/oauth2/revoke?token=%s' % \
login_session['access_token']
del login_session['user_id']
del login_session['access_token']
del login_session['gplus_id']
del login_session['username']
del login_session['email']
del login_session['picture']
h = httplib2.Http()
result, content = h.request(url, 'GET')
response_code = 0
response_msg = ''
if result['status'] == '200':
response_code = 200
response_msg = 'successfully_disconnected'
else:
response_code = 400
response_msg = _('failed_to_revoke_token_for_given_user')
return Util.custom_make_response(json.dumps(response_msg), response_code)
def gconnect():
# Validate state token
if request.args.get('state') != login_session['state']:
return Util.custom_make_response(
json.dumps(_('invalid_state_parameter')), 401) # noqa
# Obtain authorization code
code = request.data
try:
# Upgrade the authorization code into a credentials object
oauth_flow = flow_from_clientsecrets(Config.CLIENT_SECRET_JSON,
scope='')
oauth_flow.redirect_uri = 'postmessage'
credentials = oauth_flow.step2_exchange(code)
except FlowExchangeError:
return Util.custom_make_response(
json.dumps(_('failed_to_upgrade_the_authorization_code')),
401) # noqa
# Check that the access token is valid.
access_token = credentials.access_token
url = ('https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=%s' %
access_token)
h = httplib2.Http()
result = json.loads(h.request(url, 'GET')[1])
# If there was an error in the access token info, abort.
if result.get('error') is not None:
return Util.custom_make_response(json.dumps(result.get('error')), 500)
# Verify that the access token is used for the intended user.
gplus_id = credentials.id_token['sub']
if result['user_id'] != gplus_id:
return Util.custom_make_response(
json.dumps(_("tokens_user_id_doesnt_match_given_user_id")),
401) # noqa
# Verify that the access token is valid for this app.
if result['issued_to'] != CLIENT_ID:
return Util.custom_make_response(
json.dumps(_("tokens_client_id_does_not_match_apps")), 401) # noqa
# Get user info
userinfo_url = "https://www.googleapis.com/oauth2/v1/userinfo"
params = {'access_token': credentials.access_token, 'alt': 'json'}
answer = requests.get(userinfo_url, params=params)
data = answer.json()
user = User.check_new_user(name=data['name'],
email=data['email'],
picture=data['picture'])
if user is None or not user.id:
return Util.custom_make_response(json.dumps(_("invalid_user")), 401)
login_session['user_id'] = user.id
login_session['username'] = data['name']
login_session['picture'] = data['picture']
login_session['email'] = data['email']
login_session['access_token'] = credentials.access_token
login_session['gplus_id'] = gplus_id
return '1'
