def post_auth(auth_type):

    if auth_type != 'google':
        return 'only google oauth2 currently', 400

    access_token_url = 'https://accounts.google.com/o/oauth2/token'
    people_api_url = 'https://www.googleapis.com/oauth2/v1/userinfo?alt=json'

    payload = dict(client_id=request.json['clientId'],
                   redirect_uri=request.json['redirectUri'],
                   client_secret=auth_config.client_secret,
                   code=request.json['code'],
                   grant_type='authorization_code')

    # Step 1. Exchange authorization code for access token.
    r = requests.post(access_token_url, data=payload)
    token = json.loads(r.text)
    headers = {'Authorization': 'Bearer {0}'.format(token['access_token'])}

    # Step 2. Retrieve information about the current user.
    r = requests.get(people_api_url, headers=headers)
    profile = json.loads(r.text)

    print(profile)

    user = User.get_by_oauth2_id(profile['id'])

    if user is None:
        user = User(profile['name'], profile['email'], profile['picture'], profile['id']).add()

    token = create_token(user)
    return jsonify(token=token)
    def decorated_function(*args, **kwargs):
        if not request.headers.get('Authorization'):
            response = jsonify(message='Missing authorization header')
            response.status_code = 401
            return response

        try:
            payload = parse_token(request)
        except DecodeError:
            response = jsonify(message='Token is invalid')
            response.status_code = 401
            return response
        except ExpiredSignature:
            response = jsonify(message='Token has expired')
            response.status_code = 401
            return response

        user = User.get(payload['sub'])

        if user is None:
            return '', 401

        login_user(user)

        return f(*args, **kwargs)
Example #3
0
 def test_save_user_and_find(self):
     User('Jan', 'email', 'picture', OAUTH2_ID).add()
     user = User.get_by_oauth2_id(OAUTH2_ID)
     assert user is not None
Example #4
0
 def test_save_user(self):
     user = User('Jan', 'email', 'picture', OAUTH2_ID).add()
     assert user is not None
Example #5
0
 def test_get_by_oauth2_id(self):
     user = User.get_by_oauth2_id(OAUTH2_ID)
     assert user is None
Example #6
0
def load_user(user_id):
    try:
        return User.get(user_id)
    except User.DoesNotExist:
        return None
Example #7
0
 def test_save_user_and_find(self):
     User('Jan', 'email', 'picture', OAUTH2_ID).add()
     user = User.get_by_oauth2_id(OAUTH2_ID)
     assert user is not None
Example #8
0
 def test_get_by_oauth2_id(self):
     user = User.get_by_oauth2_id(OAUTH2_ID)
     assert user is None