def login(provider):
# STEP 1 - Parse the auth code
code = request.data
if provider == 'google':
# STEP 2 - Exchange for a token
try:
# Upgrade the authorization code into a credentials object
oauth_flow = flow_from_clientsecrets('client_secrets.json',
scope='')
oauth_flow.redirect_uri = 'postmessage'
credentials = oauth_flow.step2_exchange(code)
except FlowExchangeError:
response = make_response(
dumps('Failed to upgrade the authorization code.'), 401)
response.headers['Content-Type'] = 'application/json'
return response
# Check that the access token is valid.
access_token = credentials.access_token
url = (
'https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=%s' %
access_token)
h = Http()
result = loads(h.request(url, 'GET')[1])
# If there was an error in the access token info, abort.
if result.get('error') is not None:
response = make_response(dumps(result.get('error')), 500)
response.headers['Content-Type'] = 'application/json'
# Get user info
h = Http()
userinfo_url = "https://www.googleapis.com/oauth2/v1/userinfo"
params = {'access_token': credentials.access_token, 'alt': 'json'}
answer = r_get(userinfo_url, params=params)
data = answer.json()
# see if user exists, if it doesn't make a new one
user = get_user_by_email(email=data['email'])
if not user:
user = create_user(username=data.get('name'),
picture=data.get('picture'),
email=data.get('email'),
first_name=data.get('given_name'),
last_name=data.get('family_name'),
password=get_unique_str(8))
g.user = user
# Make token
token = g.user.generate_auth_token()
# Send back token to the client
return jsonify({
'token': token.decode('ascii'),
'uid': g.user.id,
'first_name': g.user.first_name,
'last_name': g.user.last_name,
'email': g.user.email,
'picture': g.user.picture,
'status': g.user.status,
'full_name': g.user.get_full_name
}), 200
elif provider == 'facebook':
data = request.json.get('data')
access_token = data['access_token']
fb_file = ''.join([BASE_DIR, '/facebook.json'])
fb_data = loads(open(fb_file, 'r').read())['facebook']
app_id = fb_data['app_id']
app_secret = fb_data['app_secret']
url = fb_data['access_token_url'] % (app_id, app_secret, access_token)
h = Http()
result = h.request(url, 'GET')[1]
# Use token to get user info from API
token = result.split(',')[0].split(':')[1].replace('"', '')
url = fb_data['user_info_url'] % token
h = Http()
result = h.request(url, 'GET')[1]
data = loads(result)
name = data['name'].split(' ')
user_data = dict()
user_data['provider'] = 'facebook'
user_data['username'] = data.get('name')
user_data['first_name'] = name[0]
user_data['last_name'] = name[1]
user_data['email'] = data.get('email')
user_data['facebook_id'] = data.get('id')
user_data['access_token'] = token
url = fb_data['picture_url'] % token
h = Http()
result = h.request(url, 'GET')[1]
data = loads(result)
user_data['picture'] = data['data']['url']
# login_session['picture'] = data["data"]["url"]
# see if user exists
user_info = get_user_by_email(user_data['email'])
if user_info is None:
user_info = create_user(username=user_data['username'],
password=get_unique_str(8),
first_name=user_data['first_name'],
last_name=user_data['last_name'],
email=user_data['email'],
picture=user_data['picture'])
g.user = user_info
token = g.user.generate_auth_token()
return jsonify({
'token': token.decode('ascii'),
'uid': g.user.id,
'first_name': g.user.first_name,
'last_name': g.user.last_name,
'email': g.user.email,
'picture': g.user.picture,
'status': g.user.status,
'full_name': g.user.get_full_name
}), 200
else:
return jsonify({'error': 'Unknown provider'}), 200
def oauth(provider):
"""
Authentication with providers
:param provider:
:return:
"""
# STEP 1 - Parse the auth code
code = request.data
if provider == 'google':
# STEP 2 - Exchange for a token
try:
# Upgrade the authorization code into a credentials object
oauth_flow = flow_from_clientsecrets('client_secrets.json',
scope='')
oauth_flow.redirect_uri = 'postmessage'
credentials = oauth_flow.step2_exchange(code)
except FlowExchangeError:
response = make_response(
dumps('Failed to upgrade the authorization code.'), 401)
response.headers['Content-Type'] = 'application/json'
return response
# Check that the access token is valid.
access_token = credentials.access_token
# prepare url
turl = 'https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=%s'
url = (turl % access_token)
# get result
h = Http()
result = loads(h.request(url, 'GET')[1])
# If there was an error in the access token info, abort.
if result.get('error') is not None:
response = make_response(dumps(result.get('error')), 500)
response.headers['Content-Type'] = 'application/json'
# Get user info
h = Http()
userinfo_url = "https://www.googleapis.com/oauth2/v1/userinfo"
params = {'access_token': credentials.access_token, 'alt': 'json'}
google_response = r_get(userinfo_url, params=params)
data = google_response.json()
# see if user exists, if it doesn't make a new one
user = get_user_by_email(email=data['email'])
if not user:
user = create_user(username=data.get('name'),
picture=data.get('picture'),
email=data.get('email'),
first_name=data.get('given_name'),
last_name=data.get('family_name'),
password=get_unique_str(8))
g.user = user
# create session
session['uid'] = user.id
session['provider'] = 'google'
return jsonify({'message': 'Success'}), 200
elif provider == 'facebook':
# get data
data = request.json.get('data')
# get access token
access_token = data['access_token']
# prepare path to app facebook data
fb_file = ''.join([BASE_DIR, '/facebook.json'])
# load data
fb_data = loads(open(fb_file, 'r').read())['facebook']
# gat app data
app_id = fb_data['app_id']
app_secret = fb_data['app_secret']
# prepare query url for access token
url = fb_data['access_token_url'] % (app_id, app_secret, access_token)
# get result
h = Http()
result = h.request(url, 'GET')[1]
# Use token to get user info from API
token = result.split(',')[0].split(':')[1].replace('"', '')
# prepare url for get user info
url = fb_data['user_info_url'] % token
# get result
h = Http()
result = h.request(url, 'GET')[1]
# load data
data = loads(result)
# get first name and last name
name = findall(r'[a-zA-Z]+', data['name'])
# prepare dictionary for save
user_data = dict()
user_data['provider'] = 'facebook'
user_data['username'] = ''.join(name)
user_data['first_name'] = name[0]
user_data['last_name'] = name[1]
user_data['email'] = data.get('email')
user_data['facebook_id'] = data.get('id')
user_data['access_token'] = token
# prepare url for get picture
url = fb_data['picture_url'] % token
# get result
h = Http()
result = h.request(url, 'GET')[1]
# load data
data = loads(result)
# add picture link to dictionary
user_data['picture'] = data['data']['url']
# get user info
user_info = get_user_by_email(user_data['email'])
# check the user exist, if not create a new one
if user_info is None:
user_info = create_user(username=user_data['username'],
password=get_unique_str(8),
first_name=user_data['first_name'],
last_name=user_data['last_name'],
email=user_data['email'],
picture=user_data['picture'])
g.user = user_info
# create session
session['uid'] = user_info.id
session['provider'] = 'facebook'
return jsonify({'message': 'Success'}), 200
else:
return jsonify({'error': 'Unknown provider'})
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from sqlalchemy import Column, Integer, String, ForeignKey, DateTime
from sqlalchemy.ext.declarative import declarative_base
from sqlalchemy.orm import relationship, sessionmaker
from sqlalchemy import create_engine
from passlib.apps import custom_app_context as pwd_context
from itsdangerous import TimedJSONWebSignatureSerializer as Serializer
from itsdangerous import BadSignature, SignatureExpired
from data_control import get_unique_str
from settings import *
Base = declarative_base() # initialisation the database
secret_key = get_unique_str(32) # create secret_key
# prepare engine
egg = 'postgresql://%s:%s@%s/%s' % (DB['user'],
DB['password'],
DB['host'],
DB['database'])
# create session
engine = create_engine(egg)
Base.metadata.bind = engine
DBSession = sessionmaker(bind=engine)
session = DBSession()
# TODO: User model
class User(Base):
from oauth2client.client import flow_from_clientsecrets, FlowExchangeError
from bleach import clean
from httplib2 import Http
from flask import make_response
from requests import get as r_get
from json import dumps, loads
from re import findall
ALLOWED_EXTENSIONS = set(EXTENSIONS)
auth = HTTPBasicAuth()
app = Flask(__name__)
app.config['UPLOAD_FOLDER'] = UPLOAD_FOLDER
brands = get_categories()
csrf_token = get_unique_str(32)
# TODO: Login required
def login_required(f):
"""
Checking the user is logged in
:param f:
:return:
"""
@wraps(f)
def decorated_function(*args, **kwargs):
if 'uid' in session:
return f(*args, **kwargs)
else: