def login_redirect(): """ Redirect from Amazon Login with an auth token :return: """ next_redirect = request.args.get('next') access_token = request.args.get('access_token') d = amazon_authorization(access_token) print("Amazon data:", d) # # State token to prevent CSRF # state = ''.join(random.choice(string.ascii_uppercase + string.digits) for x in xrange(32)) # login_session['state'] = state # Find user in database by email or create new record user = session.query(User).filter(User.email == d['email']).first() if user is None: print("Creating new user in database") m = hashlib.md5() m.update(d['email']) gravatar = 'https://secure.gravatar.com/avatar/' + m.hexdigest( ) + '?size=35' user = User(name=d['name'], email=d['email'], picture=gravatar) session.add(user) session.commit() # Update the Amazon ID for the user if not already set if user.client_id != d['user_id']: user.client_id = d['user_id'] session.commit() login_session['userid'] = user.id login_session['picture'] = user.picture login_session['name'] = user.name login_session['email'] = user.email login_session['client_id'] = user.client_id flash('You were successfully logged in') return redirect_dest(next_redirect)