def sign_up(): username = request.values.get('username') password = request.values.get('password') if username and password: user = User(username=username) user.hash_password(password) session.add(user) try: session.commit() user = session.query(User).filter_by(username=username).one() except: response = make_response("Username is not available", 400) response.headers['Content-Type'] = 'application/json' return response else: token = user.generate_auth_token().decode('ascii') response = make_response("Successfully registered! %s" % username, 201) response.set_cookie('token', token) return jsonify({'username': user.username, 'token': token}), 201 else: return jsonify("Username or password is None"), 400
def login(provider): """Login to the system using third party provider (Google)""" # STEP 1 - Parse the auth code # auth_code = request.json.get('auth_code') auth_code = request.data print "Step 1 - Complete, received auth code %s" % auth_code if provider == 'google': # STEP 2 - Exchange for a token try: # Upgrade the authorization code into a credentials object oauth_flow = flow_from_clientsecrets('client_secrets.json', scope='') oauth_flow.redirect_uri = 'postmessage' credentials = oauth_flow.step2_exchange(auth_code) except FlowExchangeError: response = make_response( json.dumps('Failed to upgrade the ' + 'authorization code.'), 401) response.headers['Content-Type'] = 'application/json' return response # Check that the access token is valid. access_token = credentials.access_token url = ( 'https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=%s' % access_token) h = httplib2.Http() result = json.loads(h.request(url, 'GET')[1]) # If there was an error in the access token info, abort. if result.get('error') is not None: response = make_response(json.dumps(result.get('error')), 500) response.headers['Content-Type'] = 'application/json' print "Step 2 Complete! Access Token : %s " % credentials.access_token # STEP 3 - Find User or make a new one # Get user info h = httplib2.Http() userinfo_url = "https://www.googleapis.com/oauth2/v1/userinfo" params = {'access_token': credentials.access_token, 'alt': 'json'} answer = requests.get(userinfo_url, params=params) data = answer.json() name = data['name'] picture = data['picture'] email = data['email'] # See if user exists, if it doesn't make a new one user = session.query(User).filter_by(email=email).first() if not user: user = User(username=name, picture=picture, email=email) session.add(user) session.commit() # STEP 4 - Make token token = user.generate_auth_token(600) flask_session['user_id'] = user.id flask_session['username'] = user.username flask_session['email'] = user.email flask_session['logged_in'] = True # STEP 5 - Send back token to the client return jsonify({'token': token.decode('ascii')}) else: return 'Unrecoginized Provider'
def login(provider): if request.method == 'GET': return render_template('getAuthCode.html') if request.method == 'POST': #STEP 1 - Parse the auth code auth_code = request.form['auth_code'] print "Step 1 - Complete, received auth code %s" % auth_code if provider == 'google': #STEP 2 - Exchange for a token try: # Upgrade the authorization code into a credentials object oauth_flow = flow_from_clientsecrets( 'client_secrets.json', scope='') #creates a Flow object from the json file oauth_flow.redirect_uri = 'postmessage' credentials = oauth_flow.step2_exchange(auth_code) except FlowExchangeError: response = make_response( json.dumps('Failed to upgrade the authorization code.'), 401) response.headers['Content-Type'] = 'application/json' return response # Check that the access token from credential object is valid. access_token = credentials.access_token url = ( 'https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=%s' % access_token) h = httplib2.Http() result = json.loads(h.request(url, 'GET')[1]) # If there was an error in the access token info, abort. if result.get('error') is not None: response = make_response(json.dumps(result.get('error')), 500) response.headers['Content-Type'] = 'application/json' # # Verify that the access token is used for the intended user. # gplus_id = credentials.id_token['sub'] # if result['user_id'] != gplus_id: # response = make_response(json.dumps("Token's user ID doesn't match given user ID."), 401) # response.headers['Content-Type'] = 'application/json' # return response # # Verify that the access token is valid for this app. # if result['issued_to'] != CLIENT_ID: # response = make_response(json.dumps("Token's client ID does not match app's."), 401) # response.headers['Content-Type'] = 'application/json' # return response # stored_credentials = login_session.get('credentials') # stored_gplus_id = login_session.get('gplus_id') # if stored_credentials is not None and gplus_id == stored_gplus_id: # response = make_response(json.dumps('Current user is already connected.'), 200) # response.headers['Content-Type'] = 'application/json' # return response print "Step 2 Complete! Access Token : %s " % credentials.access_token #STEP 3 - Find User or make a new one #Get user info h = httplib2.Http() userinfo_url = "https://www.googleapis.com/oauth2/v1/userinfo" params = {'access_token': credentials.access_token, 'alt': 'json'} answer = requests.get(userinfo_url, params=params) data = answer.json() name = data['name'] picture = data['picture'] email = data['email'] #see if user exists user = session.query(User).filter_by(email=email).first() # user not exist, then create a new user if not user: user = User(username=name, email=email) session.add(user) session.commit() #STEP 4 - Make token token = user.generate_auth_token(600) #STEP 5 - Send back token to the client #return jsonify({'token': token.decode('ascii')}) return redirect(url_for('showCategories')) else: return 'Unrecoginized Provider'