def sign_up():
username = request.values.get('username')
password = request.values.get('password')
if username and password:
user = User(username=username)
user.hash_password(password)
session.add(user)
try:
session.commit()
user = session.query(User).filter_by(username=username).one()
except:
response = make_response("Username is not available", 400)
response.headers['Content-Type'] = 'application/json'
return response
else:
token = user.generate_auth_token().decode('ascii')
response = make_response("Successfully registered! %s" % username, 201)
response.set_cookie('token', token)
return jsonify({'username': user.username, 'token': token}), 201
else:
return jsonify("Username or password is None"), 400
def login(provider):
"""Login to the system using third party provider (Google)"""
# STEP 1 - Parse the auth code
# auth_code = request.json.get('auth_code')
auth_code = request.data
print "Step 1 - Complete, received auth code %s" % auth_code
if provider == 'google':
# STEP 2 - Exchange for a token
try:
# Upgrade the authorization code into a credentials object
oauth_flow = flow_from_clientsecrets('client_secrets.json',
scope='')
oauth_flow.redirect_uri = 'postmessage'
credentials = oauth_flow.step2_exchange(auth_code)
except FlowExchangeError:
response = make_response(
json.dumps('Failed to upgrade the ' + 'authorization code.'),
401)
response.headers['Content-Type'] = 'application/json'
return response
# Check that the access token is valid.
access_token = credentials.access_token
url = (
'https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=%s' %
access_token)
h = httplib2.Http()
result = json.loads(h.request(url, 'GET')[1])
# If there was an error in the access token info, abort.
if result.get('error') is not None:
response = make_response(json.dumps(result.get('error')), 500)
response.headers['Content-Type'] = 'application/json'
print "Step 2 Complete! Access Token : %s " % credentials.access_token
# STEP 3 - Find User or make a new one
# Get user info
h = httplib2.Http()
userinfo_url = "https://www.googleapis.com/oauth2/v1/userinfo"
params = {'access_token': credentials.access_token, 'alt': 'json'}
answer = requests.get(userinfo_url, params=params)
data = answer.json()
name = data['name']
picture = data['picture']
email = data['email']
# See if user exists, if it doesn't make a new one
user = session.query(User).filter_by(email=email).first()
if not user:
user = User(username=name, picture=picture, email=email)
session.add(user)
session.commit()
# STEP 4 - Make token
token = user.generate_auth_token(600)
flask_session['user_id'] = user.id
flask_session['username'] = user.username
flask_session['email'] = user.email
flask_session['logged_in'] = True
# STEP 5 - Send back token to the client
return jsonify({'token': token.decode('ascii')})
else:
return 'Unrecoginized Provider'
def login(provider):
if request.method == 'GET':
return render_template('getAuthCode.html')
if request.method == 'POST':
#STEP 1 - Parse the auth code
auth_code = request.form['auth_code']
print "Step 1 - Complete, received auth code %s" % auth_code
if provider == 'google':
#STEP 2 - Exchange for a token
try:
# Upgrade the authorization code into a credentials object
oauth_flow = flow_from_clientsecrets(
'client_secrets.json',
scope='') #creates a Flow object from the json file
oauth_flow.redirect_uri = 'postmessage'
credentials = oauth_flow.step2_exchange(auth_code)
except FlowExchangeError:
response = make_response(
json.dumps('Failed to upgrade the authorization code.'),
401)
response.headers['Content-Type'] = 'application/json'
return response
# Check that the access token from credential object is valid.
access_token = credentials.access_token
url = (
'https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=%s'
% access_token)
h = httplib2.Http()
result = json.loads(h.request(url, 'GET')[1])
# If there was an error in the access token info, abort.
if result.get('error') is not None:
response = make_response(json.dumps(result.get('error')), 500)
response.headers['Content-Type'] = 'application/json'
# # Verify that the access token is used for the intended user.
# gplus_id = credentials.id_token['sub']
# if result['user_id'] != gplus_id:
# response = make_response(json.dumps("Token's user ID doesn't match given user ID."), 401)
# response.headers['Content-Type'] = 'application/json'
# return response
# # Verify that the access token is valid for this app.
# if result['issued_to'] != CLIENT_ID:
# response = make_response(json.dumps("Token's client ID does not match app's."), 401)
# response.headers['Content-Type'] = 'application/json'
# return response
# stored_credentials = login_session.get('credentials')
# stored_gplus_id = login_session.get('gplus_id')
# if stored_credentials is not None and gplus_id == stored_gplus_id:
# response = make_response(json.dumps('Current user is already connected.'), 200)
# response.headers['Content-Type'] = 'application/json'
# return response
print "Step 2 Complete! Access Token : %s " % credentials.access_token
#STEP 3 - Find User or make a new one
#Get user info
h = httplib2.Http()
userinfo_url = "https://www.googleapis.com/oauth2/v1/userinfo"
params = {'access_token': credentials.access_token, 'alt': 'json'}
answer = requests.get(userinfo_url, params=params)
data = answer.json()
name = data['name']
picture = data['picture']
email = data['email']
#see if user exists
user = session.query(User).filter_by(email=email).first()
# user not exist, then create a new user
if not user:
user = User(username=name, email=email)
session.add(user)
session.commit()
#STEP 4 - Make token
token = user.generate_auth_token(600)
#STEP 5 - Send back token to the client
#return jsonify({'token': token.decode('ascii')})
return redirect(url_for('showCategories'))
else:
return 'Unrecoginized Provider'
