def connect(request):
'''
Exception and validation functionality around the _connect view
Separated this out from _connect to preserve readability
Don't bother reading this code, skip to _connect for the bit you're interested in :)
'''
facebook_login = to_bool(request.REQUEST.get('facebook_login'))
context = RequestContext(request)
#validation to ensure the context processor is enabled
if not context.get('FACEBOOK_APP_ID'):
message = 'Please specify a Facebook app id and ensure the context processor is enabled'
raise ValueError(message)
#hide the connect page, convenient for testing with new users in production though
if not facebook_login and not settings.DEBUG and facebook_settings.FACEBOOK_HIDE_CONNECT_TEST:
raise Http404('not showing the connect page')
try:
response = _connect(request, facebook_login)
except open_facebook_exceptions.FacebookUnreachable, e:
#often triggered when Facebook is slow
warning_format = u'%s, often caused by Facebook slowdown, error %s'
warn_message = warning_format % (type(e), e.message)
send_warning(warn_message, e=e)
response = error_next_redirect(request,
additional_params=dict(
fb_error_or_cancel=1)
)
def connect(request):
'''
Exception and validation functionality around the _connect view
Separated this out from _connect to preserve readability
Don't bother reading this code, skip to _connect for the bit you're interested in :)
'''
facebook_login = to_bool(request.REQUEST.get('facebook_login'))
context = RequestContext(request)
#validation to ensure the context processor is enabled
if not context.get('FACEBOOK_APP_ID'):
message = 'Please specify a Facebook app id and ensure the context processor is enabled'
raise ValueError(message)
#hide the connect page, convenient for testing with new users in production though
if not facebook_login and not settings.DEBUG and facebook_settings.FACEBOOK_HIDE_CONNECT_TEST:
raise Http404('not showing the connect page')
try:
response = _connect(request, facebook_login)
except open_facebook_exceptions.FacebookUnreachable, e:
#often triggered when Facebook is slow
warning_format = u'%s, often caused by Facebook slowdown, error %s'
warn_message = warning_format % (type(e), e.message)
send_warning(warn_message, e=e)
response = error_next_redirect(request,
additional_params=dict(
fb_error_or_cancel=1)
)
def connect_user(request, access_token=None, facebook_graph=None):
'''
Given a request either
- (if authenticated) connect the user
- login
- register
'''
user = None
graph = facebook_graph or get_facebook_graph(request, access_token)
converter = get_instance_for('user_conversion', graph)
assert converter.is_authenticated()
facebook_data = converter.facebook_profile_data()
force_registration = request.REQUEST.get('force_registration') or\
request.REQUEST.get('force_registration_hard')
connect_facebook = to_bool(request.REQUEST.get('connect_facebook'))
logger.debug('force registration is set to %s', force_registration)
if connect_facebook and request.user.is_authenticated() and not force_registration:
# we should only allow connect if users indicate they really want to connect
# only when the request.CONNECT_FACEBOOK = 1
# if this isn't present we just do a login
action = CONNECT_ACTIONS.CONNECT
user = _connect_user(request, converter)
else:
email = facebook_data.get('email', False)
email_verified = facebook_data.get('verified', False)
kwargs = {}
if email and email_verified:
kwargs = {'facebook_email': email}
auth_user = authenticate(facebook_id=facebook_data['id'], **kwargs)
if auth_user and not force_registration:
action = CONNECT_ACTIONS.LOGIN
# Has the user registered without Facebook, using the verified FB
# email address?
# It is after all quite common to use email addresses for usernames
update = getattr(auth_user, 'fb_update_required', False)
if not auth_user.get_profile().facebook_id:
update = True
# login the user
user = _login_user(request, converter, auth_user, update=update)
else:
action = CONNECT_ACTIONS.REGISTER
# when force registration is active we should remove the old profile
try:
user = _register_user(request, converter,
remove_old_connections=force_registration)
except facebook_exceptions.AlreadyRegistered, e:
# in Multithreaded environments it's possible someone beats us to
# the punch, in that case just login
logger.info('parallel register encountered, slower thread is doing a login')
auth_user = authenticate(
facebook_id=facebook_data['id'], **kwargs)
action = CONNECT_ACTIONS.LOGIN
user = _login_user(request, converter, auth_user, update=False)
def connect_user(request, access_token=None, facebook_graph=None):
'''
Given a request either
- (if authenticated) connect the user
- login
- register
'''
user = None
graph = facebook_graph or get_facebook_graph(request, access_token)
facebook = FacebookUserConverter(graph)
assert facebook.is_authenticated()
facebook_data = facebook.facebook_profile_data()
force_registration = request.REQUEST.get('force_registration') or\
request.REQUEST.get('force_registration_hard')
connect_facebook = to_bool(request.REQUEST.get('connect_facebook'))
logger.debug('force registration is set to %s', force_registration)
if connect_facebook and request.user.is_authenticated() and not force_registration:
#we should only allow connect if users indicate they really want to connect
#only when the request.CONNECT_FACEBOOK = 1
#if this isn't present we just do a login
action = CONNECT_ACTIONS.CONNECT
user = _connect_user(request, facebook)
else:
email = facebook_data.get('email', False)
email_verified = facebook_data.get('verified', False)
kwargs = {}
if email and email_verified:
kwargs = {'facebook_email': email}
auth_user = authenticate(facebook_id=facebook_data['id'], **kwargs)
if auth_user and not force_registration:
action = CONNECT_ACTIONS.LOGIN
# Has the user registered without Facebook, using the verified FB
# email address?
# It is after all quite common to use email addresses for usernames
update = getattr(auth_user, 'fb_update_required', False)
if not auth_user.get_profile().facebook_id:
update = True
#login the user
user = _login_user(request, facebook, auth_user, update=update)
else:
action = CONNECT_ACTIONS.REGISTER
# when force registration is active we should remove the old profile
try:
user = _register_user(request, facebook,
remove_old_connections=force_registration)
except facebook_exceptions.AlreadyRegistered, e:
#in Multithreaded environments it's possible someone beats us to
#the punch, in that case just login
logger.info('parallel register encountered, slower thread is doing a login')
auth_user = authenticate(
facebook_id=facebook_data['id'], **kwargs)
action = CONNECT_ACTIONS.LOGIN
user = _login_user(request, facebook, auth_user, update=False)
def _connect(request, graph):
'''
Handles the view logic around connect user
- (if authenticated) connect the user
- login
- register
We are already covered by the facebook_required_lazy decorator
So we know we either have a graph and permissions, or the user denied
the oAuth dialog
'''
backend = get_registration_backend()
context = RequestContext(request)
connect_facebook = to_bool(request.REQUEST.get('connect_facebook'))
logger.info('trying to connect using Facebook')
if graph:
logger.info('found a graph object')
converter = get_instance_for('user_conversion', graph)
authenticated = converter.is_authenticated()
# Defensive programming :)
if not authenticated:
raise ValueError('didnt expect this flow')
logger.info('Facebook is authenticated')
facebook_data = converter.facebook_profile_data()
# either, login register or connect the user
try:
action, user = connect_user(
request, connect_facebook=connect_facebook)
logger.info('Django facebook performed action: %s', action)
except facebook_exceptions.IncompleteProfileError, e:
# show them a registration form to add additional data
warning_format = u'Incomplete profile data encountered with error %s'
warn_message = warning_format % unicode(e)
send_warning(warn_message, e=e,
facebook_data=facebook_data)
context['facebook_mode'] = True
context['form'] = e.form
#MJA modification to auto-register
#backend.register(request, None, username='******', eamil='*****@*****.**', password1='Blahblah3')
#return next_redirect(request)
return render_to_response(
facebook_settings.FACEBOOK_REGISTRATION_TEMPLATE,
context_instance=context,
)
except facebook_exceptions.AlreadyConnectedError, e:
user_ids = [u.get_user_id() for u in e.users]
ids_string = ','.join(map(str, user_ids))
additional_params = dict(already_connected=ids_string)
return backend.post_error(request, additional_params)
def _connect(request, graph):
'''
Handles the view logic around connect user
- (if authenticated) connect the user
- login
- register
We are already covered by the facebook_required_lazy decorator
So we know we either have a graph and permissions, or the user denied
the oAuth dialog
'''
backend = get_registration_backend()
context = RequestContext(request)
connect_facebook = to_bool(request.REQUEST.get('connect_facebook'))
logger.info('trying to connect using Facebook')
if graph:
logger.info('found a graph object')
converter = get_instance_for('user_conversion', graph)
authenticated = converter.is_authenticated()
# Defensive programming :)
if not authenticated:
raise ValueError('didnt expect this flow')
logger.info('Facebook is authenticated')
facebook_data = converter.facebook_profile_data()
# either, login register or connect the user
try:
action, user = connect_user(request,
connect_facebook=connect_facebook)
logger.info('Django facebook performed action: %s', action)
except facebook_exceptions.IncompleteProfileError as e:
# show them a registration form to add additional data
warning_format = 'Incomplete profile data encountered with error %s'
warn_message = warning_format % str(e)
send_warning(warn_message, e=e, facebook_data=facebook_data)
context['facebook_mode'] = True
context['form'] = e.form
return render_to_response(
facebook_settings.FACEBOOK_REGISTRATION_TEMPLATE,
context_instance=context,
)
except facebook_exceptions.AlreadyConnectedError as e:
user_ids = [u.get_user_id() for u in e.users]
ids_string = ','.join(map(str, user_ids))
additional_params = dict(already_connected=ids_string)
return backend.post_error(request, additional_params)
response = backend.post_connect(request, user, action)
if action is CONNECT_ACTIONS.LOGIN:
pass
elif action is CONNECT_ACTIONS.CONNECT:
# connect means an existing account was attached to facebook
messages.info(
request,
_("You have connected your account "
"to %s's facebook profile") % facebook_data['name'])
elif action is CONNECT_ACTIONS.REGISTER:
# hook for tying in specific post registration functionality
response.set_cookie('fresh_registration', user.id)
else:
# the user denied the request
additional_params = dict(fb_error_or_cancel='1')
response = backend.post_error(request, additional_params)
return response
def _connect(request, graph):
'''
Handles the view logic around connect user
- (if authenticated) connect the user
- login
- register
We are already covered by the facebook_required_lazy decorator
So we know we either have a graph and permissions, or the user denied
the oAuth dialog
'''
backend = get_registration_backend()
context = RequestContext(request)
connect_facebook = to_bool(request.REQUEST.get('connect_facebook'))
logger.info('C01: trying to connect using Facebook')
if graph:
logger.info('C02: found a graph object')
converter = get_instance_for('user_conversion', graph)
authenticated = converter.is_authenticated()
# Defensive programming :)
if not authenticated:
logger.info('C04: not authenticated')
raise ValueError('didnt expect this flow')
logger.info('C05: Facebook is authenticated')
facebook_data = converter.facebook_profile_data()
# either, login register or connect the user
try:
action, user = connect_user(
request, connect_facebook=connect_facebook)
logger.info('Django facebook performed action: %s', action)
# If client or subclient were detected redirect them to client login page
if action == CONNECT_ACTIONS.CLIENT_REDIRECT:
return redirect("facebook_client_login")
except facebook_exceptions.IncompleteProfileError, e:
# show them a registration form to add additional data
warning_format = u'Incomplete profile data encountered with error %s'
warn_message = warning_format % unicode(e)
logger.info(warn_message)
send_warning(warn_message, e=e,
facebook_data=facebook_data)
context['facebook_mode'] = True
context['blocked_email'] = e.form.data['email']
e.form.data['email'] = u''
context['form'] = e.form
# Style register page
layout = get_layout(request=request)
logger.info('C06: Got layout %s' % layout)
context['layout'] = layout
return render_to_response(
backend.get_registration_template(),
context_instance=context,
)
except facebook_exceptions.AlreadyConnectedError, e:
logger.info('Already connected error')
user_ids = [u.get_user_id() for u in e.users]
ids_string = ','.join(map(str, user_ids))
additional_params = dict(already_connected=ids_string)
return backend.post_error(request, additional_params)
def _connect(request, graph):
'''
Handles the view logic around connect user
- (if authenticated) connect the user
- login
- register
We are already covered by the facebook_required_lazy decorator
So we know we either have a graph and permissions, or the user denied
the oAuth dialog
'''
backend = get_registration_backend()
context = RequestContext(request)
connect_facebook = to_bool(request.REQUEST.get('connect_facebook'))
logger.info('trying to connect using Facebook')
if graph:
logger.info('found a graph object')
converter = get_instance_for('user_conversion', graph)
authenticated = converter.is_authenticated()
# Defensive programming :)
if not authenticated:
raise ValueError('didnt expect this flow')
logger.info('Facebook is authenticated')
facebook_data = converter.facebook_profile_data()
# either, login register or connect the user
try:
action, user = connect_user(
request, connect_facebook=connect_facebook)
logger.info('Django facebook performed action: %s', action)
except facebook_exceptions.IncompleteProfileError as e:
# show them a registration form to add additional data
warning_format = u'Incomplete profile data encountered with error %s'
warn_message = warning_format % unicode(e)
send_warning(warn_message, e=e,
facebook_data=facebook_data)
context['facebook_mode'] = True
context['form'] = e.form
return render_to_response(
backend.get_registration_template(),
context_instance=context,
)
except facebook_exceptions.AlreadyConnectedError as e:
user_ids = [u.get_user_id() for u in e.users]
ids_string = ','.join(map(str, user_ids))
additional_params = dict(already_connected=ids_string)
return backend.post_error(request, additional_params)
response = backend.post_connect(request, user, action)
if action is CONNECT_ACTIONS.LOGIN:
pass
elif action is CONNECT_ACTIONS.CONNECT:
# connect means an existing account was attached to facebook
messages.info(request, _("You have connected your account "
"to %s's facebook profile") % facebook_data['name'])
elif action is CONNECT_ACTIONS.REGISTER:
# hook for tying in specific post registration functionality
response.set_cookie('fresh_registration', user.id)
else:
# the user denied the request
additional_params = dict(fb_error_or_cancel='1')
response = backend.post_error(request, additional_params)
return response
def connect_user(request, access_token=None, facebook_graph=None):
"""
Given a request either
- (if authenticated) connect the user
- login
- register
"""
user = None
graph = facebook_graph or get_facebook_graph(request, access_token)
converter = get_instance_for("user_conversion", graph)
assert converter.is_authenticated()
facebook_data = converter.facebook_profile_data()
force_registration = request.REQUEST.get("force_registration") or request.REQUEST.get("force_registration_hard")
connect_facebook = to_bool(request.REQUEST.get("connect_facebook"))
backend = get_registration_backend()
logger.debug("force registration is set to %s", force_registration)
if connect_facebook and request.user.is_authenticated() and not force_registration:
# we should only allow connect if users indicate they really want to connect
# only when the request.CONNECT_FACEBOOK = 1
# if this isn't present we just do a login
action = CONNECT_ACTIONS.CONNECT
user = _connect_user(request, converter)
if backend.is_user_banned(user):
raise PermissionDenied()
else:
email = facebook_data.get("email", False)
email_verified = facebook_data.get("verified", False)
kwargs = {}
if email and email_verified:
kwargs = {"facebook_email": email}
auth_user = authenticate(facebook_id=facebook_data["id"], **kwargs)
if backend.is_user_banned(auth_user):
raise PermissionDenied()
if auth_user and not force_registration:
action = CONNECT_ACTIONS.LOGIN
# Has the user registered without Facebook, using the verified FB
# email address?
# It is after all quite common to use email addresses for usernames
update = getattr(auth_user, "fb_update_required", False)
profile = try_get_profile(auth_user)
current_facebook_id = get_user_attribute(auth_user, profile, "facebook_id")
if not current_facebook_id:
update = True
# login the user
user = _login_user(request, converter, auth_user, update=update)
else:
action = CONNECT_ACTIONS.REGISTER
# when force registration is active we should remove the old
# profile
try:
user = _register_user(request, converter, remove_old_connections=force_registration)
except facebook_exceptions.AlreadyRegistered, e:
# in Multithreaded environments it's possible someone beats us to
# the punch, in that case just login
logger.info("parallel register encountered, slower thread is doing a login")
auth_user = authenticate(facebook_id=facebook_data["id"], **kwargs)
action = CONNECT_ACTIONS.LOGIN
user = _login_user(request, converter, auth_user, update=False)
