def process_token_result(self, result): # select the processing function
jdoc = self.process_result_as_JSON(result)
if 'error' in jdoc or 'id_token' not in jdoc: # failed
self.add_infomessage('info', MSG.INFORMATION(),
MSG.REGISTRATION_ABORT())
self.redirect_to_relevant_page()
return
id_token = jdoc['id_token']
if type(id_token) == bytes:
segments = id_token.split(b'.')
else:
segments = id_token.split(u'.')
jwtencoded = segments[1]
if isinstance(jwtencoded, unicode):
jwtencoded = jwtencoded.encode('ascii')
jwtencoded = jwtencoded + b'=' * (4 - len(jwtencoded) % 4)
jwt = json.loads(base64.urlsafe_b64decode(jwtencoded).decode('utf-8'))
if not self.validate_token_doc(jwt):
self.add_infomessage('info', MSG.INFORMATION(),
MSG.REGISTRATION_ABORT())
self.redirect_to_relevant_page()
return
loginInfoSettings = {
'provider_uid': 'sub',
'email': 'email',
'email_verified': 'email_verified'
}
loginInfo = self.process_login_info(loginInfoSettings, jwt)
self.provider_authenticated_callback(loginInfo)
def process_token_result(self, result): # select the processing function
data = self.process_result_as_query_string(result)
if not data: # failed
self.add_infomessage('info', MSG.INFORMATION(),
MSG.REGISTRATION_ABORT())
self.redirect_to_relevant_page()
return
token = data['access_token']
profile = self.get_profile(token)
jdoc = self.process_result_as_JSON(profile)
emailUrl = 'https://api.github.com/user/emails?' + urllib.urlencode(
{'access_token': token})
emailDoc = self.urlfetch_safe(url=emailUrl)
jemails = self.process_result_as_JSON(emailDoc)
for item in jemails:
if item.get('verified', False):
jdoc.update(item)
if item.get('primary', False):
break # if we have a verified primary we stop and use that
if jemails and not jdoc.get('email', None):
jdoc.update(jemails[0])
jdoc['id'] = str(jdoc['id']) # convert id to string
loginInfoSettings = {
'provider_uid': 'id',
'email': 'email',
'email_verified': 'verified'
}
loginInfo = self.process_login_info(loginInfoSettings, jdoc)
self.provider_authenticated_callback(loginInfo)
def urlfetch_safe(self, *args, **kwargs):
haveError = False
try:
result = urlfetch.fetch(*args, **kwargs)
if result.status_code != 200:
haveError = True
except:
haveError = True
if haveError:
self.add_infomessage(MSG.INFORMATION(), MSG.REGISTRATION_ABORT())
self.redirect_to_relevant_page(True)
return result
def process_token_result(self, result): # select the processing function
data = self.process_result_as_query_string(result)
if not data: # failed
self.add_infomessage('info', MSG.INFORMATION(),
MSG.REGISTRATION_ABORT())
self.redirect_to_relevant_page()
return
token = data['access_token']
profile = self.get_profile(token)
jdoc = self.process_result_as_JSON(profile)
loginInfoSettings = {
'provider_uid': 'id',
'email': 'email',
'email_verified': 'verified'
}
loginInfo = self.process_login_info(loginInfoSettings, jdoc)
self.provider_authenticated_callback(loginInfo)
def process_token_result(self, result): # select the processing function
data = self.process_result_as_JSON(result)
if not data: # failed
self.add_infomessage(MSG.INFORMATION(), MSG.REGISTRATION_ABORT())
self.redirect_to_relevant_page()
return
token = data['access_token']
profile = self.get_profile(token, {'fields': 'id,email'})
jdoc = self.process_result_as_JSON(profile)
jdoc[
'email_verified'] = True # Facebook emails only given if verified.
loginInfoSettings = {
'provider_uid': 'id',
'email': 'email',
'email_verified': 'email_verified'
}
loginInfo = self.process_login_info(loginInfoSettings, jdoc)
self.provider_authenticated_callback(loginInfo)
def post(self):
choice = self.request.get('choice')
# Step 1
if choice == 'create' or choice == 'cancel':
token = self.session.get('tokenregisterauth')
tokenEntity = EnkiModelTokenVerify.get_by_token_type(
token, 'register')
authId = tokenEntity.auth_ids_provider
provider_name, provider_uid = authId.partition(':')[::2]
auth_email = tokenEntity.email if tokenEntity.email else None
if choice == 'create':
if auth_email:
# If the email is given by the provider, it is verified. Get or ceate the account and log the user in.
user = self.get_or_create_user_from_authid(
authId, auth_email)
if user: # login the user through auth
self.log_in_session_token_create(user)
self.add_infomessage('success', MSG.SUCCESS(),
MSG.LOGGED_IN())
else: # user creation failed (timeout etc.)
self.add_infomessage(
'warning', MSG.WARNING(),
MSG.AUTH_LOGIN_FAILED(provider_name))
self.redirect_to_relevant_page()
tokenEntity.key.delete()
self.session.pop('tokenregisterauth')
else:
# If the email isn't given by the provider, use the manually entered email.
self.check_CSRF()
email = self.request.get('email')
user = self.get_or_create_user_from_authid(authId)
self.log_in_session_token_create(user)
error_message = ''
success = False
result = enki.libuser.validate_email(email)
if result == enki.libutil.ENKILIB_OK:
result = self.email_change_request(
email
) # send an email for verification. Since it's not verified at this point, create the account without the email.
self.add_infomessage(
'info', MSG.INFORMATION(),
MSG.REGISTER_AUTH_ADD_EMAIL_INFO_EMAIL_SENT(email))
if result == enki.handlerbase.ERROR_EMAIL_IN_USE:
self.add_debugmessage(
'Comment - whether the email is available or not, the feedback through the UI is identical to prevent email checking.'
)
success = True
tokenEntity.key.delete()
self.session.pop('tokenregisterauth')
elif result == enki.libuser.ERROR_EMAIL_FORMAT_INVALID:
error_message = MSG.WRONG_EMAIL_FORMAT()
elif result == enki.libuser.ERROR_EMAIL_MISSING:
error_message = MSG.MISSING_EMAIL()
self.render_tmpl('registeroauthconfirm.html',
active_menu='register',
token=tokenEntity,
provider_name=provider_name,
provider_uid=str(provider_uid),
error=error_message,
success=success)
elif choice == 'cancel':
self.add_infomessage('info', MSG.INFORMATION(),
MSG.REGISTRATION_ABORT())
self.redirect_to_relevant_page()
tokenEntity.key.delete()
self.session.pop('tokenregisterauth')
# Step 2 (those choices will only be presented to the user if they successfully added an email manually).
elif choice == 'continue':
self.redirect_to_relevant_page()
elif choice == 'profile':
url = enki.libutil.get_local_url('profile')
self.session['sessionrefpath'] = url
self.redirect(url)