def get(self, provider_name): provider_display_name = models.SocialUser.PROVIDERS_INFO[ provider_name]['label'] if not config.enable_federated_login: message = _('Federated login is disabled.') self.add_message(message, 'warning') return self.redirect_to('login') #OAuth Shizzle callback_url = "%s/social_login/%s/complete" % (self.request.host_url, provider_name) # twitter madness (seriously, what's the deal with them?) if provider_name == "twitter": twitter_helper = twitter.TwitterAuth(self, redirect_uri=callback_url) self.redirect(twitter_helper.auth_url()) # github stores the callback URL in the app settings on their site, so we don't pass it here # you can register a new app at https://github.com/settings/applications/ elif provider_name == "github": scope = 'gist' github_helper = github.GithubAuth(scope) self.redirect(github_helper.get_authorize_url()) else: message = _('%s authentication is not yet implemented.' % provider_display_name) self.add_message(message, 'warning') self.redirect_to('edit-profile')
def post(self): """ username: Get the username from POST dict password: Get the password from POST dict """ if not self.form.validate(): return self.get() username = self.form.username.data.lower() try: if utils.is_email_valid(username): user = models.User.get_by_email(username) if user: auth_id = user.auth_ids[0] else: raise InvalidAuthIdError else: auth_id = "own:%s" % username user = models.User.get_by_auth_id(auth_id) password = self.form.password.data.strip() remember_me = True if str( self.request.POST.get('remember_me')) == 'on' else False # Password to SHA512 password = utils.hashing(password, config.salt) # Try to login user with password # Raises InvalidAuthIdError if user is not found # Raises InvalidPasswordError if provided password # doesn't match with specified user self.auth.get_user_by_password(auth_id, password, remember=remember_me) # if user account is not activated, logout and redirect to home if (user.activated == False): # logout self.auth.unset_session() # redirect to home with error message message = _( 'Your account has been suspended. Please contact support for more information.' ) self.add_message(message, 'error') return self.redirect_to('login') # REMOVE ME #check twitter association in session twitter_helper = twitter.TwitterAuth(self) twitter_association_data = twitter_helper.get_association_data() if twitter_association_data is not None: if models.SocialUser.check_unique( user.key, 'twitter', str(twitter_association_data['id'])): social_user = models.SocialUser( user=user.key, provider='twitter', uid=str(twitter_association_data['id']), extra_data=twitter_association_data) social_user.put() logVisit = models.LogVisit(user=user.key, uastring=self.request.user_agent, ip=self.request.remote_addr, timestamp=utils.get_date_time()) logVisit.put() self.redirect_to('home') except (InvalidAuthIdError, InvalidPasswordError), e: # Returns error message to self.response.write in # the BaseHandler.dispatcher message = _("Your username or password is incorrect. Caps lock?") self.add_message(message, 'error') return self.redirect_to('login')
def get(self, provider_name): if not config.enable_federated_login: message = _('Federated login is disabled.') self.add_message(message, 'warning') return self.redirect_to('login') # callback handler for twitter oauth if provider_name == "twitter": oauth_token = self.request.get('oauth_token') oauth_verifier = self.request.get('oauth_verifier') twitter_helper = twitter.TwitterAuth(self) user_data = twitter_helper.auth_complete(oauth_token, oauth_verifier) screen_name = user_data['screen_name'] if self.user: # user is already logged in so we set a new association with twitter user_info = models.User.get_by_id(long(self.user_id)) if models.SocialUser.check_unique(user_info.key, 'twitter', str(user_data['id'])): social_user = models.SocialUser( user=user_info.key, provider='twitter', uid=str(user_data['id']), extra_data=user_data, screen_name=screen_name, ) social_user.put() message = _('Twitter association added.') self.add_message(message, 'success') else: message = _('This Twitter account is already in use.') self.add_message(message, 'error') self.redirect_to('edit-profile') else: # user is not logged in, but is trying to log in via twitter social_user = models.SocialUser.get_by_provider_and_uid( 'twitter', str(user_data['id'])) if social_user: # Social user exists. Need authenticate related site account user = social_user.user.get() self.auth.set_session(self.auth.store.user_to_dict(user), remember=True) logVisit = models.LogVisit( user=user.key, uastring=self.request.user_agent, ip=self.request.remote_addr, timestamp=utils.get_date_time()) logVisit.put() self.redirect_to('home') else: # Social user does not exists. Need show login and registration forms! twitter_helper.save_association_data(user_data) message = _( 'This Twitter account is not associated with a StackGeek account. ' 'Please sign in or create a StackGeek account before continuing.' ) self.add_message(message, 'warning') self.redirect_to('login') # callback handler for github oauth elif provider_name == "github": # get our request code back from the social login handler above code = self.request.get('code') # create our github auth object (again) scope = 'gist' github_helper = github.GithubAuth(scope) # retrieve the access token using the code and auth object try: access_token = github_helper.get_access_token(code) user_data = github_helper.get_user_info(access_token) except: message = _( 'An error was encountered while exchanging tokens with Github.' ) self.add_message(message, 'error') self.redirect_to('edit-profile') return if self.user: # user is already logged in so we set a new association with github user_info = models.User.get_by_id(long(self.user_id)) if models.SocialUser.check_unique(user_info.key, 'github', str(user_data['login'])): social_user = models.SocialUser(user=user_info.key, provider='github', uid=str( user_data['login']), access_token=access_token, extra_data=user_data) social_user.put() message = _( 'The StackGeek application has been added to your Github account.' ) self.add_message(message, 'success') else: message = _( 'The currently logged in Github account is already in use with another account.' ) self.add_message(message, 'error') self.redirect_to('edit-profile') return # check to see if we are headed anywhere else besides the profile page next_page = utils.read_cookie(self, 'oauth_return_url') utils.write_cookie(self, 'oauth_return_url', '', '/', 15) # try out what we found or redirect to profile if it's a bad value if next_page: try: self.redirect_to(next_page) except: self.redirect_to('edit-profile') else: self.redirect_to('edit-profile') else: # user is not logged in, but is trying to log in via github social_user = models.SocialUser.get_by_provider_and_uid( 'github', str(user_data['login'])) if social_user: # Social user exists. Need authenticate related site account user = social_user.user.get() self.auth.set_session(self.auth.store.user_to_dict(user), remember=True) logVisit = models.LogVisit( user=user.key, uastring=self.request.user_agent, ip=self.request.remote_addr, timestamp=utils.get_date_time()) logVisit.put() self.redirect_to('home') else: # Social user does not exists. Need show login and registration forms! message = _( 'This Github account is not associated with a StackGeek account. ' 'Please sign in or create a StackGeek account before continuing.' ) self.add_message(message, 'warning') self.redirect_to('login') # google, myopenid, yahoo OpenID Providers elif provider_name in models.SocialUser.open_id_providers(): provider_display_name = models.SocialUser.PROVIDERS_INFO[ provider_name]['label'] # get info passed from OpenId Provider from google.appengine.api import users current_user = users.get_current_user() if current_user: if current_user.federated_identity(): uid = current_user.federated_identity() else: uid = current_user.user_id() email = current_user.email() else: message = _( 'No user authentication information received from %s. ' 'Please ensure you are logging in from an authorized OpenID Provider (OP).' % provider_display_name) self.add_message(message, 'error') return self.redirect_to('login') if self.user: # add social account to user user_info = models.User.get_by_id(long(self.user_id)) if models.SocialUser.check_unique(user_info.key, provider_name, uid): social_user = models.SocialUser(user=user_info.key, provider=provider_name, uid=uid) social_user.put() message = _('%s association successfully added.' % provider_display_name) self.add_message(message, 'success') else: message = _('This %s account is already in use.' % provider_display_name) self.add_message(message, 'error') self.redirect_to('edit-profile') else: # login with OpenId Provider social_user = models.SocialUser.get_by_provider_and_uid( provider_name, uid) if social_user: # Social user found. Authenticate the user user = social_user.user.get() self.auth.set_session(self.auth.store.user_to_dict(user), remember=True) logVisit = models.LogVisit( user=user.key, uastring=self.request.user_agent, ip=self.request.remote_addr, timestamp=utils.get_date_time()) logVisit.put() self.redirect_to('home') else: message = _( 'This OpenID based account is not associated with a StackGeek account. ' 'Please sign in or create a StackGeek account before continuing.' ) self.add_message(message, 'warning') self.redirect_to('login') else: message = _('This authentication method is not yet implemented!') self.add_message(message, 'warning') self.redirect_to('login')