def facebook_process(request):
"""Process the facebook redirect"""
if request.GET.get('state') != request.session.get('facebook_state'):
raise CSRFError(
"CSRF Validation check failed. Request state %s is "
"not the same as session state %s" %
(request.GET.get('state'), request.session.get('state')))
del request.session['facebook_state']
code = request.GET.get('code')
if not code:
reason = request.GET.get('error_reason', 'No reason provided.')
return AuthenticationDenied(reason)
cfg = ptah.get_settings(ptahcrowd.CFG_ID_AUTH, request.registry)
client_id = cfg['facebook_id']
client_secret = cfg['facebook_secret']
# Now retrieve the access token with the code
access_url = '{0}?{1}'.format(
'https://graph.facebook.com/oauth/access_token',
url_encode({
'client_id': client_id,
'client_secret': client_secret,
'redirect_uri': request.route_url('facebook_process'),
'code': code
}))
r = requests.get(access_url)
if r.status_code != 200:
raise ThirdPartyFailure("Status %s: %s" % (r.status_code, r.content))
access_token = urlparse.parse_qs(r.content)['access_token'][0]
entry = Storage.get_by_token(access_token)
if entry is not None:
return FacebookAuthenticationComplete(entry)
# Retrieve profile data
graph_url = '{0}?{1}'.format('https://graph.facebook.com/me',
url_encode({'access_token': access_token}))
r = requests.get(graph_url)
if r.status_code != 200:
raise ThirdPartyFailure("Status %s: %s" % (r.status_code, r.content))
profile = json.loads(r.content)
id = profile['id']
name = profile['name']
email = profile.get('email', '')
verified = profile.get('verified', False)
entry = Storage.create(access_token,
'facebook',
uid='{0}:{1}'.format('facebook', id),
name=name,
email=email,
verified=verified,
profile=profile)
return FacebookAuthenticationComplete(entry)
def live_process(request):
"""Process the Live redirect"""
if 'error' in request.GET:
raise ThirdPartyFailure(request.GET.get('error_description',
'No reason provided.'))
code = request.GET.get('code')
if not code:
reason = request.GET.get('error_reason', 'No reason provided.')
return AuthenticationDenied(reason)
cfg = ptah.get_settings(ptahcrowd.CFG_ID_AUTH, request.registry)
client_id = cfg['live_id']
client_secret = cfg['live_secret']
# Now retrieve the access token with the code
access_url = '{0}?{1}'.format(
'https://oauth.live.com/token',
url_encode({'client_id': client_id,
'client_secret': client_secret,
'redirect_uri': request.route_url('live_process'),
'grant_type': 'authorization_code',
'code': code}))
r = requests.get(access_url)
if r.status_code != 200:
raise ThirdPartyFailure("Status %s: %s" % (r.status_code, r.content))
data = json.loads(r.content)
access_token = data['access_token']
entry = Storage.get_by_token(access_token)
if entry is not None:
return LiveAuthenticationComplete(entry)
# Retrieve profile data
url = '{0}?{1}'.format(
'https://apis.live.net/v5.0/me',
url_encode({'access_token': access_token}))
r = requests.get(url)
if r.status_code != 200:
raise ThirdPartyFailure("Status %s: %s" % (r.status_code, r.content))
profile = json.loads(r.content)
id = profile['id']
name = profile.get('name','')
email = profile.get('emails',{}).get('preferred')
verified = bool(email)
entry = Storage.create(access_token, 'live',
uid = 'live:{0}'.format(id),
name = name,
email = email,
verified = verified,
profile = profile)
return LiveAuthenticationComplete(entry)
def facebook_process(request):
"""Process the facebook redirect"""
if request.GET.get('state') != request.session.get('facebook_state'):
raise CSRFError("CSRF Validation check failed. Request state %s is "
"not the same as session state %s" % (
request.GET.get('state'), request.session.get('state')
))
del request.session['facebook_state']
code = request.GET.get('code')
if not code:
reason = request.GET.get('error_reason', 'No reason provided.')
return AuthenticationDenied(reason)
cfg = ptah.get_settings(ptahcrowd.CFG_ID_AUTH, request.registry)
client_id = cfg['facebook_id']
client_secret = cfg['facebook_secret']
# Now retrieve the access token with the code
access_url = '{0}?{1}'.format(
'https://graph.facebook.com/oauth/access_token',
url_encode({'client_id': client_id,
'client_secret': client_secret,
'redirect_uri': request.route_url('facebook_process'),
'code': code}))
r = requests.get(access_url)
if r.status_code != 200:
raise ThirdPartyFailure("Status %s: %s" % (r.status_code, r.content))
access_token = urlparse.parse_qs(r.content)['access_token'][0]
entry = Storage.get_by_token(access_token)
if entry is not None:
return FacebookAuthenticationComplete(entry)
# Retrieve profile data
graph_url = '{0}?{1}'.format('https://graph.facebook.com/me',
url_encode({'access_token': access_token}))
r = requests.get(graph_url)
if r.status_code != 200:
raise ThirdPartyFailure("Status %s: %s" % (r.status_code, r.content))
profile = json.loads(r.content)
id = profile['id']
name = profile['name']
email = profile.get('email','')
verified = profile.get('verified', False)
entry = Storage.create(access_token, 'facebook',
uid = '{0}:{1}'.format('facebook', id),
name = name,
email = email,
verified = verified,
profile = profile)
return FacebookAuthenticationComplete(entry)
def github_process(request):
"""Process the github redirect"""
code = request.GET.get('code')
if not code:
reason = request.GET.get('error', 'No reason provided.')
return AuthenticationDenied(reason)
cfg = ptah.get_settings(ptahcrowd.CFG_ID_AUTH, request.registry)
client_id = cfg['github_id']
client_secret = cfg['github_secret']
# Now retrieve the access token with the code
access_url = '{0}?{1}'.format(
'https://github.com/login/oauth/access_token',
url_encode({
'client_id': client_id,
'client_secret': client_secret,
'redirect_uri': request.route_url('github_process'),
'code': code
}))
r = requests.get(access_url)
if r.status_code != 200:
raise ThirdPartyFailure("Status %s: %s" % (r.status_code, r.content))
try:
access_token = urlparse.parse_qs(r.content)['access_token'][0]
except:
return AuthenticationDenied("Can't get access_token.")
entry = Storage.get_by_token(access_token)
if entry is not None:
return GithubAuthenticationComplete(entry)
# Retrieve profile data
graph_url = '{0}?{1}'.format('https://github.com/api/v2/json/user/show',
url_encode({'access_token': access_token}))
r = requests.get(graph_url)
if r.status_code != 200:
raise ThirdPartyFailure("Status %s: %s" % (r.status_code, r.content))
profile = json.loads(r.content)
entry = Storage.create(access_token,
'github',
uid='github:{0}'.format(profile['user']['id']),
name=profile['user']['name'],
email=profile['user'].get('email') or '',
profile=profile)
return GithubAuthenticationComplete(entry)
def github_process(request):
"""Process the github redirect"""
code = request.GET.get('code')
if not code:
reason = request.GET.get('error', 'No reason provided.')
return AuthenticationDenied(reason)
cfg = ptah.get_settings(ptahcrowd.CFG_ID_AUTH, request.registry)
client_id = cfg['github_id']
client_secret = cfg['github_secret']
# Now retrieve the access token with the code
access_url ='{0}?{1}'.format(
'https://github.com/login/oauth/access_token',
url_encode({'client_id': client_id,
'client_secret': client_secret,
'redirect_uri': request.route_url('github_process'),
'code': code}))
r = requests.get(access_url)
if r.status_code != 200:
raise ThirdPartyFailure("Status %s: %s" % (r.status_code, r.content))
try:
access_token = urlparse.parse_qs(r.content)['access_token'][0]
except:
return AuthenticationDenied("Can't get access_token.")
entry = Storage.get_by_token(access_token)
if entry is not None:
return GithubAuthenticationComplete(entry)
# Retrieve profile data
graph_url = '{0}?{1}'.format(
'https://github.com/api/v2/json/user/show',
url_encode({'access_token': access_token}))
r = requests.get(graph_url)
if r.status_code != 200:
raise ThirdPartyFailure("Status %s: %s" % (r.status_code, r.content))
profile = json.loads(r.content)
entry = Storage.create(access_token, 'github',
uid = 'github:{0}'.format(profile['user']['id']),
name = profile['user']['name'],
email = profile['user'].get('email') or '',
profile = profile)
return GithubAuthenticationComplete(entry)
def google_process(request):
"""Process the google redirect"""
code = request.GET.get('code')
if not code:
reason = request.GET.get('error', 'No reason provided.')
return AuthenticationDenied(reason)
cfg = ptah.get_settings(ptahcrowd.CFG_ID_AUTH, request.registry)
client_id = cfg['google_id']
client_secret = cfg['google_secret']
# Now retrieve the access token with the code
r = requests.post('https://accounts.google.com/o/oauth2/token',
{'client_id': client_id,
'client_secret': client_secret,
'redirect_uri': request.route_url('google_process'),
'grant_type': 'authorization_code',
'code': code})
if r.status_code != 200:
raise ThirdPartyFailure("Status %s: %s" % (r.status_code, r.content))
try:
access_token = json.loads(r.content)['access_token']
except:
return AuthenticationDenied("Can't get access_token.")
entry = Storage.get_by_token(access_token)
if entry is not None:
return GoogleAuthenticationComplete(entry)
# Retrieve profile data
graph_url = '{0}?{1}'.format(
'https://www.googleapis.com/oauth2/v1/userinfo',
url_encode({'access_token': access_token}))
r = requests.get(graph_url)
if r.status_code != 200:
raise ThirdPartyFailure("Status %s: %s" % (r.status_code, r.content))
data = json.loads(r.content)
id = data['id']
name = data['name']
email = data.get('email', '')
entry = Storage.create(access_token, 'google',
uid = '{0}:{1}'.format('google', id),
name = name,
email = email,
verified = True,
profile = data)
return GoogleAuthenticationComplete(entry)
def google_process(request):
"""Process the google redirect"""
code = request.GET.get('code')
if not code:
reason = request.GET.get('error', 'No reason provided.')
return AuthenticationDenied(reason)
cfg = ptah.get_settings(ptahcrowd.CFG_ID_AUTH, request.registry)
client_id = cfg['google_id']
client_secret = cfg['google_secret']
# Now retrieve the access token with the code
r = requests.post('https://accounts.google.com/o/oauth2/token',
{'client_id': client_id,
'client_secret': client_secret,
'redirect_uri': request.route_url('google_process'),
'grant_type': 'authorization_code',
'code': code})
if r.status_code != 200:
raise ThirdPartyFailure("Status %s: %s" % (r.status_code, r.content))
try:
access_token = json.loads(r.content)['access_token']
except:
return AuthenticationDenied("Can't get access_token.")
entry = Storage.get_by_token(access_token)
if entry is not None:
return GoogleAuthenticationComplete(entry)
# Retrieve profile data
graph_url = '{0}?{1}'.format(
'https://www.googleapis.com/oauth2/v1/userinfo',
url_encode({'access_token': access_token}))
r = requests.get(graph_url)
if r.status_code != 200:
raise ThirdPartyFailure("Status %s: %s" % (r.status_code, r.content))
data = json.loads(r.content)
id = data['id']
name = data['name']
email = data.get('email', '')
entry = Storage.create(access_token, 'google',
uid = '{0}:{1}'.format('google', id),
name = name,
email = email,
verified = True,
profile = data)
return GoogleAuthenticationComplete(entry)
def google_login(request):
"""Initiate a google login"""
cfg = ptah.get_settings(ptahcrowd.CFG_ID_AUTH, request.registry)
client_id = cfg['google_id']
go_url = '{0}?{1}&scope=https://www.googleapis.com/auth/userinfo.profile+https://www.googleapis.com/auth/userinfo.email'.format(
'https://accounts.google.com/o/oauth2/auth',
url_encode({'client_id': client_id,
'redirect_uri': request.route_url('google_process'),
'response_type': 'code'}))
return HTTPFound(location=go_url)
def github_login(request):
"""Initiate a github login"""
cfg = ptah.get_settings(ptahcrowd.CFG_ID_AUTH, request.registry)
scope = cfg['github_scope']
client_id = cfg['github_id']
gh_url = '{0}?{1}'.format(
'https://github.com/login/oauth/authorize',
url_encode({'scope': scope,
'client_id': client_id,
'redirect_uri': request.route_url('github_process')}))
return HTTPFound(location=gh_url)
def live_login(request):
"""Initiate a Live login"""
cfg = ptah.get_settings(ptahcrowd.CFG_ID_AUTH, request.registry)
scope = 'wl.basic wl.emails wl.signin'
client_id = cfg['live_id']
live_url = 'https://oauth.live.com/authorize?{0}&redirect_uri={1}'.format(
url_encode({'scope': scope,
'client_id': client_id,
'response_type': "code"}),
request.route_url('live_process'))
return HTTPFound(location=live_url)
def live_login(request):
"""Initiate a Live login"""
cfg = ptah.get_settings(ptahcrowd.CFG_ID_AUTH, request.registry)
scope = 'wl.basic wl.emails wl.signin'
client_id = cfg['live_id']
live_url = 'https://oauth.live.com/authorize?{0}&redirect_uri={1}'.format(
url_encode({
'scope': scope,
'client_id': client_id,
'response_type': "code"
}), request.route_url('live_process'))
return HTTPFound(location=live_url)
def github_login(request):
"""Initiate a github login"""
cfg = ptah.get_settings(ptahcrowd.CFG_ID_AUTH, request.registry)
scope = cfg['github_scope']
client_id = cfg['github_id']
gh_url = '{0}?{1}'.format(
'https://github.com/login/oauth/authorize',
url_encode({
'scope': scope,
'client_id': client_id,
'redirect_uri': request.route_url('github_process')
}))
return HTTPFound(location=gh_url)
def update(self):
request = self.request
context = getattr(request, 'context', None)
if context is None:
context = getattr(request, 'root', None)
if context is None:
root_factory = request.registry.queryUtility(
IRootFactory, default=DefaultRootFactory)
context = root_factory(request)
request.root = context
self.__parent__ = context
CFG = ptah.get_settings(ptahcrowd.CFG_ID_CROWD, self.request.registry)
user = ptah.auth_service.get_userid()
if user is not None:
user = ptah.auth_service.get_current_principal()
if user is None:
request.response.headers = security.forget(request)
if user is None:
loginurl = CFG['login-url']
if loginurl and not loginurl.startswith(('http://', 'https://')):
loginurl = self.application_url + loginurl
elif not loginurl:
loginurl = self.application_url + '/login.html'
location = '%s?%s' % (loginurl,
url_encode({'came_from': request.url}))
request.add_message(
_('To access this part of the site, you need to log in with your credentials.'
), 'info')
response = request.response
response.status = HTTPFound.code
response.headers['location'] = location
return response
PTAH = ptah.get_settings(ptah.CFG_ID_PTAH, self.request.registry)
self.email_address = PTAH['email_from_address']
self.request.response.status = HTTPForbidden.code
def update(self):
request = self.request
context = getattr(request, 'context', None)
if context is None:
context = getattr(request, 'root', None)
if context is None:
root_factory = request.registry.queryUtility(
IRootFactory, default=DefaultRootFactory)
context = root_factory(request)
request.root = context
self.__parent__ = context
CFG = ptah.get_settings(ptahcrowd.CFG_ID_CROWD, self.request.registry)
user = ptah.auth_service.get_userid()
if user is not None:
user = ptah.auth_service.get_current_principal()
if user is None:
request.response.headers = security.forget(request)
if user is None:
loginurl = CFG['login-url']
if loginurl and not loginurl.startswith(('http://', 'https://')):
loginurl = self.application_url + loginurl
elif not loginurl:
loginurl = self.application_url + '/login.html'
location = '%s?%s'%(
loginurl, url_encode({'came_from': request.url}))
request.add_message(_('To access this part of the site, you need to log in with your credentials.'), 'info')
response = request.response
response.status = HTTPFound.code
response.headers['location'] = location
return response
PTAH = ptah.get_settings(ptah.CFG_ID_PTAH, self.request.registry)
self.email_address = PTAH['email_from_address']
self.request.response.status = HTTPForbidden.code
def facebook_login(request):
"""Initiate a facebook login"""
cfg = ptah.get_settings(ptahcrowd.CFG_ID_AUTH, request.registry)
scope = cfg['facebook_scope']
if scope and 'email' not in scope:
scope = '%s,email'%scope
elif not scope:
scope = 'email'
client_id = cfg['facebook_id']
request.session['facebook_state'] = state = uuid.uuid4().hex
fb_url = '{0}?{1}'.format(
'https://www.facebook.com/dialog/oauth/',
url_encode({'scope': scope,
'client_id': client_id,
'redirect_uri': request.route_url('facebook_process'),
'state': state}))
return HTTPFound(location=fb_url)
def facebook_login(request):
"""Initiate a facebook login"""
cfg = ptah.get_settings(ptahcrowd.CFG_ID_AUTH, request.registry)
scope = cfg['facebook_scope']
if scope and 'email' not in scope:
scope = '%s,email' % scope
elif not scope:
scope = 'email'
client_id = cfg['facebook_id']
request.session['facebook_state'] = state = uuid.uuid4().hex
fb_url = '{0}?{1}'.format(
'https://www.facebook.com/dialog/oauth/',
url_encode({
'scope': scope,
'client_id': client_id,
'redirect_uri': request.route_url('facebook_process'),
'state': state
}))
return HTTPFound(location=fb_url)
def facebook_process(request):
"""Process the facebook redirect"""
print request.GET
# get session
st = request.GET.get('state').split(',')[-1]
manager = ptah.sockjs.get_session_manager(request.registry)
try:
session = manager.get(st)
except:
raise HTTPBadRequest("No session")
code = request.GET.get('code')
if not code:
raise HTTPBadRequest("No reason")
# auth
cfg = ptah.get_settings(CFG_ID_AUTH, request.registry)
client_id = cfg['facebook_id']
client_secret = cfg['facebook_secret']
# Now retrieve the access token with the code
access_url = '{0}?{1}'.format(
'https://graph.facebook.com/oauth/access_token',
url_encode({'client_id': client_id,
'client_secret': client_secret,
'redirect_uri': request.route_url('facebook_process'),
'code': code}))
r = requests.get(access_url)
if r.status_code != 200:
raise HTTPBadRequest("Status %s: %s" % (r.status_code, r.content))
access_token = urlparse.parse_qs(r.content)['access_token'][0]
with ptah.sa_session() as sa:
user = User.get_bytoken(access_token)
if user is not None:
protocol = session.protocols.get('gallery')
protocol.auth(user)
response = request.response
response.content_type = 'text/html'
response.body = close
return response
# Retrieve profile data
graph_url = '{0}?{1}'.format('https://graph.facebook.com/me',
url_encode({'access_token': access_token}))
r = requests.get(graph_url)
if r.status_code != 200:
raise HTTPBadRequest("Status %s: %s" % (r.status_code, r.content))
profile = ptah.json.loads(r.content)
id = profile['id']
name = profile['name']
email = profile.get('email','').lower()
with ptah.sa_session() as sa:
sa.query(User).filter(User.email == email).delete()
user = User(
token = access_token,
source = 'facebook',
name = name, email = email)
sa.add(user)
sa.flush()
protocol = session.protocols.get('gallery')
protocol.auth(user)
response = request.response
response.content_type = 'text/html'
response.body = close
return response
def live_process(request):
"""Process the Live redirect"""
if 'error' in request.GET:
raise ThirdPartyFailure(
request.GET.get('error_description', 'No reason provided.'))
code = request.GET.get('code')
if not code:
reason = request.GET.get('error_reason', 'No reason provided.')
return AuthenticationDenied(reason)
cfg = ptah.get_settings(ptahcrowd.CFG_ID_AUTH, request.registry)
client_id = cfg['live_id']
client_secret = cfg['live_secret']
# Now retrieve the access token with the code
access_url = '{0}?{1}'.format(
'https://oauth.live.com/token',
url_encode({
'client_id': client_id,
'client_secret': client_secret,
'redirect_uri': request.route_url('live_process'),
'grant_type': 'authorization_code',
'code': code
}))
r = requests.get(access_url)
if r.status_code != 200:
raise ThirdPartyFailure("Status %s: %s" % (r.status_code, r.content))
data = json.loads(r.content)
access_token = data['access_token']
entry = Storage.get_by_token(access_token)
if entry is not None:
return LiveAuthenticationComplete(entry)
# Retrieve profile data
url = '{0}?{1}'.format('https://apis.live.net/v5.0/me',
url_encode({'access_token': access_token}))
r = requests.get(url)
if r.status_code != 200:
raise ThirdPartyFailure("Status %s: %s" % (r.status_code, r.content))
profile = json.loads(r.content)
id = profile['id']
name = profile.get('name', '')
email = profile.get('emails', {}).get('preferred')
verified = bool(email)
entry = Storage.create(access_token,
'live',
uid='live:{0}'.format(id),
name=name,
email=email,
verified=verified,
profile=profile)
return LiveAuthenticationComplete(entry)
def facebook_process(request):
"""Process the facebook redirect"""
print request.GET
# get session
st = request.GET.get('state').split(',')[-1]
manager = ptah.sockjs.get_session_manager(request.registry)
try:
session = manager.get(st)
except:
raise HTTPBadRequest("No session")
code = request.GET.get('code')
if not code:
raise HTTPBadRequest("No reason")
# auth
cfg = ptah.get_settings(CFG_ID_AUTH, request.registry)
client_id = cfg['facebook_id']
client_secret = cfg['facebook_secret']
# Now retrieve the access token with the code
access_url = '{0}?{1}'.format(
'https://graph.facebook.com/oauth/access_token',
url_encode({
'client_id': client_id,
'client_secret': client_secret,
'redirect_uri': request.route_url('facebook_process'),
'code': code
}))
r = requests.get(access_url)
if r.status_code != 200:
raise HTTPBadRequest("Status %s: %s" % (r.status_code, r.content))
access_token = urlparse.parse_qs(r.content)['access_token'][0]
with ptah.sa_session() as sa:
user = User.get_bytoken(access_token)
if user is not None:
protocol = session.protocols.get('gallery')
protocol.auth(user)
response = request.response
response.content_type = 'text/html'
response.body = close
return response
# Retrieve profile data
graph_url = '{0}?{1}'.format('https://graph.facebook.com/me',
url_encode({'access_token': access_token}))
r = requests.get(graph_url)
if r.status_code != 200:
raise HTTPBadRequest("Status %s: %s" % (r.status_code, r.content))
profile = ptah.json.loads(r.content)
id = profile['id']
name = profile['name']
email = profile.get('email', '').lower()
with ptah.sa_session() as sa:
sa.query(User).filter(User.email == email).delete()
user = User(token=access_token,
source='facebook',
name=name,
email=email)
sa.add(user)
sa.flush()
protocol = session.protocols.get('gallery')
protocol.auth(user)
response = request.response
response.content_type = 'text/html'
response.body = close
return response
