def auth_complete(self, *args, **kwargs):
"""Completes loging process, must return user instance"""
if self.data.get('error'):
error = self.data.get('error_description') or self.data['error']
raise AuthFailed(self, error)
state = self.validate_state()
client_id, client_secret = self.get_key_and_secret()
params = {
'grant_type': 'authorization_code', # request auth code
'code': self.data.get('code', ''), # server response code
'client_id': client_id,
'client_secret': client_secret,
'redirect_uri': self.get_redirect_uri(state)
}
headers = {
'Content-Type': 'application/x-www-form-urlencoded',
'Accept': 'application/json'
}
request = Request(self.ACCESS_TOKEN_URL,
data=urlencode(params),
headers=headers)
try:
response = simplejson.loads(dsa_urlopen(request).read())
except HTTPError, e:
if e.code == 400:
raise AuthCanceled(self)
else:
raise
def process_error(self, data):
if self.data.get('error'):
error = self.data.get('error_description') or self.data['error']
if self.data['error'] == 'access_denied':
raise AuthCanceled(self, error)
else:
raise AuthFailed(self, error)
def response(self):
if not hasattr(self, '_response'):
if self.data.get('error'):
error = self.data.get(
'error_description') or self.data['error']
raise AuthFailed(self, error)
state = self.validate_state()
client_id, client_secret = self.get_key_and_secret()
params = {
'grant_type': 'authorization_code', # request auth code
'code': self.data.get('code', ''), # server response code
'client_id': client_id,
'client_secret': client_secret,
'redirect_uri': self.get_redirect_uri(state)
}
headers = {
'Content-Type': 'application/x-www-form-urlencoded',
'Accept': 'application/json'
}
request = Request(self.ACCESS_TOKEN_URL,
data=urlencode(params),
headers=headers)
try:
self._response = simplejson.loads(dsa_urlopen(request).read())
except HTTPError, e:
if e.code == 400:
raise AuthCanceled(self)
else:
raise
except (ValueError, KeyError):
raise AuthUnknownError(self)
def auth_complete(self, *args, **kwargs):
"""Completes login process, must return user instance"""
print dir(self)
if 'denied' in self.data:
raise AuthCanceled(self)
else:
return super(DoubanAuth, self).auth_complete(*args, **kwargs)
def auth_complete(self, *args, **kwargs):
"""Complete auth process. Check LinkedIn error response."""
oauth_problem = self.request.GET.get('oauth_problem')
if oauth_problem:
if oauth_problem == 'user_refused':
raise AuthCanceled(self, '')
else:
raise AuthUnknownError(self,
'LinkedIn error was %s' % oauth_problem)
return super(LinkedinAuth, self).auth_complete(*args, **kwargs)
class ShopifyAuth(BaseOAuth2):
"""Shopify OAuth authentication mechanism"""
AUTH_BACKEND = ShopifyBackend
SETTINGS_KEY_NAME = 'SHOPIFY_APP_API_KEY'
SETTINGS_SECRET_NAME = 'SHOPIFY_SHARED_SECRET'
# Look at http://api.shopify.com/authentication.html#scopes
SCOPE_VAR_NAME = 'SHOPIFY_SCOPE'
def __init__(self, request, redirect):
super(ShopifyAuth, self).__init__(request, redirect)
fp, pathname, description = imp.find_module('shopify')
self.shopifyAPI = imp.load_module('shopify', fp, pathname, description)
def auth_url(self):
self.shopifyAPI.Session.setup(api_key=setting('SHOPIFY_APP_API_KEY'),
secret=setting('SHOPIFY_SHARED_SECRET'))
scope = self.get_scope()
state = self.state_token()
self.request.session[self.AUTH_BACKEND.name + '_state'] = state
redirect_uri = self.get_redirect_uri(state)
permission_url = self.shopifyAPI.Session.create_permission_url(
self.request.GET.get('shop').strip(),
scope=scope, redirect_uri=redirect_uri
)
return permission_url
def auth_complete(self, *args, **kwargs):
"""Completes login process, must return user instance"""
access_token = None
if self.data.get('error'):
error = self.data.get('error_description') or self.data['error']
raise AuthFailed(self, error)
client_id, client_secret = self.get_key_and_secret()
try:
shop_url = self.request.GET.get('shop')
self.shopifyAPI.Session.setup(
api_key=setting('SHOPIFY_APP_API_KEY'),
secret=setting('SHOPIFY_SHARED_SECRET')
)
shopify_session = self.shopifyAPI.Session(shop_url,
self.request.REQUEST)
access_token = shopify_session.token
except self.shopifyAPI.ValidationException, e:
raise AuthCanceled(self)
except HTTPError, e:
if e.code == 400:
raise AuthCanceled(self)
else:
raise
def auth_complete(self, *args, **kwargs):
"""Completes loging process, must return user instance"""
self.process_error(self.data)
params = self.auth_complete_params(self.validate_state())
request = Request(self.ACCESS_TOKEN_URL, data=urlencode(params),
headers=self.auth_complete_headers())
try:
response = simplejson.loads(dsa_urlopen(request).read())
except HTTPError, e:
if e.code == 400:
raise AuthCanceled(self)
else:
raise
def auth_complete(self, *args, **kwargs):
"""Completes loging process, must return user instance"""
access_token = None
response = self.response
if 'code' in self.data:
access_token = self.response['access_token'][0]
if 'expires' in self._response:
expires = self.response['expires'][0]
if 'signed_request' in self.data:
if response is not None:
access_token = response.get('access_token') or \
response.get('oauth_token') or \
self.data.get('access_token')
if 'expires' in self._response:
expires = response['expires']
if access_token:
data = self.user_data(access_token)
if not isinstance(data, dict):
# From time to time Facebook responds back a JSON with just
# False as value, the reason is still unknown, but since the
# data is needed (it contains the user ID used to identify the
# account on further logins), this app cannot allow it to
# continue with the auth process.
raise AuthUnknownError(
self, 'An error ocurred while '
'retrieving users Facebook '
'data')
data['access_token'] = access_token
# expires will not be part of response if offline access
# premission was requested
if expires:
data['expires'] = expires
kwargs.update({
'auth': self,
'response': data,
self.AUTH_BACKEND.name: True
})
return authenticate(*args, **kwargs)
else:
if self.data.get('error') == 'access_denied':
raise AuthCanceled(self)
else:
raise AuthException(self)
def auth_complete(self, *args, **kwargs):
"""Completes loging process, must return user instance"""
access_token = None
expires = None
if 'code' in self.data:
state = self.validate_state()
url = ACCESS_TOKEN + urlencode({
'client_id':
backend_setting(self, self.SETTINGS_KEY_NAME),
'redirect_uri':
self.get_redirect_uri(state),
'client_secret':
backend_setting(self, self.SETTINGS_SECRET_NAME),
'code':
self.data['code']
})
try:
response = cgi.parse_qs(dsa_urlopen(url).read())
except HTTPError:
raise AuthFailed(
self, 'There was an error authenticating '
'the app')
access_token = response['access_token'][0]
if 'expires' in response:
expires = response['expires'][0]
if 'signed_request' in self.data:
response = load_signed_request(
self.data.get('signed_request'),
backend_setting(self, self.SETTINGS_SECRET_NAME))
if response is not None:
access_token = response.get('access_token') or \
response.get('oauth_token') or \
self.data.get('access_token')
if 'expires' in response:
expires = response['expires']
if access_token:
return self.do_auth(access_token, expires=expires, *args, **kwargs)
else:
if self.data.get('error') == 'access_denied':
raise AuthCanceled(self)
else:
raise AuthException(self)
def auth_complete(self, *args, **kwargs):
"""Completes loging process, must return user instance"""
if self.data.get('error'):
error = self.data.get('error_description') or self.data['error']
raise AuthFailed(self, error)
state = self.validate_state()
client_id, client_secret = self.get_key_and_secret()
params = {
'grant_type': 'authorization_code', # request auth code
'code': self.data.get('code', ''), # server response code
'client_id': client_id,
'client_secret': client_secret,
'redirect_uri': self.get_redirect_uri(state)
}
headers = {
'Content-Type': 'application/x-www-form-urlencoded',
'Accept': 'application/json'
}
#request = Request(self.ACCESS_TOKEN_URL, data=urlencode(params),
# headers=headers)
try:
#response = simplejson.loads(urlopen(request).read())
http_response = requests.post(self.ACCESS_TOKEN_URL,
data=params,
headers=headers)
if http_response.status_code == 200:
response = simplejson.loads(http_response.text)
else:
raise AuthCanceled(self)
except (ValueError, KeyError):
raise AuthUnknownError(self)
if response.get('error'):
error = response.get('error_description') or response.get('error')
raise AuthFailed(self, error)
else:
data = self.user_data(response['access_token'], response)
response.update(data or {})
kwargs.update({
'auth': self,
'response': response,
self.AUTH_BACKEND.name: True
})
return authenticate(*args, **kwargs)
def auth_complete(self, *args, **kwargs):
"""Return user, might be logged in"""
name = self.AUTH_BACKEND.name + 'unauthorized_token_name'
unauthed_token = self.request.session.get(name)
if not unauthed_token:
raise AuthTokenError('Missing unauthorized token')
token = Token.from_string(unauthed_token)
if token.key != self.data.get('oauth_token', 'no-token'):
raise AuthTokenError('Incorrect tokens')
try:
access_token = self.access_token(token)
except HTTPError, e:
if e.code == 400:
raise AuthCanceled(self)
else:
raise
def auth_complete(self, *args, **kwargs):
"""Complete auth process"""
response = self.consumer().complete(dict(self.data.items()),
self.request.build_absolute_uri())
if not response:
raise AuthException(self, 'OpenID relying party endpoint')
elif response.status == SUCCESS:
kwargs.update({
'auth': self,
'response': response,
self.AUTH_BACKEND.name: True
})
return authenticate(*args, **kwargs)
elif response.status == FAILURE:
raise AuthFailed(self, response.message)
elif response.status == CANCEL:
raise AuthCanceled(self)
else:
raise AuthUnknownError(self, response.status)
def auth_complete(self, *args, **kwargs):
"""Completes login process, must return user instance"""
access_token = None
if self.data.get('error'):
error = self.data.get('error_description') or self.data['error']
raise AuthFailed(self, error)
client_id, client_secret = self.get_key_and_secret()
try:
shop_url = self.request.GET.get('shop')
self.shopifyAPI.Session.setup(
api_key=setting('SHOPIFY_APP_API_KEY'),
secret=setting('SHOPIFY_SHARED_SECRET')
)
shopify_session = self.shopifyAPI.Session(shop_url,
self.request.REQUEST)
access_token = shopify_session.token
except self.shopifyAPI.ValidationException, e:
raise AuthCanceled(self)
def auth_complete(self, *args, **kwargs):
"""Yammer API is a little strange"""
if 'error' in self.data:
logging.error("%s: %s:\n%s" %
(self.data('error'), self.data('error_reason'),
self.data('error_description')))
raise AuthCanceled(self)
# now we need to clean up the data params
data = dict(self.data.copy())
redirect_state = data.get('redirect_state')
try:
parts = redirect_state.split('?')
data['redirect_state'] = parts[0]
extra = parse_qs(parts[1])
data['code'] = extra['code'][0]
self.data = MergeDict(data)
except Exception as e:
logging.exception(e)
return super(YammerOAuth2, self).auth_complete(*args, **kwargs)
def auth_complete(self, *args, **kwargs):
"""Completes loging process, must return user instance"""
if 'code' not in self.data:
if self.data.get('error') == 'access_denied':
raise AuthCanceled(self)
else:
raise AuthException(self)
url = ACCESS_TOKEN + urlencode(
{
'client_id': setting('FACEBOOK_APP_ID'),
'redirect_uri': self.redirect_uri,
'client_secret': setting('FACEBOOK_API_SECRET'),
'code': self.data['code']
})
try:
response = cgi.parse_qs(urlopen(url).read())
except HTTPError:
raise AuthFailed(self, 'There was an error authenticating the app')
access_token = response['access_token'][0]
data = self.user_data(access_token)
if data is not None:
data['access_token'] = access_token
# expires will not be part of response if offline access
# premission was requested
if 'expires' in response:
data['expires'] = response['expires'][0]
kwargs.update({
'auth': self,
'response': data,
self.AUTH_BACKEND.name: True
})
return authenticate(*args, **kwargs)
def auth_complete(self, *args, **kwargs):
"""Completes loging process, must return user instance"""
access_token = None
expires = None
if 'code' in self.data:
state = self.validate_state()
url = ACCESS_TOKEN + urlencode(
{
'client_id': setting('FACEBOOK_APP_ID'),
'redirect_uri': self.get_redirect_uri(state),
'client_secret': setting('FACEBOOK_API_SECRET'),
'code': self.data['code']
})
try:
response = cgi.parse_qs(urlopen(url).read())
except HTTPError:
raise AuthFailed(self, 'There was an error authenticating ' \
'the app')
access_token = response['access_token'][0]
if 'expires' in response:
expires = response['expires'][0]
if 'signed_request' in self.data:
response = load_signed_request(self.data.get('signed_request'))
if response is not None:
access_token = response.get('access_token') or \
response.get('oauth_token') or \
self.data.get('access_token')
if 'expires' in response:
expires = response['expires']
if access_token:
data = self.user_data(access_token)
if not isinstance(data, dict):
# From time to time Facebook responds back a JSON with just
# False as value, the reason is still unknown, but since the
# data is needed (it contains the user ID used to identify the
# account on further logins), this app cannot allow it to
# continue with the auth process.
raise AuthUnknownError(self, 'An error ocurred while ' \
'retrieving users Facebook ' \
'data')
data['access_token'] = access_token
# expires will not be part of response if offline access
# premission was requested
if expires:
data['expires'] = expires
kwargs.update({
'auth': self,
'response': data,
self.AUTH_BACKEND.name: True
})
return authenticate(*args, **kwargs)
else:
if self.data.get('error') == 'access_denied':
raise AuthCanceled(self)
else:
raise AuthException(self)
def auth_complete(self, *args, **kwargs):
try:
return super(MailruOAuth2, self).auth_complete(*args, **kwargs)
except HTTPError: # Mail.ru returns HTTPError 400 if cancelled
raise AuthCanceled(self)
def auth_complete(self, *args, **kwargs):
"""Completes loging process, must return user instance"""
if 'denied' in self.data:
raise AuthCanceled(self)
else:
return super(TwitterAuth, self).auth_complete(*args, **kwargs)
