def facebook_process(request):
"""Process the facebook redirect"""
if request.GET.get('state') != request.session.get('state'):
raise CSRFError(
"CSRF Validation check failed. Request state %s is "
"not the same as session state %s" %
(request.GET.get('state'), request.session.get('state')))
config = request.registry.settings
code = request.GET.get('code')
if not code:
reason = request.GET.get('error_reason', 'No reason provided.')
return AuthenticationDenied(reason)
# Now retrieve the access token with the code
access_url = flat_url('https://graph.facebook.com/oauth/access_token',
client_id=config['velruse.facebook.app_id'],
client_secret=config['velruse.facebook.app_secret'],
redirect_uri=request.route_url('facebook_process'),
code=code)
r = requests.get(access_url)
if r.status_code != 200:
raise ThirdPartyFailure("Status %s: %s" % (r.status_code, r.content))
access_token = parse_qs(r.content)['access_token'][0]
# Retrieve profile data
graph_url = flat_url('https://graph.facebook.com/me',
access_token=access_token)
r = requests.get(graph_url)
if r.status_code != 200:
raise ThirdPartyFailure("Status %s: %s" % (r.status_code, r.content))
fb_profile = loads(r.content)
profile = extract_fb_data(fb_profile)
cred = {'oauthAccessToken': access_token}
return FacebookAuthenticationComplete(profile=profile, credentials=cred)
def callback(self, request):
"""Process the github redirect"""
sess_state = request.session.get('state')
req_state = request.GET.get('state')
if not sess_state or sess_state != req_state:
raise CSRFError(
'CSRF Validation check failed. Request state {req_state} is not '
'the same as session state {sess_state}'.format(
req_state=req_state, sess_state=sess_state))
code = request.GET.get('code')
if not code:
reason = request.GET.get('error', 'No reason provided.')
return AuthenticationDenied(reason=reason,
provider_name=self.name,
provider_type=self.type)
# Now retrieve the access token with the code
access_url = flat_url(
'%s://%s/login/oauth/access_token' % (self.protocol, self.domain),
client_id=self.consumer_key,
client_secret=self.consumer_secret,
redirect_uri=request.route_url(self.callback_route),
code=code)
r = requests.get(access_url)
if r.status_code != 200:
raise ThirdPartyFailure("Status %s: %s" %
(r.status_code, r.content))
access_token = parse_qs(r.content)['access_token'][0]
# Retrieve profile data
graph_url = flat_url('%s://api.%s/user' % (self.protocol, self.domain),
access_token=access_token)
graph_headers = dict(Accept='application/vnd.github.v3+json')
r = requests.get(graph_url, headers=graph_headers)
if r.status_code != 200:
raise ThirdPartyFailure("Status %s: %s" %
(r.status_code, r.content))
data = loads(r.content)
profile = {}
profile['accounts'] = [{
'domain': self.domain,
'username': data['login'],
'userid': data['id']
}]
profile['preferredUsername'] = data['login']
profile['displayName'] = data.get('name', profile['preferredUsername'])
# We don't add this to verifiedEmail because ppl can change email
# addresses without verifying them
if 'email' in data:
profile['emails'] = [{'value': data['email']}]
cred = {'oauthAccessToken': access_token}
return GithubAuthenticationComplete(profile=profile,
credentials=cred,
provider_name=self.name,
provider_type=self.type)
def callback(self, request):
"""Process the qq redirect"""
code = request.GET.get('code')
if not code:
reason = request.GET.get('error', 'No reason provided.')
return AuthenticationDenied(reason,
provider_name=self.name,
provider_type=self.type)
# Now retrieve the access token with the code
access_url = flat_url('https://graph.qq.com/oauth2.0/token',
client_id=self.consumer_key,
client_secret=self.consumer_secret,
grant_type='authorization_code',
redirect_uri=request.route_url(
self.callback_route),
code=code)
r = requests.get(access_url)
if r.status_code != 200:
raise ThirdPartyFailure("Status %s: %s" %
(r.status_code, r.content))
access_token = parse_qs(r.content)['access_token'][0]
# Retrieve profile data
graph_url = flat_url('https://graph.qq.com/oauth2.0/me',
access_token=access_token)
r = requests.get(graph_url)
if r.status_code != 200:
raise ThirdPartyFailure("Status %s: %s" %
(r.status_code, r.content))
data = loads(r.content[10:-3])
openid = data.get('openid', '')
user_info_url = flat_url('https://graph.qq.com/user/get_user_info',
access_token=access_token,
oauth_consumer_key=self.consumer_key,
openid=openid)
r = requests.get(user_info_url)
if r.status_code != 200:
raise ThirdPartyFailure("Status %s: %s" %
(r.status_code, r.content))
data = loads(r.content)
profile = {
'accounts': [{
'domain': 'qq.com',
'userid': openid
}],
'displayName': data['nickname'],
'preferredUsername': data['nickname'],
}
cred = {'oauthAccessToken': access_token}
return QQAuthenticationComplete(profile=profile,
credentials=cred,
provider_name=self.name,
provider_type=self.type)
def callback(self, request):
"""Process the github redirect"""
if request.GET.get('state') != request.session.get('state'):
raise CSRFError(
'CSRF Validation check failed. Request state %s is not '
'the same as session state %s' % (
request.GET.get('state'), request.session.get('state')))
code = request.GET.get('code')
if not code:
reason = request.GET.get('error', 'No reason provided.')
return AuthenticationDenied(reason=reason,
provider_name=self.name,
provider_type=self.type)
# Now retrieve the access token with the code
access_url = flat_url(
'%s://%s/login/oauth/access_token' % (self.protocol, self.domain),
client_id=self.consumer_key,
client_secret=self.consumer_secret,
redirect_uri=request.route_url(self.callback_route),
code=code)
r = requests.get(access_url)
if r.status_code != 200:
raise ThirdPartyFailure("Status %s: %s" % (
r.status_code, r.content))
access_token = parse_qs(r.content)['access_token'][0]
# Retrieve profile data
graph_url = flat_url('%s://api.%s/user' % (self.protocol, self.domain),
access_token=access_token)
graph_headers = dict(Accept='application/vnd.github.v3+json')
r = requests.get(graph_url, headers=graph_headers)
if r.status_code != 200:
raise ThirdPartyFailure("Status %s: %s" % (
r.status_code, r.content))
data = loads(r.content)
profile = {}
profile['accounts'] = [{
'domain':self.domain,
'username':data['login'],
'userid':data['id']
}]
profile['displayName'] = data['name']
profile['preferredUsername'] = data['login']
# We don't add this to verifiedEmail because ppl can change email
# addresses without verifying them
if 'email' in data:
profile['emails'] = [{'value':data['email']}]
cred = {'oauthAccessToken': access_token}
return GithubAuthenticationComplete(profile=profile,
credentials=cred,
provider_name=self.name,
provider_type=self.type)
def callback(self, request):
"""Process the qq redirect"""
code = request.GET.get('code')
if not code:
reason = request.GET.get('error', 'No reason provided.')
return AuthenticationDenied(reason,
provider_name=self.name,
provider_type=self.type)
# Now retrieve the access token with the code
access_url = flat_url(
'https://graph.qq.com/oauth2.0/token',
client_id=self.consumer_key,
client_secret=self.consumer_secret,
grant_type='authorization_code',
redirect_uri=request.route_url(self.callback_route),
code=code)
r = requests.get(access_url)
if r.status_code != 200:
raise ThirdPartyFailure("Status %s: %s" % (
r.status_code, r.content))
access_token = parse_qs(r.content)['access_token'][0]
# Retrieve profile data
graph_url = flat_url('https://graph.qq.com/oauth2.0/me',
access_token=access_token)
r = requests.get(graph_url)
if r.status_code != 200:
raise ThirdPartyFailure("Status %s: %s" % (
r.status_code, r.content))
data = loads(r.content[10:-3])
openid = data.get('openid', '')
user_info_url = flat_url('https://graph.qq.com/user/get_user_info',
access_token=access_token,
oauth_consumer_key=self.consumer_key,
openid=openid)
r = requests.get(user_info_url)
if r.status_code != 200:
raise ThirdPartyFailure("Status %s: %s" % (
r.status_code, r.content))
data = loads(r.content)
profile = {
'accounts': [{'domain':'qq.com', 'userid':openid}],
'displayName': data['nickname'],
'preferredUsername': data['nickname'],
}
cred = {'oauthAccessToken': access_token}
return QQAuthenticationComplete(profile=profile,
credentials=cred,
provider_name=self.name,
provider_type=self.type)
def callback(self, request):
"""Process the VK redirect"""
sess_state = request.session.get('state')
req_state = request.GET.get('state')
if not sess_state or sess_state != req_state:
raise CSRFError(
'CSRF Validation check failed. Request state {req_state} is not '
'the same as session state {sess_state}'.format(
req_state=req_state, sess_state=sess_state))
code = request.GET.get('code')
if not code:
reason = request.GET.get('error_description',
'No reason provided.')
return AuthenticationDenied(reason=reason,
provider_name=self.name,
provider_type=self.type)
# Now retrieve the access token with the code
access_url = flat_url(PROVIDER_ACCESS_TOKEN_URL,
client_id=self.consumer_key,
client_secret=self.consumer_secret,
redirect_uri=request.route_url(
self.callback_route),
code=code)
r = requests.get(access_url)
if r.status_code != 200:
raise ThirdPartyFailure('Status {status}: {content}'.format(
status=r.status_code, content=r.content))
data = json.loads(r.content)
access_token = data['access_token']
# Retrieve profile data
graph_url = flat_url(
PROVIDER_USER_PROFILE_URL,
access_token=access_token,
uids=data['user_id'],
fields=
('first_name,last_name,nickname,domain,sex,bdate,city,country,timezone,'
'photo,photo_medium,photo_big,photo_rec,has_mobile,mobile_phone,home_phone,'
'rate,contacts,education'))
r = requests.get(graph_url)
if r.status_code != 200:
raise ThirdPartyFailure('Status {status}: {content}'.format(
status=r.status_code, content=r.content))
vk_profile = json.loads(r.content)['response'][0]
vk_profile['uid'] = data['user_id']
profile = extract_normalize_vk_data(vk_profile)
cred = {'oauthAccessToken': access_token}
return VKAuthenticationComplete(profile=profile,
credentials=cred,
provider_name=self.name,
provider_type=self.type)
def callback(self, request):
"""Process the github redirect"""
code = request.GET.get('code')
if not code:
reason = request.GET.get('error', 'No reason provided.')
return AuthenticationDenied(reason)
# Now retrieve the access token with the code
access_url = flat_url(
'https://github.com/login/oauth/access_token',
client_id=self.consumer_key,
client_secret=self.consumer_secret,
redirect_uri=request.route_url(self.callback_route),
code=code)
r = requests.get(access_url)
content = r.content.decode('UTF-8')
if r.status_code != 200:
raise ThirdPartyFailure("Status %s: %s" % (
r.status_code, content))
access_token = parse_qs(content)['access_token'][0]
# Retrieve profile data
graph_url = flat_url('https://github.com/api/v2/json/user/show',
access_token=access_token)
r = requests.get(graph_url)
content = r.content.decode('UTF-8')
if r.status_code != 200:
raise ThirdPartyFailure("Status %s: %s" % (
r.status_code, content))
data = loads(content)['user']
profile = {}
profile['accounts'] = [{
'domain':'github.com',
'username':data['login'],
'userid':data['id']
}]
profile['displayName'] = data['name']
profile['preferredUsername'] = data['login']
# We don't add this to verifiedEmail because ppl can change email
# addresses without verifying them
if 'email' in data:
profile['emails'] = [{'value':data['email']}]
cred = {'oauthAccessToken': access_token}
return GithubAuthenticationComplete(profile=profile,
credentials=cred)
def login(self, request):
"""Initiate a taobao login"""
gh_url = flat_url('https://oauth.taobao.com/authorize',
client_id=self.consumer_key,
response_type='code',
redirect_uri=request.route_url(self.callback_route))
return HTTPFound(location=gh_url)
def login(self, request):
"""Initiate a taobao login"""
gh_url = flat_url('https://oauth.taobao.com/authorize',
client_id=self.consumer_key,
response_type='code',
redirect_uri=request.route_url(self.callback_route))
return HTTPFound(location=gh_url)
def callback(self, request):
"""Process the renren redirect"""
code = request.GET.get('code')
if not code:
reason = request.GET.get('error', 'No reason provided.')
return AuthenticationDenied(reason)
access_url = flat_url(
'https://graph.renren.com/oauth/token',
client_id=self.consumer_key,
client_secret=self.consumer_secret,
grant_type='authorization_code',
redirect_uri=request.route_url(self.callback_route),
code=code)
r = requests.get(access_url)
if r.status_code != 200:
raise ThirdPartyFailure("Status %s: %s" % (
r.status_code, r.content))
data = loads(r.content)
access_token = data['access_token']
profile = {
'accounts': [
{'domain': 'renren.com', 'userid': data['user']['id']},
],
'displayName': data['user']['name'],
'preferredUsername': data['user']['name'],
}
cred = {'oauthAccessToken': access_token}
return RenrenAuthenticationComplete(profile=profile, credentials=cred)
def callback(self, request):
"""Process the weibo redirect"""
state=request.GET.get('state')
statedata=None
if state:
statedata=urlparse.parse_qs(state)
#print 'statedata:%s'%statedata
if 'state_code' in statedata:
state_code=statedata["state_code"][0]
if state_code != request.session.get('state_code'):
raise CSRFError("CSRF Validation check failed. Request state %s is "
"not the same as session state %s" % (
state_code, request.session.get('state_code')
))
code = request.GET.get('code')
if not code:
reason = request.GET.get('error_reason', 'No reason provided.')
return AuthenticationDenied(reason)
# Now retrieve the access token with the code
r = requests.post(
'https://api.weibo.com/oauth2/access_token',
dict(
client_id=self.consumer_key,
client_secret=self.consumer_secret,
redirect_uri=request.route_url(self.callback_route),
grant_type='authorization_code',
code=code,
),
)
if r.status_code != 200:
raise ThirdPartyFailure("Status %s: %s" % (
r.status_code, r.content))
data = loads(r.content)
access_token = data['access_token']
uid = data['uid']
# Retrieve profile data
graph_url = flat_url('https://api.weibo.com/2/users/show.json',
access_token=access_token,
uid=uid)
r = requests.get(graph_url)
if r.status_code != 200:
raise ThirdPartyFailure("Status %s: %s" % (
r.status_code, r.content))
data = loads(r.content)
profile = {
'accounts': [{'domain':'weibo.com', 'userid':data['id']}],
'gender': data.get('gender'),
'displayName': data['screen_name'],
'preferredUsername': data['name'],
'profile_image_url':data['profile_image_url'],
'access_token':access_token
}
if statedata is not None and 'next' in statedata:
profile['next']=statedata['next'][0]
cred = {'oauthAccessToken': access_token}
return WeiboAuthenticationComplete(profile=profile, credentials=cred)
def renren_process(request):
"""Process the renren redirect"""
config = request.registry.settings
code = request.GET.get('code')
if not code:
reason = request.GET.get('error', 'No reason provided.')
return AuthenticationDenied(reason)
access_url = flat_url('https://graph.renren.com/oauth/token',
client_id=config['velruse.renren.app_id'],
client_secret=config['velruse.renren.app_secret'],
grant_type='authorization_code',
redirect_uri=request.route_url('renren_process'),
code=code)
r = requests.get(access_url)
if r.status_code != 200:
raise ThirdPartyFailure("Status %s: %s" % (r.status_code, r.content))
data = loads(r.content)
access_token = data['access_token']
profile = {
'accounts': [{
'domain': 'renren.com',
'userid': data['user']['id']
}],
'displayName': data['user']['name'],
'preferredUsername': data['user']['name'],
}
cred = {'oauthAccessToken': access_token}
return RenrenAuthenticationComplete(profile=profile, credentials=cred)
def callback(self, request):
"""Process the google redirect"""
sess_state = request.session.get('state')
req_state = request.GET.get('state')
if not sess_state or sess_state != req_state:
raise CSRFError(
'CSRF Validation check failed. Request state {req_state} is not '
'the same as session state {sess_state}'.format(
req_state=req_state,
sess_state=sess_state
)
)
code = request.GET.get('code')
if not code:
reason = request.GET.get('error', 'No reason provided.')
return AuthenticationDenied(reason=reason,
provider_name=self.name,
provider_type=self.type)
# Now retrieve the access token with the code
r = requests.post('%s://%s/o/oauth2/token' % (self.protocol, self.domain),
data={
'client_id': self.consumer_key,
'client_secret': self.consumer_secret,
'redirect_uri': request.route_url(self.callback_route),
'code': code,
'grant_type': 'authorization_code'
})
if r.status_code != 200:
raise ThirdPartyFailure("Status %s: %s" % (
r.status_code, r.content))
token_data = loads(r.content)
access_token = token_data['access_token']
refresh_token = token_data.get('refresh_token')
# Retrieve profile data if scopes allow
profile = {}
user_url = flat_url(
'%s://www.googleapis.com/oauth2/v1/userinfo' % self.protocol,
access_token=access_token)
r = requests.get(user_url)
if r.status_code == 200:
data = loads(r.content)
profile['accounts'] = [{
'domain': self.domain,
'username': data['email'],
'userid': data['id']
}]
profile['displayName'] = data['name']
profile['preferredUsername'] = data['email']
profile['verifiedEmail'] = data['email']
profile['emails'] = [{'value': data['email']}]
cred = {'oauthAccessToken': access_token,
'oauthRefreshToken': refresh_token}
return Google2AuthenticationComplete(profile=profile,
credentials=cred,
provider_name=self.name,
provider_type=self.type)
def callback(self, request):
"""Process the facebook redirect"""
sess_state = request.session.get('state')
req_state = request.GET.get('state')
if not sess_state or sess_state != req_state:
raise CSRFError(
'CSRF Validation check failed. Request state {req_state} is not '
'the same as session state {sess_state}'.format(
req_state=req_state,
sess_state=sess_state
)
)
code = request.GET.get('code')
if not code:
reason = request.GET.get('error_reason', 'No reason provided.')
return AuthenticationDenied(reason=reason,
provider_name=self.name,
provider_type=self.type)
# Now retrieve the access token with the code
access_url = flat_url(
'https://graph.facebook.com/oauth/access_token',
client_id=self.consumer_key,
client_secret=self.consumer_secret,
redirect_uri=request.route_url(self.callback_route),
code=code)
r = requests.get(access_url)
if r.status_code != 200:
raise ThirdPartyFailure("Status %s: %s" % (
r.status_code, r.content))
access_token = parse_qs(r.content)['access_token'][0]
# Retrieve profile data
graph_url = flat_url('https://graph.facebook.com/me',
access_token=access_token)
r = requests.get(graph_url)
if r.status_code != 200:
raise ThirdPartyFailure("Status %s: %s" % (
r.status_code, r.content))
fb_profile = loads(r.content)
profile = extract_fb_data(fb_profile)
cred = {'oauthAccessToken': access_token}
return FacebookAuthenticationComplete(profile=profile,
credentials=cred,
provider_name=self.name,
provider_type=self.type)
def callback(self, request):
"""Process the weibo redirect"""
sess_state = request.session.get('state')
req_state = request.GET.get('state')
if not sess_state or sess_state != req_state:
raise CSRFError(
'CSRF Validation check failed. Request state {req_state} is not '
'the same as session state {sess_state}'.format(
req_state=req_state, sess_state=sess_state))
code = request.GET.get('code')
if not code:
reason = request.GET.get('error_reason', 'No reason provided.')
return AuthenticationDenied(reason,
provider_name=self.name,
provider_type=self.type)
# Now retrieve the access token with the code
r = requests.post(
'https://api.weibo.com/oauth2/access_token',
dict(
client_id=self.consumer_key,
client_secret=self.consumer_secret,
redirect_uri=request.route_url(self.callback_route),
grant_type='authorization_code',
code=code,
),
)
if r.status_code != 200:
raise ThirdPartyFailure("Status %s: %s" %
(r.status_code, r.content))
data = loads(r.content)
access_token = data['access_token']
uid = data['uid']
# Retrieve profile data
graph_url = flat_url('https://api.weibo.com/2/users/show.json',
access_token=access_token,
uid=uid)
r = requests.get(graph_url)
if r.status_code != 200:
raise ThirdPartyFailure("Status %s: %s" %
(r.status_code, r.content))
data = loads(r.content)
profile = {
'accounts': [{
'domain': 'weibo.com',
'userid': data['id']
}],
'gender': data.get('gender'),
'displayName': data['screen_name'],
'preferredUsername': data['name'],
}
cred = {'oauthAccessToken': access_token}
return WeiboAuthenticationComplete(profile=profile,
credentials=cred,
provider_name=self.name,
provider_type=self.type)
def callback(self, request):
"""Process the Yandex redirect"""
sess_state = request.session.get('state')
req_state = request.GET.get('state')
if not sess_state or sess_state != req_state:
raise CSRFError(
'CSRF Validation check failed. Request state {req_state} is not '
'the same as session state {sess_state}'.format(
req_state=req_state,
sess_state=sess_state
)
)
code = request.GET.get('code')
if not code:
reason = request.GET.get('error', 'No reason provided.')
return AuthenticationDenied(
reason=reason,
provider_name=self.name,
provider_type=self.type
)
# Now retrieve the access token with the code
token_params = {
'grant_type': 'authorization_code',
'code': code,
'client_id': self.consumer_key,
'client_secret': self.consumer_secret,
}
r = requests.post(PROVIDER_ACCESS_TOKEN_URL, token_params)
if r.status_code != 200:
raise ThirdPartyFailure(
'Status {status}: {content}'.format(
status=r.status_code, content=r.content
)
)
data =json.loads(r.content)
access_token = data['access_token']
# Retrieve profile data
profile_url = flat_url(
PROVIDER_USER_PROFILE_URL,
format='json',
oauth_token=access_token
)
r = requests.get(profile_url)
if r.status_code != 200:
raise ThirdPartyFailure(
'Status {status}: {content}'.format(
status=r.status_code, content=r.content
)
)
profile = json.loads(r.content)
profile = extract_normalize_yandex_data(profile)
cred = {'oauthAccessToken': access_token}
return YandexAuthenticationComplete(
profile=profile,
credentials=cred,
provider_name=self.name,
provider_type=self.type
)
def callback(self, request):
"""Process the weibo redirect"""
sess_state = request.session.get('state')
req_state = request.GET.get('state')
if not sess_state or sess_state != req_state:
raise CSRFError(
'CSRF Validation check failed. Request state {req_state} is not '
'the same as session state {sess_state}'.format(
req_state=req_state,
sess_state=sess_state
)
)
code = request.GET.get('code')
if not code:
reason = request.GET.get('error_reason', 'No reason provided.')
return AuthenticationDenied(reason,
provider_name=self.name,
provider_type=self.type)
# Now retrieve the access token with the code
r = requests.post(
'https://api.weibo.com/oauth2/access_token',
dict(
client_id=self.consumer_key,
client_secret=self.consumer_secret,
redirect_uri=request.route_url(self.callback_route),
grant_type='authorization_code',
code=code,
),
)
if r.status_code != 200:
raise ThirdPartyFailure("Status %s: %s" % (
r.status_code, r.content))
data = loads(r.content)
access_token = data['access_token']
uid = data['uid']
# Retrieve profile data
graph_url = flat_url('https://api.weibo.com/2/users/show.json',
access_token=access_token,
uid=uid)
r = requests.get(graph_url)
if r.status_code != 200:
raise ThirdPartyFailure("Status %s: %s" % (
r.status_code, r.content))
data = loads(r.content)
profile = {
'accounts': [{'domain':'weibo.com', 'userid':data['id']}],
'gender': data.get('gender'),
'displayName': data['screen_name'],
'preferredUsername': data['name'],
}
cred = {'oauthAccessToken': access_token}
return WeiboAuthenticationComplete(profile=profile,
credentials=cred,
provider_name=self.name,
provider_type=self.type)
def callback(self, request):
"""Process the github redirect"""
code = request.GET.get('code')
if not code:
reason = request.GET.get('error', 'No reason provided.')
return AuthenticationDenied(reason)
# Now retrieve the access token with the code
access_url = flat_url(
'https://github.com/login/oauth/access_token',
client_id=self.consumer_key,
client_secret=self.consumer_secret,
redirect_uri=request.route_url(self.callback_route),
code=code)
r = requests.get(access_url)
if r.status_code != 200:
raise ThirdPartyFailure("Status %s: %s" % (
r.status_code, r.content))
access_token = parse_qs(r.content)['access_token'][0]
# Retrieve profile data
graph_url = flat_url('https://github.com/api/v2/json/user/show',
access_token=access_token)
r = requests.get(graph_url)
if r.status_code != 200:
raise ThirdPartyFailure("Status %s: %s" % (
r.status_code, r.content))
data = loads(r.content)['user']
profile = {}
profile['accounts'] = [{
'domain':'github.com',
'username':data['login'],
'userid':data['id']
}]
profile['displayName'] = data['name']
profile['preferredUsername'] = data['login']
# We don't add this to verifiedEmail because ppl can change email
# addresses without verifying them
if 'email' in data:
profile['emails'] = [{'value':data['email']}]
cred = {'oauthAccessToken': access_token}
return GithubAuthenticationComplete(profile=profile,
credentials=cred)
def login(self, request):
"""Initiate a weibo login"""
request.session['state'] = state = uuid.uuid4().hex
fb_url = flat_url('https://api.weibo.com/oauth2/authorize',
client_id=self.consumer_key,
redirect_uri=request.route_url(self.callback_route),
state=state)
return HTTPFound(location=fb_url)
def login(self, request):
"""Initiate a weibo login"""
request.session['state'] = state = uuid.uuid4().hex
fb_url = flat_url('https://api.weibo.com/oauth2/authorize',
client_id=self.consumer_key,
redirect_uri=request.route_url(self.callback_route),
state=state)
return HTTPFound(location=fb_url)
def login(self, request):
"""Initiate a Yandex login"""
request.session['state'] = state = uuid.uuid4().hex
auth_url = flat_url(PROVIDER_AUTH_URL,
client_id=self.consumer_key,
response_type='code',
state=state)
return HTTPFound(location=auth_url)
def taobao_login(request):
"""Initiate a taobao login"""
config = request.registry.settings
gh_url = flat_url('https://oauth.taobao.com/authorize',
client_id=config['velruse.taobao.app_id'],
response_type='code',
redirect_uri=request.route_url('taobao_process'))
return HTTPFound(location=gh_url)
def taobao_login(request):
"""Initiate a taobao login"""
config = request.registry.settings
gh_url = flat_url('https://oauth.taobao.com/authorize',
client_id=config['velruse.taobao.app_id'],
response_type='code',
redirect_uri=request.route_url('taobao_process'))
return HTTPFound(location=gh_url)
def callback(self, request):
"""Process the taobao redirect"""
code = request.GET.get('code')
if not code:
reason = request.GET.get('error', 'No reason provided.')
return AuthenticationDenied(reason)
# Now retrieve the access token with the code
r = requests.post(
'https://oauth.taobao.com/token',
dict(grant_type='authorization_code',
client_id=self.consumer_key,
client_secret=self.consumer_secret,
redirect_uri=request.route_url(self.callback_route),
code=code))
if r.status_code != 200:
raise ThirdPartyFailure("Status %s: %s" %
(r.status_code, r.content))
data = loads(r.content)
access_token = data['access_token']
# Retrieve profile data
params = {
'method': 'taobao.user.get',
'timestamp': time.strftime('%Y-%m-%d %H:%M:%S', time.localtime()),
'format': 'json',
'app_key': self.consumer_key,
'v': '2.0',
'sign_method': 'md5',
'fields': 'user_id,nick',
'session': access_token
}
src = self.consumer_secret\
+ ''.join(["%s%s" % (k, v) for k, v in sorted(params.items())])\
+ self.consumer_secret
params['sign'] = md5(src).hexdigest().upper()
get_user_info_url = flat_url('http://gw.api.taobao.com/router/rest',
**params)
r = requests.get(get_user_info_url)
if r.status_code != 200:
raise ThirdPartyFailure("Status %s: %s" %
(r.status_code, r.content))
data = loads(r.content)
username = data['user_get_response']['user']['nick']
userid = data['user_get_response']['user']['user_id']
profile = {
'accounts': [{
'domain': 'taobao.com',
'userid': userid
}],
'displayName': username,
'preferredUsername': username,
}
cred = {'oauthAccessToken': access_token}
return TaobaoAuthenticationComplete(profile=profile, credentials=cred)
def callback(self, request):
"""Process the taobao redirect"""
code = request.GET.get('code')
if not code:
reason = request.GET.get('error', 'No reason provided.')
return AuthenticationDenied(reason)
# Now retrieve the access token with the code
r = requests.post('https://oauth.taobao.com/token',
dict(grant_type='authorization_code',
client_id=self.consumer_key,
client_secret=self.consumer_secret,
redirect_uri=request.route_url(self.callback_route),
code=code))
if r.status_code != 200:
raise ThirdPartyFailure("Status %s: %s" % (
r.status_code, r.content))
data = loads(r.content)
access_token = data['access_token']
# Retrieve profile data
params = {
'method': 'taobao.user.get',
'timestamp': time.strftime('%Y-%m-%d %H:%M:%S', time.localtime()),
'format': 'json',
'app_key': self.consumer_key,
'v': '2.0',
'sign_method': 'md5',
'fields': 'user_id,nick,avatar,sex',
'session': access_token
}
src = self.consumer_secret\
+ ''.join(["%s%s" % (k, v) for k, v in sorted(params.items())])\
+ self.consumer_secret
params['sign'] = md5(src).hexdigest().upper()
get_user_info_url = flat_url('http://gw.api.taobao.com/router/rest',
**params)
r = requests.get(get_user_info_url)
if r.status_code != 200:
raise ThirdPartyFailure("Status %s: %s" % (r.status_code, r.content))
data = loads(r.content)
username = data['user_get_response']['user']['nick']
userid = data['user_get_response']['user']['user_id']
profile_image_url=data['user_get_response']['user']['avatar']
sex='m'
if 'sex' in data['user_get_response']['user']:
sex =data['user_get_response']['user']['sex']
profile = {
'accounts': [{'domain':'taobao.com', 'userid':userid}],
'displayName': username,
'gender':sex,
'preferredUsername': username,
'profile_image_url':profile_image_url,
'access_token':access_token
}
cred = {'oauthAccessToken': access_token}
return TaobaoAuthenticationComplete(profile=profile, credentials=cred)
def github_process(request):
"""Process the github redirect"""
config = request.registry.settings
code = request.GET.get('code')
if not code:
reason = request.GET.get('error', 'No reason provided.')
raise AuthenticationDenied(reason)
# Now retrieve the access token with the code
access_url = flat_url('https://github.com/login/oauth/access_token',
client_id=config['velruse.github.app_id'],
client_secret=config['velruse.github.app_secret'],
redirect_uri=request.route_url('github_process'),
code=code)
r = requests.get(access_url)
if r.status_code != 200:
raise ThirdPartyFailure("Status %s: %s" % (r.status_code, r.content))
access_token = parse_qs(r.content)['access_token'][0]
c = r.content
# Retrieve profile data
graph_url = flat_url('https://github.com/api/v2/json/user/show',
access_token=access_token)
r = requests.get(graph_url)
if r.status_code != 200:
raise ThirdPartyFailure("Status %s: %s" % (r.status_code, r.content))
data = loads(r.content)['user']
profile = {}
profile['providerName'] = 'GitHub'
profile['displayName'] = data['name']
profile['identifier'] = profile['preferredUsername'] = data['login']
if 'email' in data:
profile['emails'] = [data['email']]
profile['verifiedEmail'] = data['email']
cred = {'oauthAccessToken': access_token}
# Create and raise our AuthenticationComplete exception with the
# appropriate data to be passed
complete = AuthenticationComplete()
complete.profile = profile
complete.credentials = { 'oauthAccessToken': access_token }
raise complete
def github_login(request):
"""Initiate a github login"""
config = request.registry.settings
scope = config.get('velruse.github.scope',
request.POST.get('scope', ''))
gh_url = flat_url('https://github.com/login/oauth/authorize', scope=scope,
client_id=config['velruse.github.app_id'],
redirect_uri=request.route_url('github_process'))
return HTTPFound(location=gh_url)
def login(self, request):
"""Initiate a github login"""
scope = request.POST.get('scope', self.scope)
gh_url = flat_url(
'https://github.com/login/oauth/authorize',
scope=scope,
client_id=self.consumer_key,
redirect_uri=request.route_url(self.callback_route))
return HTTPFound(location=gh_url)
def weibo_login(request):
"""Initiate a weibo login"""
config = request.registry.settings
request.session['state'] = state = uuid.uuid4().hex
fb_url = flat_url('https://api.weibo.com/oauth2/authorize',
client_id=config['velruse.weibo.app_id'],
redirect_uri=request.route_url('weibo_process'),
state=state)
return HTTPFound(location=fb_url)
def login(self, request):
"""Initiate a qq login"""
scope = request.POST.get('scope', self.scope)
gh_url = flat_url('https://graph.qq.com/oauth2.0/authorize',
scope=scope,
client_id=self.consumer_key,
response_type='code',
redirect_uri=request.route_url(self.callback_route))
return HTTPFound(location=gh_url)
def weibo_login(request):
"""Initiate a weibo login"""
config = request.registry.settings
request.session['state'] = state = uuid.uuid4().hex
fb_url = flat_url('https://api.weibo.com/oauth2/authorize',
client_id=config['velruse.weibo.app_id'],
redirect_uri=request.route_url('weibo_process'),
state=state)
return HTTPFound(location=fb_url)
def login(self, request):
"""Initiate a Live login"""
scope = request.POST.get('scope', self.scope or
'wl.basic wl.emails wl.signin')
fb_url = flat_url('https://oauth.live.com/authorize', scope=scope,
client_id=self.consumer_key,
redirect_uri=request.route_url(self.callback_route),
response_type="code")
return HTTPFound(location=fb_url)
def login(self, request):
"""Initiate a qq login"""
scope = request.POST.get('scope', self.scope)
gh_url = flat_url('https://graph.qq.com/oauth2.0/authorize',
scope=scope,
client_id=self.consumer_key,
response_type='code',
redirect_uri=request.route_url(self.callback_route))
return HTTPFound(location=gh_url)
def login(self, request):
"""Initiate a github login"""
scope = request.POST.get('scope', self.scope)
gh_url = flat_url(
'%s://%s/login/oauth/authorize' % (self.protocol, self.domain),
scope=scope,
client_id=self.consumer_key,
redirect_uri=request.route_url(self.callback_route))
return HTTPFound(location=gh_url)
def callback(self, request):
"""Process the Live redirect"""
if 'error' in request.GET:
raise ThirdPartyFailure(request.GET.get('error_description',
'No reason provided.'))
code = request.GET.get('code')
if not code:
reason = request.GET.get('error_reason', 'No reason provided.')
return AuthenticationDenied(reason,
provider_name=self.name,
provider_type=self.type)
# Now retrieve the access token with the code
access_url = flat_url(
'https://oauth.live.com/token',
client_id=self.consumer_key,
client_secret=self.consumer_secret,
redirect_uri=request.route_url(self.callback_route),
grant_type="authorization_code",
code=code)
r = requests.get(access_url)
if r.status_code != 200:
raise ThirdPartyFailure("Status %s: %s" % (
r.status_code, r.content))
data = loads(r.content)
access_token = data['access_token']
# Retrieve profile data
graph_url = flat_url('https://apis.live.net/v5.0/me',
access_token=access_token)
r = requests.get(graph_url)
if r.status_code != 200:
raise ThirdPartyFailure("Status %s: %s" % (
r.status_code, r.content))
live_profile = loads(r.content)
profile = extract_live_data(live_profile)
cred = {'oauthAccessToken': access_token}
if 'refresh_token' in data:
cred['oauthRefreshToken'] = data['refresh_token']
return LiveAuthenticationComplete(profile=profile,
credentials=cred,
provider_name=self.name,
provider_type=self.type)
def callback(self, request):
"""Process the Live redirect"""
if 'error' in request.GET:
raise ThirdPartyFailure(
request.GET.get('error_description', 'No reason provided.'))
code = request.GET.get('code')
if not code:
reason = request.GET.get('error_reason', 'No reason provided.')
return AuthenticationDenied(reason,
provider_name=self.name,
provider_type=self.type)
# Now retrieve the access token with the code
access_url = flat_url('https://oauth.live.com/token',
client_id=self.consumer_key,
client_secret=self.consumer_secret,
redirect_uri=request.route_url(
self.callback_route),
grant_type="authorization_code",
code=code)
r = requests.get(access_url)
if r.status_code != 200:
raise ThirdPartyFailure("Status %s: %s" %
(r.status_code, r.content))
data = loads(r.content)
access_token = data['access_token']
# Retrieve profile data
graph_url = flat_url('https://apis.live.net/v5.0/me',
access_token=access_token)
r = requests.get(graph_url)
if r.status_code != 200:
raise ThirdPartyFailure("Status %s: %s" %
(r.status_code, r.content))
live_profile = loads(r.content)
profile = extract_live_data(live_profile)
cred = {'oauthAccessToken': access_token}
if 'refresh_token' in data:
cred['oauthRefreshToken'] = data['refresh_token']
return LiveAuthenticationComplete(profile=profile,
credentials=cred,
provider_name=self.name,
provider_type=self.type)
def callback(self, request):
"""Process the facebook redirect"""
sess_state = request.session.get('state')
req_state = request.GET.get('state')
if not sess_state or sess_state != req_state:
raise CSRFError(
'CSRF Validation check failed. Request state {req_state} is not '
'the same as session state {sess_state}'.format(
req_state=req_state, sess_state=sess_state))
code = request.GET.get('code')
if not code:
reason = request.GET.get('error_reason', 'No reason provided.')
return AuthenticationDenied(reason=reason,
provider_name=self.name,
provider_type=self.type)
# Now retrieve the access token with the code
access_url = flat_url('https://graph.facebook.com/oauth/access_token',
client_id=self.consumer_key,
client_secret=self.consumer_secret,
redirect_uri=request.route_url(
self.callback_route),
code=code)
r = requests.get(access_url)
if r.status_code != 200:
raise ThirdPartyFailure("Status %s: %s" %
(r.status_code, r.content))
access_token = parse_qs(r.content)['access_token'][0]
# Retrieve profile data
graph_url = flat_url('https://graph.facebook.com/me',
access_token=access_token)
r = requests.get(graph_url)
if r.status_code != 200:
raise ThirdPartyFailure("Status %s: %s" %
(r.status_code, r.content))
fb_profile = loads(r.content)
profile = extract_fb_data(fb_profile)
cred = {'oauthAccessToken': access_token}
return FacebookAuthenticationComplete(profile=profile,
credentials=cred,
provider_name=self.name,
provider_type=self.type)
def live_login(request):
"""Initiate a Live login"""
config = request.registry.settings
scope = config.get('velruse.live.scope',
request.POST.get('scope', 'wl.basic wl.emails wl.signin'))
fb_url = flat_url('https://oauth.live.com/authorize', scope=scope,
client_id=config['velruse.live.client_id'],
redirect_uri=request.route_url('live_process'),
response_type="code")
return HTTPFound(location=fb_url)
def renren_login(request):
"""Initiate a renren login"""
config = request.registry.settings
scope = config.get('velruse.renren.scope',
request.POST.get('scope', ''))
url = flat_url('https://graph.renren.com/oauth/authorize', scope=scope,
client_id=config['velruse.renren.app_id'],
response_type='code',
redirect_uri=request.route_url('renren_process'))
return HTTPFound(url)
def login(self, request):
"""Initiate a VK login"""
request.session['state'] = state = uuid.uuid4().hex
fb_url = flat_url(PROVIDER_AUTH_URL,
scope=self.scope,
client_id=self.consumer_key,
redirect_uri=request.route_url(self.callback_route),
response_type='code',
state=state)
return HTTPFound(location=fb_url)
def live_login(request):
"""Initiate a Live login"""
config = request.registry.settings
scope = config.get('velruse.live.scope',
request.POST.get('scope', 'wl.basic wl.emails wl.signin'))
fb_url = flat_url('https://oauth.live.com/authorize', scope=scope,
client_id=config['velruse.live.client_id'],
redirect_uri=request.route_url('live_process'),
response_type="code")
return HTTPFound(location=fb_url)
def login(self, request):
"""Initiate a facebook login"""
scope = request.POST.get('scope', self.scope)
request.session['state'] = state = uuid.uuid4().hex
fb_url = flat_url('https://www.facebook.com/dialog/oauth/',
scope=scope,
client_id=self.consumer_key,
redirect_uri=request.route_url(self.callback_route),
state=state)
return HTTPFound(location=fb_url)
def login(self, request):
"""Initiate a Live login"""
scope = request.POST.get('scope', self.scope
or 'wl.basic wl.emails wl.signin')
fb_url = flat_url('https://oauth.live.com/authorize',
scope=scope,
client_id=self.consumer_key,
redirect_uri=request.route_url(self.callback_route),
response_type="code")
return HTTPFound(location=fb_url)
def github_login(request):
"""Initiate a github login"""
config = request.registry.settings
scope = config.get('velruse.github.scope',
request.POST.get('scope', ''))
gh_url = flat_url('https://github.com/login/oauth/authorize',
scope=scope,
client_id=config['velruse.github.app_id'],
redirect_uri=request.route_url('github_process'))
return HTTPFound(location=gh_url)
def login(self, request):
request.session['velruse.state'] = state = uuid.uuid4().hex
auth_url = flat_url('https://nid.naver.com/oauth2.0/authorize',
response_type='code',
client_id=self.consumer_key,
redirect_uri=request.route_url(
self.callback_route),
state=state)
return HTTPFound(location=auth_url)
def qq_login(request):
"""Initiate a qq login"""
config = request.registry.settings
scope = config.get('velruse.qq.scope',
request.POST.get('scope', ''))
gh_url = flat_url('https://graph.qq.com/oauth2.0/authorize', scope=scope,
client_id=config['velruse.qq.app_id'],
response_type='code',
redirect_uri=request.route_url('qq_process'))
return HTTPFound(location=gh_url)
def renren_login(request):
"""Initiate a renren login"""
config = request.registry.settings
scope = config.get('velruse.renren.scope', request.POST.get('scope', ''))
url = flat_url('https://graph.renren.com/oauth/authorize',
scope=scope,
client_id=config['velruse.renren.app_id'],
response_type='code',
redirect_uri=request.route_url('renren_process'))
return HTTPFound(url)
def login(self, request):
"""Initiate a Yandex login"""
request.session['state'] = state = uuid.uuid4().hex
auth_url = flat_url(
PROVIDER_AUTH_URL,
client_id=self.consumer_key,
response_type='code',
state=state
)
return HTTPFound(location=auth_url)
def login(self, request):
"""Initiate a VK login"""
request.session['state'] = state = uuid.uuid4().hex
fb_url = flat_url(
PROVIDER_AUTH_URL,
scope=self.scope,
client_id=self.consumer_key,
redirect_uri=request.route_url(self.callback_route),
response_type='code',
state=state)
return HTTPFound(location=fb_url)
def login(self, request):
"""Initiate a github login"""
scope = request.POST.get('scope', self.scope)
request.session['state'] = state = uuid.uuid4().hex
gh_url = flat_url('%s://%s/login/oauth/authorize' %
(self.protocol, self.domain),
scope=scope,
client_id=self.consumer_key,
redirect_uri=request.route_url(self.callback_route),
state=state)
return HTTPFound(location=gh_url)
def facebook_login(request):
"""Initiate a facebook login"""
config = request.registry.settings
scope = config.get('velruse.facebook.scope',
request.POST.get('scope', ''))
request.session['state'] = state = uuid.uuid4().hex
fb_url = flat_url('https://www.facebook.com/dialog/oauth/', scope=scope,
client_id=config['velruse.facebook.app_id'],
redirect_uri=request.route_url('facebook_process'),
state=state)
return HTTPFound(location=fb_url)
def login(self, request):
"""Initiate a facebook login"""
scope = request.POST.get('scope', self.scope)
request.session['state'] = state = uuid.uuid4().hex
fb_url = flat_url(
'https://www.facebook.com/dialog/oauth/',
scope=scope,
client_id=self.consumer_key,
redirect_uri=request.route_url(self.callback_route),
state=state)
return HTTPFound(location=fb_url)
def login(self, request):
"""Initiate a renren login"""
referer=request.referer
request.session['opennexturl']=referer
scope = request.POST.get('scope', self.scope)
url = flat_url('https://graph.renren.com/oauth/authorize',
scope=scope,
client_id=self.consumer_key,
response_type='code',
redirect_uri=request.route_url(self.callback_route))
return HTTPFound(url)
def login(self, request):
"""Initiate a alfresco login"""
scope = request.POST.get('scope', self.scope)
request.session['state'] = state = uuid.uuid4().hex
gh_url = flat_url(
'%s://%s/auth/oauth/versions/2/authorize' % (self.protocol, self.domain),
scope=scope,
response_type='code',
client_id=self.consumer_key,
redirect_uri=request.route_url(self.callback_route),
state=state)
return HTTPFound(location=gh_url)
def facebook_process(request):
"""Process the facebook redirect"""
if request.GET.get('state') != request.session.get('state'):
raise CSRFError(
"CSRF Validation check failed. Request state %s is "
"not the same as session state %s" %
(request.GET.get('state'), request.session.get('state')))
config = request.registry.settings
code = request.GET.get('code')
if not code:
reason = request.GET.get('error_reason', 'No reason provided.')
raise AuthenticationDenied(reason)
# Now retrieve the access token with the code
access_url = flat_url(
'https://graph.facebook.com/oauth/access_token',
client_id=config['velruse.facebook.app_id'],
client_secret=config['velruse.facebook.app_secret'],
redirect_uri=request.route_url('facebook_process'),
code=code)
r = requests.get(access_url)
if r.status_code != 200:
raise ThirdPartyFailure("Status %s: %s" % (r.status_code, r.content))
access_token = parse_qs(r.content)['access_token'][0]
# Retrieve profile data
graph_url = flat_url(
'https://graph.facebook.com/me', access_token=access_token)
r = requests.get(graph_url)
if r.status_code != 200:
raise ThirdPartyFailure("Status %s: %s" % (r.status_code, r.content))
fb_profile = loads(r.content)
profile = extract_fb_data(fb_profile)
# Create and raise our AuthenticationComplete exception with the
# appropriate data to be passed
complete = AuthenticationComplete()
complete.profile = profile
complete.credentials = {'oauthAccessToken': access_token}
raise complete
def weibo_process(request):
"""Process the weibo redirect"""
if request.GET.get('state') != request.session.get('state'):
raise CSRFError(
"CSRF Validation check failed. Request state %s is "
"not the same as session state %s" %
(request.GET.get('state'), request.session.get('state')))
config = request.registry.settings
code = request.GET.get('code')
if not code:
reason = request.GET.get('error_reason', 'No reason provided.')
return AuthenticationDenied(reason)
# Now retrieve the access token with the code
r = requests.post(
'https://api.weibo.com/oauth2/access_token',
dict(client_id=config['velruse.weibo.app_id'],
client_secret=config['velruse.weibo.app_secret'],
redirect_uri=request.route_url('weibo_process'),
grant_type='authorization_code',
code=code))
if r.status_code != 200:
raise ThirdPartyFailure("Status %s: %s" % (r.status_code, r.content))
data = loads(r.content)
access_token = data['access_token']
uid = data['uid']
# Retrieve profile data
graph_url = flat_url('https://api.weibo.com/2/users/show.json',
access_token=access_token,
uid=uid)
r = requests.get(graph_url)
if r.status_code != 200:
raise ThirdPartyFailure("Status %s: %s" % (r.status_code, r.content))
data = loads(r.content)
profile = {
'accounts': [{
'domain': 'weibo.com',
'userid': data['id']
}],
'gender': data.get('gender'),
'displayName': data['screen_name'],
'preferredUsername': data['name'],
}
cred = {'oauthAccessToken': access_token}
return WeiboAuthenticationComplete(profile=profile, credentials=cred)
def login(self, request):
"""Initiate a google login"""
scope = ' '.join(request.POST.getall('scope')) or self.scope
request.session['state'] = state = uuid.uuid4().hex
approval_prompt = request.POST.get('approval_prompt', 'auto')
auth_url = flat_url(
'%s://%s/o/oauth2/auth' % (self.protocol, self.domain),
scope=scope,
response_type='code',
client_id=self.consumer_key,
redirect_uri=request.route_url(self.callback_route),
approval_prompt=approval_prompt,
access_type='offline',
state=state)
return HTTPFound(location=auth_url)
