Example #1
0
def twitter_login(request):
    settings = request.registry.settings
    request_token_url = settings['twitter_request_token_url']
    oauth_callback_url = request.route_url('twitter_callback')

    params = (
        ('oauth_callback', oauth_callback_url),
        )

    auth = auth_header('POST', request_token_url, params, settings)

    response = requests.post(request_token_url, data='',
                             headers={'Authorization': auth})

    if response.status_code != 200:
        return HTTPUnauthorized(response.text)

    response_args = dict(urlparse.parse_qsl(response.text))
    if response_args['oauth_callback_confirmed'] != 'true':
        return HTTPUnauthorized('oauth_callback_confirmed is not true')

    #oauth_token_secret = response_args['oauth_token_secret']
    oauth_token = response_args['oauth_token']
    request.session['oauth_token'] = oauth_token
    if 'next_url' in request.params:
        request.session['next_url'] = request.params['next_url']

    authorize_url = '%s?oauth_token=%s' % (
        settings['twitter_authenticate_url'], oauth_token
        )
    return HTTPFound(location=authorize_url)
Example #2
0
def twitter_login(request):
    settings = request.registry.settings
    request_token_url = settings['twitter_request_token_url']
    oauth_callback_url = request.route_url('twitter_callback')

    params = (
        ('oauth_callback', oauth_callback_url),
    )

    auth = auth_header('POST', request_token_url, params, settings)

    response = requests.post(request_token_url, data='',
                             headers={'Authorization': auth})

    if response.status_code != 200:
        return HTTPUnauthorized(response.text)

    response_args = dict(urlparse.parse_qsl(response.text))
    if response_args['oauth_callback_confirmed'] != 'true':
        return HTTPUnauthorized('oauth_callback_confirmed is not true')

    # oauth_token_secret = response_args['oauth_token_secret']
    oauth_token = response_args['oauth_token']
    request.session['oauth_token'] = oauth_token
    if 'next_url' in request.params:
        request.session['next_url'] = request.params['next_url']

    authorize_url = '%s?oauth_token=%s' % (
        settings['twitter_authenticate_url'], oauth_token
    )
    return HTTPFound(location=authorize_url)
 def test_auth_header(self):
     # this example is taken from
     # https://dev.twitter.com/docs/auth/implementing-sign-twitter
     settings = {
         'twitter_consumer_key': 'cChZNFj6T5R0TigYB9yd1w',
         'twitter_consumer_secret': 'L8qq9PZyRg6ieKGEKhZolGC0vJWLw8iEJ88DRdyOg',
         }
     params = (
         ('oauth_callback', 'http://localhost/sign-in-with-twitter/'),
         )
     token = ''
     nc = 'ea9ec8429b68d6b77cd5600adbbb0456'
     ts = 1318467427
     res = auth_header('post', 'https://api.twitter.com/oauth/request_token',
                       params, settings, token, nc, ts)
     expected = 'OAuth oauth_callback="http%3A%2F%2Flocalhost%2Fsign-in-with-twitter%2F", oauth_consumer_key="cChZNFj6T5R0TigYB9yd1w", oauth_nonce="ea9ec8429b68d6b77cd5600adbbb0456", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1318467427", oauth_version="1.0", oauth_signature="F1Li3tvehgcraF8DMJ7OyxO4w9Y%3D"'
     self.assertEqual(res, expected)
 def test_auth_header(self):
     # this example is taken from
     # https://dev.twitter.com/docs/auth/implementing-sign-twitter
     settings = {
         'twitter_consumer_key': 'cChZNFj6T5R0TigYB9yd1w',
         'twitter_consumer_secret': 'L8qq9PZyRg6ieKGEKhZolGC0vJWLw8iEJ88DRdyOg',
     }
     params = (
         ('oauth_callback', 'http://localhost/sign-in-with-twitter/'),
     )
     token = ''
     nc = 'ea9ec8429b68d6b77cd5600adbbb0456'
     ts = 1318467427
     res = auth_header('post', 'https://api.twitter.com/oauth/request_token',
                       params, settings, token, nc, ts)
     expected = 'OAuth oauth_callback="http%3A%2F%2Flocalhost%2Fsign-in-with-twitter%2F", oauth_consumer_key="cChZNFj6T5R0TigYB9yd1w", oauth_nonce="ea9ec8429b68d6b77cd5600adbbb0456", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1318467427", oauth_version="1.0", oauth_signature="F1Li3tvehgcraF8DMJ7OyxO4w9Y%3D"'
     self.assertEqual(res, expected)
def get_user_info(settings, user_id, oauth_token):
    user_info_url = settings['twitter_user_info_url']

    params = (
        ('oauth_token', oauth_token),
        )

    auth = auth_header('GET', user_info_url, params, settings, oauth_token)

    response = requests.get(
        user_info_url + '?' + url_encode({'user_id': user_id}),
        headers={'Authorization': auth},
        )

    if response.status_code != 200:
        raise HTTPUnauthorized(response.text)

    return response.json
Example #6
0
def twitter_callback(request):
    settings = request.registry.settings

    try:
        oauth_token = request.params['oauth_token']
    except KeyError:
        return HTTPBadRequest('Missing required oauth_token')

    try:
        oauth_verifier = request.params['oauth_verifier']
    except KeyError:
        return HTTPBadRequest('Missing required oauth_verifier')

    try:
        saved_oauth_token = request.session['oauth_token']
    except KeyError:
        return HTTPBadRequest('No oauth_token was found in the session')

    if saved_oauth_token != oauth_token:
        return HTTPUnauthorized("OAuth tokens don't match")
    else:
        del request.session['oauth_token']

    access_token_url = settings['twitter_access_token_url']

    params = (
        ('oauth_token', oauth_token),
        )

    auth = auth_header('POST', access_token_url, params, settings, oauth_token)

    response = requests.post(access_token_url,
                             data='oauth_verifier=%s' % oauth_verifier,
                             headers={'Authorization': auth})

    if response.status_code != 200:
        return HTTPUnauthorized(response.text)

    response_args = dict(urlparse.parse_qsl(response.text))
    #oauth_token_secret = response_args['oauth_token_secret']
    oauth_token = response_args['oauth_token']
    user_id = response_args['user_id']
    screen_name = response_args['screen_name']

    existing_user = user_from_provider_id(request.db, 'twitter', user_id)
    if existing_user is None:
        # fetch Twitter info only if this is the first time for
        # the user sice Twitter has very strong limits for using
        # its APIs
        twitter_info = get_user_info(settings, user_id, oauth_token)
        first_name, last_name = split_name(twitter_info['name'])
        info = {
            'screen_name': screen_name,
            'first_name': first_name,
            'last_name': last_name,
            }
    else:
        info = {}

    return register_or_update(request, 'twitter', user_id, info,
                              request.route_path('home'))
Example #7
0
def twitter_callback(request):
    settings = request.registry.settings

    try:
        oauth_token = request.params['oauth_token']
    except KeyError:
        return HTTPBadRequest('Missing required oauth_token')

    try:
        oauth_verifier = request.params['oauth_verifier']
    except KeyError:
        return HTTPBadRequest('Missing required oauth_verifier')

    try:
        saved_oauth_token = request.session['oauth_token']
    except KeyError:
        return HTTPBadRequest('No oauth_token was found in the session')

    if saved_oauth_token != oauth_token:
        return HTTPUnauthorized("OAuth tokens don't match")
    else:
        del request.session['oauth_token']

    access_token_url = settings['twitter_access_token_url']

    params = (
        ('oauth_token', oauth_token),
        ('oauth_verifier', oauth_verifier),
    )

    auth = auth_header('POST', access_token_url, params, settings, oauth_token)

    response = requests.post(access_token_url,
                             headers={'Authorization': auth})

    if response.status_code != 200:
        return HTTPUnauthorized(response.text)

    response_args = dict(urlparse.parse_qsl(response.text))
    # moauth_token_secret = response_args['oauth_token_secret']
    oauth_token = response_args['oauth_token']
    user_id = response_args['user_id']
    screen_name = response_args['screen_name']

    existing_user = user_from_provider_id('twitter', user_id)
    if existing_user is None:
        # fetch Twitter info only if this is the first time for
        # the user sice Twitter has very strong limits for using
        # its APIs
        twitter_info = get_user_info(settings, user_id)
        first_name, last_name = split_name(twitter_info['name'])
        info = {
            'screen_name': screen_name,
            'first_name': first_name,
            'last_name': last_name,
        }
    else:
        info = {}

    return register_or_update(request, 'twitter', user_id, info,
                              request.route_path('home'))