def login(request): """ Log a user in. Creates an access_token using a persona assertion and the client secret. Sets this access token as a cookie. 'target_url' based as a GET parameter determines where the user is redirected. """ target_url = request.POST.get('target_url') assertion = request.POST.get('Assertion') postdata = { 'Assertion': assertion, 'ClientSecret':settings.CLIENT_SECRET } url = build_url(request.get_host(), ['auth']) try: response = requests.post(url, data=postdata, headers={}) except RequestException: return ErrorView.server_error(request) access_token = response.json()['data'] if access_token is None: return ErrorView.server_error(request) response = HttpResponseRedirect(target_url if target_url != '' else '/') expires = datetime.datetime.fromtimestamp(2 ** 31 - 1) response.set_cookie('access_token', access_token, expires=expires, httponly=True) return response
def logout(request): """ Log a user out. Issues a DELETE request to the backend for the user's access_token, and issues a delete cookie header in response to clear the user's access_token cookie. """ response = redirect('/') if request.COOKIES.has_key('access_token'): response.set_cookie('access_token', '', expires="Thu, 01 Jan 1970 00:00:00 GMT") url = build_url(request.get_host(), ['auth', request.access_token]) try: requests.post(url, params={ 'method': 'DELETE', 'access_token': request.access_token }) except RequestException: return ErrorView.server_error(request) return response
def csv(request, event_id): """ Downloads a CSV file containing event attendees. """ return redirect( build_url(request.get_host(), ["events", "%s", "attendeescsv"]) % (event_id, ) + "?access_token=" + request.access_token, )
def login(request): """ Log a user in using auth0 Creates an access_token using an auth0 code and state. Sets this access token as a cookie. 'target_url' based as a GET parameter determines where the user is redirected. """ code = request.GET.get('code') state = request.GET.get('state') target_url = request.GET.get('target_url') postdata = { 'Code': code, 'State': state, 'ClientSecret': settings.CLIENT_SECRET } url = build_url(request.get_host(), ['auth0']) try: response = requests.post(url, data=postdata, headers={}) except RequestException: return ErrorView.server_error(request) access_token = response.json()['data'] if access_token is None or access_token == '': return ErrorView.server_error(request) if target_url is None or target_url == '': target_url = state if target_url is None or target_url == '': target_url = '/' # Add cachebuster as the unauth'd page may be very aggressively cached pr = urlparse(target_url) qs = parse_qs(pr[4]) qs.update({'cachebuster': id_generator()}) target_url = urlunparse( (pr[0], pr[1], pr[2], pr[3], urlencode(qs), pr[5])) # Redirect and set cookie resp = HttpResponseRedirect(target_url) expires = datetime.datetime.fromtimestamp(2**31 - 1) resp.set_cookie('access_token', access_token, expires=expires, httponly=True) return resp
def testEmptyFragments(self): url = build_url((BuildURLTests.subdomain_key + settings.API_DOMAIN_NAME), []) assert ( url == settings.API_SCHEME + BuildURLTests.subdomain_key + settings.API_DOMAIN_NAME + "/" + settings.API_PATH + "/" + settings.API_VERSION )
def csv(request, event_id): """ Downloads a CSV file containing event attendees. """ return redirect( build_url( request.get_host(), ["events", "%s", "attendeescsv"] ) % ( event_id, ) + "?access_token=" + request.access_token, )
def testIntFragment(self): url = build_url((BuildURLTests.subdomain_key + settings.API_DOMAIN_NAME), [1, 2, 3]) assert ( url == settings.API_SCHEME + BuildURLTests.subdomain_key + settings.API_DOMAIN_NAME + "/" + settings.API_PATH + "/" + settings.API_VERSION + "/1/2/3" )
def testWithNoSeparator(self): url = build_url((BuildURLTests.subdomain_key + settings.API_DOMAIN_NAME), ["resource", "1", "extra"]) assert ( url == settings.API_SCHEME + BuildURLTests.subdomain_key + settings.API_DOMAIN_NAME + "/" + settings.API_PATH + "/" + settings.API_VERSION + "/resource/1/extra" )
def login(request): """ Log a user in using auth0 Creates an access_token using an auth0 code and state. Sets this access token as a cookie. 'target_url' based as a GET parameter determines where the user is redirected. """ code = request.GET.get('code') state = request.GET.get('state') target_url = request.GET.get('target_url') postdata = { 'Code': code, 'State': state, 'ClientSecret': settings.CLIENT_SECRET } url = build_url(request.get_host(), ['auth0']) try: response = requests.post(url, data=postdata, headers={}) except RequestException: return ErrorView.server_error(request) access_token = response.json()['data'] if access_token is None or access_token == '': return ErrorView.server_error(request) if target_url is None or target_url == '': target_url = state if target_url is None or target_url == '': target_url = '/' # Add cachebuster as the unauth'd page may be very aggressively cached pr = urlparse(target_url) qs = parse_qs(pr[4]) qs.update({'cachebuster': id_generator()}) target_url = urlunparse((pr[0], pr[1], pr[2], pr[3], urlencode(qs), pr[5])) # Redirect and set cookie resp = HttpResponseRedirect(target_url) expires = datetime.datetime.fromtimestamp(2 ** 31 - 1) resp.set_cookie('access_token', access_token, expires=expires, httponly=True) return resp
def logout(request): """ Log a user out. Issues a DELETE request to the backend for the user's access_token, and issues a delete cookie header in response to clear the user's access_token cookie. """ response = redirect('/') if request.COOKIES.has_key('access_token'): response.set_cookie('access_token', '', expires="Thu, 01 Jan 1970 00:00:00 GMT") url = build_url(request.get_host(), ['auth', request.access_token]) try: requests.post(url, params={'method': 'DELETE', 'access_token': request.access_token}) except RequestException: return ErrorView.server_error(request) return response
def login(request): """ Log a user in using Persona. Creates an access_token using a persona assertion and the client secret. Sets this access token as a cookie. 'target_url' based as a GET parameter determines where the user is redirected. """ target_url = request.POST.get('target_url') assertion = request.POST.get('Assertion') postdata = { 'Assertion': assertion, 'ClientSecret': settings.CLIENT_SECRET } url = build_url(request.get_host(), ['auth']) try: response = requests.post(url, data=postdata, headers={}) except RequestException: return ErrorView.server_error(request) access_token = response.json()['data'] if access_token is None or access_token == '': return ErrorView.server_error(request) if target_url is None or target_url == '': target_url = '/' response = HttpResponseRedirect(target_url) expires = datetime.datetime.fromtimestamp(2**31 - 1) response.set_cookie('access_token', access_token, expires=expires, httponly=True) return response
def testFailCustomDomains(self): with self.assertRaises(APIException): build_url((BuildURLTests.subdomain_key + 'example.org'), ['resource', '1', 'ex/tra'])
def testFailCustomDomains(self): with self.assertRaises(APIException): build_url((BuildURLTests.subdomain_key + "example.org"), ["resource", "1", "ex/tra"])
def testInvalidFragment(self): with self.assertRaises(AssertionError): build_url((BuildURLTests.subdomain_key + settings.API_DOMAIN_NAME), ['resource', '1', 'ex/tra'])
def testWithNoSeparator(self): url = build_url((BuildURLTests.subdomain_key + settings.API_DOMAIN_NAME), ['resource', '1', 'extra']) assert url == settings.API_SCHEME + BuildURLTests.subdomain_key +\ settings.API_DOMAIN_NAME + '/' + settings.API_PATH + '/' + settings.API_VERSION + '/resource/1/extra'
def testIntFragment(self): url = build_url( (BuildURLTests.subdomain_key + settings.API_DOMAIN_NAME), [1, 2, 3]) assert url == settings.API_SCHEME + BuildURLTests.subdomain_key +\ settings.API_DOMAIN_NAME + '/' + settings.API_PATH + '/' + settings.API_VERSION + '/1/2/3'
def testEmptyFragments(self): url = build_url( (BuildURLTests.subdomain_key + settings.API_DOMAIN_NAME), []) assert url == settings.API_SCHEME + BuildURLTests.subdomain_key +\ settings.API_DOMAIN_NAME + '/' + settings.API_PATH + '/' + settings.API_VERSION
def testWithNoSeparator(self): url = build_url( (BuildURLTests.subdomain_key + settings.API_DOMAIN_NAME), ['resource', '1', 'extra']) assert url == settings.API_SCHEME + BuildURLTests.subdomain_key +\ settings.API_DOMAIN_NAME + '/' + settings.API_PATH + '/' + settings.API_VERSION + '/resource/1/extra'