def test_get(self): csrf = CSRF(ip='127.0.0.1', csrf='some_random_string') db.session.add(csrf) db.session.flush() same_csrf = CSRF.get('some_random_string') self.assertEqual(csrf, same_csrf) missing_csrf = CSRF.get('another_random_string') self.assertIsNone(missing_csrf)
def oauth_callback(): error = request.args.get('error') url = url_for('.homepage') if not error: csrf = request.args.get('state') code = request.args.get('code') # look up CSRF token for remember value, returnto URI, and to confirm validity stored_csrf = CSRF.get(csrf=csrf, ip=get_ip()) if stored_csrf is None: flash("CSRF token mismatch. Please try again.") return redirect(url, code=307) opts = json.loads(stored_csrf.opts) stored_csrf.delete() remember = opts.get('remember', False) url = opts.get('returnto', url) # hit oauth2/token for an authorization code, then hit oauth2/userinfo to get a name/tz user_data = check_mb_account(code) if user_data: (username, tz) = user_data Editor.add_or_update(username, tz) login_user(User(username, tz), remember=remember) flash("Logged in successfully!") else: flash("We couldn't log you in D:") url = url_for('.homepage') else: flash('There was an error: %s' % error) db.session.commit() return redirect(url, code=307)
def login_redirect(): args = urlencode({ 'client_id': current_app.config['OAUTH_CLIENT_ID'], 'redirect_uri': current_app.config['OAUTH_REDIRECT_URI'], 'state': request.args['csrf'], 'response_type': 'code', 'scope': 'profile' }) redirect_uri = 'https://musicbrainz.org/oauth2/authorize?%s' % args # Update csrf row with the remember me option and returnto URI opts = {} if request.args.get('remember'): opts['remember'] = True if request.args.get('returnto'): opts['returnto'] = request.args.get('returnto') CSRF.get(request.args['csrf']).opts = json.dumps(opts) db.session.commit() return redirect(redirect_uri, code=307)