def authorized(self, resp):
csrf = session.pop('%s_oauthcsrf' % self.name, None)
state = request.args.get('state')
if state and urllib.unquote(state) != csrf:
return redirect(url_for('index'))
if not session:
return redirect(url_for('index'))
next_url = session.pop('%s_oauthnext' % self.name) or url_for('index')
logger.info(resp)
if not resp or not resp.get(self.uid_str, None) \
or not resp.get(self.token_str, None):
return redirect(next_url)
#safe escape
uid = resp.get(self.uid_str, None)
token = resp.get(self.token_str, None)
oauth = get_oauth_by(oauth_uid=resp[self.uid_str])
if oauth is None:
oauth = OAuth(None, resp[self.uid_str], self.name)
old_token = oauth.oauth_token
oauth.oauth_token = token
if not get_current_user() and oauth.uid:
#need profile!
user = get_user(oauth.uid)
if user:
account_login(user)
if old_token != oauth.oauth_token:
logger.info(old_token)
logger.info(oauth.oauth_token)
self.update_token(oauth)
return redirect(url_for('index'))
session['from_oauth'] = oauth
return redirect(next_url)
def create_oauth(uid, ouid, otype):
return OAuth.create(uid, ouid, otype)
