def generate_api_access_token(user, type='email'): """ Api access tokens have the following format: type.user_id.md5(user_id + fb_access_token + secret_key) """ user_id = user.user_id if type == 'email': access_token = user.email_access_token access_token_expiry = user.email_access_token_expiry secret = h.site_secret() elif type == 'facebook': access_token = user.fb_access_token access_token_expiry = user.fb_access_token_expiry secret = h.fb_secret() else: raise ApiSecurityException('Unknown access token type: %r' % type) print access_token, access_token_expiry, secret if access_token is None: raise UserNotLoggedInException() elif access_token_expiry <= int(time.time()): raise AccessTokenExpiredException(type) token = generate_security_token(user_id, access_token, secret) return '%s.%s.%s' % (type, user_id, token)
def _get_current_site_user(self): cookies = request.cookies cookie = fblib.get_user_from_cookie(cookies, h.fb_app_id(), h.fb_secret()) user_id = None fb_user_id = None fb_access_token = None user = None if cookie: fb_user_id = h.to_i(cookie['uid']) fb_access_token = cookie['access_token'] fb_access_token_expiry = h.to_i(cookie['expires']) last_login = int(time.time()) user = User.find(fb_user_id=fb_user_id).first() if fb_user_id else None if not user: user = User.factory(fb_user_id, fb_access_token=fb_access_token, fb_access_token_expiry=fb_access_token_expiry, last_login=last_login) try: user.update_fb_access_token(fb_access_token, fb_access_token_expiry) except fblib.GraphAPIError, e: log.warning('caught graph api error while updating access token, flushing cookie: %r', e) request.cookies.pop('fbs_%s' % h.fb_app_id(), None) user_id = user.user_id
def _setup_helpers(self, user_id=None, fb_user_id=None, fb_access_token=None, user=None): # setup some common helpers h.user_id = lambda: user_id h.fb_user_id = lambda: fb_user_id h.fb_access_token = lambda: fb_access_token h.user = lambda: user default_api = fblib.GraphAPI(access_token=h.fb_access_token(), app_id=h.fb_app_id(), app_secret=h.fb_secret()) h.graph_api = lambda: default_api
def verify_security_token(type, user, security_token): """ Verify that the security token is for the specified user and type """ access_token = None if type == 'facebook': access_token = user.fb_access_token secret = h.fb_secret() elif type == 'email': access_token = user.email_access_token secret = h.site_secret() else: raise ApiSecurityException('Unknown access token type: %r' % type) if access_token is None: raise UserNotLoggedInException() expected = generate_security_token(user.user_id, access_token, secret) return expected == security_token
def __before__(self): super(RequireUserController, self).__before__() if not h.user(): requested_url = h.url_for(controller=c.controller, action=c.action, qualified=True) args = {'client_id': h.fb_app_id(), 'redirect_uri': requested_url} user = None if request.params.get("code"): log.debug('found code, authorizing the user') args["client_secret"] = h.fb_secret() args["code"] = request.params["code"] graph_access_url = "https://graph.facebook.com/oauth/access_token?" + urllib.urlencode(args) resp = urllib.urlopen(graph_access_url).read() resp = cgi.parse_qs(resp) if 'access_token' in resp: expires = int(resp['expires'][0]) fb_access_token_expiry = int(time.time()) + expires fb_access_token = resp["access_token"][-1] # get the user's id api = fblib.GraphAPI(fb_access_token) me = api.get_object('me') user = process_fb_user_data(me, fb_access_token, fb_access_token_expiry) # same as parent controller's _get_current_site_user() except we don't have # a cookie to use to get user info self._setup_helpers(user_id=user.user_id, fb_user_id=fb_user_id, fb_access_token=fb_access_token, user=user) if not user: log.debug('no user available, requesting login, url: %r', requested_url) args['scope'] = "email" #h.redirect_to("https://graph.facebook.com/oauth/authorize?" + urllib.urlencode(args)) h.redirect_to("https://www.facebook.com/dialog/oauth?" + urllib.urlencode(args))