forked from jonoxia/platform-game
-
Notifications
You must be signed in to change notification settings - Fork 1
/
login.py
65 lines (56 loc) · 2.22 KB
/
login.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
#!/usr/bin/python
# The JS from the sign in button needs to XHR the assertion to this code here
# login.py will then verify it against the browserID server
# see https://browserid.org/developers
# if that works then we generate a session id
# store session id in a row in the users table along with username and email address
# redirect to listworks.py (or back to index.html if login fails)
import cgi
import cgitb
import uuid
import Cookie
import subprocess
import simplejson
from database_tables import Player
from platformer_config import DOMAIN, DEFAULT_AVATAR_URL
def verifyBrowserId(assertion):
postargs = "assertion=%s&audience=%s" % (assertion, DOMAIN)
url = "https://browserid.org/verify"
# TODO verify SSL?
process = subprocess.Popen(["curl", "-d", postargs, url],
stdout = subprocess.PIPE )
data = simplejson.loads(process.communicate()[0])
# expect browserid.org/verify to return fields like this:{
# "status": "okay",
# "email": "lloyd@mozilla.com",
# "audience": "mysite.com",
# "valid-until": 1308859352261,
# "issuer": "browserid.org:443"
if data["status"] == "okay":
return data["email"]
else:
return False
if __name__ == "__main__":
cgitb.enable()
q = cgi.FieldStorage()
print "Content-type: text/html"
print
assertion = q.getfirst("assertion", "")
email = verifyBrowserId(assertion)
if (email == False):
print simplejson.dumps({"logged_in": "false"})
else:
session = str(uuid.uuid1())
matches = Player.selectBy( email = email )
if (matches.count() == 0):
# user has not logged in before: create account
kwargs = {"email": email,
"name": email.split("@")[0], # use first part of email address as username
"session": session,
"avatarURL": DEFAULT_AVATAR_URL}
newUser = Player(**kwargs)
else:
oldUser = matches[0]
oldUser.session = session
# Return JSON to the client's XHR containing email and session uuid
print simplejson.dumps({"logged_in": "true", "email": email, "session": session})