def login_handler():
"""This is used by the persona js to kick off the verification securely from
the server side.
"""
resp = None
if request.form['assertion']:
resp = requests.post(app.config['PERSONA_VERIFIER'], data={
'assertion': request.form['assertion'],
'audience': request.host_url,
}, verify=True)
if resp and resp.ok:
decoded = resp.content.decode('utf-8')
verification_data = json.loads(decoded)
if verification_data['status'] == 'okay':
email = verification_data['email']
session['email'] = email
## See if there's an existing User with this email address.
user = db.lookup_user_by_email(email)
if user:
print("FOUND USER:", user)
session['user_id'] = user.id
g.user = user
out = {'username': user.username, 'fullname':user.fullname}
return json.dumps(out)
## Otherwise, we're going to have to create one...
return json.dumps('OK')
abort(400)
def create_persona_user():
"""Create a new PersonaUser and User for the associated email address and
passed username. Fail out if we can't do that."""
### XXX: we should only be doing this iff:
### - the user has currently verified their email address via Persona
### - but has not logged in with a Guampa account
### - and the email address is not yet associated with any Guampa account
### - and the account name is valid
### - and the account name is not yet in use
if 'email' in session and g.user is None:
d = request.get_json()
username = d['username']
email = session['email']
if db.lookup_user_by_email(email):
print("email address already in use, this should never happen")
abort(400)
if (db.lookup_username(username) or
not constants.USERNAMEPATTERN.match(username)):
abort(400)
user = db.create_user_with_email(username, email)
session['user_id'] = user.id
g.user = user
out = {'username': user.username, 'fullname':user.fullname}
return json.dumps(out)
abort(403)
