def login(provider):
"""Logs in the user with the given provider.
Args: provider as string (currently only supports 'google')
Stores the user info in the session."""
# Parse the auth code
auth_code = request.data
if provider == 'google':
# Exchange for a token
try:
# Upgrade the authorization code into a credentials object
oauth_flow = \
flow_from_clientsecrets(json_url, scope='')
oauth_flow.redirect_uri = 'postmessage'
credentials = oauth_flow.step2_exchange(auth_code)
except FlowExchangeError:
response = \
make_response(
json.dumps('Failed to upgrade the authorization code.'),
401
)
response.headers['Content-Type'] = 'application/json'
return response
# Check that the access token is valid.
access_token = credentials.access_token
url = \
('https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=%s'
% access_token)
h = httplib2.Http()
result = json.loads(h.request(url, 'GET')[1])
# If there was an error in the access token info, abort.
if result.get('error') is not None:
response = make_response(json.dumps(result.get('error')), 500)
response.headers['Content-Type'] = 'application/json'
# # Verify that the access token is used for the intended user.
gplus_id = credentials.id_token['sub']
if result['user_id'] != gplus_id:
response = \
make_response(
json.dumps("Token's user ID doesn't match given user ID."),
401
)
response.headers['Content-Type'] = 'application/json'
return response
# # Verify that the access token is valid for this app.
if result['issued_to'] != CLIENT_ID:
response = \
make_response(
json.dumps("Token's client ID does not match app's."), 401
)
response.headers['Content-Type'] = 'application/json'
return response
stored_credentials = session.get('access_token')
stored_gplus_id = session.get('gplus_id')
if stored_credentials is not None and gplus_id == stored_gplus_id:
response = \
make_response(
json.dumps('Current user is already connected.'), 200
)
response.headers['Content-Type'] = 'application/json'
return response
# store the credentials
session['access_token'] = access_token
session['gplus_id'] = gplus_id
# Find User or make a new one
# Get user info
userinfo_url = "https://www.googleapis.com/oauth2/v1/userinfo"
params = {'access_token': credentials.access_token, 'alt': 'json'}
answer = requests.get(userinfo_url, params=params)
data = answer.json()
name = data['name']
picture = data['picture']
email = data['email']
# store user info
session['username'] = name
session['email'] = email
session['picture'] = picture
# see if user exists, if it doesn't make a new one
user = db.session.query(User).filter_by(email=email).first()
if not user:
user = User(username=name, picture=picture, email=email)
db.session.add(user)
db.session.commit()
session['user_id'] = user.id
# Make token - not really using this for anything anymore (since I
# couldn't figure out how to store it
token = user.generate_auth_token(600)
# request.headers['WWW-Authenticate'] = token
# user.token = token.decode('ascii')
# db.session.commit()
# Send back token to the client
flash('You are now logged in as ' + name, 'success')
return jsonify({'token': token.decode('ascii')})
else:
return 'Unrecognized Provider'
def login(provider):
# STEP 1 - Parse the auth code
auth_code = request.json.get('auth_code')
if provider == 'google':
# STEP 2 - Exchange for a token
try:
# Upgrade the authorization code into a credentials object
oauth_flow = flow_from_clientsecrets('client_secrets.json', scope='')
oauth_flow.redirect_uri = 'postmessage'
credentials = oauth_flow.step2_exchange(auth_code)
except FlowExchangeError:
response = make_response(json.dumps('Failed to upgrade the authorization code.'), 401)
response.headers['Content-Type'] = 'application/json'
return response
# Check that the access token is valid.
access_token = credentials.access_token
url = ('https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=%s' % access_token)
h = httplib2.Http()
result = json.loads(h.request(url, 'GET')[1])
# If there was an error in the access token info, abort.
if result.get('error') is not None:
response = make_response(json.dumps(result.get('error')), 500)
response.headers['Content-Type'] = 'application/json'
# STEP 3 - Find User or make a new one
# Get user info
h = httplib2.Http()
userinfo_url = "https://www.googleapis.com/oauth2/v1/userinfo"
params = {'access_token': credentials.access_token, 'alt': 'json'}
answer = requests.get(userinfo_url, params=params)
data = answer.json()
name = data['name']
picture = data['picture']
email = data['email']
# Si el usuario no existe, en ese momento lo registra
user = session.query(User).filter_by(email=email).first()
if not user:
user = User()
user.email = email
user.name = name
user.picture = picture
session.add(user)
session.commit()
# STEP 4 - Make token
token = user.generate_auth_token()
# STEP 5 - Send back token to the client
return jsonify({'token': token.decode('ascii')})
elif 'local':
email = request.json.get('email')
password = request.json.get('password')
user = session.query(User).filter_by(email=email).first()
if not user or not user.verify_password(password):
return jsonify( error = {'code': 'InvalidUserPassword', 'message': 'Usuario y/o contraseña incorrecto'}), 401
token = user.generate_auth_token()
return jsonify({'token': token.decode('ascii')})
else:
return jsonify(json = {'code': 'InvalidProvider', 'message': 'Proveedor de autenticaicón incorrecto'}), 400
