def generate_api_access_token(user, type='email'):
"""
Api access tokens have the following format:
type.user_id.md5(user_id + fb_access_token + secret_key)
"""
user_id = user.user_id
if type == 'email':
access_token = user.email_access_token
access_token_expiry = user.email_access_token_expiry
secret = h.site_secret()
elif type == 'facebook':
access_token = user.fb_access_token
access_token_expiry = user.fb_access_token_expiry
secret = h.fb_secret()
else:
raise ApiSecurityException('Unknown access token type: %r' % type)
print access_token, access_token_expiry, secret
if access_token is None:
raise UserNotLoggedInException()
elif access_token_expiry <= int(time.time()):
raise AccessTokenExpiredException(type)
token = generate_security_token(user_id, access_token, secret)
return '%s.%s.%s' % (type, user_id, token)
def _get_current_site_user(self):
cookies = request.cookies
cookie = fblib.get_user_from_cookie(cookies,
h.fb_app_id(),
h.fb_secret())
user_id = None
fb_user_id = None
fb_access_token = None
user = None
if cookie:
fb_user_id = h.to_i(cookie['uid'])
fb_access_token = cookie['access_token']
fb_access_token_expiry = h.to_i(cookie['expires'])
last_login = int(time.time())
user = User.find(fb_user_id=fb_user_id).first() if fb_user_id else None
if not user:
user = User.factory(fb_user_id,
fb_access_token=fb_access_token,
fb_access_token_expiry=fb_access_token_expiry,
last_login=last_login)
try:
user.update_fb_access_token(fb_access_token, fb_access_token_expiry)
except fblib.GraphAPIError, e:
log.warning('caught graph api error while updating access token, flushing cookie: %r', e)
request.cookies.pop('fbs_%s' % h.fb_app_id(), None)
user_id = user.user_id
def _setup_helpers(self,
user_id=None,
fb_user_id=None,
fb_access_token=None,
user=None):
# setup some common helpers
h.user_id = lambda: user_id
h.fb_user_id = lambda: fb_user_id
h.fb_access_token = lambda: fb_access_token
h.user = lambda: user
default_api = fblib.GraphAPI(access_token=h.fb_access_token(),
app_id=h.fb_app_id(),
app_secret=h.fb_secret())
h.graph_api = lambda: default_api
def verify_security_token(type, user, security_token):
"""
Verify that the security token is for the specified user and type
"""
access_token = None
if type == 'facebook':
access_token = user.fb_access_token
secret = h.fb_secret()
elif type == 'email':
access_token = user.email_access_token
secret = h.site_secret()
else:
raise ApiSecurityException('Unknown access token type: %r' % type)
if access_token is None:
raise UserNotLoggedInException()
expected = generate_security_token(user.user_id, access_token, secret)
return expected == security_token
def __before__(self):
super(RequireUserController, self).__before__()
if not h.user():
requested_url = h.url_for(controller=c.controller,
action=c.action,
qualified=True)
args = {'client_id': h.fb_app_id(), 'redirect_uri': requested_url}
user = None
if request.params.get("code"):
log.debug('found code, authorizing the user')
args["client_secret"] = h.fb_secret()
args["code"] = request.params["code"]
graph_access_url = "https://graph.facebook.com/oauth/access_token?" + urllib.urlencode(args)
resp = urllib.urlopen(graph_access_url).read()
resp = cgi.parse_qs(resp)
if 'access_token' in resp:
expires = int(resp['expires'][0])
fb_access_token_expiry = int(time.time()) + expires
fb_access_token = resp["access_token"][-1]
# get the user's id
api = fblib.GraphAPI(fb_access_token)
me = api.get_object('me')
user = process_fb_user_data(me, fb_access_token, fb_access_token_expiry)
# same as parent controller's _get_current_site_user() except we don't have
# a cookie to use to get user info
self._setup_helpers(user_id=user.user_id,
fb_user_id=fb_user_id,
fb_access_token=fb_access_token,
user=user)
if not user:
log.debug('no user available, requesting login, url: %r', requested_url)
args['scope'] = "email"
#h.redirect_to("https://graph.facebook.com/oauth/authorize?" + urllib.urlencode(args))
h.redirect_to("https://www.facebook.com/dialog/oauth?" + urllib.urlencode(args))