def login_register():
if request.method == "GET":
if "un" in session and session["un"] != 0:
user = session["un"]
return redirect(url_for("home"))
else:
return render_template("home.html", unlogged="You are not currently logged in.")
else:
# button = request.form['button']
if "in_username" in request.form:
user = request.form["in_username"]
passwd = request.form["in_password"]
if utils.authenticate(user, passwd):
session["un"] = user
session["pw"] = passwd
return redirect(url_for("blog"))
else:
error = "INVALID USERNAME AND/OR PASSWORD"
return render_template("home.html", error=error)
else:
user = request.form["regis_username"]
passwd = request.form["regis_password"]
# conn = sqlite3.connect('bloginator.db')
# c = conn.cursor()
# c.execute('select * from users where username="******"')
# r = c.fetchall()
# conn.commit()
if utils.newUser(user, passwd):
success = "Account Created!"
session["un"] = user
session["pw"] = passwd
return redirect(url_for("blog"))
else:
failure = "There is already an account with this username"
return render_template("home.html", created=failure)
def register():
err = "Username already taken"
if request.method == "POST":
uname = request.form['username']
pword = request.form['password']
if utils.newUser(uname, pword) == 1:
utils.sess = utils.genToken();
session['token'] = utils.sess;
utils.logtime = time.gmtime()
return redirect(url_for('calendar'))
else:
return render_template("register.html", err=err)
return render_template("register.html")
def register():
err = "Username already taken"
if request.method == "POST":
uname = request.form['username']
pword = request.form['password']
if utils.newUser(uname, pword) == 1:
utils.sess = utils.genToken()
session['token'] = utils.sess
utils.logtime = time.gmtime()
return redirect(url_for('calendar'))
else:
return render_template("register.html", err=err)
return render_template("register.html")
def login_register():
if request.method == "GET":
if 'un' in session and session['un'] != 0:
user = session['un']
return redirect(url_for("home"))
else:
return render_template("home.html",
unlogged="You are not currently logged in.")
else:
#button = request.form['button']
if 'in_username' in request.form:
user = request.form['in_username']
passwd = request.form['in_password']
if utils.authenticate(user, passwd):
session['un'] = user
session['pw'] = passwd
return redirect(url_for("blog"))
else:
error = "INVALID USERNAME AND/OR PASSWORD"
return render_template("home.html", error=error)
else:
user = request.form['regis_username']
passwd = request.form['regis_password']
conn = sqlite3.connect('bloginator.db')
c = conn.cursor()
c.execute('select * from users where username="******"')
r = c.fetchall()
conn.commit()
if len(r) == 0:
utils.newUser(user, passwd)
success = "Account Created!"
session['un'] = user
session['pw'] = passwd
return redirect(url_for("blog"))
else:
failure = "There is already an account with this username"
return render_template("home.html", created=failure)
def newUser():
if request.method=="GET":
return render_template("newUser.html")
else:
button = request.form["create"]
uname = request.form["username"]
pword = request.form['password']
create = utils.newUser(uname,pword)
error=None
if create is True:
SessionCounter()
session['name'] = uname
return render_template("welcome.html", error=error)
else:
error = "Sorry, the username you have selected already exists or you didn't enter a password."
return render_template("newUser.html", error=error)
def googleAuth():
# check if state token is identical for anti-forgery
if (request.args.get('state') != login_session['session_state']):
response = make_response(
json.dumps('Something is wrong with the session_state'), 401)
response.headers['Content-Type'] = 'application/json'
return response
# get authorization code from google+ Auth Response
one_time_code = request.data
try:
# get a credentials object using the authorization code
gplus_oauth_flow = flow_from_clientsecrets('secrets_of_g_client.json',
scope='')
gplus_oauth_flow.redirect_uri = 'postmessage'
credentials = gplus_oauth_flow.step2_exchange(one_time_code)
except FlowExchangeError:
response = make_response(
json.dumps('''There was a problem in getting credentials
object using the authorization code.'''), 401)
response.headers['Content-Type'] = 'application/json'
return response
# make sure that the access token exists and valid.
access_token = credentials.access_token
token_info_url = (
'https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=%s' %
access_token)
http_object = httplib2.Http()
result = json.loads(http_object.request(token_info_url, 'GET')[1])
# exit and respond with the error whenever there is something wrong
# with the access token info
if (result.get('error') is not None):
response = make_response(json.dumps(result.get('error')), 500)
response.headers['Content-Type'] = 'application/json'
return response
# make sure that the application can use the access token
if (result['issued_to'] != CLIENT_ID):
response = make_response(
json.dumps('''The application client_id is different from
the one stored in the token'''), 401)
response.headers['Content-Type'] = 'application/json'
return response
# make sure that the user can use the access token
gplus_id = credentials.id_token['sub']
if (result['user_id'] != gplus_id):
response = make_response(
json.dumps('''The user_id is different from the one
stored in the token'''), 401)
response.headers['Content-Type'] = 'application/json'
return response
session_credentials = login_session.get('credentials')
session_gplus_id = login_session.get('gplus_id')
if (gplus_id == session_gplus_id and session_credentials is not None):
response = make_response(json.dumps('The user is already logged-in'),
200)
response.headers['Content-Type'] = 'application/json'
return response
# If the access token is valid, get user info
userinfo_url = "https://www.googleapis.com/oauth2/v1/userinfo"
parameters = {'access_token': credentials.access_token, 'alt': 'json'}
get_user_info = requests.get(userinfo_url, params=parameters)
user_info = get_user_info.json()
# update the login_session with user and login-related info
login_session['username'] = user_info['name']
login_session['picture'] = user_info['picture']
login_session['email'] = user_info['email']
login_session['auth_provider'] = "google"
login_session['access_token'] = access_token
login_session['credentials'] = credentials
login_session['gplus_id'] = gplus_id
# if the user's email is not found in database create a new user
# and update login_session info with the new user_id
if (userIdFromEmail(login_session['email']) is None):
login_session['user_id'] = newUser()
# if the user's email is found in database get the user id
# and update login_session info with the existing user_id
else:
login_session['user_id'] = userIdFromEmail(login_session['email'])
# create a response containing username and picture to be viewed
# before redirecting to the catalog homepage
view = ''
view += '<h3>Welcome to QL Catalog, '
view += login_session['username']
view += '!</h3>'
view += '<img src="'
view += login_session['picture']
view += '"> </br></br>'
flash("""You have been successfully logged-in to
QL Catalog as %s""" % login_session['username'])
return view
