def dispatch(self, request): if 'error' in request.GET or 'code' not in request.GET: # TODO: Distinguish cancel from error return render_authentication_error(request) app = self.adapter.get_provider().get_app(self.request) client = self.get_client(request, app) try: access_token = client.get_access_token(request.GET['code']) token = self.adapter.parse_token(access_token) token.app = app login = self.adapter.complete_login(request, app, token, response=access_token) token.account = login.account login.token = token if self.adapter.supports_state: login.state = SocialLogin \ .verify_and_unstash_state( request, request.REQUEST.get('state')) else: login.state = SocialLogin.unstash_state(request) return complete_social_login(request, login) except (OAuth2Error, PermissionDenied): if self.adapter.getErrorTemplate() is not None: return render_authentication_error(request, error_template=self.adapter.getErrorTemplate()) else: return render_authentication_error(request)
def post(self, request): if 'dr_auth_status' not in request.GET: return render_authentication_error(request, self.provider.id, error=AuthError.UNKNOWN) if request.GET['dr_auth_status'] != 'ok': return render_authentication_error(request, self.provider.id, error=AuthError.DENIED) if 'dr_auth_code' not in request.GET: return render_authentication_error(request, self.provider.id, error=AuthError.UNKNOWN) ret = None auth_exception = None try: app = self.provider.get_app(request) login = draugiem_complete_login(request, app, request.GET['dr_auth_code']) login.state = SocialLogin.unstash_state(request) ret = complete_social_login(request, login) except (requests.RequestException, DraugiemApiError) as e: auth_exception = e if not ret: ret = render_authentication_error(request, self.provider.id, exception=auth_exception) return ret
def callback(request): if "dr_auth_status" not in request.GET: return render_authentication_error(request, DraugiemProvider.id, error=AuthError.UNKNOWN) if request.GET["dr_auth_status"] != "ok": return render_authentication_error(request, DraugiemProvider.id, error=AuthError.DENIED) if "dr_auth_code" not in request.GET: return render_authentication_error(request, DraugiemProvider.id, error=AuthError.UNKNOWN) ret = None auth_exception = None try: app = providers.registry.by_id(DraugiemProvider.id, request).get_app(request) login = draugiem_complete_login(request, app, request.GET["dr_auth_code"]) login.state = SocialLogin.unstash_state(request) ret = complete_social_login(request, login) except (requests.RequestException, DraugiemApiError) as e: auth_exception = e if not ret: ret = render_authentication_error(request, DraugiemProvider.id, exception=auth_exception) return ret
def dispatch(self, request): """ View to handle final steps of OAuth based authentication where the user gets redirected back to from the service provider """ login_done_url = reverse(self.adapter.provider_id + "_callback") client = self._get_client(request, login_done_url) if not client.is_valid(): if 'denied' in request.GET: error = AuthError.CANCELLED else: error = AuthError.UNKNOWN extra_context = dict(oauth_client=client) return render_authentication_error(request, self.adapter.provider_id, error=error, extra_context=extra_context) app = self.adapter.get_provider().get_app(request) try: access_token = client.get_access_token() token = SocialToken( app=app, token=access_token['oauth_token'], token_secret=access_token['oauth_token_secret']) login = self.adapter.complete_login(request, app, token) login.token = token login.state = SocialLogin.unstash_state(request) return complete_social_login(request, login) except OAuthError as e: return render_authentication_error(request, self.adapter.provider_id, exception=e)
def callback(request): token = request.POST.get('Token', '') if not token: return render_authentication_error(request, ServiceKontoProvider.id, error=AuthError.UNKNOWN) try: login = _complete_login(request, token) except ServiceKontoApiError as e: return render_authentication_error(request, ServiceKontoProvider.id, exception=e.__cause__, error=e.error) except ValueError as e: return render_authentication_error(request, ServiceKontoProvider.id, exception=e, error=AuthError.UNKNOWN) ret = complete_social_login(request, login) if not ret: ret = render_authentication_error(request, ServiceKontoProvider.id) return ret
def dispatch(self, request): """ View to handle final steps of OAuth based authentication where the user gets redirected back to from the service provider """ login_done_url = reverse(self.adapter.provider_id + "_callback") client = self._get_client(request, login_done_url) if not client.is_valid(): if 'denied' in request.GET: return HttpResponseRedirect(reverse('socialaccount_login_cancelled')) extra_context = dict(oauth_client=client) return render_authentication_error(request, extra_context) app = self.adapter.get_provider().get_app(request) try: access_token = client.get_access_token() token = SocialToken(app=app, token=access_token['oauth_token'], token_secret=access_token['oauth_token_secret']) login = self.adapter.complete_login(request, app, token) token.account = login.account login.token = token login.state = SocialLogin.unmarshall_state \ (request.session.pop('oauth_login_state', None)) return complete_social_login(request, login) except OAuthError: return render_authentication_error(request)
def dispatch(self, request): """ View to handle final steps of OAuth based authentication where the user gets redirected back to from the service provider """ login_done_url = reverse(self.adapter.provider_id + "_callback") client = self._get_client(request, login_done_url) if not client.is_valid(): if 'denied' in request.GET: error = AuthError.CANCELLED else: error = AuthError.UNKNOWN extra_context = dict(oauth_client=client) return render_authentication_error( request, self.adapter.provider_id, error=error, extra_context=extra_context) app = self.adapter.get_provider().get_app(request) try: access_token = client.get_access_token() token = SocialToken( app=app, token=access_token['oauth_token'], token_secret=access_token['oauth_token_secret']) login = self.adapter.complete_login(request, app, token) login.token = token login.state = SocialLogin.unstash_state(request) return complete_social_login(request, login) except OAuthError as e: return render_authentication_error( request, self.adapter.provider_id, exception=e)
def callback(request): if 'dr_auth_status' not in request.GET: return render_authentication_error( request, DraugiemProvider.id, error=AuthError.UNKNOWN) if request.GET['dr_auth_status'] != 'ok': return render_authentication_error( request, DraugiemProvider.id, error=AuthError.DENIED) if 'dr_auth_code' not in request.GET: return render_authentication_error( request, DraugiemProvider.id, error=AuthError.UNKNOWN) ret = None auth_exception = None try: app = providers.registry.by_id( DraugiemProvider.id, request).get_app(request) login = draugiem_complete_login( request, app, request.GET['dr_auth_code']) login.state = SocialLogin.unstash_state(request) ret = complete_social_login(request, login) except (requests.RequestException, DraugiemApiError) as e: auth_exception = e if not ret: ret = render_authentication_error( request, DraugiemProvider.id, exception=auth_exception) return ret
def dispatch(self, request): if 'error' in request.GET or not 'code' in request.GET: # TODO: Distinguish cancel from error return render_authentication_error(request) app = self.adapter.get_provider().get_app(self.request) client = self.get_client(request, app) try: r = praw.Reddit('OAuth Sketchdaily Schedule by u/davidwinters ver 0.1.') r.set_oauth_app_info(client.consumer_key, client.consumer_secret, 'http://themes.sketchdaily.net/accounts/redditprovider/login/callback/') access_token = r.get_access_information(request.GET['code']) user = r.get_me() extra = r.get_my_moderation() # access_token = client.get_access_token(request.GET['code']) token = SocialToken(token=access_token) #token = self.adapter.parse_token(access_token) token.app = app login = self.adapter.complete_login(request, app, token, response=access_token, user=user, extra=extra) token.account = login.account login.token = token login.state = SocialLogin.unmarshall_state(request.REQUEST .get('uniqueKey')) return complete_social_login(request, login) except OAuth2Error: return render_authentication_error(request)
def persona_login(request): assertion = request.POST.get('assertion', '') settings = app_settings.PROVIDERS.get(PersonaProvider.id, {}) audience = settings.get('AUDIENCE', None) if audience is None: raise ImproperlyConfigured("No Persona audience configured. Please " "add an AUDIENCE item to the " "SOCIALACCOUNT_PROVIDERS['persona'] setting.") resp = requests.post('https://verifier.login.persona.org/verify', {'assertion': assertion, 'audience': audience}) try: resp.raise_for_status() extra_data = resp.json() if extra_data['status'] != 'okay': return render_authentication_error( request, provider_id=PersonaProvider.id, extra_context={'response': extra_data}) except (ValueError, requests.RequestException) as e: return render_authentication_error( request, provider_id=PersonaProvider.id, exception=e) login = providers.registry \ .by_id(PersonaProvider.id) \ .sociallogin_from_response(request, extra_data) login.state = SocialLogin.state_from_request(request) return complete_social_login(request, login)
def dispatch(self, request): if 'error' in request.GET or not 'code' in request.GET: # TODO: Distinguish cancel from error return render_authentication_error(request) app = self.adapter.get_provider().get_app(self.request) client = self.get_client(request, app) try: r = praw.Reddit( 'OAuth Sketchdaily Schedule by u/davidwinters ver 0.1.') r.set_oauth_app_info( client.consumer_key, client.consumer_secret, 'http://themes.sketchdaily.net/accounts/redditprovider/login/callback/' ) access_token = r.get_access_information(request.GET['code']) user = r.get_me() extra = r.get_my_moderation() # access_token = client.get_access_token(request.GET['code']) token = SocialToken(token=access_token) #token = self.adapter.parse_token(access_token) token.app = app login = self.adapter.complete_login(request, app, token, response=access_token, user=user, extra=extra) token.account = login.account login.token = token login.state = SocialLogin.unmarshall_state( request.REQUEST.get('uniqueKey')) return complete_social_login(request, login) except OAuth2Error: return render_authentication_error(request)
def persona_login(request): assertion = request.POST.get('assertion', '') settings = app_settings.PROVIDERS.get(PersonaProvider.id, {}) audience = settings.get('AUDIENCE', None) if audience is None: raise ImproperlyConfigured( "No Persona audience configured. Please " "add an AUDIENCE item to the " "SOCIALACCOUNT_PROVIDERS['persona'] setting.") resp = requests.post('https://verifier.login.persona.org/verify', { 'assertion': assertion, 'audience': audience }) try: resp.raise_for_status() extra_data = resp.json() if extra_data['status'] != 'okay': return render_authentication_error( request, provider_id=PersonaProvider.id, extra_context={'response': extra_data}) except (ValueError, requests.RequestException) as e: return render_authentication_error(request, provider_id=PersonaProvider.id, exception=e) login = providers.registry \ .by_id(PersonaProvider.id) \ .sociallogin_from_response(request, extra_data) login.state = SocialLogin.state_from_request(request) return complete_social_login(request, login)
def dispatch(self, request): if 'error' in request.GET or 'code' not in request.GET: # Distinguish cancel from error auth_error = request.GET.get('error', None) if auth_error == self.adapter.login_cancelled_error: error = AuthError.CANCELLED else: error = AuthError.UNKNOWN return render_authentication_error(request, self.adapter.provider_id, error=error) app = self.adapter.get_provider().get_app(self.request) client = self.get_client(request, app) try: access_token = client.get_access_token(request.GET['code']) token = self.adapter.parse_token(access_token) token.app = app login = self.adapter.complete_login(request, app, token, response=access_token) login.token = token if self.adapter.supports_state: login.state = SocialLogin \ .verify_and_unstash_state( request, get_request_param(request, 'state')) else: login.state = SocialLogin.unstash_state(request) return complete_social_login(request, login) except (PermissionDenied, OAuth2Error) as e: return render_authentication_error(request, self.adapter.provider_id, exception=e)
def dispatch(self, request): if 'error' in request.GET or 'code' not in request.GET: # TODO: Distinguish cancel from error return render_authentication_error(request) app = self.adapter.get_provider().get_app(self.request) client = self.get_client(request, app) try: access_token = client.get_access_token(request.GET['code']) token = self.adapter.parse_token(access_token) token.app = app login = self.adapter.complete_login(request, app, token, response=access_token) token.account = login.account login.token = token if self.adapter.supports_state: login.state = SocialLogin \ .verify_and_unstash_state( request, request.REQUEST.get('state')) else: login.state = SocialLogin.unstash_state(request) return complete_social_login(request, login) except (OAuth2Error, PermissionDenied): return render_authentication_error(request)
def callback(request): if request.user.is_authenticated: get_account_adapter(request).logout(request) # logging in while being authenticated breaks the login procedure current_app = SocialApp.objects.get_current(provider='edu_id') #extract state of redirect state = json.loads(request.GET.get('state')) referer, badgr_app_pk, lti_context_id,lti_user_id,lti_roles = state lti_data = request.session.get('lti_data', None); code = request.GET.get('code', None) # access codes to access user info endpoint if code is None: #check if code is given error = 'Server error: No userToken found in callback' logger.debug(error) return render_authentication_error(request, EduIDProvider.id, error=error) # 1. Exchange callback Token for access token payload = { "grant_type": "authorization_code", "redirect_uri": '%s/account/eduid/login/callback/' % settings.HTTP_ORIGIN, "code": code, "client_id": current_app.client_id, "client_secret": current_app.secret, } headers = {'Content-Type': "application/x-www-form-urlencoded", 'Cache-Control': "no-cache" } response = requests.post("{}/token".format(settings.EDUID_PROVIDER_URL), data=urllib.parse.urlencode(payload), headers=headers) token_json = response.json() # 2. now with access token we can request userinfo headers = {"Authorization": "Bearer " + token_json['access_token'] } response = requests.get("{}/userinfo".format(settings.EDUID_PROVIDER_URL), headers=headers) if response.status_code != 200: error = 'Server error: User info endpoint error (http %s). Try alternative login methods' % response.status_code logger.debug(error) return render_authentication_error(request, EduIDProvider.id, error=error) userinfo_json = response.json() keyword_arguments = {'access_token':token_json['access_token'], 'state': json.dumps([str(badgr_app_pk), 'edu_id', lti_context_id,lti_user_id,lti_roles]+ [json.loads(referer)]), 'after_terms_agreement_url_name': 'eduid_terms_accepted_callback'} if not get_social_account(userinfo_json['sub']): return HttpResponseRedirect(reverse('accept_terms', kwargs=keyword_arguments)) social_account = get_social_account(userinfo_json['sub']) badgr_app = BadgrApp.objects.get(pk=badgr_app_pk) if not check_agreed_term_and_conditions(social_account.user, badgr_app): return HttpResponseRedirect(reverse('accept_terms_resign', kwargs=keyword_arguments)) return after_terms_agreement(request, **keyword_arguments)
def dispatch(self, request, *args, **kwargs): auth_error = get_request_param(request, "error") code = get_request_param(request, "code") if auth_error or not code: # Distinguish cancel from error if auth_error == self.adapter.login_cancelled_error: error = AuthError.CANCELLED else: error = AuthError.UNKNOWN return render_authentication_error(request, self.adapter.provider_id, error=error) app = self.adapter.get_provider().get_app(self.request) client = self.get_client(self.request, app) try: token_data = self.adapter.get_access_token_data(self.request, app=app, client=client) token = self.adapter.parse_token(data=token_data) token.app = app login = self.adapter.complete_login(request, app, token, response=token_data) login.token = token state = get_request_param(request, "state") if self.adapter.supports_state: login.state = SocialLogin.verify_and_unstash_state( request, state) else: login.state = SocialLogin.unstash_state(request) return complete_social_login(request, login) except ( PermissionDenied, OAuth2Error, RequestException, ProviderException, ) as e: return render_authentication_error(request, self.adapter.provider_id, exception=e)
def login_by_token(request): ret = None if request.method == 'POST': form = FacebookConnectForm(request.POST) if form.is_valid(): # try: print 'trying' app = providers.registry.by_id(FacebookProvider.id) \ .get_app(request) access_token = form.cleaned_data['access_token'] token = SocialToken(app=app, token=access_token) login = fb_complete_login(app, token) login.token = token login.state = SocialLogin.state_from_request(request) print access_token, token, login.token ret = complete_social_login(request, login) print ret # except: # print 'error' # FIXME: Catch only what is needed # pass if not ret: ret = render_authentication_error(request) return ret
def oauth_callback(request, consumer_key=None, secret_key=None, request_token_url=None, access_token_url=None, authorization_url=None, callback_url=None, extra_context=dict(), parameters=None): """ View to handle final steps of OAuth based authentication where the user gets redirected back to from the service provider """ client = OAuthClient(request, consumer_key, secret_key, request_token_url, access_token_url, authorization_url, callback_url, parameters) extra_context.update(dict(oauth_client=client)) if not client.is_valid(): if request.GET.has_key('denied'): return HttpResponseRedirect \ (reverse('socialaccount_login_cancelled')) return render_authentication_error(request, extra_context) # We're redirecting to the setup view for this oauth service return HttpResponseRedirect(client.callback_url)
def login(request): ret = None if request.method == 'POST': form = FacebookConnectForm(request.POST) if form.is_valid(): token = form.cleaned_data['access_token'] g = GraphAPI(token) data = g.get_object("me") email = valid_email_or_none(data.get('email')) social_id = data['id'] try: account = FacebookAccount.objects.get(social_id=social_id) except FacebookAccount.DoesNotExist: account = FacebookAccount(social_id=social_id) account.link = data['link'] account.name = data['name'] #adding the storing of users accesstoken account.access_token = token if account.pk: account.save() data = dict(email=email,facebook_me=data) ret = complete_social_login(request, data, account) if not ret: ret = render_authentication_error(request) return ret
def login_by_token(request): ret = None if request.method == 'POST': form = FacebookConnectForm(request.POST) if form.is_valid(): try: provider = providers.registry.by_id(FacebookProvider.id) app = providers.registry.by_id(FacebookProvider.id) \ .get_app(request) access_token = form.cleaned_data['access_token'] info = requests.get( 'https://graph.facebook.com/oauth/access_token_info', params={'client_id': app.client_id, 'access_token': access_token}) nonce = provider.get_nonce(request, pop=True) if nonce and nonce == info.json().get('auth_nonce'): token = SocialToken(app=app, token=access_token) login = fb_complete_login(request, app, token) login.token = token login.state = SocialLogin.state_from_request(request) ret = complete_social_login(request, login) except requests.RequestException: logger.exception('Error accessing FB user profile') if not ret: ret = render_authentication_error(request) return ret
def post(self, request, *args, **kwargs): data = dict(list(request.GET.items()) + list(request.POST.items())) if self.provider.endpoint: data['openid'] = self.provider.endpoint form = LoginForm(data) if form.is_valid(): client = _openid_consumer(request) try: auth_request = client.begin(form.cleaned_data['openid']) if QUERY_EMAIL: sreg = SRegRequest() for name in SRegFields: sreg.requestField(field_name=name, required=True) auth_request.addExtension(sreg) ax = FetchRequest() for name in AXAttributes: ax.add(AttrInfo(name, required=True)) auth_request.addExtension(ax) callback_url = reverse(self.callback_view) SocialLogin.stash_state(request) redirect_url = auth_request.redirectURL( request.build_absolute_uri('/'), request.build_absolute_uri(callback_url)) return HttpResponseRedirect(redirect_url) # UnicodeDecodeError: # see https://github.com/necaris/python3-openid/issues/1 except (UnicodeDecodeError, DiscoveryFailure) as e: if request.method == 'POST': form._errors["openid"] = form.error_class([e]) else: return render_authentication_error(request, self.provider.id, exception=e) return render(request, self.template_name, {'form': form})
def login_by_token(request): ret = None if (request.method == 'POST'): form = TwitterConnectForm(request.POST) if form.is_valid(): try: app = providers.registry.by_id( TwitterProvider.id).get_app(request) oauth_token = form.cleaned_data['oauth_token'] oauth_token_secret = form.cleaned_data['oauth_token_secret'] token = SocialToken(app=app, token=oauth_token, token_secret=oauth_token_secret) auth = OAuth1(app.client_id, app.secret, token.token, token.token_secret) resp = requests.get(VERIFY_CREDENTIALS_URL, auth=auth) resp.raise_for_status() extra_data = resp.json() login = twitter_complete_login(extra_data) login.token = token login.state = SocialLogin.state_from_request(request) ret = complete_social_login(request, login) except requests.RequestException: logger.exception('Error accessing Twitter user profile') if not ret: ret = render_authentication_error(request) return ret
def login(request): ret = None if request.method == 'POST': form = FacebookConnectForm(request.POST) if form.is_valid(): try: token = form.cleaned_data['access_token'] g = GraphAPI(token) facebook_me = g.get_object("me") email = valid_email_or_none(facebook_me.get('email')) social_id = facebook_me['id'] try: account = FacebookAccount.objects.get(social_id=social_id) except FacebookAccount.DoesNotExist: account = FacebookAccount(social_id=social_id) data = dict(email=email, facebook_access_token=token, facebook_me=facebook_me) # some facebook accounts don't have this data data.update((k,v) for (k,v) in facebook_me.items() if k in ['username', 'first_name', 'last_name']) # Don't save partial/temporary accounts that haven't # gone through the full signup yet, as there is no # User attached yet. if account.pk: account.sync(data) ret = complete_social_login(request, data, account) except (GraphAPIError, IOError): pass if not ret: ret = render_authentication_error(request) return ret
def persona_login(request): assertion = request.POST.get('assertion', '') audience = request.build_absolute_uri('/') resp = requests.post('https://verifier.login.persona.org/verify', {'assertion': assertion, 'audience': audience}) if resp.json()['status'] != 'okay': return render_authentication_error(request) email = resp.json()['email'] user = get_adapter() \ .populate_new_user(email=email) extra_data = resp.json() account = SocialAccount(uid=email, provider=PersonaProvider.id, extra_data=extra_data, user=user) # TBD: Persona e-mail addresses are verified, so we could check if # a matching local user account already exists with an identical # verified e-mail address and short-circuit the social login. Then # again, this holds for all social providers that guarantee # verified e-mail addresses, so if at all, short-circuiting should # probably not be handled here... login = SocialLogin(account) login.state = SocialLogin.state_from_request(request) return complete_social_login(request, login)
def login_by_token(request): ret = None if request.method == 'POST': form = FacebookConnectForm(request.POST) if form.is_valid(): try: provider = providers.registry.by_id(FacebookProvider.id) app = providers.registry.by_id(FacebookProvider.id) \ .get_app(request) access_token = form.cleaned_data['access_token'] info = requests.get( 'https://graph.facebook.com/oauth/access_token_info', params={ 'client_id': app.client_id, 'access_token': access_token }) nonce = provider.get_nonce(request, pop=True) if nonce and nonce == info.json().get('auth_nonce'): token = SocialToken(app=app, token=access_token) login = fb_complete_login(request, app, token) login.token = token login.state = SocialLogin.state_from_request(request) ret = complete_social_login(request, login) except requests.RequestException: logger.exception('Error accessing FB user profile') if not ret: ret = render_authentication_error(request) return ret
def persona_login(request): assertion = request.POST.get('assertion', '') audience = request.build_absolute_uri('/') resp = requests.post('https://verifier.login.persona.org/verify', { 'assertion': assertion, 'audience': audience }) if resp.json['status'] != 'okay': return render_authentication_error(request) email = resp.json['email'] user = User(email=email) extra_data = resp.json account = SocialAccount(uid=email, provider=PersonaProvider.id, extra_data=extra_data, user=user) # TBD: Persona e-mail addresses are verified, so we could check if # a matching local user account already exists with an identical # verified e-mail address and short-circuit the social login. Then # again, this holds for all social providers that guarantee # verified e-mail addresses, so if at all, short-circuiting should # probably not be handled here... login = SocialLogin(account) login.state = SocialLogin.state_from_request(request) return complete_social_login(request, login)
def login(request): ret = None if request.method == 'POST': form = FacebookConnectForm(request.POST) if form.is_valid(): token = form.cleaned_data['access_token'] g = GraphAPI(token) facebook_me = g.get_object("me") email = valid_email_or_none(facebook_me.get('email')) social_id = facebook_me['id'] try: account = FacebookAccount.objects.get(social_id=social_id) except FacebookAccount.DoesNotExist: account = FacebookAccount(social_id=social_id) account.link = facebook_me['link'] account.name = facebook_me['name'] if account.pk: account.save() data = dict(email=email, facebook_me=facebook_me) # some facebook accounts don't have this data data.update((k,v) for (k,v) in facebook_me.items() if k in ['username', 'first_name', 'last_name']) ret = complete_social_login(request, data, account) if not ret: ret = render_authentication_error(request) return ret
def login(request): if 'openid' in request.GET or request.method == 'POST': form = LoginForm(request.REQUEST) if form.is_valid(): client = _openid_consumer(request) try: auth_request = client.begin(form.cleaned_data['openid']) if QUERY_EMAIL: sreg = SRegRequest() sreg.requestField(field_name=SRegField.EMAIL, required=True) auth_request.addExtension(sreg) ax = FetchRequest() ax.add(AttrInfo(AXAttribute.CONTACT_EMAIL, required=True)) auth_request.addExtension(ax) callback_url = reverse(callback) SocialLogin.stash_state(request) redirect_url = auth_request.redirectURL( request.build_absolute_uri('/'), request.build_absolute_uri(callback_url)) return HttpResponseRedirect(redirect_url) # UnicodeDecodeError: # see https://github.com/necaris/python3-openid/issues/1 except (UnicodeDecodeError, DiscoveryFailure) as e: if request.method == 'POST': form._errors["openid"] = form.error_class([e]) else: return render_authentication_error(request) else: form = LoginForm() d = dict(form=form) return render_to_response('openid/login.html', d, context_instance=RequestContext(request))
def login(request): ret = None if request.method == 'POST': form = FacebookConnectForm(request.POST) if form.is_valid(): token = form.cleaned_data['access_token'] g = GraphAPI(token) facebook_me = g.get_object("me") email = valid_email_or_none(facebook_me.get('email')) social_id = facebook_me['id'] try: account = FacebookAccount.objects.get(social_id=social_id) except FacebookAccount.DoesNotExist: account = FacebookAccount(social_id=social_id) account.link = facebook_me['link'] account.name = facebook_me['name'] if account.pk: account.save() data = dict(email=email, facebook_me=facebook_me) # some facebook accounts don't have this data data.update((k, v) for (k, v) in facebook_me.items() if k in ['username', 'first_name', 'last_name']) ret = complete_social_login(request, data, account) if not ret: ret = render_authentication_error(request) return ret
def login_by_token(request): log.debug("login_by_token") ret = None if request.method == 'POST': form = FacebookConnectForm(request.POST) if form.is_valid(): log.debug("Form is valid") try: app = providers.registry.by_id(FacebookProvider.id) \ .get_app(request) log.debug("App exists") access_token = form.cleaned_data['access_token'] log.debug("access token exists") token = SocialToken(app=app, token=access_token) log.debug("social token created") login = fb_complete_login(app, token) log.debug("fb login complete") login.token = token login.state = SocialLogin.state_from_request(request) ret = complete_social_login(request, login) except: # FIXME: Catch only what is needed pass if not ret: log.debug("authentication error") ret = render_authentication_error(request) return ret
def login_by_token(request): ret = None auth_exception = None if request.method == 'POST': form = KakaoConnectForm(request.POST) if form.is_valid(): try: provider = providers.registry.by_id(KakaoProvider.id) app = providers.registry.by_id( KakaoProvider.id).get_app(request) access_token = form.cleaned_data['access_token'] token = SocialToken(app=app, token=access_token) login = kakao_complete_login(request, app, token) login.token = token login.state = SocialLogin.state_from_request(request) ret = complete_social_login(request, login) except requests.RequestException as e: logger.exception('Error accessing KAKAO user profile') auth_exception = e if not ret: ret = render_authentication_error(request, KakaoProvider.id, exception + auth_exception) return ret
def login(request): if 'openid' in request.GET or request.method == 'POST': form = LoginForm(request.REQUEST) if form.is_valid(): client = _openid_consumer(request) try: auth_request = client.begin(form.cleaned_data['openid']) if QUERY_EMAIL: sreg = SRegRequest() sreg.requestField(field_name=SRegField.EMAIL, required=True) auth_request.addExtension(sreg) ax = FetchRequest() ax.add(AttrInfo(AXAttribute.CONTACT_EMAIL, required=True)) auth_request.addExtension(ax) callback_url = reverse(callback) state = SocialLogin.marshall_state(request) callback_url = callback_url + '?' + urlencode(dict(state=state)) redirect_url = auth_request.redirectURL( request.build_absolute_uri('/'), request.build_absolute_uri(callback_url)) return HttpResponseRedirect(redirect_url) except DiscoveryFailure, e: if request.method == 'POST': form._errors["openid"] = form.error_class([e]) else: return render_authentication_error(request)
def login(request): ret = None if request.method == 'POST': form = FacebookConnectForm(request.POST) if form.is_valid(): try: token = form.cleaned_data['access_token'] g = GraphAPI(token) facebook_me = g.get_object("me") email = valid_email_or_none(facebook_me.get('email')) social_id = facebook_me['id'] try: account = FacebookAccount.objects.get(social_id=social_id) except FacebookAccount.DoesNotExist: account = FacebookAccount(social_id=social_id) data = dict(email=email, facebook_access_token=token, facebook_me=facebook_me) # some facebook accounts don't have this data data.update((k, v) for (k, v) in facebook_me.items() if k in ['username', 'first_name', 'last_name']) # Don't save partial/temporary accounts that haven't # gone through the full signup yet, as there is no # User attached yet. if account.pk: account.sync(data) ret = complete_social_login(request, data, account) except (GraphAPIError, IOError): pass if not ret: ret = render_authentication_error(request) return ret
def login_by_token(request): ret = None auth_exception = None if request.method == 'POST': form = KakaoConnectForm(request.POST) if form.is_valid(): try: provider = providers.registry.by_id(KakaoProvider.id) app = providers.registry.by_id(KakaoProvider.id).get_app(request) access_token = form.cleaned_data['access_token'] token = SocialToken(app=app, token=access_token) login = kakao_complete_login(request, app, token) login.token = token login.state = SocialLogin.state_from_request(request) ret = complete_social_login(request, login) except requests.RequestException as e: logger.exception('Error accessing KAKAO user profile') auth_exception = e if not ret: ret = render_authentication_error(request, KakaoProvider.id, exception+auth_exception) return ret
def dispatch(self, request, *args, **kwargs): """ This overloading is necessary to manage the case when the user clicks on "Cancel" once on the "Mire de connexion PE Connect". Original code: https://github.com/pennersr/django-allauth/blob/master/allauth/socialaccount/providers/oauth2/views.py#L113 """ if "error" in request.GET or "code" not in request.GET: # Distinguish cancel from error auth_error = request.GET.get("error", None) if auth_error == self.adapter.login_cancelled_error: error = AuthError.CANCELLED elif auth_error is None and "state" in request.GET: # This custom case happens when the user clicks "Cancel" on the # "Mire de connexion PE Connect". error = AuthError.CANCELLED else: error = AuthError.UNKNOWN logger.error("Unknown error in PEAMU dispatch.") return render_authentication_error(request, self.adapter.provider_id, error=error) app = self.adapter.get_provider().get_app(self.request) client = self.get_client(request, app) try: access_token = client.get_access_token(request.GET["code"]) token = self.adapter.parse_token(access_token) token.app = app login = self.adapter.complete_login(request, app, token, response=access_token) login.token = token if self.adapter.supports_state: login.state = SocialLogin.verify_and_unstash_state( request, get_request_param(request, "state")) else: login.state = SocialLogin.unstash_state(request) return complete_social_login(request, login) except (PermissionDenied, OAuth2Error, RequestException, ProviderException) as e: # This log is useful, 3.6k events for 75 users in 18 days but we have to disable it # to not reach the Sentry limit. The issue is tracked in Trello. # logger.error("Unknown error in PEAMU dispatch with exception '%s'.", e) return render_authentication_error(request, self.adapter.provider_id, exception=e)
def dispatch(self, request): app = self.adapter.get_provider().get_app(self.request) client = self.get_client(request, app) client.state = SocialLogin.stash_state(request) try: return HttpResponseRedirect(client.get_redirect_url()) except OAuth2Error: return render_authentication_error(request)
def dispatch(self, request): if 'error' in request.GET or not 'code' in request.GET: # TODO: Distinguish cancel from error return render_authentication_error(request) app = self.adapter.get_provider().get_app(self.request) client = self.get_client(request, app) try: access_token = client.get_access_token(request.GET['code']) token = SocialToken(app=app, token=access_token) login = self.adapter.complete_login(request, app, token) token.account = login.account login.token = token login.state = SocialLogin.unmarshall_state( request.REQUEST.get('state')) return complete_social_login(request, login) except OAuth2Error: return render_authentication_error(request)
def dispatch(self, request): if 'error' in request.GET or 'access_token' not in request.GET: # Distinguish cancel from error auth_error = request.GET.get('error', None) if auth_error == self.adapter.login_cancelled_error: error = AuthError.CANCELLED else: error = AuthError.UNKNOWN return render_authentication_error(request, self.adapter.provider_id, error=error) app = self.adapter.get_provider().get_app(self.request) client = self.get_client(request, app) try: # Parse the access token access_token = { 'access_token': request.GET['access_token'], 'expires_in': request.GET['expires_in'] } token = self.adapter.parse_token(access_token) token.app = app login = self.adapter.complete_login(request, app, token, response=access_token) login.token = token SocialLogin.stash_state(request) if self.adapter.supports_state: login.state = SocialLogin \ .verify_and_unstash_state( request, get_request_param(request, 'state')) else: login.state = SocialLogin.unstash_state(request) # Make sure the user is initiated with some training in the DB request.session['initial_training'] = 'zooniverse' return complete_social_login(request, login) except (PermissionDenied, OAuth2Error, RequestException, ProviderException) as e: return render_authentication_error(request, self.adapter.provider_id, exception=e)
def dispatch(self, request): callback_url = reverse(self.adapter.provider_id + "_callback") client = self._get_client(request, callback_url) request.session['next'] = get_login_redirect_url(request) try: return client.get_redirect() except OAuthError: return render_authentication_error(request)
def dispatch(self, request): callback_url = reverse(self.adapter.provider_id + "_callback") SocialLogin.stash_state(request) client = self._get_client(request, callback_url) try: return client.get_redirect() except OAuthError: return render_authentication_error(request)
def dispatch(self, request): app = self.adapter.get_provider().get_app(self.request) client = self.get_client(request, app) client.state = SocialLogin.marshall_state(request) try: return HttpResponseRedirect(client.get_redirect_url()) except OAuth2Error: return render_authentication_error(request)
def dispatch(self, request): if "error" in request.GET or not "code" in request.GET: # TODO: Distinguish cancel from error return render_authentication_error(request) app = self.adapter.get_provider().get_app(self.request) client = self.get_client(request, app) try: access_token = client.get_access_token(request.GET["code"]) token = self.adapter.parse_token(access_token) token.app = app login = self.adapter.complete_login(request, app, token, response=access_token) token.account = login.account login.token = token login.state = SocialLogin.verify_and_unstash_state(request, request.REQUEST.get("state")) return complete_social_login(request, login) except OAuth2Error: return render_authentication_error(request)
def login(request): if 'openid' in request.GET or request.method == 'POST': form = LoginForm( dict(list(request.GET.items()) + list(request.POST.items())) ) if form.is_valid(): client = _openid_consumer(request) provider = OpenIDProvider(request) realm = provider.get_settings().get( 'REALM', request.build_absolute_uri('/')) try: auth_request = client.begin(form.cleaned_data['openid']) if QUERY_EMAIL: sreg = SRegRequest() for name in SRegFields: sreg.requestField(field_name=name, required=True) auth_request.addExtension(sreg) ax = FetchRequest() for name in AXAttributes: ax.add(AttrInfo(name, required=True)) provider = OpenIDProvider(request) server_settings = \ provider.get_server_settings(request.GET.get('openid')) extra_attributes = \ server_settings.get('extra_attributes', []) for _, name, required in extra_attributes: ax.add(AttrInfo(name, required=required)) auth_request.addExtension(ax) callback_url = reverse(callback) SocialLogin.stash_state(request) # Fix for issues 1523 and 2072 (github django-allauth) if 'next' in form.cleaned_data and form.cleaned_data['next']: auth_request.return_to_args['next'] = \ form.cleaned_data['next'] redirect_url = auth_request.redirectURL( realm, request.build_absolute_uri(callback_url)) return HttpResponseRedirect(redirect_url) # UnicodeDecodeError: # see https://github.com/necaris/python3-openid/issues/1 except (UnicodeDecodeError, DiscoveryFailure) as e: if request.method == 'POST': form._errors["openid"] = form.error_class([e]) else: return render_authentication_error( request, OpenIDProvider.id, exception=e) else: form = LoginForm(initial={'next': request.GET.get('next'), 'process': request.GET.get('process')}) d = dict(form=form) return render(request, "openid/login.html", d)
def dispatch(self, request): app = self.adapter.get_app(self.request) client = self.get_client(request, app) # TODO: next can be passed along to callback url, session not required request.session['next'] = get_login_redirect_url(request) try: return HttpResponseRedirect(client.get_redirect_url()) except OAuth2Error: return render_authentication_error(request)
def dispatch(self, request): if 'error' in request.GET or not 'code' in request.GET: # TODO: Distinguish cancel from error return render_authentication_error(request) app = self.adapter.get_provider().get_app(self.request) client = self.get_client(request, app) try: access_token = client.get_access_token(request.GET['code']) token = SocialToken(app=app, token=access_token) login = self.adapter.complete_login(request, app, token) token.account = login.account login.token = token return complete_social_login(request, login) except OAuth2Error: return render_authentication_error(request)
def login_by_token(request): ret = None auth_exception = None if request.method == "POST": form = FacebookConnectForm(request.POST) if form.is_valid(): try: provider = providers.registry.by_id(FacebookProvider.id, request) login_options = provider.get_fb_login_options(request) app = provider.get_app(request) access_token = form.cleaned_data["access_token"] expires_at = None if login_options.get("auth_type") == "reauthenticate": info = requests.get( GRAPH_API_URL + "/oauth/access_token_info", params={ "client_id": app.client_id, "access_token": access_token, }, ).json() nonce = provider.get_nonce(request, pop=True) ok = nonce and nonce == info.get("auth_nonce") else: ok = True if ok and provider.get_settings().get("EXCHANGE_TOKEN"): resp = requests.get( GRAPH_API_URL + "/oauth/access_token", params={ "grant_type": "fb_exchange_token", "client_id": app.client_id, "client_secret": app.secret, "fb_exchange_token": access_token, }, ).json() access_token = resp["access_token"] expires_in = resp.get("expires_in") if expires_in: expires_at = timezone.now() + timedelta( seconds=int(expires_in)) if ok: token = SocialToken(app=app, token=access_token, expires_at=expires_at) login = fb_complete_login(request, app, token) login.token = token login.state = SocialLogin.state_from_request(request) ret = complete_social_login(request, login) except requests.RequestException as e: logger.exception("Error accessing FB user profile") auth_exception = e if not ret: ret = render_authentication_error(request, FacebookProvider.id, exception=auth_exception) return ret
def dispatch(self, request): if 'error' in request.GET or not 'code' in request.GET: error_context = {} try: import json error_context = {"error": "facebook:" + request.GET["error_message"] if "error_message" in request.GET else ''} except Exception, args: pass # TODO: Distinguish cancel from error return render_authentication_error(request, error_context)
def login_done(request): app = TwitterApp.objects.get_current() client = OAuthTwitter( request, app.consumer_key, app.consumer_secret, app.request_token_url) try: user_info = client.get_user_info() except OAuthError, e: return render_authentication_error(request)
def dispatch(self, request, *args, **kwargs): logger.info("start login") if 'error' in request.GET or 'code' not in request.GET: # Distinguish cancel from error auth_error = request.GET.get('error', None) logger.info("auth_error %s " % auth_error) if auth_error == self.adapter.login_cancelled_error: error = AuthError.CANCELLED logger.info("AuthError.CANCELLED %s " % error) else: error = AuthError.UNKNOWN logger.info("AuthError.UNKNOWN %s %s" % (error, auth_error)) return render_authentication_error(request, self.adapter.provider_id, error=error) app = self.adapter.get_provider().get_app(self.request) logger.info("app %s " % app) client = self.get_client(request, app) try: access_token = client.get_access_token(request.GET['code']) logger.info("access_token %s " % access_token) token = self.adapter.parse_token(access_token) logger.info("parse_token %s " % token) token.app = app login = self.adapter.complete_login(request, app, token, response=access_token) logger.info("logged in %s " % login) login.token = token if self.adapter.supports_state: login.state = SocialLogin \ .verify_and_unstash_state( request, get_request_param(request, 'state')) else: login.state = SocialLogin.unstash_state(request) return complete_social_login(request, login) except (PermissionDenied, OAuth2Error, RequestException, ProviderException) as e: return render_authentication_error(request, self.adapter.provider_id, exception=e)
def dispatch(self, request, *args, **kwargs): if 'error' in request.GET or 'code' not in request.GET: # Distinguish cancel from error auth_error = request.GET.get('error', None) if auth_error == self.adapter.login_cancelled_error: error = AuthError.CANCELLED else: error = AuthError.UNKNOWN return render_authentication_error( request, self.adapter.provider_id, error=error) app = self.adapter.get_provider().get_app(self.request) client = self.get_client(request, app) try: access_token = client.get_access_token(request.GET['code']) token = self.adapter.parse_token(access_token) token.app = app login = self.adapter.complete_login(request, app, token, response=access_token) login.token = token if self.adapter.supports_state: login.state = SocialLogin \ .verify_and_unstash_state( request, get_request_param(request, 'state')) else: login.state = SocialLogin.unstash_state(request) return complete_social_login(request, login) except (PermissionDenied, OAuth2Error, RequestException, ProviderException) as e: if isinstance(e, PermissionDenied) or isinstance(e, OAuth2Error): # One of these errors are raised when a user authenticated through dataporten # uses the browser back button. Simply redirect to ``/``. return HttpResponseRedirect('/') return render_authentication_error( request, self.adapter.provider_id, exception=e)
def dispatch(self, request): callback_url = reverse(self.adapter.provider_id + "_callback") # TODO: Can't this be moved as query param into callback? # Tried but failed somehow, needs further study... request.session['oauth_login_state'] \ = SocialLogin.marshall_state(request) client = self._get_client(request, callback_url) try: return client.get_redirect() except OAuthError: return render_authentication_error(request)
def dispatch(self, request): callback_url = reverse(self.adapter.provider_id + "_callback") SocialLogin.stash_state(request) action = request.GET.get("action", AuthAction.AUTHENTICATE) provider = self.adapter.get_provider() auth_url = provider.get_auth_url(request, action) or self.adapter.authorize_url client = self._get_client(request, callback_url) try: return client.get_redirect(auth_url) except OAuthError as e: return render_authentication_error(request, self.adapter.provider_id, exception=e)
def dispatch(self, request): if 'error' in request.GET or not 'code' in request.GET: # TODO: Distinguish cancel from error return render_authentication_error(request) app = self.adapter.get_provider().get_app(self.request) client = self.get_client(request, app) try: access_token, refresh_token = client.get_access_token(request.GET['code']) token = SocialToken(app=app, token=access_token, token_secret=refresh_token) login = self.adapter.complete_login(request, app, token) token.account = login.account login.token = token login.state = SocialLogin.unmarshall_state(request.REQUEST .get('state')) login.redirect_account_url = request.session.pop('redirect_account_url', None) return complete_social_login(request, login) except OAuth2Error: return render_authentication_error(request)
def dispatch(self, request): provider = self.adapter.get_provider() app = provider.get_app(self.request) client = self.get_client(request, app) action = request.GET.get("action", AuthAction.AUTHENTICATE) auth_url = self.adapter.authorize_url auth_params = provider.get_auth_params(request, action) client.state = SocialLogin.stash_state(request) try: return HttpResponseRedirect(client.get_redirect_url(auth_url, auth_params)) except OAuth2Error as e: return render_authentication_error(request, provider.id, exception=e)