def actor_twitter_callback(request): logging.info("Callback URL") redirect_to = memcache.client.get('redirect_to') memcache.client.delete('redirect_to') view = user.get_user_from_cookie_or_legacy_auth(request) if view is not None: if view.extra.get('twitter_access_token') is None: twitter_user, token = util_externals.twitter_user() logging.info("Creating external profile after creates a token") ep_ref = api.create_external_profile(view.nick, 'twitter', twitter_user.screen_name, str(twitter_user.id), 'http://twitter.com/%s'%twitter_user.screen_name) view.extra['twitter_access_token'] = token view.put() if not redirect_to == 'autoclose': response = util.RedirectFlash(redirect_to, 'Oauth authentication success') return response c = template.RequestContext(request, locals()) t = loader.get_template('actor/templates/twitter_callback.html') return http.HttpResponse(t.render(c))
def api_authorize(request): """ checks on the request token provided or ask the user enter one allows the user to authorize this if consumer style is web and a callback is provided redirect to it otherwise suggest that the user notify their application that authorization has completed """ redirect = urllib.quote(request.get_full_path()) view = user.get_user_from_cookie_or_legacy_auth(request) if view is None: logging.info("Redirect: %s " % redirect) return http.HttpResponseRedirect("/login?redirect_to=%s" % redirect) oauth_token = request.REQUEST.get('oauth_token', None) if not oauth_token: # please enter token page pass oauth_token_ref = api.oauth_get_request_token(api.ROOT, oauth_token) if not oauth_token_ref: raise Exception("bad token") oauth_consumer_ref = api.oauth_get_consumer(api.ROOT, oauth_token_ref.consumer) if not oauth_consumer_ref: raise Exception("bad consumer") if "active" != oauth_consumer_ref.status: raise Exception("inactive consumer") perms = request.REQUEST.get('perms', 'read') if request.POST: # we posted to this page to authorize # TODO verify nonce validate.nonce(request, "authorize_token") api.oauth_authorize_request_token(api.ROOT, oauth_token_ref.key_, actor=request.user.nick, perms=perms) oauth_callback = request.POST.get("oauth_callback", None) if oauth_consumer_ref.type == "web": if oauth_callback: return http.HttpResponseRedirect(oauth_callback) elif oauth_consumer_ref.callback_url is not None: return http.HttpResponseRedirect(oauth_consumer_ref.callback_url) c = template.RequestContext(request, locals()) t = loader.get_template('api/templates/authorized.html') return http.HttpResponse(t.render(c)) perms_pretty = {'read': 'view', 'write': 'view and update', 'delete': 'view, update and delete'}[perms] c = template.RequestContext(request, locals()) t = loader.get_template('api/templates/authorize.html') return http.HttpResponse(t.render(c))
def login_login(request): redirect_to = request.REQUEST.get('redirect_to', '/') redirect_to = clean.redirect_to(redirect_to) if request.POST: try: login = request.POST.get('log', None) password = request.POST.get('pwd', None) rememberme = request.POST.get('rememberme', None) # TODO validate current_user = user.lookup_user_by_login(login, password) if current_user: if redirect_to == '/': redirect_to = current_user.url('/overview') # Attempt to do some cleanup on the user if necessary api.user_cleanup(api.ROOT, current_user.nick) # if we aren't hosted or aren't ssl just set the cookie and go home if (not settings.HOSTED_DOMAIN_ENABLED or not settings.SSL_LOGIN_ENABLED): response = http.HttpResponseRedirect(redirect_to) response = user.set_user_cookie(response, current_user, rememberme) return response # otherwise, we're going to have to redirect to set the cookie on # the proper domain sso_token = util.generate_uuid() cache.set('sso/%s' % sso_token, (current_user.nick, rememberme), timeout=10) sso_url = 'http://%s/login/noreally' % (settings.DOMAIN) sso_url = util.qsa( sso_url, {'redirect_to': redirect_to, 'sso_token': sso_token}) return http.HttpResponseRedirect(sso_url) else: raise exception.ValidationError("Invalid username or password") except: exception.handle_exception(request) view =user.get_user_from_cookie_or_legacy_auth(request) area="login" if view: if redirect_to == '/': redirect_to = request.user.url('/overview') return http.HttpResponseRedirect(redirect_to) c = template.RequestContext(request, locals()) t = loader.get_template('login/templates/login.html') return http.HttpResponse(t.render(c))
def actor_twitter_auth(request): # Getting the access token view = user.get_user_from_cookie_or_legacy_auth(request) access_token = None if view is not None: access_token = view.extra.get('twitter_access_token', None) redirect_to = request.GET.get('redirect_to', '/') if access_token is not None: if redirect_to == 'autoclose': memcache.client.set('redirect_to', redirect_to, 600) return http.HttpResponseRedirect('/twitter/callback') return http.HttpResponseRedirect(redirect_to) try: authorization_url = twitter.get_authorization_url(redirect_to) except: response = util.RedirectFlash(redirect_to, 'We can not connect to twitter') return response return http.HttpResponseRedirect(authorization_url)