def my_style(request): context = RequestContext(request) context['auth_url'] = generate_oauth_url() context['facebook'] = fb = get_facebook_graph(request) return render_to_response('django_facebook/my_style.html', context)
def _wrapped_view(request, *args, **kwargs): if canvas: oauth_url, redirect_uri = generate_oauth_url( scope_list, extra_params=extra_params) else: oauth_url, redirect_uri = get_oauth_url( request, scope_list, extra_params=extra_params) try: # call get persistent graph and convert the # token with correct redirect uri get_persistent_graph(request, redirect_uri=redirect_uri) return view_func(request, *args, **kwargs) except open_facebook_exceptions.OpenFacebookException, e: if test_permissions(request, scope_list, redirect_uri): # an error if we already have permissions # shouldn't have been caught # raise to prevent bugs with error mapping to cause issues raise else: logger.info( u'requesting access with redirect uri: %s, error was %s', redirect_uri, e) response = response_redirect(oauth_url, canvas=canvas) return response
def canvas(request): context = RequestContext(request) context['auth_url'] = generate_oauth_url() if fb.is_authenticated(): likes = context['facebook'].get_connections("me", "likes", limit=3) logger.info('found these likes %s', likes) return render_to_response('django_facebook/canvas.html', context)
def canvas(request): context = RequestContext(request) context['auth_url'] = generate_oauth_url() fb = get_persistent_graph(request) if fb.is_authenticated(): likes = context['facebook'].get_connections("me", "likes", limit=3) logger.info('found these likes %s', likes) return render_to_response('django_facebook/canvas.html', context)
def canvas(request): context = RequestContext(request) context["auth_url"] = generate_oauth_url() fb = get_persistent_graph(request) if fb.is_authenticated(): likes = context["facebook"].get_connections("me", "likes", limit=3) logger.info("found these likes %s", likes) return render_to_response("django_facebook/canvas.html", context)
def _wrapped_view(request, *args, **kwargs): if canvas: oauth_url, redirect_uri = generate_oauth_url(scope_list) else: oauth_url, redirect_uri = get_oauth_url(request, scope_list) if test_permissions(request, scope_list, redirect_uri): return view_func(request, *args, **kwargs) else: logger.info('requesting access with redirect uri: %s', redirect_uri) response = response_redirect(oauth_url, canvas=canvas) return response
def _wrapped_view(request, *args, **kwargs): if canvas: oauth_url, redirect_uri = generate_oauth_url(scope_list, extra_params=extra_params) else: oauth_url, redirect_uri = get_oauth_url(request, scope_list, extra_params=extra_params) try: # call get persistent graph and convert the # token with correct redirect uri get_persistent_graph(request, redirect_uri=redirect_uri) return view_func(request, *args, **kwargs) except open_facebook_exceptions.OpenFacebookException, e: if test_permissions(request, scope_list, redirect_uri): # an error if we already have permissions # shouldn't have been caught # raise to prevent bugs with error mapping to cause issues raise else: logger.info(u'requesting access with redirect uri: %s, error was %s', redirect_uri, e) response = response_redirect(oauth_url, canvas=canvas) return response
# -*- coding: UTF-8 -*- from urlparse import urlparse from open_facebook.api import FacebookAuthorization, OpenFacebook from django_facebook.canvas import generate_oauth_url from django_facebook.utils import ScriptRedirect from django_facebook.connect import connect_user from django.contrib.auth import logout from django_facebook import settings from django_facebook.exceptions import MissingPermissionsError redirect_login_oauth = ScriptRedirect(redirect_to=generate_oauth_url(), show_body=False) class FacebookCanvasMiddleWare(object): def process_request(self, request): """ This middleware authenticates the facebook user when he/she is accessing the app from facebook (not an internal page) The flow is show below: if referer is facebook: it's a canvas app and the first hit on the app If error: attempt to reauthenticate using authorization dialog if signed_request not sent or does not have the user_id and the access_token: user has not authorized app redirect to authorization dialog else: check permissions
def process_request(self, request): """ This middleware authenticates the facebook user when he/she is accessing the app from facebook (not an internal page) The flow is show below: if referer is facebook: it's a canvas app and the first hit on the app If error: attempt to reauthenticate using authorization dialog if signed_request not sent or does not have the user_id and the access_token: user has not authorized app redirect to authorization dialog else: check permissions if user is authenticated (in django): check if current facebook user is the same that is authenticated if not: logout authenticated user if user is not authenticated: connect_user (django_facebook.connect module) changed method to GET. Facebook always sends a POST first. else: It's an internal page. No signed_request is sent. Return """ logger.info("PR01 process_request in django-facebook middleware") # This call cannot be global'ized or Django will return an empty response # after the first one redirect_login_oauth = ScriptRedirect(redirect_to=generate_oauth_url(), show_body=False) # check referer to see if this is the first access # or it's part of navigation in app # facebook always sends a POST reuqest referer = request.META.get("HTTP_REFERER", None) if referer: logger.info("PR02 referrer %s" % referer) urlparsed = urlparse(referer) is_facebook = urlparsed.netloc.endswith("facebook.com") # facebook redirect if is_facebook and urlparsed.path.endswith("/l.php"): logger.info("PR03 is_facebook = True") return if not is_facebook: logger.info("PR04 is_facebook = False") return # when there is an error, we attempt to allow user to # reauthenticate if "error" in request.GET: logger.info("PR05 errors in request.GET") return redirect_login_oauth else: logger.info("PR06 no referrer") return # get signed_request signed_request = request.POST.get("signed_request", None) try: # get signed_request parsed_signed_request = FacebookAuthorization.parse_signed_data(signed_request) access_token = parsed_signed_request["oauth_token"] facebook_id = long(parsed_signed_request["user_id"]) logger.info("PR07 facebook_id = %s" % facebook_id) except: logger.info("PR08 app is not authorized by user") # redirect to authorization dialog # if app not authorized by user return redirect_login_oauth # check for permissions try: graph = self.check_permissions(access_token) logger.info("PR09 got graph") except MissingPermissionsError: logger.info("PR010 no graph") return redirect_login_oauth # check if user authenticated and if it's the same if request.user.is_authenticated(): logger.info("PR11 use is authenticated, user_id = %s" % request.user.id) if not self.check_django_facebook_user(request, facebook_id, access_token): logger.info("PR12 check django facebook user failed") return request.facebook = graph if not request.user.is_authenticated(): logger.info("PR13 user is not authenticated") _action, _user = connect_user(request, access_token, graph) # override http method, since this actually is a GET if request.method == "POST": logger.info("PR14 overwrite POST to GET") request.method = "GET" return
def process_request(self, request): """ This middleware authenticates the facebook user when he/she is accessing the app from facebook (not an internal page) The flow is show below: if referer is facebook: it's a canvas app and the first hit on the app If error: attempt to reauthenticate using authorization dialog if signed_request not sent or does not have the user_id and the access_token: user has not authorized app redirect to authorization dialog else: check permissions if user is authenticated (in django): check if current facebook user is the same that is authenticated if not: logout authenticated user if user is not authenticated: connect_user (django_facebook.connect module) changed method to GET. Facebook always sends a POST first. else: It's an internal page. No signed_request is sent. Return """ # This call cannot be global'ized or Django will return an empty response # after the first one redirect_login_oauth = ScriptRedirect(redirect_to=generate_oauth_url(), show_body=False) # check referer to see if this is the first access # or it's part of navigation in app # facebook always sends a POST reuqest referer = request.META.get('HTTP_REFERER', None) if referer: urlparsed = urlparse(referer) is_facebook = urlparsed.netloc.endswith('facebook.com') # facebook redirect if is_facebook and urlparsed.path.endswith('/l.php'): return if not is_facebook: return # when there is an error, we attempt to allow user to # reauthenticate if 'error' in request.GET: return redirect_login_oauth else: return # get signed_request signed_request = request.POST.get('signed_request', None) try: # get signed_request parsed_signed_request = FacebookAuthorization.parse_signed_data( signed_request) access_token = parsed_signed_request['oauth_token'] facebook_id = long(parsed_signed_request['user_id']) except: # redirect to authorization dialog # if app not authorized by user return redirect_login_oauth # check for permissions try: graph = self.check_permissions(access_token) except MissingPermissionsError: return redirect_login_oauth # check if user authenticated and if it's the same if request.user.is_authenticated(): self.check_django_facebook_user(request, facebook_id, access_token) request.facebook = graph if not request.user.is_authenticated(): _action, _user = connect_user(request, access_token, graph) # override http method, since this actually is a GET if request.method == 'POST': request.method = 'GET' return
def canvashome(request): redirectTo = request.session.get('redirect_to', False) if redirectTo: del request.session['redirect_to'] return HttpResponseRedirect(str(redirectTo)) member = None fb_url = settings.FACEBOOK_APP_URL #.format(appname=settings.FACEBOOK_APP_NAME) share_title = ConfigKey.get('SHARE_APP_TITLE', 'iBidGames') share_description = ConfigKey.get( 'SHARE_APP_DESC', 'iBidGames is the first true online Interactive Auction, is the only interactive auction game within Facebook framework that allows players to win real items' ) if not request.user.is_authenticated(): if not request.GET.get('facebook_login', None) and not request.GET.get( 'code', None): return render_response(request, 'login.html') else: if not request.GET.get('code', None): return redirect(generate_oauth_url()) access_token = FacebookAuthorization.convert_code( request.GET.get('code', None), fb_url)['access_token'] #Here the user dont came from facebook. The dj-middleware redirects to this poin without authentication data = { 'authorization_url': fb_url, 'app_url': fb_url, 'site_url': settings.SITE_NAME, 'share_title': share_title, 'share_description': share_description, } _action, _user = connect_user(request, access_token) return render_response(request, 'fb_redirect.html', data) #else: # social_auth_user = UserSocialAuth.objects.filter(provider='google-oauth2').filter(user_id=request.user.id) # if social_auth_user.count() > 0: # social_auth_user = social_auth_user[0] # data = get_data(social_auth_user.uid,social_auth_user.extra_data['access_token']) # google_profile = Google_profile.objects.filter(user_id=social_auth_user.user_id) # if google_profile.count() ==0: # google_profile = Google_profile.objects.create( # user_id= social_auth_user.user_id, # profile_url = data['url'], # profile_picture_url = data['image']['url'], # displayName = data['displayName'], # email = data['emails'][0]['value'], # gender =data['gender'] # ) # member=Member.objects.get(id=social_auth_user.user_id) # member.bids_left = 0 # member.tokens_left = 2000 # member.save() # client.update_tokens(member) # else: # google_profile = google_profile[0] # profile_picture_url = data['image']['url'] # google_profile.save() if not member: member = Member.objects.get(id=request.user.id) #give free tokens from promo freeExtraTokens = request.session.get('freeExtraTokens', 0) if freeExtraTokens and not member.getSession('freeExtraTokens', None): member.tokens_left += freeExtraTokens member.setSession('freeExtraTokens', 'used') member.save() del request.session['freeExtraTokens'] display_popup = False if not member.getSession('revisited'): display_popup = True member.setSession('revisited', True) try: auction_type = request.GET['auction_type'] except Exception: auction_type = 'token' response = render_response( request, 'bidding/mainpage.html', { 'FACEBOOK_APP_URL': settings.FACEBOOK_APP_URL.format( appname=settings.FACEBOOK_APP_NAME), 'SITE_NAME_WOUT_BACKSLASH': settings.SITE_NAME_WOUT_BACKSLASH, 'display_popup': display_popup, 'facebook_user_id': member.facebook_id, 'tosintro': FlatPage.objects.filter(title="tacintro")[0].content, 'member': member, 'auction_type': auction_type, 'app_url': fb_url, 'site_url': settings.SITE_NAME, 'share_title': share_title, 'share_description': share_description, 'inCanvas': False }) return response
# -*- coding: UTF-8 -*- ''' Created on Jan 9, 2013 @author: dudu ''' from urlparse import urlparse from open_facebook.api import FacebookAuthorization, OpenFacebook from django_facebook.canvas import generate_oauth_url from django_facebook.utils import ScriptRedirect from django_facebook.connect import connect_user from django.contrib.auth import logout from django_facebook import settings redirect_login_oauth = ScriptRedirect(redirect_to=generate_oauth_url(), show_body=False) class FacebookCanvasMiddleWare(object): def process_request(self, request): """ check if referer is facebook. If yes, this is the canvas page: if not return. if yes: 1) look for error. if error=permission denied -> redirect to permission. if other error: check what it can be 2) get signed_request and parse it. 3) if user_id and access_token not it parsed data -> redirect to permission page 4) check permissions 5) user: a) if user is authenticated: check if it's the same
# -*- coding: UTF-8 -*- ''' Created on Jan 9, 2013 @author: dudu ''' from urlparse import urlparse from open_facebook.api import FacebookAuthorization, OpenFacebook from django_facebook.canvas import generate_oauth_url from django_facebook.utils import CanvasRedirect from django_facebook.connect import connect_user from django.contrib.auth import logout from django_facebook import settings redirect_login_oauth = CanvasRedirect(redirect_to=generate_oauth_url(), show_body=False) class FacebookCanvasMiddleWare(object): def process_request(self, request): """ check if referer is facebook. If yes, this is the canvas page: if not return. if yes: 1) look for error. if error=permission denied -> redirect to permission. if other error: check what it can be 2) get signed_request and parse it. 3) if user_id and access_token not it parsed data -> redirect to permission page 4) check permissions 5) user: a) if user is authenticated: check if it's the same b) user is not authenticated: connect
def my_style(request): context = RequestContext(request) context["auth_url"] = generate_oauth_url() return render_to_response("django_facebook/my_style.html", context)
def process_request(self, request): """ This middleware authenticates the facebook user when he/she is accessing the app from facebook (not an internal page) The flow is show below: if referer is facebook: it's a canvas app and the first hit on the app If error: attempt to reauthenticate using authorization dialog if signed_request not sent or does not have the user_id and the access_token: user has not authorized app redirect to authorization dialog else: check permissions if user is authenticated (in django): check if current facebook user is the same that is authenticated if not: logout authenticated user if user is not authenticated: connect_user (django_facebook.connect module) changed method to GET. Facebook always sends a POST first. else: It's an internal page. No signed_request is sent. Return """ # This call cannot be global'ized or Django will return an empty response # after the first one redirect_login_oauth = ScriptRedirect(redirect_to=generate_oauth_url(), show_body=False) # check referer to see if this is the first access # or it's part of navigation in app # facebook always sends a POST reuqest referer = request.META.get('HTTP_REFERER', None) if referer: urlparsed = urlparse(referer) if not urlparsed.netloc.endswith('facebook.com'): return # when there is an error, we attempt to allow user to # reauthenticate if 'error' in request.GET: return redirect_login_oauth else: return # get signed_request signed_request = request.POST.get('signed_request', None) try: # get signed_request parsed_signed_request = FacebookAuthorization.parse_signed_data( signed_request) access_token = parsed_signed_request['oauth_token'] facebook_id = int(parsed_signed_request['user_id']) except: # redirect to authorization dialog # if app not authorized by user return redirect_login_oauth # check for permissions try: graph = self.check_permissions(access_token) except MissingPermissionsError: return redirect_login_oauth # check if user authenticated and if it's the same if request.user.is_authenticated(): self.check_django_facebook_user(request, facebook_id, access_token) request.facebook = graph if not request.user.is_authenticated(): _action, _user = connect_user(request, access_token, graph) # override http method, since this actually is a GET if request.method == 'POST': request.method = 'GET' return
# -*- coding: UTF-8 -*- ''' Created on Jan 9, 2013 @author: dudu ''' from urlparse import urlparse from open_facebook.api import FacebookAuthorization, OpenFacebook from django_facebook.canvas import generate_oauth_url from django_facebook.utils import CanvasRedirect from django_facebook.connect import connect_user from django.contrib.auth import logout from django_facebook import settings redirect_login_oauth = CanvasRedirect(redirect_to=generate_oauth_url(), show_body=False) class FacebookCanvasMiddleWare(object): def process_request(self, request): """ check if referer is facebook. If yes, this is the canvas page: if not return. if yes: 1) look for error. if error=permission denied -> redirect to permission. if other error: check what it can be 2) get signed_request and parse it. 3) if user_id and access_token not it parsed data -> redirect to permission page 4) check permissions 5) user: a) if user is authenticated: check if it's the same