def amazon_login(request): error = get_request_param(request, 'error', None) return_url = get_return_url(request) if error is not None: if error == 'access_denied': return HttpResponseRedirect('/accounts/amazon_required/') error_message = request.GET.get('error_description') + \ '<br><a href="' + request.GET.get('error_uri') + \ '">Learn more</a>' return render(request, 'old/accounts/login.html', { 'next': return_url, 'error': error_message }) access_token = get_request_param(request, 'access_token') query_parameters = urllib.urlencode({'access_token': access_token}) token_request = urllib2.urlopen( 'https://api.amazon.com/auth/O2/tokeninfo?%s' % query_parameters) json_data = json.load(token_request) if token_request.getcode() == 200: is_verified = json_data['aud'] == settings.AMAZON_LOGIN_CLIENT_ID if not is_verified: return render( request, 'old/accounts/login.html', { 'next': return_url, 'error': 'Verification failed! Please contact administrators' }) profile_request = urllib2.urlopen( 'https://api.amazon.com/user/profile?%s' % query_parameters) profile_json_data = json.load(profile_request) if profile_request.getcode() == 200: # Extract the values we need from the Amazon profile amazon_user_id = profile_json_data['user_id'] amazon_user_name = profile_json_data['name'] amazon_user_email = profile_json_data['email'] # Process the login as an amazon login, creating and adding roles to the user as needed return _process_amazon_login(access_token, amazon_user_email, amazon_user_id, request, amazon_user_name) else: return _handle_amazon_conn_error(request, profile_json_data) else: return _handle_amazon_conn_error(request, json_data)
def amazon_login(request): error = get_request_param(request, 'error', None) return_url = get_return_url(request) if error is not None: if error == 'access_denied': return HttpResponseRedirect('/accounts/amazon_required/') error_message = request.GET.get('error_description') + \ '<br><a href="' + request.GET.get('error_uri') + \ '">Learn more</a>' return render(request, 'old/accounts/login.html', { 'next': return_url, 'error': error_message }) access_token = get_request_param(request, 'access_token') query_parameters = urllib.urlencode({'access_token': access_token}) token_request = urllib2.urlopen('https://api.amazon.com/auth/O2/tokeninfo?%s' % query_parameters) json_data = json.load(token_request) if token_request.getcode() == 200: is_verified = json_data['aud'] == settings.AMAZON_LOGIN_CLIENT_ID if not is_verified: return render(request, 'old/accounts/login.html', { 'next': return_url, 'error': 'Verification failed! Please contact administrators' }) profile_request = urllib2.urlopen('https://api.amazon.com/user/profile?%s' % query_parameters) profile_json_data = json.load(profile_request) if profile_request.getcode() == 200: # Extract the values we need from the Amazon profile amazon_user_id = profile_json_data['user_id'] amazon_user_name = profile_json_data['name'] amazon_user_email = profile_json_data['email'] # Process the login as an amazon login, creating and adding roles to the user as needed return _process_amazon_login(access_token, amazon_user_email, amazon_user_id, request, amazon_user_name) else: return _handle_amazon_conn_error(request, profile_json_data) else: return _handle_amazon_conn_error(request, json_data)
def save_linkedin(request): """ Saves linkedin details so that CERN can post to LinkedIn. :param request: response from LinkedIn :return: redirect to CERN dashboard """ if request.method == 'GET': state = 'aowj3p5ro8a0f9jq23lk4jqlwkejADSE$SDSDFGJJaw' returned_state = get_request_param(request, 'state') if returned_state == state: # Handle case when user does not authorize if get_request_param(request, 'error') == 'access_denied': pass code = get_request_param(request, 'code') response = urlopen('https://www.linkedin.com/uas/oauth2/accessToken' + '?grant_type=authorization_code' + '&code=' + code + '&redirect_uri=http://' + request.META['HTTP_HOST'] + '/cern/save_linkedin' + '&client_id=' + settings.LINKEDIN_API_KEY + '&client_secret=' + settings.LINKEDIN_SECRET_KEY, data=" ") json = loads(response.read()) seconds_remaining = int(json['expires_in']) - 86400*3 expires = datetime.utcnow() + timedelta(seconds=seconds_remaining) token = json['access_token'] student = request.current_role.entity student.linkedin_token = token student.linkedin_expires = expires student.save() return HttpResponseRedirect('/cern/') elif returned_state == '': # the request does not come from the LinkedIn API return HttpResponseForbidden() else: # there was a CSRF error, do something else pass
def save_linkedin(request): """ Saves linkedin details so that CERN can post to LinkedIn. :param request: response from LinkedIn :return: redirect to CERN dashboard """ if request.method == 'GET': state = 'aowj3p5ro8a0f9jq23lk4jqlwkejADSE$SDSDFGJJaw' returned_state = get_request_param(request, 'state') if returned_state == state: # Handle case when user does not authorize if get_request_param(request, 'error') == 'access_denied': pass code = get_request_param(request, 'code') response = urlopen( 'https://www.linkedin.com/uas/oauth2/accessToken' + '?grant_type=authorization_code' + '&code=' + code + '&redirect_uri=http://' + request.META['HTTP_HOST'] + '/cern/save_linkedin' + '&client_id=' + settings.LINKEDIN_API_KEY + '&client_secret=' + settings.LINKEDIN_SECRET_KEY, data=" ") json = loads(response.read()) seconds_remaining = int(json['expires_in']) - 86400 * 3 expires = datetime.utcnow() + timedelta(seconds=seconds_remaining) token = json['access_token'] student = request.current_role.entity student.linkedin_token = token student.linkedin_expires = expires student.save() return HttpResponseRedirect('/cern/') elif returned_state == '': # the request does not come from the LinkedIn API return HttpResponseForbidden() else: # there was a CSRF error, do something else pass
def just_login(request): raise DeprecationWarning("This code is deprecated") error = get_request_param(request, 'error', None) if error is not None: error_message = request.GET.get('error_description') + \ '<br><a href="' + request.GET.get('error_uri') + \ '">Learn more</a>' return render(request, 'spuddercern/old/login.html', { 'error': error_message }) access_token = get_request_param(request, 'access_token') query_parameters = urllib.urlencode({'access_token': access_token}) token_request = urllib2.urlopen( 'https://api.amazon.com/auth/O2/tokeninfo?%s' % query_parameters) json_data = json.load(token_request) if token_request.getcode() == 200: is_verified = json_data['aud'] == settings.AMAZON_LOGIN_CLIENT_ID if not is_verified: return render(request, 'spuddercern/old/login.html', { 'error': 'Verification failed! Please contact administrators' }) profile_request = urllib2.urlopen( 'https://api.amazon.com/user/profile?%s' % query_parameters) profile_json_data = json.load(profile_request) if profile_request.getcode() == 200: amazon_user_id = profile_json_data['user_id'] amazon_user_name = profile_json_data['name'] amazon_user_email = profile_json_data['email'] profiles = UserProfile.objects.filter(amazon_id=amazon_user_id) if profiles.count() == 0: users_with_email = User.objects.filter( email=amazon_user_email) if len(users_with_email) == 0: return HttpResponseRedirect('/cern/') else: # User exists, but for some reason it's profile # wasn't created user = users_with_email[0] user_profile = UserProfile(user=user) user_profile.amazon_id = amazon_user_id user_profile.amazon_access_token = access_token user_profile.username = amazon_user_name user_profile.save() user = authenticate(username=amazon_user_email, password=amazon_user_id) profile = user.get_profile() if not profile.amazon_access_token: profile.amazon_access_token = access_token profile.save() try: Student.objects.get(user=user) except ObjectDoesNotExist: if is_sponsor(user): django.contrib.auth.login(request, user) logging.info(request.user.is_authenticated()) logging.info(is_sponsor(request.user)) return HttpResponseRedirect('/dashboard/') else: # Redirect to splash page w/o authentication return HttpResponseRedirect('/cern/register') else: django.contrib.auth.login(request, user) logging.info(request.user.is_authenticated()) logging.info(is_sponsor(request.user)) return HttpResponseRedirect('/cern/') else: return _handle_amazon_conn_error(request, profile_json_data) else: return _handle_amazon_conn_error(request, json_data)
def _process_amazon_login(access_token, amazon_user_email, amazon_user_id, request, amazon_user_name=None): # Check to see if we need to accomodate pre V1.1.0 accounts _accommodate_legacy_pre_V1_1_0_users(access_token, amazon_user_email, amazon_user_id) # Check to see if these credential are tied to a user role via an authentication service user_role = select_role_by_authentication_service(LinkedServiceController.SERVICE_AMAZON, amazon_user_id) next_url = None # If there is a role then get the user, else get the currently authenticate user else create a new user if user_role and user_role.user: # Case - Amazon Login to existing account user = user_role.user # Get the role controller for this user role_controller = RoleController(user) else: # First get the user or create one if request.user.is_authenticated(): # Case - Add new amazon login based role to existing account user = request.user # Make a note on the spudder users that as there are multiple roles a password needs to be set for this user user.spudder_user.mark_as_password_required() else: # Case - first time registration user = User.objects.create_user(amazon_user_email, amazon_user_email, amazon_user_id) user.save() # If there is a school id then this is a student registration school_id = request.GET.get('school_id', None) if school_id: # Create the student student = create_student(user, school_id, request.GET.get('referrer', None)) # Get the Role controller for the current user role_controller = RoleController(user) # Get the user_role for this user/student combo user_role = role_controller.role_by_entity_type_and_entity_id( RoleController.ENTITY_STUDENT, student.id, RoleBase.RoleWrapperByEntityType(RoleController.ENTITY_STUDENT)) # Store the amazon linked authentication service details create_linked_authentication_service( user_role, LinkedServiceController.SERVICE_AMAZON, amazon_user_id, { 'amazon_user_email': amazon_user_email, 'amazon_user_id': amazon_user_id, 'amazon_access_token': access_token }) # If the account_type is sponsor, create a SponsorPage account_type = get_request_param(request, 'account_type') if account_type == 'sponsor': # Create sponsor sponsor = SponsorPage(sponsor=user) sponsor.save() # Get the Role controller for the current user role_controller = RoleController(user) # Get the user_role for this user/student combo user_role = role_controller.role_by_entity_type_and_entity_id( RoleController.ENTITY_SPONSOR, sponsor.id, RoleBase.RoleWrapperByEntityType(RoleController.ENTITY_SPONSOR)) # Store the amazon linked authentication service details create_linked_authentication_service( user_role, LinkedServiceController.SERVICE_AMAZON, amazon_user_id, { 'amazon_user_email': amazon_user_email, 'amazon_user_id': amazon_user_id, 'amazon_access_token': access_token }) # If the account_type is fan, create a FanPage if account_type == 'fan': # Create fan fan, _ = FanPage.objects.get_or_create(fan=user) fan.save() # Get the Role controller for the current user role_controller = RoleController(user) # Get the user_role for this user/student combo user_role = role_controller.role_by_entity_type_and_entity_id( RoleController.ENTITY_FAN, fan.id, RoleBase.RoleWrapperByEntityType(RoleController.ENTITY_FAN)) # Store the amazon linked authentication service details create_linked_authentication_service( user_role, LinkedServiceController.SERVICE_AMAZON, amazon_user_id, { 'amazon_user_email': amazon_user_email, 'amazon_user_id': amazon_user_id, 'amazon_access_token': access_token }) # If the account_type is club, create a Club entity in first stage (before registration as recipient) if account_type == 'club': inv = None if request.session['invitation_id']: inv = Invitation.objects.get(id=request.session['invitation_id']) if str(amazon_user_name) != str(TempClub.objects.get(id=inv.target_entity_id).name): return HttpResponseRedirect('/spudderaffiliates/invitation/%s/incorrect_name' % inv.id) club, _ = Club.objects.get_or_create( name=amazon_user_name, amazon_email=amazon_user_email, amazon_id=amazon_user_id ) if inv: club.affiliate = Affiliate.objects.get(name=inv.extras['affiliate_name']) club.save() club_admin, _ = ClubAdministrator.objects.get_or_create(admin=user, club=club) club_admin.save() # Get the Role controller for the current user role_controller = RoleController(user) # Get the user_role for this user/student combo user_role = role_controller.role_by_entity_type_and_entity_id( RoleController.ENTITY_CLUB_ADMIN, club_admin.id, RoleBase.RoleWrapperByEntityType(RoleController.ENTITY_CLUB_ADMIN)) # Store the amazon linked authentication service details create_linked_authentication_service( user_role, LinkedServiceController.SERVICE_AMAZON, amazon_user_id, { 'amazon_user_email': amazon_user_email, 'amazon_user_id': amazon_user_id, 'amazon_access_token': access_token }) next_url = '/club/register/recipient' # Get and update the amazon auth record with the latest access token # Note that we don't use this at the moment but will in future - MG:20140708 amazon_auth = get_authentication_wrapper(user_role, LinkedServiceController.SERVICE_AMAZON, amazon_user_id) amazon_auth.update_amazon_access_token(access_token) if not next_url: next_url = request.GET.get('next', None) or user_role.home_page_path if not request.user.is_authenticated(): if user.spudder_user.has_set_password: return redirect('/users/account/signin/%s?next=%s' % (user.id, next_url)) user = authenticate( username=user_role.user.username, password=amazon_auth.user_password) if user: django.contrib.auth.login(request, user) else: raise Http404 logging.info('%s?next=%s',change_role_url(user_role),next_url) return redirect('%s?next=%s' % ( change_role_url(user_role), next_url))
def just_login(request): raise DeprecationWarning("This code is deprecated") error = get_request_param(request, 'error', None) if error is not None: error_message = request.GET.get('error_description') + \ '<br><a href="' + request.GET.get('error_uri') + \ '">Learn more</a>' return render(request, 'spuddercern/old/login.html', {'error': error_message}) access_token = get_request_param(request, 'access_token') query_parameters = urllib.urlencode({'access_token': access_token}) token_request = urllib2.urlopen( 'https://api.amazon.com/auth/O2/tokeninfo?%s' % query_parameters) json_data = json.load(token_request) if token_request.getcode() == 200: is_verified = json_data['aud'] == settings.AMAZON_LOGIN_CLIENT_ID if not is_verified: return render(request, 'spuddercern/old/login.html', { 'error': 'Verification failed! Please contact administrators' }) profile_request = urllib2.urlopen( 'https://api.amazon.com/user/profile?%s' % query_parameters) profile_json_data = json.load(profile_request) if profile_request.getcode() == 200: amazon_user_id = profile_json_data['user_id'] amazon_user_name = profile_json_data['name'] amazon_user_email = profile_json_data['email'] profiles = UserProfile.objects.filter(amazon_id=amazon_user_id) if profiles.count() == 0: users_with_email = User.objects.filter(email=amazon_user_email) if len(users_with_email) == 0: return HttpResponseRedirect('/cern/') else: # User exists, but for some reason it's profile # wasn't created user = users_with_email[0] user_profile = UserProfile(user=user) user_profile.amazon_id = amazon_user_id user_profile.amazon_access_token = access_token user_profile.username = amazon_user_name user_profile.save() user = authenticate(username=amazon_user_email, password=amazon_user_id) profile = user.get_profile() if not profile.amazon_access_token: profile.amazon_access_token = access_token profile.save() try: Student.objects.get(user=user) except ObjectDoesNotExist: if is_sponsor(user): django.contrib.auth.login(request, user) logging.info(request.user.is_authenticated()) logging.info(is_sponsor(request.user)) return HttpResponseRedirect('/dashboard/') else: # Redirect to splash page w/o authentication return HttpResponseRedirect('/cern/register') else: django.contrib.auth.login(request, user) logging.info(request.user.is_authenticated()) logging.info(is_sponsor(request.user)) return HttpResponseRedirect('/cern/') else: return _handle_amazon_conn_error(request, profile_json_data) else: return _handle_amazon_conn_error(request, json_data)
def _process_amazon_login(access_token, amazon_user_email, amazon_user_id, request, amazon_user_name=None): # Check to see if we need to accomodate pre V1.1.0 accounts _accommodate_legacy_pre_V1_1_0_users(access_token, amazon_user_email, amazon_user_id) # Check to see if these credential are tied to a user role via an authentication service user_role = select_role_by_authentication_service( LinkedServiceController.SERVICE_AMAZON, amazon_user_id) next_url = None # If there is a role then get the user, else get the currently authenticate user else create a new user if user_role and user_role.user: # Case - Amazon Login to existing account user = user_role.user # Get the role controller for this user role_controller = RoleController(user) else: # First get the user or create one if request.user.is_authenticated(): # Case - Add new amazon login based role to existing account user = request.user # Make a note on the spudder users that as there are multiple roles a password needs to be set for this user user.spudder_user.mark_as_password_required() else: # Case - first time registration user = User.objects.create_user(amazon_user_email, amazon_user_email, amazon_user_id) user.save() # If there is a school id then this is a student registration school_id = request.GET.get('school_id', None) if school_id: # Create the student student = create_student(user, school_id, request.GET.get('referrer', None)) # Get the Role controller for the current user role_controller = RoleController(user) # Get the user_role for this user/student combo user_role = role_controller.role_by_entity_type_and_entity_id( RoleController.ENTITY_STUDENT, student.id, RoleBase.RoleWrapperByEntityType( RoleController.ENTITY_STUDENT)) # Store the amazon linked authentication service details create_linked_authentication_service( user_role, LinkedServiceController.SERVICE_AMAZON, amazon_user_id, { 'amazon_user_email': amazon_user_email, 'amazon_user_id': amazon_user_id, 'amazon_access_token': access_token }) # If the account_type is sponsor, create a SponsorPage account_type = get_request_param(request, 'account_type') if account_type == 'sponsor': # Create sponsor sponsor = SponsorPage(sponsor=user) sponsor.save() # Get the Role controller for the current user role_controller = RoleController(user) # Get the user_role for this user/student combo user_role = role_controller.role_by_entity_type_and_entity_id( RoleController.ENTITY_SPONSOR, sponsor.id, RoleBase.RoleWrapperByEntityType( RoleController.ENTITY_SPONSOR)) # Store the amazon linked authentication service details create_linked_authentication_service( user_role, LinkedServiceController.SERVICE_AMAZON, amazon_user_id, { 'amazon_user_email': amazon_user_email, 'amazon_user_id': amazon_user_id, 'amazon_access_token': access_token }) # If the account_type is fan, create a FanPage if account_type == 'fan': # Create fan fan, _ = FanPage.objects.get_or_create(fan=user) fan.save() # Get the Role controller for the current user role_controller = RoleController(user) # Get the user_role for this user/student combo user_role = role_controller.role_by_entity_type_and_entity_id( RoleController.ENTITY_FAN, fan.id, RoleBase.RoleWrapperByEntityType(RoleController.ENTITY_FAN)) # Store the amazon linked authentication service details create_linked_authentication_service( user_role, LinkedServiceController.SERVICE_AMAZON, amazon_user_id, { 'amazon_user_email': amazon_user_email, 'amazon_user_id': amazon_user_id, 'amazon_access_token': access_token }) # If the account_type is club, create a Club entity in first stage (before registration as recipient) if account_type == 'club': inv = None if request.session['invitation_id']: inv = Invitation.objects.get( id=request.session['invitation_id']) if str(amazon_user_name) != str( TempClub.objects.get(id=inv.target_entity_id).name): return HttpResponseRedirect( '/spudderaffiliates/invitation/%s/incorrect_name' % inv.id) club, _ = Club.objects.get_or_create( name=amazon_user_name, amazon_email=amazon_user_email, amazon_id=amazon_user_id) if inv: club.affiliate = Affiliate.objects.get( name=inv.extras['affiliate_name']) club.save() club_admin, _ = ClubAdministrator.objects.get_or_create(admin=user, club=club) club_admin.save() # Get the Role controller for the current user role_controller = RoleController(user) # Get the user_role for this user/student combo user_role = role_controller.role_by_entity_type_and_entity_id( RoleController.ENTITY_CLUB_ADMIN, club_admin.id, RoleBase.RoleWrapperByEntityType( RoleController.ENTITY_CLUB_ADMIN)) # Store the amazon linked authentication service details create_linked_authentication_service( user_role, LinkedServiceController.SERVICE_AMAZON, amazon_user_id, { 'amazon_user_email': amazon_user_email, 'amazon_user_id': amazon_user_id, 'amazon_access_token': access_token }) next_url = '/club/register/recipient' # Get and update the amazon auth record with the latest access token # Note that we don't use this at the moment but will in future - MG:20140708 amazon_auth = get_authentication_wrapper( user_role, LinkedServiceController.SERVICE_AMAZON, amazon_user_id) amazon_auth.update_amazon_access_token(access_token) if not next_url: next_url = request.GET.get('next', None) or user_role.home_page_path if not request.user.is_authenticated(): if user.spudder_user.has_set_password: return redirect('/users/account/signin/%s?next=%s' % (user.id, next_url)) user = authenticate(username=user_role.user.username, password=amazon_auth.user_password) if user: django.contrib.auth.login(request, user) else: raise Http404 logging.info('%s?next=%s', change_role_url(user_role), next_url) return redirect('%s?next=%s' % (change_role_url(user_role), next_url))