コード例 #1
0
    def handle_third_party(self, request):

        if third_party_settings.ACCESS_TOKEN_SESSION_KEY not in request.session:
            return HANDLE_THIRD_PARTY_RESULT.NO_ACCESS_TOKEN

        access_token_uid = request.session[
            third_party_settings.ACCESS_TOKEN_SESSION_KEY]

        cache_key = third_party_settings.ACCESS_TOKEN_CACHE_KEY % access_token_uid
        cached_data = cache.get(cache_key)

        if cached_data is None:
            access_token = prototypes.AccessTokenPrototype.get_by_uid(
                access_token_uid)

            if access_token is None:
                if request.user.is_authenticated():
                    accounts_logic.logout_user(request)
                    request.session[
                        third_party_settings.
                        ACCESS_TOKEN_SESSION_KEY] = access_token_uid
                    return HANDLE_THIRD_PARTY_RESULT.ACCESS_TOKEN_REJECTED__LOGOUT
                else:
                    return HANDLE_THIRD_PARTY_RESULT.ACCESS_TOKEN_REJECTED

            else:
                cached_data = access_token.cache_data()
                cache.set(cache_key, cached_data,
                          third_party_settings.ACCESS_TOKEN_CACHE_TIMEOUT)

        account_id = cached_data['account_id']

        if account_id is None:
            if request.user.is_authenticated():
                accounts_logic.logout_user(request)
                # resave token, since it will be removed on logout
                request.session[third_party_settings.
                                ACCESS_TOKEN_SESSION_KEY] = access_token_uid

            return HANDLE_THIRD_PARTY_RESULT.ACCESS_TOKEN_NOT_ACCEPTED_YET

        if not request.user.is_authenticated(
        ) or request.user.id != account_id:
            account = AccountPrototype.get_by_id(account_id)
            accounts_logic.force_login_user(request, account._model)

            # resave token, since it will be removed on login
            request.session[third_party_settings.
                            ACCESS_TOKEN_SESSION_KEY] = access_token_uid

            return HANDLE_THIRD_PARTY_RESULT.ACCESS_TOKEN_ACCEPTED__USER_LOGED_IN

        return HANDLE_THIRD_PARTY_RESULT.ACCESS_TOKEN_ACCEPTED
コード例 #2
0
ファイル: middleware.py プロジェクト: Alkalit/the-tale
    def handle_third_party(self, request):

        if  third_party_settings.ACCESS_TOKEN_SESSION_KEY not in request.session:
            return HANDLE_THIRD_PARTY_RESULT.NO_ACCESS_TOKEN

        access_token_uid = request.session[third_party_settings.ACCESS_TOKEN_SESSION_KEY]

        cache_key = third_party_settings.ACCESS_TOKEN_CACHE_KEY % access_token_uid
        cached_data = cache.get(cache_key)

        if cached_data is None:
            access_token = prototypes.AccessTokenPrototype.get_by_uid(access_token_uid)

            if access_token is None:
                if request.user.is_authenticated():
                    accounts_logic.logout_user(request)
                    request.session[third_party_settings.ACCESS_TOKEN_SESSION_KEY] = access_token_uid
                    return HANDLE_THIRD_PARTY_RESULT.ACCESS_TOKEN_REJECTED__LOGOUT
                else:
                    return HANDLE_THIRD_PARTY_RESULT.ACCESS_TOKEN_REJECTED

            else:
                cached_data = access_token.cache_data()
                cache.set(cache_key, cached_data, third_party_settings.ACCESS_TOKEN_CACHE_TIMEOUT)

        account_id = cached_data['account_id']

        if account_id is None:
            if request.user.is_authenticated():
                accounts_logic.logout_user(request)
                # resave token, since it will be removed on logout
                request.session[third_party_settings.ACCESS_TOKEN_SESSION_KEY] = access_token_uid

            return HANDLE_THIRD_PARTY_RESULT.ACCESS_TOKEN_NOT_ACCEPTED_YET

        if not request.user.is_authenticated() or request.user.id != account_id:
            account = AccountPrototype.get_by_id(account_id)
            accounts_logic.force_login_user(request, account._model)

            # resave token, since it will be removed on login
            request.session[third_party_settings.ACCESS_TOKEN_SESSION_KEY] = access_token_uid

            return HANDLE_THIRD_PARTY_RESULT.ACCESS_TOKEN_ACCEPTED__USER_LOGED_IN

        return HANDLE_THIRD_PARTY_RESULT.ACCESS_TOKEN_ACCEPTED
コード例 #3
0
 def processed_view(self, resource):
     if resource.account.is_authenticated() and self.task.account.id != resource.account.id:
         logic.logout_user(resource.request)
コード例 #4
0
 def processed_view(self, resource):
     if resource.account.is_authenticated(
     ) and self.task.account.id != resource.account.id:
         logic.logout_user(resource.request)