def auth_meta_mw(resp):
"""
Callback for meta.wikimedia.org to send us authentication results.
This is responsible for fetching existing users or creating new ones.
If a new user is created, they get the default role of GUEST and
an email or username to match their details from the OAuth provider.
"""
if resp is None:
flash('You need to grant the app permissions in order to login.', 'error')
return redirect(url_for('login'))
session['access_token'] = (
resp['oauth_token'],
resp['oauth_token_secret']
)
try:
identify_token_encoded = meta_mw.post(
app.config['META_MW_BASE_URL'] + app.config['META_MW_IDENTIFY_URI'],
).data
identify_token = process_mw_jwt(identify_token_encoded)
username = identify_token['username']
userid = identify_token['sub']
db_session = db.get_session()
user = None
try:
user = db_session.query(User).filter_by(meta_mw_id=userid).one()
except NoResultFound:
user = User(
username=username,
meta_mw_id=userid,
role=UserRole.GUEST,
)
db_session.add(user)
db_session.commit()
except MultipleResultsFound:
db_session.close()
return 'Multiple users found with your id!!! Contact Administrator'
user.login(db_session)
try:
if login_user(user):
user.detach_from(db_session)
redirect_to = session.get('next') or url_for('home_index')
redirect_to = urllib2.unquote(redirect_to)
return redirect(redirect_to)
finally:
db_session.close()
except Exception, e:
flash('Access to this application was revoked. Please re-login!')
app.logger.exception(str(e))
return redirect(url_for('login'))
def auth_google(resp):
"""
Callback for Google to send us authentication results.
This is responsible for fetching existing users or creating new ones.
If a new user is created, they get the default role of GUEST and
an email or username to match their details from the OAuth provider.
"""
if resp is None and request.args.get('error') == 'access_denied':
flash('You need to grant the app permissions in order to login.', 'error')
return redirect(url_for('login'))
access_token = resp['access_token'] or request.args.get('code')
if access_token:
session['access_token'] = access_token, ''
r = requests.get(app.config['GOOGLE_USERINFO_URI'], headers={
'Authorization': 'OAuth ' + access_token
})
if r.ok:
userinfo = json.loads(r.text)
email = userinfo['email']
id = userinfo['id']
db_session = db.get_session()
user = None
try:
user = db_session.query(User).filter_by(google_id=id).one()
except NoResultFound:
user = User(
email=email,
google_id=id,
role=UserRole.GUEST,
)
db_session.add(user)
db_session.commit()
except MultipleResultsFound:
db_session.close()
return 'Multiple users found with your id!!! Contact Administrator'
try:
user.login(db_session)
if login_user(user):
user.detach_from(db_session)
redirect_to = session.get('next') or url_for('home_index')
redirect_to = urllib2.unquote(redirect_to)
return redirect(redirect_to)
finally:
db_session.close()
flash('Was not allowed to authenticate you with Google.', 'error')
return redirect(url_for('login'))
