def twitter_login(request): settings = request.registry.settings request_token_url = settings['twitter_request_token_url'] oauth_callback_url = request.route_url('twitter_callback') params = ( ('oauth_callback', oauth_callback_url), ) auth = auth_header('POST', request_token_url, params, settings) response = requests.post(request_token_url, data='', headers={'Authorization': auth}) if response.status_code != 200: return HTTPUnauthorized(response.text) response_args = dict(urlparse.parse_qsl(response.text)) if response_args['oauth_callback_confirmed'] != 'true': return HTTPUnauthorized('oauth_callback_confirmed is not true') #oauth_token_secret = response_args['oauth_token_secret'] oauth_token = response_args['oauth_token'] request.session['oauth_token'] = oauth_token if 'next_url' in request.params: request.session['next_url'] = request.params['next_url'] authorize_url = '%s?oauth_token=%s' % ( settings['twitter_authenticate_url'], oauth_token ) return HTTPFound(location=authorize_url)
def twitter_login(request): settings = request.registry.settings request_token_url = settings['twitter_request_token_url'] oauth_callback_url = request.route_url('twitter_callback') params = ( ('oauth_callback', oauth_callback_url), ) auth = auth_header('POST', request_token_url, params, settings) response = requests.post(request_token_url, data='', headers={'Authorization': auth}) if response.status_code != 200: return HTTPUnauthorized(response.text) response_args = dict(urlparse.parse_qsl(response.text)) if response_args['oauth_callback_confirmed'] != 'true': return HTTPUnauthorized('oauth_callback_confirmed is not true') # oauth_token_secret = response_args['oauth_token_secret'] oauth_token = response_args['oauth_token'] request.session['oauth_token'] = oauth_token if 'next_url' in request.params: request.session['next_url'] = request.params['next_url'] authorize_url = '%s?oauth_token=%s' % ( settings['twitter_authenticate_url'], oauth_token ) return HTTPFound(location=authorize_url)
def test_auth_header(self): # this example is taken from # https://dev.twitter.com/docs/auth/implementing-sign-twitter settings = { 'twitter_consumer_key': 'cChZNFj6T5R0TigYB9yd1w', 'twitter_consumer_secret': 'L8qq9PZyRg6ieKGEKhZolGC0vJWLw8iEJ88DRdyOg', } params = ( ('oauth_callback', 'http://localhost/sign-in-with-twitter/'), ) token = '' nc = 'ea9ec8429b68d6b77cd5600adbbb0456' ts = 1318467427 res = auth_header('post', 'https://api.twitter.com/oauth/request_token', params, settings, token, nc, ts) expected = 'OAuth oauth_callback="http%3A%2F%2Flocalhost%2Fsign-in-with-twitter%2F", oauth_consumer_key="cChZNFj6T5R0TigYB9yd1w", oauth_nonce="ea9ec8429b68d6b77cd5600adbbb0456", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1318467427", oauth_version="1.0", oauth_signature="F1Li3tvehgcraF8DMJ7OyxO4w9Y%3D"' self.assertEqual(res, expected)
def get_user_info(settings, user_id, oauth_token): user_info_url = settings['twitter_user_info_url'] params = ( ('oauth_token', oauth_token), ) auth = auth_header('GET', user_info_url, params, settings, oauth_token) response = requests.get( user_info_url + '?' + url_encode({'user_id': user_id}), headers={'Authorization': auth}, ) if response.status_code != 200: raise HTTPUnauthorized(response.text) return response.json
def twitter_callback(request): settings = request.registry.settings try: oauth_token = request.params['oauth_token'] except KeyError: return HTTPBadRequest('Missing required oauth_token') try: oauth_verifier = request.params['oauth_verifier'] except KeyError: return HTTPBadRequest('Missing required oauth_verifier') try: saved_oauth_token = request.session['oauth_token'] except KeyError: return HTTPBadRequest('No oauth_token was found in the session') if saved_oauth_token != oauth_token: return HTTPUnauthorized("OAuth tokens don't match") else: del request.session['oauth_token'] access_token_url = settings['twitter_access_token_url'] params = ( ('oauth_token', oauth_token), ) auth = auth_header('POST', access_token_url, params, settings, oauth_token) response = requests.post(access_token_url, data='oauth_verifier=%s' % oauth_verifier, headers={'Authorization': auth}) if response.status_code != 200: return HTTPUnauthorized(response.text) response_args = dict(urlparse.parse_qsl(response.text)) #oauth_token_secret = response_args['oauth_token_secret'] oauth_token = response_args['oauth_token'] user_id = response_args['user_id'] screen_name = response_args['screen_name'] existing_user = user_from_provider_id(request.db, 'twitter', user_id) if existing_user is None: # fetch Twitter info only if this is the first time for # the user sice Twitter has very strong limits for using # its APIs twitter_info = get_user_info(settings, user_id, oauth_token) first_name, last_name = split_name(twitter_info['name']) info = { 'screen_name': screen_name, 'first_name': first_name, 'last_name': last_name, } else: info = {} return register_or_update(request, 'twitter', user_id, info, request.route_path('home'))
def twitter_callback(request): settings = request.registry.settings try: oauth_token = request.params['oauth_token'] except KeyError: return HTTPBadRequest('Missing required oauth_token') try: oauth_verifier = request.params['oauth_verifier'] except KeyError: return HTTPBadRequest('Missing required oauth_verifier') try: saved_oauth_token = request.session['oauth_token'] except KeyError: return HTTPBadRequest('No oauth_token was found in the session') if saved_oauth_token != oauth_token: return HTTPUnauthorized("OAuth tokens don't match") else: del request.session['oauth_token'] access_token_url = settings['twitter_access_token_url'] params = ( ('oauth_token', oauth_token), ('oauth_verifier', oauth_verifier), ) auth = auth_header('POST', access_token_url, params, settings, oauth_token) response = requests.post(access_token_url, headers={'Authorization': auth}) if response.status_code != 200: return HTTPUnauthorized(response.text) response_args = dict(urlparse.parse_qsl(response.text)) # moauth_token_secret = response_args['oauth_token_secret'] oauth_token = response_args['oauth_token'] user_id = response_args['user_id'] screen_name = response_args['screen_name'] existing_user = user_from_provider_id('twitter', user_id) if existing_user is None: # fetch Twitter info only if this is the first time for # the user sice Twitter has very strong limits for using # its APIs twitter_info = get_user_info(settings, user_id) first_name, last_name = split_name(twitter_info['name']) info = { 'screen_name': screen_name, 'first_name': first_name, 'last_name': last_name, } else: info = {} return register_or_update(request, 'twitter', user_id, info, request.route_path('home'))