def dispatch(self, request):
if 'error' in request.GET or 'code' not in request.GET:
# TODO: Distinguish cancel from error
return render_authentication_error(request)
app = self.adapter.get_provider().get_app(self.request)
client = self.get_client(request, app)
try:
access_token = client.get_access_token(request.GET['code'])
token = self.adapter.parse_token(access_token)
token.app = app
login = self.adapter.complete_login(request,
app,
token,
response=access_token)
token.account = login.account
login.token = token
if self.adapter.supports_state:
login.state = SocialLogin \
.verify_and_unstash_state(
request,
request.REQUEST.get('state'))
else:
login.state = SocialLogin.unstash_state(request)
return complete_social_login(request, login)
except (OAuth2Error, PermissionDenied):
if self.adapter.getErrorTemplate() is not None:
return render_authentication_error(request, error_template=self.adapter.getErrorTemplate())
else:
return render_authentication_error(request)
def post(self, request):
if 'dr_auth_status' not in request.GET:
return render_authentication_error(request,
self.provider.id,
error=AuthError.UNKNOWN)
if request.GET['dr_auth_status'] != 'ok':
return render_authentication_error(request,
self.provider.id,
error=AuthError.DENIED)
if 'dr_auth_code' not in request.GET:
return render_authentication_error(request,
self.provider.id,
error=AuthError.UNKNOWN)
ret = None
auth_exception = None
try:
app = self.provider.get_app(request)
login = draugiem_complete_login(request, app,
request.GET['dr_auth_code'])
login.state = SocialLogin.unstash_state(request)
ret = complete_social_login(request, login)
except (requests.RequestException, DraugiemApiError) as e:
auth_exception = e
if not ret:
ret = render_authentication_error(request,
self.provider.id,
exception=auth_exception)
return ret
def callback(request):
if "dr_auth_status" not in request.GET:
return render_authentication_error(request,
DraugiemProvider.id,
error=AuthError.UNKNOWN)
if request.GET["dr_auth_status"] != "ok":
return render_authentication_error(request,
DraugiemProvider.id,
error=AuthError.DENIED)
if "dr_auth_code" not in request.GET:
return render_authentication_error(request,
DraugiemProvider.id,
error=AuthError.UNKNOWN)
ret = None
auth_exception = None
try:
app = providers.registry.by_id(DraugiemProvider.id,
request).get_app(request)
login = draugiem_complete_login(request, app,
request.GET["dr_auth_code"])
login.state = SocialLogin.unstash_state(request)
ret = complete_social_login(request, login)
except (requests.RequestException, DraugiemApiError) as e:
auth_exception = e
if not ret:
ret = render_authentication_error(request,
DraugiemProvider.id,
exception=auth_exception)
return ret
def dispatch(self, request):
"""
View to handle final steps of OAuth based authentication where the user
gets redirected back to from the service provider
"""
login_done_url = reverse(self.adapter.provider_id + "_callback")
client = self._get_client(request, login_done_url)
if not client.is_valid():
if 'denied' in request.GET:
error = AuthError.CANCELLED
else:
error = AuthError.UNKNOWN
extra_context = dict(oauth_client=client)
return render_authentication_error(request,
self.adapter.provider_id,
error=error,
extra_context=extra_context)
app = self.adapter.get_provider().get_app(request)
try:
access_token = client.get_access_token()
token = SocialToken(
app=app,
token=access_token['oauth_token'],
token_secret=access_token['oauth_token_secret'])
login = self.adapter.complete_login(request, app, token)
login.token = token
login.state = SocialLogin.unstash_state(request)
return complete_social_login(request, login)
except OAuthError as e:
return render_authentication_error(request,
self.adapter.provider_id,
exception=e)
def callback(request):
token = request.POST.get('Token', '')
if not token:
return render_authentication_error(request,
ServiceKontoProvider.id,
error=AuthError.UNKNOWN)
try:
login = _complete_login(request, token)
except ServiceKontoApiError as e:
return render_authentication_error(request,
ServiceKontoProvider.id,
exception=e.__cause__,
error=e.error)
except ValueError as e:
return render_authentication_error(request,
ServiceKontoProvider.id,
exception=e,
error=AuthError.UNKNOWN)
ret = complete_social_login(request, login)
if not ret:
ret = render_authentication_error(request, ServiceKontoProvider.id)
return ret
def dispatch(self, request):
"""
View to handle final steps of OAuth based authentication where the user
gets redirected back to from the service provider
"""
login_done_url = reverse(self.adapter.provider_id + "_callback")
client = self._get_client(request, login_done_url)
if not client.is_valid():
if 'denied' in request.GET:
return HttpResponseRedirect(reverse('socialaccount_login_cancelled'))
extra_context = dict(oauth_client=client)
return render_authentication_error(request, extra_context)
app = self.adapter.get_provider().get_app(request)
try:
access_token = client.get_access_token()
token = SocialToken(app=app,
token=access_token['oauth_token'],
token_secret=access_token['oauth_token_secret'])
login = self.adapter.complete_login(request, app, token)
token.account = login.account
login.token = token
login.state = SocialLogin.unmarshall_state \
(request.session.pop('oauth_login_state', None))
return complete_social_login(request, login)
except OAuthError:
return render_authentication_error(request)
def dispatch(self, request):
"""
View to handle final steps of OAuth based authentication where the user
gets redirected back to from the service provider
"""
login_done_url = reverse(self.adapter.provider_id + "_callback")
client = self._get_client(request, login_done_url)
if not client.is_valid():
if 'denied' in request.GET:
error = AuthError.CANCELLED
else:
error = AuthError.UNKNOWN
extra_context = dict(oauth_client=client)
return render_authentication_error(
request,
self.adapter.provider_id,
error=error,
extra_context=extra_context)
app = self.adapter.get_provider().get_app(request)
try:
access_token = client.get_access_token()
token = SocialToken(
app=app,
token=access_token['oauth_token'],
token_secret=access_token['oauth_token_secret'])
login = self.adapter.complete_login(request, app, token)
login.token = token
login.state = SocialLogin.unstash_state(request)
return complete_social_login(request, login)
except OAuthError as e:
return render_authentication_error(
request,
self.adapter.provider_id,
exception=e)
def callback(request):
if 'dr_auth_status' not in request.GET:
return render_authentication_error(
request, DraugiemProvider.id, error=AuthError.UNKNOWN)
if request.GET['dr_auth_status'] != 'ok':
return render_authentication_error(
request, DraugiemProvider.id, error=AuthError.DENIED)
if 'dr_auth_code' not in request.GET:
return render_authentication_error(
request, DraugiemProvider.id, error=AuthError.UNKNOWN)
ret = None
auth_exception = None
try:
app = providers.registry.by_id(
DraugiemProvider.id, request).get_app(request)
login = draugiem_complete_login(
request, app, request.GET['dr_auth_code'])
login.state = SocialLogin.unstash_state(request)
ret = complete_social_login(request, login)
except (requests.RequestException, DraugiemApiError) as e:
auth_exception = e
if not ret:
ret = render_authentication_error(
request, DraugiemProvider.id, exception=auth_exception)
return ret
def dispatch(self, request):
if 'error' in request.GET or not 'code' in request.GET:
# TODO: Distinguish cancel from error
return render_authentication_error(request)
app = self.adapter.get_provider().get_app(self.request)
client = self.get_client(request, app)
try:
r = praw.Reddit('OAuth Sketchdaily Schedule by u/davidwinters ver 0.1.')
r.set_oauth_app_info(client.consumer_key, client.consumer_secret, 'http://themes.sketchdaily.net/accounts/redditprovider/login/callback/')
access_token = r.get_access_information(request.GET['code'])
user = r.get_me()
extra = r.get_my_moderation()
# access_token = client.get_access_token(request.GET['code'])
token = SocialToken(token=access_token)
#token = self.adapter.parse_token(access_token)
token.app = app
login = self.adapter.complete_login(request,
app,
token,
response=access_token, user=user, extra=extra)
token.account = login.account
login.token = token
login.state = SocialLogin.unmarshall_state(request.REQUEST
.get('uniqueKey'))
return complete_social_login(request, login)
except OAuth2Error:
return render_authentication_error(request)
def persona_login(request):
assertion = request.POST.get('assertion', '')
settings = app_settings.PROVIDERS.get(PersonaProvider.id, {})
audience = settings.get('AUDIENCE', None)
if audience is None:
raise ImproperlyConfigured("No Persona audience configured. Please "
"add an AUDIENCE item to the "
"SOCIALACCOUNT_PROVIDERS['persona'] setting.")
resp = requests.post('https://verifier.login.persona.org/verify',
{'assertion': assertion,
'audience': audience})
try:
resp.raise_for_status()
extra_data = resp.json()
if extra_data['status'] != 'okay':
return render_authentication_error(
request,
provider_id=PersonaProvider.id,
extra_context={'response': extra_data})
except (ValueError, requests.RequestException) as e:
return render_authentication_error(
request,
provider_id=PersonaProvider.id,
exception=e)
login = providers.registry \
.by_id(PersonaProvider.id) \
.sociallogin_from_response(request, extra_data)
login.state = SocialLogin.state_from_request(request)
return complete_social_login(request, login)
def dispatch(self, request):
if 'error' in request.GET or not 'code' in request.GET:
# TODO: Distinguish cancel from error
return render_authentication_error(request)
app = self.adapter.get_provider().get_app(self.request)
client = self.get_client(request, app)
try:
r = praw.Reddit(
'OAuth Sketchdaily Schedule by u/davidwinters ver 0.1.')
r.set_oauth_app_info(
client.consumer_key, client.consumer_secret,
'http://themes.sketchdaily.net/accounts/redditprovider/login/callback/'
)
access_token = r.get_access_information(request.GET['code'])
user = r.get_me()
extra = r.get_my_moderation()
# access_token = client.get_access_token(request.GET['code'])
token = SocialToken(token=access_token)
#token = self.adapter.parse_token(access_token)
token.app = app
login = self.adapter.complete_login(request,
app,
token,
response=access_token,
user=user,
extra=extra)
token.account = login.account
login.token = token
login.state = SocialLogin.unmarshall_state(
request.REQUEST.get('uniqueKey'))
return complete_social_login(request, login)
except OAuth2Error:
return render_authentication_error(request)
def persona_login(request):
assertion = request.POST.get('assertion', '')
settings = app_settings.PROVIDERS.get(PersonaProvider.id, {})
audience = settings.get('AUDIENCE', None)
if audience is None:
raise ImproperlyConfigured(
"No Persona audience configured. Please "
"add an AUDIENCE item to the "
"SOCIALACCOUNT_PROVIDERS['persona'] setting.")
resp = requests.post('https://verifier.login.persona.org/verify', {
'assertion': assertion,
'audience': audience
})
try:
resp.raise_for_status()
extra_data = resp.json()
if extra_data['status'] != 'okay':
return render_authentication_error(
request,
provider_id=PersonaProvider.id,
extra_context={'response': extra_data})
except (ValueError, requests.RequestException) as e:
return render_authentication_error(request,
provider_id=PersonaProvider.id,
exception=e)
login = providers.registry \
.by_id(PersonaProvider.id) \
.sociallogin_from_response(request, extra_data)
login.state = SocialLogin.state_from_request(request)
return complete_social_login(request, login)
def dispatch(self, request):
if 'error' in request.GET or 'code' not in request.GET:
# Distinguish cancel from error
auth_error = request.GET.get('error', None)
if auth_error == self.adapter.login_cancelled_error:
error = AuthError.CANCELLED
else:
error = AuthError.UNKNOWN
return render_authentication_error(request,
self.adapter.provider_id,
error=error)
app = self.adapter.get_provider().get_app(self.request)
client = self.get_client(request, app)
try:
access_token = client.get_access_token(request.GET['code'])
token = self.adapter.parse_token(access_token)
token.app = app
login = self.adapter.complete_login(request,
app,
token,
response=access_token)
login.token = token
if self.adapter.supports_state:
login.state = SocialLogin \
.verify_and_unstash_state(
request,
get_request_param(request, 'state'))
else:
login.state = SocialLogin.unstash_state(request)
return complete_social_login(request, login)
except (PermissionDenied, OAuth2Error) as e:
return render_authentication_error(request,
self.adapter.provider_id,
exception=e)
def dispatch(self, request):
if 'error' in request.GET or 'code' not in request.GET:
# TODO: Distinguish cancel from error
return render_authentication_error(request)
app = self.adapter.get_provider().get_app(self.request)
client = self.get_client(request, app)
try:
access_token = client.get_access_token(request.GET['code'])
token = self.adapter.parse_token(access_token)
token.app = app
login = self.adapter.complete_login(request,
app,
token,
response=access_token)
token.account = login.account
login.token = token
if self.adapter.supports_state:
login.state = SocialLogin \
.verify_and_unstash_state(
request,
request.REQUEST.get('state'))
else:
login.state = SocialLogin.unstash_state(request)
return complete_social_login(request, login)
except (OAuth2Error, PermissionDenied):
return render_authentication_error(request)
def callback(request):
if request.user.is_authenticated:
get_account_adapter(request).logout(request) # logging in while being authenticated breaks the login procedure
current_app = SocialApp.objects.get_current(provider='edu_id')
#extract state of redirect
state = json.loads(request.GET.get('state'))
referer, badgr_app_pk, lti_context_id,lti_user_id,lti_roles = state
lti_data = request.session.get('lti_data', None);
code = request.GET.get('code', None) # access codes to access user info endpoint
if code is None: #check if code is given
error = 'Server error: No userToken found in callback'
logger.debug(error)
return render_authentication_error(request, EduIDProvider.id, error=error)
# 1. Exchange callback Token for access token
payload = {
"grant_type": "authorization_code",
"redirect_uri": '%s/account/eduid/login/callback/' % settings.HTTP_ORIGIN,
"code": code,
"client_id": current_app.client_id,
"client_secret": current_app.secret,
}
headers = {'Content-Type': "application/x-www-form-urlencoded",
'Cache-Control': "no-cache"
}
response = requests.post("{}/token".format(settings.EDUID_PROVIDER_URL), data=urllib.parse.urlencode(payload), headers=headers)
token_json = response.json()
# 2. now with access token we can request userinfo
headers = {"Authorization": "Bearer " + token_json['access_token'] }
response = requests.get("{}/userinfo".format(settings.EDUID_PROVIDER_URL), headers=headers)
if response.status_code != 200:
error = 'Server error: User info endpoint error (http %s). Try alternative login methods' % response.status_code
logger.debug(error)
return render_authentication_error(request, EduIDProvider.id, error=error)
userinfo_json = response.json()
keyword_arguments = {'access_token':token_json['access_token'],
'state': json.dumps([str(badgr_app_pk), 'edu_id', lti_context_id,lti_user_id,lti_roles]+ [json.loads(referer)]),
'after_terms_agreement_url_name': 'eduid_terms_accepted_callback'}
if not get_social_account(userinfo_json['sub']):
return HttpResponseRedirect(reverse('accept_terms', kwargs=keyword_arguments))
social_account = get_social_account(userinfo_json['sub'])
badgr_app = BadgrApp.objects.get(pk=badgr_app_pk)
if not check_agreed_term_and_conditions(social_account.user, badgr_app):
return HttpResponseRedirect(reverse('accept_terms_resign', kwargs=keyword_arguments))
return after_terms_agreement(request, **keyword_arguments)
def dispatch(self, request, *args, **kwargs):
auth_error = get_request_param(request, "error")
code = get_request_param(request, "code")
if auth_error or not code:
# Distinguish cancel from error
if auth_error == self.adapter.login_cancelled_error:
error = AuthError.CANCELLED
else:
error = AuthError.UNKNOWN
return render_authentication_error(request,
self.adapter.provider_id,
error=error)
app = self.adapter.get_provider().get_app(self.request)
client = self.get_client(self.request, app)
try:
token_data = self.adapter.get_access_token_data(self.request,
app=app,
client=client)
token = self.adapter.parse_token(data=token_data)
token.app = app
login = self.adapter.complete_login(request,
app,
token,
response=token_data)
login.token = token
state = get_request_param(request, "state")
if self.adapter.supports_state:
login.state = SocialLogin.verify_and_unstash_state(
request, state)
else:
login.state = SocialLogin.unstash_state(request)
return complete_social_login(request, login)
except (
PermissionDenied,
OAuth2Error,
RequestException,
ProviderException,
) as e:
return render_authentication_error(request,
self.adapter.provider_id,
exception=e)
def login_by_token(request):
ret = None
if request.method == 'POST':
form = FacebookConnectForm(request.POST)
if form.is_valid():
# try:
print 'trying'
app = providers.registry.by_id(FacebookProvider.id) \
.get_app(request)
access_token = form.cleaned_data['access_token']
token = SocialToken(app=app,
token=access_token)
login = fb_complete_login(app, token)
login.token = token
login.state = SocialLogin.state_from_request(request)
print access_token, token, login.token
ret = complete_social_login(request, login)
print ret
# except:
# print 'error'
# FIXME: Catch only what is needed
# pass
if not ret:
ret = render_authentication_error(request)
return ret
def oauth_callback(request,
consumer_key=None,
secret_key=None,
request_token_url=None,
access_token_url=None,
authorization_url=None,
callback_url=None,
extra_context=dict(),
parameters=None):
"""
View to handle final steps of OAuth based authentication where the user
gets redirected back to from the service provider
"""
client = OAuthClient(request, consumer_key, secret_key, request_token_url,
access_token_url, authorization_url, callback_url,
parameters)
extra_context.update(dict(oauth_client=client))
if not client.is_valid():
if request.GET.has_key('denied'):
return HttpResponseRedirect \
(reverse('socialaccount_login_cancelled'))
return render_authentication_error(request, extra_context)
# We're redirecting to the setup view for this oauth service
return HttpResponseRedirect(client.callback_url)
def login(request):
ret = None
if request.method == 'POST':
form = FacebookConnectForm(request.POST)
if form.is_valid():
token = form.cleaned_data['access_token']
g = GraphAPI(token)
data = g.get_object("me")
email = valid_email_or_none(data.get('email'))
social_id = data['id']
try:
account = FacebookAccount.objects.get(social_id=social_id)
except FacebookAccount.DoesNotExist:
account = FacebookAccount(social_id=social_id)
account.link = data['link']
account.name = data['name']
#adding the storing of users accesstoken
account.access_token = token
if account.pk:
account.save()
data = dict(email=email,facebook_me=data)
ret = complete_social_login(request, data, account)
if not ret:
ret = render_authentication_error(request)
return ret
def login_by_token(request):
ret = None
if request.method == 'POST':
form = FacebookConnectForm(request.POST)
if form.is_valid():
try:
provider = providers.registry.by_id(FacebookProvider.id)
app = providers.registry.by_id(FacebookProvider.id) \
.get_app(request)
access_token = form.cleaned_data['access_token']
info = requests.get(
'https://graph.facebook.com/oauth/access_token_info',
params={'client_id': app.client_id,
'access_token': access_token})
nonce = provider.get_nonce(request, pop=True)
if nonce and nonce == info.json().get('auth_nonce'):
token = SocialToken(app=app,
token=access_token)
login = fb_complete_login(request, app, token)
login.token = token
login.state = SocialLogin.state_from_request(request)
ret = complete_social_login(request, login)
except requests.RequestException:
logger.exception('Error accessing FB user profile')
if not ret:
ret = render_authentication_error(request)
return ret
def post(self, request, *args, **kwargs):
data = dict(list(request.GET.items()) + list(request.POST.items()))
if self.provider.endpoint:
data['openid'] = self.provider.endpoint
form = LoginForm(data)
if form.is_valid():
client = _openid_consumer(request)
try:
auth_request = client.begin(form.cleaned_data['openid'])
if QUERY_EMAIL:
sreg = SRegRequest()
for name in SRegFields:
sreg.requestField(field_name=name, required=True)
auth_request.addExtension(sreg)
ax = FetchRequest()
for name in AXAttributes:
ax.add(AttrInfo(name, required=True))
auth_request.addExtension(ax)
callback_url = reverse(self.callback_view)
SocialLogin.stash_state(request)
redirect_url = auth_request.redirectURL(
request.build_absolute_uri('/'),
request.build_absolute_uri(callback_url))
return HttpResponseRedirect(redirect_url)
# UnicodeDecodeError:
# see https://github.com/necaris/python3-openid/issues/1
except (UnicodeDecodeError, DiscoveryFailure) as e:
if request.method == 'POST':
form._errors["openid"] = form.error_class([e])
else:
return render_authentication_error(request,
self.provider.id,
exception=e)
return render(request, self.template_name, {'form': form})
def login_by_token(request):
ret = None
if (request.method == 'POST'):
form = TwitterConnectForm(request.POST)
if form.is_valid():
try:
app = providers.registry.by_id(
TwitterProvider.id).get_app(request)
oauth_token = form.cleaned_data['oauth_token']
oauth_token_secret = form.cleaned_data['oauth_token_secret']
token = SocialToken(app=app,
token=oauth_token,
token_secret=oauth_token_secret)
auth = OAuth1(app.client_id, app.secret, token.token,
token.token_secret)
resp = requests.get(VERIFY_CREDENTIALS_URL, auth=auth)
resp.raise_for_status()
extra_data = resp.json()
login = twitter_complete_login(extra_data)
login.token = token
login.state = SocialLogin.state_from_request(request)
ret = complete_social_login(request, login)
except requests.RequestException:
logger.exception('Error accessing Twitter user profile')
if not ret:
ret = render_authentication_error(request)
return ret
def login(request):
ret = None
if request.method == 'POST':
form = FacebookConnectForm(request.POST)
if form.is_valid():
try:
token = form.cleaned_data['access_token']
g = GraphAPI(token)
facebook_me = g.get_object("me")
email = valid_email_or_none(facebook_me.get('email'))
social_id = facebook_me['id']
try:
account = FacebookAccount.objects.get(social_id=social_id)
except FacebookAccount.DoesNotExist:
account = FacebookAccount(social_id=social_id)
data = dict(email=email,
facebook_access_token=token,
facebook_me=facebook_me)
# some facebook accounts don't have this data
data.update((k,v) for (k,v) in facebook_me.items()
if k in ['username', 'first_name', 'last_name'])
# Don't save partial/temporary accounts that haven't
# gone through the full signup yet, as there is no
# User attached yet.
if account.pk:
account.sync(data)
ret = complete_social_login(request, data, account)
except (GraphAPIError, IOError):
pass
if not ret:
ret = render_authentication_error(request)
return ret
def persona_login(request):
assertion = request.POST.get('assertion', '')
audience = request.build_absolute_uri('/')
resp = requests.post('https://verifier.login.persona.org/verify',
{'assertion': assertion,
'audience': audience})
if resp.json()['status'] != 'okay':
return render_authentication_error(request)
email = resp.json()['email']
user = get_adapter() \
.populate_new_user(email=email)
extra_data = resp.json()
account = SocialAccount(uid=email,
provider=PersonaProvider.id,
extra_data=extra_data,
user=user)
# TBD: Persona e-mail addresses are verified, so we could check if
# a matching local user account already exists with an identical
# verified e-mail address and short-circuit the social login. Then
# again, this holds for all social providers that guarantee
# verified e-mail addresses, so if at all, short-circuiting should
# probably not be handled here...
login = SocialLogin(account)
login.state = SocialLogin.state_from_request(request)
return complete_social_login(request, login)
def login_by_token(request):
ret = None
if request.method == 'POST':
form = FacebookConnectForm(request.POST)
if form.is_valid():
try:
provider = providers.registry.by_id(FacebookProvider.id)
app = providers.registry.by_id(FacebookProvider.id) \
.get_app(request)
access_token = form.cleaned_data['access_token']
info = requests.get(
'https://graph.facebook.com/oauth/access_token_info',
params={
'client_id': app.client_id,
'access_token': access_token
})
nonce = provider.get_nonce(request, pop=True)
if nonce and nonce == info.json().get('auth_nonce'):
token = SocialToken(app=app, token=access_token)
login = fb_complete_login(request, app, token)
login.token = token
login.state = SocialLogin.state_from_request(request)
ret = complete_social_login(request, login)
except requests.RequestException:
logger.exception('Error accessing FB user profile')
if not ret:
ret = render_authentication_error(request)
return ret
def persona_login(request):
assertion = request.POST.get('assertion', '')
audience = request.build_absolute_uri('/')
resp = requests.post('https://verifier.login.persona.org/verify', {
'assertion': assertion,
'audience': audience
})
if resp.json['status'] != 'okay':
return render_authentication_error(request)
email = resp.json['email']
user = User(email=email)
extra_data = resp.json
account = SocialAccount(uid=email,
provider=PersonaProvider.id,
extra_data=extra_data,
user=user)
# TBD: Persona e-mail addresses are verified, so we could check if
# a matching local user account already exists with an identical
# verified e-mail address and short-circuit the social login. Then
# again, this holds for all social providers that guarantee
# verified e-mail addresses, so if at all, short-circuiting should
# probably not be handled here...
login = SocialLogin(account)
login.state = SocialLogin.state_from_request(request)
return complete_social_login(request, login)
def login(request):
ret = None
if request.method == 'POST':
form = FacebookConnectForm(request.POST)
if form.is_valid():
token = form.cleaned_data['access_token']
g = GraphAPI(token)
facebook_me = g.get_object("me")
email = valid_email_or_none(facebook_me.get('email'))
social_id = facebook_me['id']
try:
account = FacebookAccount.objects.get(social_id=social_id)
except FacebookAccount.DoesNotExist:
account = FacebookAccount(social_id=social_id)
account.link = facebook_me['link']
account.name = facebook_me['name']
if account.pk:
account.save()
data = dict(email=email, facebook_me=facebook_me)
# some facebook accounts don't have this data
data.update((k,v) for (k,v) in facebook_me.items() if k in ['username', 'first_name', 'last_name'])
ret = complete_social_login(request, data, account)
if not ret:
ret = render_authentication_error(request)
return ret
def login(request):
if 'openid' in request.GET or request.method == 'POST':
form = LoginForm(request.REQUEST)
if form.is_valid():
client = _openid_consumer(request)
try:
auth_request = client.begin(form.cleaned_data['openid'])
if QUERY_EMAIL:
sreg = SRegRequest()
sreg.requestField(field_name=SRegField.EMAIL,
required=True)
auth_request.addExtension(sreg)
ax = FetchRequest()
ax.add(AttrInfo(AXAttribute.CONTACT_EMAIL,
required=True))
auth_request.addExtension(ax)
callback_url = reverse(callback)
SocialLogin.stash_state(request)
redirect_url = auth_request.redirectURL(
request.build_absolute_uri('/'),
request.build_absolute_uri(callback_url))
return HttpResponseRedirect(redirect_url)
# UnicodeDecodeError:
# see https://github.com/necaris/python3-openid/issues/1
except (UnicodeDecodeError, DiscoveryFailure) as e:
if request.method == 'POST':
form._errors["openid"] = form.error_class([e])
else:
return render_authentication_error(request)
else:
form = LoginForm()
d = dict(form=form)
return render_to_response('openid/login.html',
d, context_instance=RequestContext(request))
def login(request):
ret = None
if request.method == 'POST':
form = FacebookConnectForm(request.POST)
if form.is_valid():
token = form.cleaned_data['access_token']
g = GraphAPI(token)
facebook_me = g.get_object("me")
email = valid_email_or_none(facebook_me.get('email'))
social_id = facebook_me['id']
try:
account = FacebookAccount.objects.get(social_id=social_id)
except FacebookAccount.DoesNotExist:
account = FacebookAccount(social_id=social_id)
account.link = facebook_me['link']
account.name = facebook_me['name']
if account.pk:
account.save()
data = dict(email=email, facebook_me=facebook_me)
# some facebook accounts don't have this data
data.update((k, v) for (k, v) in facebook_me.items()
if k in ['username', 'first_name', 'last_name'])
ret = complete_social_login(request, data, account)
if not ret:
ret = render_authentication_error(request)
return ret
def login_by_token(request):
log.debug("login_by_token")
ret = None
if request.method == 'POST':
form = FacebookConnectForm(request.POST)
if form.is_valid():
log.debug("Form is valid")
try:
app = providers.registry.by_id(FacebookProvider.id) \
.get_app(request)
log.debug("App exists")
access_token = form.cleaned_data['access_token']
log.debug("access token exists")
token = SocialToken(app=app,
token=access_token)
log.debug("social token created")
login = fb_complete_login(app, token)
log.debug("fb login complete")
login.token = token
login.state = SocialLogin.state_from_request(request)
ret = complete_social_login(request, login)
except:
# FIXME: Catch only what is needed
pass
if not ret:
log.debug("authentication error")
ret = render_authentication_error(request)
return ret
def login_by_token(request):
ret = None
auth_exception = None
if request.method == 'POST':
form = KakaoConnectForm(request.POST)
if form.is_valid():
try:
provider = providers.registry.by_id(KakaoProvider.id)
app = providers.registry.by_id(
KakaoProvider.id).get_app(request)
access_token = form.cleaned_data['access_token']
token = SocialToken(app=app, token=access_token)
login = kakao_complete_login(request, app, token)
login.token = token
login.state = SocialLogin.state_from_request(request)
ret = complete_social_login(request, login)
except requests.RequestException as e:
logger.exception('Error accessing KAKAO user profile')
auth_exception = e
if not ret:
ret = render_authentication_error(request, KakaoProvider.id,
exception + auth_exception)
return ret
def login(request):
if 'openid' in request.GET or request.method == 'POST':
form = LoginForm(request.REQUEST)
if form.is_valid():
client = _openid_consumer(request)
try:
auth_request = client.begin(form.cleaned_data['openid'])
if QUERY_EMAIL:
sreg = SRegRequest()
sreg.requestField(field_name=SRegField.EMAIL, required=True)
auth_request.addExtension(sreg)
ax = FetchRequest()
ax.add(AttrInfo(AXAttribute.CONTACT_EMAIL,
required=True))
auth_request.addExtension(ax)
callback_url = reverse(callback)
state = SocialLogin.marshall_state(request)
callback_url = callback_url + '?' + urlencode(dict(state=state))
redirect_url = auth_request.redirectURL(
request.build_absolute_uri('/'),
request.build_absolute_uri(callback_url))
return HttpResponseRedirect(redirect_url)
except DiscoveryFailure, e:
if request.method == 'POST':
form._errors["openid"] = form.error_class([e])
else:
return render_authentication_error(request)
def login(request):
if 'openid' in request.GET or request.method == 'POST':
form = LoginForm(request.REQUEST)
if form.is_valid():
client = _openid_consumer(request)
try:
auth_request = client.begin(form.cleaned_data['openid'])
if QUERY_EMAIL:
sreg = SRegRequest()
sreg.requestField(field_name=SRegField.EMAIL, required=True)
auth_request.addExtension(sreg)
ax = FetchRequest()
ax.add(AttrInfo(AXAttribute.CONTACT_EMAIL,
required=True))
auth_request.addExtension(ax)
callback_url = reverse(callback)
state = SocialLogin.marshall_state(request)
callback_url = callback_url + '?' + urlencode(dict(state=state))
redirect_url = auth_request.redirectURL(
request.build_absolute_uri('/'),
request.build_absolute_uri(callback_url))
return HttpResponseRedirect(redirect_url)
except DiscoveryFailure, e:
if request.method == 'POST':
form._errors["openid"] = form.error_class([e])
else:
return render_authentication_error(request)
def login(request):
ret = None
if request.method == 'POST':
form = FacebookConnectForm(request.POST)
if form.is_valid():
try:
token = form.cleaned_data['access_token']
g = GraphAPI(token)
facebook_me = g.get_object("me")
email = valid_email_or_none(facebook_me.get('email'))
social_id = facebook_me['id']
try:
account = FacebookAccount.objects.get(social_id=social_id)
except FacebookAccount.DoesNotExist:
account = FacebookAccount(social_id=social_id)
data = dict(email=email,
facebook_access_token=token,
facebook_me=facebook_me)
# some facebook accounts don't have this data
data.update((k, v) for (k, v) in facebook_me.items()
if k in ['username', 'first_name', 'last_name'])
# Don't save partial/temporary accounts that haven't
# gone through the full signup yet, as there is no
# User attached yet.
if account.pk:
account.sync(data)
ret = complete_social_login(request, data, account)
except (GraphAPIError, IOError):
pass
if not ret:
ret = render_authentication_error(request)
return ret
def login_by_token(request):
ret = None
auth_exception = None
if request.method == 'POST':
form = KakaoConnectForm(request.POST)
if form.is_valid():
try:
provider = providers.registry.by_id(KakaoProvider.id)
app = providers.registry.by_id(KakaoProvider.id).get_app(request)
access_token = form.cleaned_data['access_token']
token = SocialToken(app=app, token=access_token)
login = kakao_complete_login(request, app, token)
login.token = token
login.state = SocialLogin.state_from_request(request)
ret = complete_social_login(request, login)
except requests.RequestException as e:
logger.exception('Error accessing KAKAO user profile')
auth_exception = e
if not ret:
ret = render_authentication_error(request, KakaoProvider.id, exception+auth_exception)
return ret
def login(request):
if 'openid' in request.GET or request.method == 'POST':
form = LoginForm(request.REQUEST)
if form.is_valid():
client = _openid_consumer(request)
try:
auth_request = client.begin(form.cleaned_data['openid'])
if QUERY_EMAIL:
sreg = SRegRequest()
sreg.requestField(field_name=SRegField.EMAIL,
required=True)
auth_request.addExtension(sreg)
ax = FetchRequest()
ax.add(AttrInfo(AXAttribute.CONTACT_EMAIL, required=True))
auth_request.addExtension(ax)
callback_url = reverse(callback)
SocialLogin.stash_state(request)
redirect_url = auth_request.redirectURL(
request.build_absolute_uri('/'),
request.build_absolute_uri(callback_url))
return HttpResponseRedirect(redirect_url)
# UnicodeDecodeError:
# see https://github.com/necaris/python3-openid/issues/1
except (UnicodeDecodeError, DiscoveryFailure) as e:
if request.method == 'POST':
form._errors["openid"] = form.error_class([e])
else:
return render_authentication_error(request)
else:
form = LoginForm()
d = dict(form=form)
return render_to_response('openid/login.html',
d,
context_instance=RequestContext(request))
def dispatch(self, request, *args, **kwargs):
"""
This overloading is necessary to manage the case
when the user clicks on "Cancel" once on the "Mire de connexion PE Connect".
Original code:
https://github.com/pennersr/django-allauth/blob/master/allauth/socialaccount/providers/oauth2/views.py#L113
"""
if "error" in request.GET or "code" not in request.GET:
# Distinguish cancel from error
auth_error = request.GET.get("error", None)
if auth_error == self.adapter.login_cancelled_error:
error = AuthError.CANCELLED
elif auth_error is None and "state" in request.GET:
# This custom case happens when the user clicks "Cancel" on the
# "Mire de connexion PE Connect".
error = AuthError.CANCELLED
else:
error = AuthError.UNKNOWN
logger.error("Unknown error in PEAMU dispatch.")
return render_authentication_error(request,
self.adapter.provider_id,
error=error)
app = self.adapter.get_provider().get_app(self.request)
client = self.get_client(request, app)
try:
access_token = client.get_access_token(request.GET["code"])
token = self.adapter.parse_token(access_token)
token.app = app
login = self.adapter.complete_login(request,
app,
token,
response=access_token)
login.token = token
if self.adapter.supports_state:
login.state = SocialLogin.verify_and_unstash_state(
request, get_request_param(request, "state"))
else:
login.state = SocialLogin.unstash_state(request)
return complete_social_login(request, login)
except (PermissionDenied, OAuth2Error, RequestException,
ProviderException) as e:
# This log is useful, 3.6k events for 75 users in 18 days but we have to disable it
# to not reach the Sentry limit. The issue is tracked in Trello.
# logger.error("Unknown error in PEAMU dispatch with exception '%s'.", e)
return render_authentication_error(request,
self.adapter.provider_id,
exception=e)
def dispatch(self, request):
app = self.adapter.get_provider().get_app(self.request)
client = self.get_client(request, app)
client.state = SocialLogin.stash_state(request)
try:
return HttpResponseRedirect(client.get_redirect_url())
except OAuth2Error:
return render_authentication_error(request)
def dispatch(self, request):
if 'error' in request.GET or not 'code' in request.GET:
# TODO: Distinguish cancel from error
return render_authentication_error(request)
app = self.adapter.get_provider().get_app(self.request)
client = self.get_client(request, app)
try:
access_token = client.get_access_token(request.GET['code'])
token = SocialToken(app=app, token=access_token)
login = self.adapter.complete_login(request, app, token)
token.account = login.account
login.token = token
login.state = SocialLogin.unmarshall_state(
request.REQUEST.get('state'))
return complete_social_login(request, login)
except OAuth2Error:
return render_authentication_error(request)
def dispatch(self, request):
if 'error' in request.GET or 'access_token' not in request.GET:
# Distinguish cancel from error
auth_error = request.GET.get('error', None)
if auth_error == self.adapter.login_cancelled_error:
error = AuthError.CANCELLED
else:
error = AuthError.UNKNOWN
return render_authentication_error(request,
self.adapter.provider_id,
error=error)
app = self.adapter.get_provider().get_app(self.request)
client = self.get_client(request, app)
try:
# Parse the access token
access_token = {
'access_token': request.GET['access_token'],
'expires_in': request.GET['expires_in']
}
token = self.adapter.parse_token(access_token)
token.app = app
login = self.adapter.complete_login(request,
app,
token,
response=access_token)
login.token = token
SocialLogin.stash_state(request)
if self.adapter.supports_state:
login.state = SocialLogin \
.verify_and_unstash_state(
request,
get_request_param(request, 'state'))
else:
login.state = SocialLogin.unstash_state(request)
# Make sure the user is initiated with some training in the DB
request.session['initial_training'] = 'zooniverse'
return complete_social_login(request, login)
except (PermissionDenied, OAuth2Error, RequestException,
ProviderException) as e:
return render_authentication_error(request,
self.adapter.provider_id,
exception=e)
def dispatch(self, request):
callback_url = reverse(self.adapter.provider_id + "_callback")
client = self._get_client(request, callback_url)
request.session['next'] = get_login_redirect_url(request)
try:
return client.get_redirect()
except OAuthError:
return render_authentication_error(request)
def dispatch(self, request):
callback_url = reverse(self.adapter.provider_id + "_callback")
client = self._get_client(request, callback_url)
request.session['next'] = get_login_redirect_url(request)
try:
return client.get_redirect()
except OAuthError:
return render_authentication_error(request)
def dispatch(self, request):
callback_url = reverse(self.adapter.provider_id + "_callback")
SocialLogin.stash_state(request)
client = self._get_client(request, callback_url)
try:
return client.get_redirect()
except OAuthError:
return render_authentication_error(request)
def dispatch(self, request):
callback_url = reverse(self.adapter.provider_id + "_callback")
SocialLogin.stash_state(request)
client = self._get_client(request, callback_url)
try:
return client.get_redirect()
except OAuthError:
return render_authentication_error(request)
def dispatch(self, request):
app = self.adapter.get_provider().get_app(self.request)
client = self.get_client(request, app)
client.state = SocialLogin.marshall_state(request)
try:
return HttpResponseRedirect(client.get_redirect_url())
except OAuth2Error:
return render_authentication_error(request)
def dispatch(self, request):
if "error" in request.GET or not "code" in request.GET:
# TODO: Distinguish cancel from error
return render_authentication_error(request)
app = self.adapter.get_provider().get_app(self.request)
client = self.get_client(request, app)
try:
access_token = client.get_access_token(request.GET["code"])
token = self.adapter.parse_token(access_token)
token.app = app
login = self.adapter.complete_login(request, app, token, response=access_token)
token.account = login.account
login.token = token
login.state = SocialLogin.verify_and_unstash_state(request, request.REQUEST.get("state"))
return complete_social_login(request, login)
except OAuth2Error:
return render_authentication_error(request)
def login(request):
if 'openid' in request.GET or request.method == 'POST':
form = LoginForm(
dict(list(request.GET.items()) + list(request.POST.items()))
)
if form.is_valid():
client = _openid_consumer(request)
provider = OpenIDProvider(request)
realm = provider.get_settings().get(
'REALM',
request.build_absolute_uri('/'))
try:
auth_request = client.begin(form.cleaned_data['openid'])
if QUERY_EMAIL:
sreg = SRegRequest()
for name in SRegFields:
sreg.requestField(field_name=name,
required=True)
auth_request.addExtension(sreg)
ax = FetchRequest()
for name in AXAttributes:
ax.add(AttrInfo(name,
required=True))
provider = OpenIDProvider(request)
server_settings = \
provider.get_server_settings(request.GET.get('openid'))
extra_attributes = \
server_settings.get('extra_attributes', [])
for _, name, required in extra_attributes:
ax.add(AttrInfo(name,
required=required))
auth_request.addExtension(ax)
callback_url = reverse(callback)
SocialLogin.stash_state(request)
# Fix for issues 1523 and 2072 (github django-allauth)
if 'next' in form.cleaned_data and form.cleaned_data['next']:
auth_request.return_to_args['next'] = \
form.cleaned_data['next']
redirect_url = auth_request.redirectURL(
realm,
request.build_absolute_uri(callback_url))
return HttpResponseRedirect(redirect_url)
# UnicodeDecodeError:
# see https://github.com/necaris/python3-openid/issues/1
except (UnicodeDecodeError, DiscoveryFailure) as e:
if request.method == 'POST':
form._errors["openid"] = form.error_class([e])
else:
return render_authentication_error(
request,
OpenIDProvider.id,
exception=e)
else:
form = LoginForm(initial={'next': request.GET.get('next'),
'process': request.GET.get('process')})
d = dict(form=form)
return render(request, "openid/login.html", d)
def dispatch(self, request):
app = self.adapter.get_app(self.request)
client = self.get_client(request, app)
# TODO: next can be passed along to callback url, session not required
request.session['next'] = get_login_redirect_url(request)
try:
return HttpResponseRedirect(client.get_redirect_url())
except OAuth2Error:
return render_authentication_error(request)
def dispatch(self, request):
app = self.adapter.get_app(self.request)
client = self.get_client(request, app)
# TODO: next can be passed along to callback url, session not required
request.session['next'] = get_login_redirect_url(request)
try:
return HttpResponseRedirect(client.get_redirect_url())
except OAuth2Error:
return render_authentication_error(request)
def dispatch(self, request):
if 'error' in request.GET or not 'code' in request.GET:
# TODO: Distinguish cancel from error
return render_authentication_error(request)
app = self.adapter.get_provider().get_app(self.request)
client = self.get_client(request, app)
try:
access_token = client.get_access_token(request.GET['code'])
token = SocialToken(app=app,
token=access_token)
login = self.adapter.complete_login(request,
app,
token)
token.account = login.account
login.token = token
return complete_social_login(request, login)
except OAuth2Error:
return render_authentication_error(request)
def login_by_token(request):
ret = None
auth_exception = None
if request.method == "POST":
form = FacebookConnectForm(request.POST)
if form.is_valid():
try:
provider = providers.registry.by_id(FacebookProvider.id,
request)
login_options = provider.get_fb_login_options(request)
app = provider.get_app(request)
access_token = form.cleaned_data["access_token"]
expires_at = None
if login_options.get("auth_type") == "reauthenticate":
info = requests.get(
GRAPH_API_URL + "/oauth/access_token_info",
params={
"client_id": app.client_id,
"access_token": access_token,
},
).json()
nonce = provider.get_nonce(request, pop=True)
ok = nonce and nonce == info.get("auth_nonce")
else:
ok = True
if ok and provider.get_settings().get("EXCHANGE_TOKEN"):
resp = requests.get(
GRAPH_API_URL + "/oauth/access_token",
params={
"grant_type": "fb_exchange_token",
"client_id": app.client_id,
"client_secret": app.secret,
"fb_exchange_token": access_token,
},
).json()
access_token = resp["access_token"]
expires_in = resp.get("expires_in")
if expires_in:
expires_at = timezone.now() + timedelta(
seconds=int(expires_in))
if ok:
token = SocialToken(app=app,
token=access_token,
expires_at=expires_at)
login = fb_complete_login(request, app, token)
login.token = token
login.state = SocialLogin.state_from_request(request)
ret = complete_social_login(request, login)
except requests.RequestException as e:
logger.exception("Error accessing FB user profile")
auth_exception = e
if not ret:
ret = render_authentication_error(request,
FacebookProvider.id,
exception=auth_exception)
return ret
def dispatch(self, request):
if 'error' in request.GET or not 'code' in request.GET:
error_context = {}
try:
import json
error_context = {"error": "facebook:" + request.GET["error_message"] if "error_message" in request.GET else ''}
except Exception, args:
pass
# TODO: Distinguish cancel from error
return render_authentication_error(request, error_context)
def login_done(request):
app = TwitterApp.objects.get_current()
client = OAuthTwitter(
request, app.consumer_key,
app.consumer_secret,
app.request_token_url)
try:
user_info = client.get_user_info()
except OAuthError, e:
return render_authentication_error(request)
def dispatch(self, request, *args, **kwargs):
logger.info("start login")
if 'error' in request.GET or 'code' not in request.GET:
# Distinguish cancel from error
auth_error = request.GET.get('error', None)
logger.info("auth_error %s " % auth_error)
if auth_error == self.adapter.login_cancelled_error:
error = AuthError.CANCELLED
logger.info("AuthError.CANCELLED %s " % error)
else:
error = AuthError.UNKNOWN
logger.info("AuthError.UNKNOWN %s %s" % (error, auth_error))
return render_authentication_error(request,
self.adapter.provider_id,
error=error)
app = self.adapter.get_provider().get_app(self.request)
logger.info("app %s " % app)
client = self.get_client(request, app)
try:
access_token = client.get_access_token(request.GET['code'])
logger.info("access_token %s " % access_token)
token = self.adapter.parse_token(access_token)
logger.info("parse_token %s " % token)
token.app = app
login = self.adapter.complete_login(request,
app,
token,
response=access_token)
logger.info("logged in %s " % login)
login.token = token
if self.adapter.supports_state:
login.state = SocialLogin \
.verify_and_unstash_state(
request,
get_request_param(request, 'state'))
else:
login.state = SocialLogin.unstash_state(request)
return complete_social_login(request, login)
except (PermissionDenied, OAuth2Error, RequestException,
ProviderException) as e:
return render_authentication_error(request,
self.adapter.provider_id,
exception=e)
def dispatch(self, request, *args, **kwargs):
if 'error' in request.GET or 'code' not in request.GET:
# Distinguish cancel from error
auth_error = request.GET.get('error', None)
if auth_error == self.adapter.login_cancelled_error:
error = AuthError.CANCELLED
else:
error = AuthError.UNKNOWN
return render_authentication_error(
request,
self.adapter.provider_id,
error=error)
app = self.adapter.get_provider().get_app(self.request)
client = self.get_client(request, app)
try:
access_token = client.get_access_token(request.GET['code'])
token = self.adapter.parse_token(access_token)
token.app = app
login = self.adapter.complete_login(request,
app,
token,
response=access_token)
login.token = token
if self.adapter.supports_state:
login.state = SocialLogin \
.verify_and_unstash_state(
request,
get_request_param(request, 'state'))
else:
login.state = SocialLogin.unstash_state(request)
return complete_social_login(request, login)
except (PermissionDenied,
OAuth2Error,
RequestException,
ProviderException) as e:
if isinstance(e, PermissionDenied) or isinstance(e, OAuth2Error):
# One of these errors are raised when a user authenticated through dataporten
# uses the browser back button. Simply redirect to ``/``.
return HttpResponseRedirect('/')
return render_authentication_error(
request,
self.adapter.provider_id,
exception=e)
def dispatch(self, request):
callback_url = reverse(self.adapter.provider_id + "_callback")
# TODO: Can't this be moved as query param into callback?
# Tried but failed somehow, needs further study...
request.session['oauth_login_state'] \
= SocialLogin.marshall_state(request)
client = self._get_client(request, callback_url)
try:
return client.get_redirect()
except OAuthError:
return render_authentication_error(request)
def dispatch(self, request):
callback_url = reverse(self.adapter.provider_id + "_callback")
SocialLogin.stash_state(request)
action = request.GET.get("action", AuthAction.AUTHENTICATE)
provider = self.adapter.get_provider()
auth_url = provider.get_auth_url(request, action) or self.adapter.authorize_url
client = self._get_client(request, callback_url)
try:
return client.get_redirect(auth_url)
except OAuthError as e:
return render_authentication_error(request, self.adapter.provider_id, exception=e)
def dispatch(self, request):
if 'error' in request.GET or not 'code' in request.GET:
# TODO: Distinguish cancel from error
return render_authentication_error(request)
app = self.adapter.get_provider().get_app(self.request)
client = self.get_client(request, app)
try:
access_token, refresh_token = client.get_access_token(request.GET['code'])
token = SocialToken(app=app,
token=access_token,
token_secret=refresh_token)
login = self.adapter.complete_login(request, app, token)
token.account = login.account
login.token = token
login.state = SocialLogin.unmarshall_state(request.REQUEST
.get('state'))
login.redirect_account_url = request.session.pop('redirect_account_url', None)
return complete_social_login(request, login)
except OAuth2Error:
return render_authentication_error(request)
def dispatch(self, request):
provider = self.adapter.get_provider()
app = provider.get_app(self.request)
client = self.get_client(request, app)
action = request.GET.get("action", AuthAction.AUTHENTICATE)
auth_url = self.adapter.authorize_url
auth_params = provider.get_auth_params(request, action)
client.state = SocialLogin.stash_state(request)
try:
return HttpResponseRedirect(client.get_redirect_url(auth_url, auth_params))
except OAuth2Error as e:
return render_authentication_error(request, provider.id, exception=e)
