def get(self, provider_name):
provider_display_name = models.SocialUser.PROVIDERS_INFO[
provider_name]['label']
if not config.enable_federated_login:
message = _('Federated login is disabled.')
self.add_message(message, 'warning')
return self.redirect_to('login')
#OAuth Shizzle
callback_url = "%s/social_login/%s/complete" % (self.request.host_url,
provider_name)
# twitter madness (seriously, what's the deal with them?)
if provider_name == "twitter":
twitter_helper = twitter.TwitterAuth(self,
redirect_uri=callback_url)
self.redirect(twitter_helper.auth_url())
# github stores the callback URL in the app settings on their site, so we don't pass it here
# you can register a new app at https://github.com/settings/applications/
elif provider_name == "github":
scope = 'gist'
github_helper = github.GithubAuth(scope)
self.redirect(github_helper.get_authorize_url())
else:
message = _('%s authentication is not yet implemented.' %
provider_display_name)
self.add_message(message, 'warning')
self.redirect_to('edit-profile')
def post(self):
"""
username: Get the username from POST dict
password: Get the password from POST dict
"""
if not self.form.validate():
return self.get()
username = self.form.username.data.lower()
try:
if utils.is_email_valid(username):
user = models.User.get_by_email(username)
if user:
auth_id = user.auth_ids[0]
else:
raise InvalidAuthIdError
else:
auth_id = "own:%s" % username
user = models.User.get_by_auth_id(auth_id)
password = self.form.password.data.strip()
remember_me = True if str(
self.request.POST.get('remember_me')) == 'on' else False
# Password to SHA512
password = utils.hashing(password, config.salt)
# Try to login user with password
# Raises InvalidAuthIdError if user is not found
# Raises InvalidPasswordError if provided password
# doesn't match with specified user
self.auth.get_user_by_password(auth_id,
password,
remember=remember_me)
# if user account is not activated, logout and redirect to home
if (user.activated == False):
# logout
self.auth.unset_session()
# redirect to home with error message
message = _(
'Your account has been suspended. Please contact support for more information.'
)
self.add_message(message, 'error')
return self.redirect_to('login')
# REMOVE ME
#check twitter association in session
twitter_helper = twitter.TwitterAuth(self)
twitter_association_data = twitter_helper.get_association_data()
if twitter_association_data is not None:
if models.SocialUser.check_unique(
user.key, 'twitter',
str(twitter_association_data['id'])):
social_user = models.SocialUser(
user=user.key,
provider='twitter',
uid=str(twitter_association_data['id']),
extra_data=twitter_association_data)
social_user.put()
logVisit = models.LogVisit(user=user.key,
uastring=self.request.user_agent,
ip=self.request.remote_addr,
timestamp=utils.get_date_time())
logVisit.put()
self.redirect_to('home')
except (InvalidAuthIdError, InvalidPasswordError), e:
# Returns error message to self.response.write in
# the BaseHandler.dispatcher
message = _("Your username or password is incorrect. Caps lock?")
self.add_message(message, 'error')
return self.redirect_to('login')
def get(self, provider_name):
if not config.enable_federated_login:
message = _('Federated login is disabled.')
self.add_message(message, 'warning')
return self.redirect_to('login')
# callback handler for twitter oauth
if provider_name == "twitter":
oauth_token = self.request.get('oauth_token')
oauth_verifier = self.request.get('oauth_verifier')
twitter_helper = twitter.TwitterAuth(self)
user_data = twitter_helper.auth_complete(oauth_token,
oauth_verifier)
screen_name = user_data['screen_name']
if self.user:
# user is already logged in so we set a new association with twitter
user_info = models.User.get_by_id(long(self.user_id))
if models.SocialUser.check_unique(user_info.key, 'twitter',
str(user_data['id'])):
social_user = models.SocialUser(
user=user_info.key,
provider='twitter',
uid=str(user_data['id']),
extra_data=user_data,
screen_name=screen_name,
)
social_user.put()
message = _('Twitter association added.')
self.add_message(message, 'success')
else:
message = _('This Twitter account is already in use.')
self.add_message(message, 'error')
self.redirect_to('edit-profile')
else:
# user is not logged in, but is trying to log in via twitter
social_user = models.SocialUser.get_by_provider_and_uid(
'twitter', str(user_data['id']))
if social_user:
# Social user exists. Need authenticate related site account
user = social_user.user.get()
self.auth.set_session(self.auth.store.user_to_dict(user),
remember=True)
logVisit = models.LogVisit(
user=user.key,
uastring=self.request.user_agent,
ip=self.request.remote_addr,
timestamp=utils.get_date_time())
logVisit.put()
self.redirect_to('home')
else:
# Social user does not exists. Need show login and registration forms!
twitter_helper.save_association_data(user_data)
message = _(
'This Twitter account is not associated with a StackGeek account. '
'Please sign in or create a StackGeek account before continuing.'
)
self.add_message(message, 'warning')
self.redirect_to('login')
# callback handler for github oauth
elif provider_name == "github":
# get our request code back from the social login handler above
code = self.request.get('code')
# create our github auth object (again)
scope = 'gist'
github_helper = github.GithubAuth(scope)
# retrieve the access token using the code and auth object
try:
access_token = github_helper.get_access_token(code)
user_data = github_helper.get_user_info(access_token)
except:
message = _(
'An error was encountered while exchanging tokens with Github.'
)
self.add_message(message, 'error')
self.redirect_to('edit-profile')
return
if self.user:
# user is already logged in so we set a new association with github
user_info = models.User.get_by_id(long(self.user_id))
if models.SocialUser.check_unique(user_info.key, 'github',
str(user_data['login'])):
social_user = models.SocialUser(user=user_info.key,
provider='github',
uid=str(
user_data['login']),
access_token=access_token,
extra_data=user_data)
social_user.put()
message = _(
'The StackGeek application has been added to your Github account.'
)
self.add_message(message, 'success')
else:
message = _(
'The currently logged in Github account is already in use with another account.'
)
self.add_message(message, 'error')
self.redirect_to('edit-profile')
return
# check to see if we are headed anywhere else besides the profile page
next_page = utils.read_cookie(self, 'oauth_return_url')
utils.write_cookie(self, 'oauth_return_url', '', '/', 15)
# try out what we found or redirect to profile if it's a bad value
if next_page:
try:
self.redirect_to(next_page)
except:
self.redirect_to('edit-profile')
else:
self.redirect_to('edit-profile')
else:
# user is not logged in, but is trying to log in via github
social_user = models.SocialUser.get_by_provider_and_uid(
'github', str(user_data['login']))
if social_user:
# Social user exists. Need authenticate related site account
user = social_user.user.get()
self.auth.set_session(self.auth.store.user_to_dict(user),
remember=True)
logVisit = models.LogVisit(
user=user.key,
uastring=self.request.user_agent,
ip=self.request.remote_addr,
timestamp=utils.get_date_time())
logVisit.put()
self.redirect_to('home')
else:
# Social user does not exists. Need show login and registration forms!
message = _(
'This Github account is not associated with a StackGeek account. '
'Please sign in or create a StackGeek account before continuing.'
)
self.add_message(message, 'warning')
self.redirect_to('login')
# google, myopenid, yahoo OpenID Providers
elif provider_name in models.SocialUser.open_id_providers():
provider_display_name = models.SocialUser.PROVIDERS_INFO[
provider_name]['label']
# get info passed from OpenId Provider
from google.appengine.api import users
current_user = users.get_current_user()
if current_user:
if current_user.federated_identity():
uid = current_user.federated_identity()
else:
uid = current_user.user_id()
email = current_user.email()
else:
message = _(
'No user authentication information received from %s. '
'Please ensure you are logging in from an authorized OpenID Provider (OP).'
% provider_display_name)
self.add_message(message, 'error')
return self.redirect_to('login')
if self.user:
# add social account to user
user_info = models.User.get_by_id(long(self.user_id))
if models.SocialUser.check_unique(user_info.key, provider_name,
uid):
social_user = models.SocialUser(user=user_info.key,
provider=provider_name,
uid=uid)
social_user.put()
message = _('%s association successfully added.' %
provider_display_name)
self.add_message(message, 'success')
else:
message = _('This %s account is already in use.' %
provider_display_name)
self.add_message(message, 'error')
self.redirect_to('edit-profile')
else:
# login with OpenId Provider
social_user = models.SocialUser.get_by_provider_and_uid(
provider_name, uid)
if social_user:
# Social user found. Authenticate the user
user = social_user.user.get()
self.auth.set_session(self.auth.store.user_to_dict(user),
remember=True)
logVisit = models.LogVisit(
user=user.key,
uastring=self.request.user_agent,
ip=self.request.remote_addr,
timestamp=utils.get_date_time())
logVisit.put()
self.redirect_to('home')
else:
message = _(
'This OpenID based account is not associated with a StackGeek account. '
'Please sign in or create a StackGeek account before continuing.'
)
self.add_message(message, 'warning')
self.redirect_to('login')
else:
message = _('This authentication method is not yet implemented!')
self.add_message(message, 'warning')
self.redirect_to('login')