def validate_token(email, oauth_token):
try:
idinfo = id_token.verify_oauth2_token(oauth_token, requests.Request(),
settings.GOOGLE_OAUTH2_CLIENT_ID)
issuers = ['accounts.google.com', 'https://accounts.google.com']
if idinfo['iss'] not in issuers:
raise EventFactory.Conflict(
'GOOGLE_OAUTH2_USER_INFO_ERROR_DETECTED')
gmail_email = idinfo['email']
except ValueError:
raise EventFactory.Conflict('GOOGLE_OAUTH2_USER_INFO_ERROR_DETECTED')
# -- validate email
if gmail_email != email:
raise EventFactory.BrokenRequest('EMAIL_MISMATCH_DETECTED')
# -- validate domain
domain = email.split('@')[1]
if domain not in settings.GOOGLE_OAUTH2_ALLOWED_DOMAINS:
raise EventFactory.AuthError('WRONG_EMAIL_DOMAIN')
return gmail_email
def get_token_and_delete(self):
if not self.expired:
token = AuthToken.encode(self.account)
self.delete()
return token
else:
raise EventFactory.BrokenRequest('EXPIRED_AUTH_REQUEST_DETECTED')