def create_user():
data = json.loads(request.data)
if not (data.get('email') or data.get('facebook_id')):
return json_error("missing attribute: email or facebook_id")
# get the user id from the signed request and compare it to the
# facebook profile information to see if we have access to this user
sr = data.get('signed_request')
fb_d, err = facebook.get_data_from_signed_request(sr)
if err:
return json_error(err)
if fb_d.get('user_id') != data.get('facebook_id'):
return json_error("invalid facebook cookie")
# find the user in the database, return if found
facebook_id = data.get('facebook_id')
user = User.find_by_facebook_id(db, facebook_id)
if user:
return json.dumps(user)
# otherwise create and return the new user
user_id = User.create(db, data)
if not user_id:
return json_error("couldn't create user")
user = User.find_by_id(db, user_id)
return json.dumps(user)
def get_user_from_request(db, request):
"""Find the logged in user, if there is one.
Use request cookies to find the user in the database.
"""
# check for a facebook valid signed request
fb_d, err = facebook.get_data_from_request(request)
if err:
return {}, err
facebook_id = fb_d.get('user_id')
user = User.find_by_facebook_id(db, facebook_id)
if user:
return user, None
return {}, "no user information in request cookies"