def validate_create_user(blender_id_user_id, token, oauth_subclient_id): """Validates a user against Blender ID, creating the user in our database. :param blender_id_user_id: the user ID at the BlenderID server. :param token: the OAuth access token. :param oauth_subclient_id: the subclient ID, or empty string if not a subclient. :returns: (user in MongoDB, HTTP status 200 or 201) """ # Verify with Blender ID log.debug('Storing token for BlenderID user %s', blender_id_user_id) user_info, token_expiry = validate_token(blender_id_user_id, token, oauth_subclient_id) if user_info is None: log.debug('Unable to verify token with Blender ID.') return None, None # Blender ID can be queried without user ID, and will always include the # correct user ID in its response. log.debug('Obtained user info from Blender ID: %s', user_info) # Store the user info in MongoDB. db_user = find_user_in_db(user_info) db_id, status = upsert_user(db_user) # Store the token in MongoDB. authentication.store_token(db_id, token, token_expiry, oauth_subclient_id) return db_user, status
def oauth_callback(provider): if current_user.is_authenticated: return redirect(url_for('main.homepage')) oauth = OAuthSignIn.get_provider(provider) try: oauth_user = oauth.callback() except OAuthCodeNotProvided as e: log.error(e) raise wz_exceptions.Forbidden() if oauth_user.id is None: log.debug('Authentication failed for user with {}'.format(provider)) return redirect(url_for('main.homepage')) # Find or create user user_info = {'id': oauth_user.id, 'email': oauth_user.email, 'full_name': ''} db_user = find_user_in_db(user_info, provider=provider) db_id, status = upsert_user(db_user) token = generate_and_store_token(db_id) # Login user pillar.auth.login_user(token['token'], load_from_db=True) if provider == 'blender-id' and current_user.is_authenticated: # Check with Blender ID to update certain user roles. update_subscription() next_after_login = session.pop('next_after_login', None) if next_after_login: log.debug('Redirecting user to %s', next_after_login) return redirect(next_after_login) return redirect(url_for('main.homepage'))
def oauth_callback(provider): import datetime from pillar.api.utils.authentication import store_token from pillar.api.utils import utcnow next_after_login = session.pop('next_after_login', None) or url_for('main.homepage') if current_user.is_authenticated: log.debug('Redirecting user to %s', next_after_login) return redirect(next_after_login) oauth = OAuthSignIn.get_provider(provider) try: oauth_user = oauth.callback() except OAuthCodeNotProvided as e: log.error(e) raise wz_exceptions.Forbidden() if oauth_user.id is None: log.debug('Authentication failed for user with {}'.format(provider)) return redirect(next_after_login) # Find or create user user_info = { 'id': oauth_user.id, 'email': oauth_user.email, 'full_name': '' } db_user = find_user_in_db(user_info, provider=provider) db_id, status = upsert_user(db_user) # TODO(Sybren): If the user doesn't have any badges, but the access token # does have 'badge' scope, we should fetch the badges in the background. if oauth_user.access_token: # TODO(Sybren): make nr of days configurable, or get from OAuthSignIn subclass. token_expiry = utcnow() + datetime.timedelta(days=15) token = store_token(db_id, oauth_user.access_token, token_expiry, oauth_scopes=oauth_user.scopes) else: token = generate_and_store_token(db_id) # Login user pillar.auth.login_user(token['token'], load_from_db=True) if provider == 'blender-id' and current_user.is_authenticated: # Check with Blender ID to update certain user roles. update_subscription() log.debug('Redirecting user to %s', next_after_login) return redirect(next_after_login)