def auth_complete(self, *args, **kwargs):
"""Completes loging process, must return user instance"""
access_token = None
expires = None
if 'code' in self.data:
state = self.validate_state()
url = ACCESS_TOKEN + urlencode({
'client_id': backend_setting(self, self.SETTINGS_KEY_NAME),
'redirect_uri': self.get_redirect_uri(state),
'client_secret': backend_setting(
self,
self.SETTINGS_SECRET_NAME
),
'code': self.data['code']
})
try:
payload = dsa_urlopen(url)
except HTTPError:
raise AuthFailed(self, 'There was an error authenticating '
'the app')
response = payload.read()
#parsed_response = cgi.parse_qs(response)
parsed_response = json.loads(response)
# print('***********************************************')
# print(url)
# print(response)
# print(parsed_response)
# print(parsed_response['access_token'])
# print(parsed_response['expires_in'])
# print('***********************************************')
access_token = parsed_response['access_token']
if 'expires' in parsed_response:
expires = parsed_response['expires']
if 'signed_request' in self.data:
response = load_signed_request(
self.data.get('signed_request'),
backend_setting(self, self.SETTINGS_SECRET_NAME)
)
if response is not None:
access_token = response.get('access_token') or\
response.get('oauth_token') or\
self.data.get('access_token')
if 'expires' in response:
expires = response['expires']
if access_token:
return self.do_auth(access_token, expires=expires, *args, **kwargs)
else:
if self.data.get('error') == 'access_denied':
raise AuthCanceled(self)
else:
raise AuthException(self)
def response(self):
if not hasattr(self, '_response'):
access_token = None
expires = None
if 'code' in self.data:
state = self.validate_state()
url = ACCESS_TOKEN + urlencode({
'client_id': backend_setting(self, self.SETTINGS_KEY_NAME),
'redirect_uri': self.get_redirect_uri(state),
'client_secret': backend_setting(self,
self.SETTINGS_SECRET_NAME),
'code': self.data['code']
})
try:
self._response = cgi.parse_qs(dsa_urlopen(url).read())
except HTTPError:
raise AuthFailed(self, 'There was an error authenticating '
'the app')
if 'signed_request' in self.data:
self._response = load_signed_request(self.data.get('signed_request'),
backend_setting(
self,
self.SETTINGS_SECRET_NAME))
return self._response
def user_data(self, access_token, *args, **kwargs):
"""Loads user data from service"""
data = None
params = backend_setting(self, self.EXTRA_PARAMS_VAR_NAME, {})
params['access_token'] = access_token
url = FACEBOOK_ME + urlencode(params)
try:
data = simplejson.load(dsa_urlopen(url))
except ValueError:
extra = {'access_token': sanitize_log_data(access_token)}
log('error', 'Could not load user data from Facebook.',
exc_info=True, extra=extra)
except HTTPError:
extra = {'access_token': sanitize_log_data(access_token)}
log('error', 'Error validating access token.',
exc_info=True, extra=extra)
raise AuthTokenError(self)
else:
log('debug', 'Found user data for token %s',
sanitize_log_data(access_token), extra={'data': data})
mandatory = backend_setting(self, self.MANDATORY_PERMISSIONS_VAR_NAME, [])
for permission in mandatory:
if not data.get(permission, False):
raise AuthIncomplete(self, 'Missing mandatory permission %s' % permission)
return data
def wrapper(request, backend, *args, **kwargs):
if redirect_name:
redirect = reverse(redirect_name, args=(backend,))
else:
redirect = request.path
backend = get_backend(backend, request, redirect)
if not backend:
return HttpResponseServerError('Incorrect authentication ' + \
'service')
RAISE_EXCEPTIONS = backend_setting(backend, 'SOCIAL_AUTH_RAISE_EXCEPTIONS', setting('DEBUG'))
try:
return func(request, backend, *args, **kwargs)
except Exception, e: # some error ocurred
if RAISE_EXCEPTIONS:
raise
log('error', unicode(e), exc_info=True, extra={
'request': request
})
mod, func_name = PROCESS_EXCEPTIONS.rsplit('.', 1)
try:
process = getattr(import_module(mod), func_name,
lambda *args: None)
except ImportError:
pass
else:
process(request, backend, e)
url = backend_setting(backend, 'SOCIAL_AUTH_BACKEND_ERROR_URL',
LOGIN_ERROR_URL)
return HttpResponseRedirect(url)
def auth_complete(self, request, user, *args, **kwargs):
form = OdnoklassnikiIframeForm(auth=self, data=request.GET)
if not form.is_valid():
raise AuthFailed('Cannot authorize: malformed parameters')
else:
response = form.get_response()
extra_user_data = backend_setting(self, 'ODNOKLASSNIKI_APP_EXTRA_USER_DATA_LIST', ())
base_fields = ('uid', 'first_name', 'last_name', 'name')
fields = base_fields + extra_user_data
data = {
'method': 'users.getInfo',
'uids': '{0}'.format(response['logged_user_id']),
'fields': ','.join(fields),
}
client_key, client_secret, public_key = self.get_settings()
details = odnoklassniki_api(data, response['api_server'], public_key, client_secret, 'iframe_nosession')
if len(details) == 1 and 'uid' in details[0]:
details = details[0]
auth_data_fields = backend_setting(self, 'ODNOKLASSNIKI_APP_EXTRA_AUTH_DATA_LIST',
('api_server', 'apiconnection', 'session_key', 'session_secret_key', 'authorized'))
for field in auth_data_fields:
details[field] = response[field]
details['extra_data_list'] = fields + auth_data_fields
kwargs.update({
'auth': self,
'response': details,
self.AUTH_BACKEND.name: True
})
else:
raise AuthFailed('Cannot get user details: API error')
return authenticate(*args, **kwargs)
def associate_complete(request, backend, *args, **kwargs):
"""Authentication complete process"""
# pop redirect value before the session is trashed on login()
redirect_value = request.session.get(REDIRECT_FIELD_NAME, '')
user = auth_complete(request, backend, request.user, *args, **kwargs)
backend_name = backend.AUTH_BACKEND.name
messages.add_message(
request, messages.SUCCESS,
'You have linked your account with {}.'.format(
settings.AUTH_PROVIDER_LABELS.get(backend_name, backend_name),
)
)
if not user:
url = backend_setting(backend, 'LOGIN_ERROR_URL', LOGIN_ERROR_URL)
elif isinstance(user, HttpResponse):
return user
else:
url = (
redirect_value or
backend_setting(backend, 'SOCIAL_AUTH_NEW_ASSOCIATION_REDIRECT_URL') or
DEFAULT_REDIRECT
)
return HttpResponseRedirect(url)
def complete_process(request, backend, *args, **kwargs):
"""Authentication complete process"""
# pop redirect value before the session is trashed on login()
redirect_value = request.session.get(REDIRECT_FIELD_NAME, '')
user = auth_complete(request, backend, *args, **kwargs)
if isinstance(user, HttpResponse):
return user
if not user and request.user.is_authenticated():
return HttpResponseRedirect(redirect_value)
if user:
if getattr(user, 'is_active', True):
# catch is_new flag before login() might reset the instance
is_new = getattr(user, 'is_new', False)
login(request, user)
# user.social_user is the used UserSocialAuth instance defined
# in authenticate process
social_user = user.social_user
if redirect_value:
request.session[REDIRECT_FIELD_NAME] = redirect_value or \
DEFAULT_REDIRECT
if setting('SOCIAL_AUTH_SESSION_EXPIRATION', True):
# Set session expiration date if present and not disabled by
# setting. Use last social-auth instance for current provider,
# users can associate several accounts with a same provider.
if social_user.expiration_delta():
try:
request.session.set_expiry(social_user.expiration_delta())
except OverflowError:
# Handle django time zone overflow, set default expiry.
request.session.set_expiry(None)
# store last login backend name in session
key = setting('SOCIAL_AUTH_LAST_LOGIN',
'social_auth_last_login_backend')
request.session[key] = social_user.provider
# Remove possible redirect URL from session, if this is a new
# account, send him to the new-users-page if defined.
new_user_redirect = backend_setting(backend,
'SOCIAL_AUTH_NEW_USER_REDIRECT_URL')
if new_user_redirect and is_new:
url = new_user_redirect
else:
url = redirect_value or \
backend_setting(backend,
'SOCIAL_AUTH_LOGIN_REDIRECT_URL') or \
DEFAULT_REDIRECT
else:
url = backend_setting(backend, 'SOCIAL_AUTH_INACTIVE_USER_URL',
LOGIN_ERROR_URL)
else:
msg = setting('LOGIN_ERROR_MESSAGE', None)
if msg:
messages.error(request, msg)
url = backend_setting(backend, 'LOGIN_ERROR_URL', LOGIN_ERROR_URL)
return HttpResponseRedirect(url)
def complete_process(request, backend, *args, **kwargs):
"""Authentication complete process"""
# pop redirect value before the session is trashed on login()
redirect_value = request.session.get(REDIRECT_FIELD_NAME, "")
user = auth_complete(request, backend, *args, **kwargs)
inv_code = request.session.get("code", "")
inv_type = request.session.get("inv_type", "")
if isinstance(user, HttpResponse):
return user
if not user and request.user.is_authenticated():
return HttpResponseRedirect(redirect_value)
if user:
if getattr(user, "is_active", True):
login(request, user)
request.session["code"] = inv_code
request.session["inv_type"] = inv_type
from invite_friends.helpers import accept_invite
accept_invite(request, user)
# user.social_user is the used UserSocialAuth instance defined
# in authenticate process
social_user = user.social_user
if setting("SOCIAL_AUTH_SESSION_EXPIRATION", True):
# Set session expiration date if present and not disabled by
# setting. Use last social-auth instance for current provider,
# users can associate several accounts with a same provider.
if social_user.expiration_delta():
request.session.set_expiry(social_user.expiration_delta())
# store last login backend name in session
key = setting("SOCIAL_AUTH_LAST_LOGIN", "social_auth_last_login_backend")
request.session[key] = social_user.provider
# Remove possible redirect URL from session, if this is a new
# account, send him to the new-users-page if defined.
new_user_redirect = backend_setting(backend, "SOCIAL_AUTH_NEW_USER_REDIRECT_URL")
if new_user_redirect and getattr(user, "is_new", False):
url = new_user_redirect
else:
url = redirect_value or backend_setting(backend, "SOCIAL_AUTH_LOGIN_REDIRECT_URL") or DEFAULT_REDIRECT
else:
url = backend_setting(backend, "SOCIAL_AUTH_INACTIVE_USER_URL", LOGIN_ERROR_URL)
else:
msg = setting("LOGIN_ERROR_MESSAGE", None)
if msg:
messages.error(request, msg)
url = backend_setting(backend, "LOGIN_ERROR_URL", LOGIN_ERROR_URL)
return HttpResponseRedirect(url)
def associate_complete(request, backend, *args, **kwargs):
"""Authentication complete process"""
# pop redirect value before the session is trashed on login()
redirect_value = request.session.get(REDIRECT_FIELD_NAME, "")
user = auth_complete(request, backend, request.user, *args, **kwargs)
if not user:
url = backend_setting(backend, "LOGIN_ERROR_URL", LOGIN_ERROR_URL)
elif isinstance(user, HttpResponse):
return user
else:
url = backend_setting(backend, "SOCIAL_AUTH_NEW_ASSOCIATION_REDIRECT_URL") or redirect_value or DEFAULT_REDIRECT
return HttpResponseRedirect(url)
def wrapper(request, backend, *args, **kwargs):
if redirect_name:
redirect = reverse(redirect_name, args=(backend,))
else:
redirect = request.path
backend = get_backend(backend, request, redirect)
if not backend:
return HttpResponseServerError(
"Incorrect authentication " + "service or service API settings not available!"
)
try:
return func(request, backend, *args, **kwargs)
except Exception, e: # some error ocurred
if RAISE_EXCEPTIONS:
raise
backend_name = backend.AUTH_BACKEND.name
log("error", unicode(e), exc_info=True, extra=dict(request=request))
if "django.contrib.messages" in setting("INSTALLED_APPS"):
from django.contrib.messages.api import error
error(request, unicode(e), extra_tags=backend_name)
else:
log("warn", "Messages framework not in place, some " + "errors have not been shown to the user.")
url = backend_setting(backend, "SOCIAL_AUTH_BACKEND_ERROR_URL", LOGIN_ERROR_URL)
return HttpResponseRedirect(url)
def user_data(self, access_token, *args, **kwargs):
"""Loads user data from service"""
data = None
params = backend_setting(self, self.EXTRA_PARAMS_VAR_NAME, {})
params['access_token'] = access_token
url = FACEBOOK_ME + urlencode(params)
try:
response = requests.get(url)
if response.status_code == 200:
data = simplejson.loads(response.text)
else:
raise AuthTokenError()
except ValueError:
extra = {'access_token': sanitize_log_data(access_token)}
log('error', 'Could not load user data from Facebook.',
exc_info=True, extra=extra)
except requests.RequestException:
extra = {'access_token': sanitize_log_data(access_token)}
log('error', 'Error validating access token.',
exc_info=True, extra=extra)
raise AuthTokenError(self)
else:
log('debug', 'Found user data for token %s',
sanitize_log_data(access_token), extra={'data': data})
return data
def disconnect(request, backend, association_id=None):
"""Disconnects given backend from current logged in user."""
backend.disconnect(request.user, association_id)
url = request.REQUEST.get(REDIRECT_FIELD_NAME, '') or \
backend_setting(backend, 'SOCIAL_AUTH_DISCONNECT_REDIRECT_URL') or \
DEFAULT_REDIRECT
return HttpResponseRedirect(url)
def complete(request, backend, *args, **kwargs):
"""Authentication complete process"""
# pop redirect value before the session is trashed on login()
redirect_value = request.session.get(REDIRECT_FIELD_NAME, "")
backend_name = backend.AUTH_BACKEND.name
try:
user = auth_complete(request, backend, request.user, *args, **kwargs)
except AuthException as exc:
messages.add_message(request, messages.ERROR, six.text_type(exc))
user = None
else:
messages.add_message(
request,
messages.SUCCESS,
"You have linked your account with {}.".format(
settings.AUTH_PROVIDER_LABELS.get(backend_name, backend_name)
),
)
if not user:
url = redirect_value or ASSOCIATE_ERROR_URL or DEFAULT_REDIRECT
elif isinstance(user, HttpResponse):
return user
else:
url = redirect_value or backend_setting(backend, "SOCIAL_AUTH_NEW_ASSOCIATION_REDIRECT_URL") or DEFAULT_REDIRECT
return HttpResponseRedirect(url)
def auth_complete(self, *args, **kwargs):
if not self.application_auth():
return HttpResponse(self.auth_html())
access_token = None
expires = None
if 'signed_request' in self.data:
response = load_signed_request(
self.data.get('signed_request'),
backend_setting(self, self.SETTINGS_SECRET_NAME)
)
if response is not None:
access_token = response.get('access_token') or\
response.get('oauth_token') or\
self.data.get('access_token')
if 'expires' in response:
expires = response['expires']
if access_token:
return self.do_auth(access_token, expires=expires, *args, **kwargs)
else:
if self.data.get('error') == 'access_denied':
raise AuthCanceled(self)
else:
raise AuthException(self)
def get_redirect_uri(self, request, exception):
if self.backend is not None:
return (
backend_setting(self.backend, 'SOCIAL_AUTH_BACKEND_ERROR_URL')
or settings.LOGIN_ERROR_URL
)
return settings.LOGIN_ERROR_URL
def user_data(self, access_token, *args, **kwargs):
"""
Grab user profile information from facebook.
returns: dict or None
"""
data = None
params = backend_setting(self, self.EXTRA_PARAMS_VAR_NAME, {})
params['access_token'] = access_token
url = FACEBOOK_ME + urlencode(params)
try:
response = dsa_urlopen(url)
data = json.load(response)
except ValueError:
extra = {'access_token': sanitize_log_data(access_token)}
log('error', 'Could not load user data from Facebook.',
exc_info=True, extra=extra)
except HTTPError:
extra = {'access_token': sanitize_log_data(access_token)}
log('error', 'Error validating access token.',
exc_info=True, extra=extra)
raise AuthTokenError(self)
else:
log('debug', 'Found user data for token %s',
sanitize_log_data(access_token), extra={'data': data})
return data
def auth_html(self):
app_id = backend_setting(self, self.SETTINGS_KEY_NAME)
ctx = {
"FACEBOOK_APP_ID": app_id,
"FACEBOOK_EXTENDED_PERMISSIONS": ",".join(backend_setting(self, self.SCOPE_VAR_NAME)),
"FACEBOOK_COMPLETE_URI": self.redirect_uri,
"FACEBOOK_APP_NAMESPACE": APP_NAMESPACE or app_id,
}
try:
fb_template = loader.get_template(LOCAL_HTML)
except TemplateDoesNotExist:
fb_template = loader.get_template_from_string(REDIRECT_HTML)
context = RequestContext(self.request, ctx)
return fb_template.render(context)
def application_auth(self):
required_params = ("user_id", "oauth_token")
data = load_signed_request(self.data.get("signed_request"), backend_setting(self, self.SETTINGS_SECRET_NAME))
for param in required_params:
if not param in data:
return False
return True
def auth_complete(self, *args, **kwargs):
if not self.application_auth() and "error" not in self.data:
return HttpResponse(self.auth_html())
access_token = None
expires = None
if "signed_request" in self.data:
response = load_signed_request(
self.data.get("signed_request"), backend_setting(self, self.SETTINGS_SECRET_NAME)
)
if response is not None:
access_token = (
response.get("access_token") or response.get("oauth_token") or self.data.get("access_token")
)
if "expires" in response:
expires = response["expires"]
if access_token:
return self.do_auth(access_token, expires=expires, *args, **kwargs)
else:
if self.data.get("error") == "access_denied":
raise AuthCanceled(self)
else:
raise AuthException(self)
def wrapper(request, backend, *args, **kwargs):
if redirect_name:
redirect = reverse(redirect_name, args=(backend,))
else:
redirect = request.path
backend = get_backend(backend, request, redirect)
if not backend:
return HttpResponseServerError('Incorrect authentication ' + \
'service')
try:
return func(request, backend, *args, **kwargs)
except Exception, e: # some error ocurred
if RAISE_EXCEPTIONS:
raise
backend_name = backend.AUTH_BACKEND.name
log('error', unicode(e), exc_info=True,
extra=dict(request=request))
if 'django.contrib.messages' in setting('INSTALLED_APPS'):
from django.contrib.messages.api import error
error(request, unicode(e), extra_tags=backend_name)
else:
log('warn', 'Messages framework not in place, some '+
'errors have not been shown to the user.')
url = backend_setting(backend, 'SOCIAL_AUTH_BACKEND_ERROR_URL',
LOGIN_ERROR_URL)
return HttpResponseRedirect(url)
def auth_complete(self, *args, **kwargs):
"""Completes loging process, must return user instance"""
access_token = None
expires = None
if "code" in self.data:
state = self.validate_state()
url = ACCESS_TOKEN + urlencode(
{
"client_id": backend_setting(self, self.SETTINGS_KEY_NAME),
"redirect_uri": self.get_redirect_uri(state),
"client_secret": backend_setting(self, self.SETTINGS_SECRET_NAME),
"code": self.data["code"],
}
)
try:
payload = dsa_urlopen(url)
except HTTPError:
raise AuthFailed(self, "There was an error authenticating " "the app")
response = payload.read()
parsed_response = cgi.parse_qs(response)
access_token = parsed_response["access_token"][0]
if "expires" in parsed_response:
expires = parsed_response["expires"][0]
if "signed_request" in self.data:
response = load_signed_request(
self.data.get("signed_request"), backend_setting(self, self.SETTINGS_SECRET_NAME)
)
if response is not None:
access_token = (
response.get("access_token") or response.get("oauth_token") or self.data.get("access_token")
)
if "expires" in response:
expires = response["expires"]
if access_token:
return self.do_auth(access_token, expires=expires, *args, **kwargs)
else:
if self.data.get("error") == "access_denied":
raise AuthCanceled(self)
else:
raise AuthException(self)
def get_auth_sig(self):
secret_key = backend_setting(self.auth, 'ODNOKLASSNIKI_APP_SECRET')
hash_source = '{0:d}{1:s}{2:s}'.format(
self.cleaned_data['logged_user_id'],
self.cleaned_data['session_key'],
secret_key
)
return md5(hash_source).hexdigest()
def signed_request(self):
if self._signed_request is None:
response = load_signed_request(
self.data.get('signed_request', ''),
backend_setting(self, self.SETTINGS_SECRET_NAME)
)
self._signed_request = response
return self._signed_request
def user_data(self, access_token, *args, **kwargs):
"""Loads user data from service"""
params = {
'access_token': access_token,
'api_secret': backend_setting(self, self.SETTINGS_SECRET_NAME),
}
url = DISQUS_CHECK_AUTH + '?' + urlencode(params)
try:
return simplejson.load(dsa_urlopen(url))
except ValueError:
return None
def disconnect(request, backend, association_id=None): if request.user.is_authenticated(): if request.user.password == "!" or not email_re.search(request.user.username): request.session['last_page_idecorate'] = '/edit_profile/' request.session['fb_auth_error'] = "Ensure that you have updated your email and set password before disconnecting to your %s account." % str(backend.AUTH_BACKEND.name).capitalize() else: backend.disconnect(request.user, association_id) else: backend.disconnect(request.user, association_id) url = request.REQUEST.get(REDIRECT_FIELD_NAME, '') or backend_setting(backend, 'SOCIAL_AUTH_DISCONNECT_REDIRECT_URL') or DEFAULT_REDIRECT return HttpResponseRedirect(url)
def user_data(self, access_token, *args, **kwargs):
"""Loads user data from service"""
token = access_token.key
params = {
'token': token,
'key': backend_setting(self, self.SETTINGS_KEY_NAME)
}
url = TRELLO_USER_DETAILS_URL + '?' + urlencode(params)
try:
return json.load(dsa_urlopen(url))
except ValueError:
return None
def complete_process(request, backend, *args, **kwargs):
"""Authentication complete process"""
user = auth_complete(request, backend, *args, **kwargs)
redirect_value = request.session.get(REDIRECT_FIELD_NAME, '')
if not user and request.user.is_authenticated():
return HttpResponseRedirect(redirect_value)
if user and getattr(user, 'is_active', True):
login(request, user)
# user.social_user is the used UserSocialAuth instance defined
# in authenticate process
social_user = user.social_user
if redirect_value:
request.session[REDIRECT_FIELD_NAME] = redirect_value or\
DEFAULT_REDIRECT
if SESSION_EXPIRATION :
# Set session expiration date if present and not disabled by
# setting. Use last social-auth instance for current provider,
# users can associate several accounts with a same provider.
if social_user.expiration_delta():
request.session.set_expiry(social_user.expiration_delta())
# store last login backend name in session
request.session[SOCIAL_AUTH_LAST_LOGIN] = social_user.provider
# Remove possible redirect URL from session, if this is a new account,
# send him to the new-users-page if defined.
new_user_redirect = backend_setting(backend,
'SOCIAL_AUTH_NEW_USER_REDIRECT_URL')
if new_user_redirect and getattr(user, 'is_new', False):
url = new_user_redirect
else:
url = redirect_value or\
backend_setting(backend,
'SOCIAL_AUTH_LOGIN_REDIRECT_URL') or\
DEFAULT_REDIRECT
else:
url = backend_setting(backend, 'LOGIN_ERROR_URL', LOGIN_ERROR_URL)
return HttpResponseRedirect(url)
def auth_complete(self, *args, **kwargs):
"""Completes loging process, must return user instance"""
access_token = None
expires = None
if 'code' in self.data:
state = self.validate_state()
data = urlencode({
'client_id': backend_setting(self, self.SETTINGS_KEY_NAME),
'redirect_uri': self.get_redirect_uri(state),
'client_secret': backend_setting(self,
self.SETTINGS_SECRET_NAME),
'code': self.data['code']
})
try:
response = cgi.parse_qs(dsa_urlopen(STACKEXCHANGE_ACCESS_TOKEN_URL, data).read())
except HTTPError, e:
raise AuthFailed(self, 'There was an error authenticating '
'the app')
access_token = response['access_token'][0]
if 'expires' in response:
expires = response['expires'][0]
def associate_complete(request, backend, *args, **kwargs):
"""Authentication complete process"""
# pop redirect value before the session is trashed on login()
redirect_value = request.session.pop(REDIRECT_FIELD_NAME, '') or \
request.REQUEST.get(REDIRECT_FIELD_NAME, '')
user = auth_complete(request, backend, request.user, *args, **kwargs)
if not user:
url = backend_setting(backend, 'LOGIN_ERROR_URL', LOGIN_ERROR_URL)
elif isinstance(user, HttpResponse):
return user
else:
url = redirect_value or \
backend_setting(backend,
'SOCIAL_AUTH_NEW_ASSOCIATION_REDIRECT_URL') or \
DEFAULT_REDIRECT
keys_query_string = foreward_query_string(backend, request)
if '?' in url:
url = url + '&' + keys_query_string
else:
url = url + '?' + keys_query_string
return HttpResponseRedirect(url)
def disconnect(request, backend, association_id=None):
"""Disconnects given backend from current logged in user."""
backend.disconnect(request.user, association_id)
data = request.REQUEST
if REDIRECT_FIELD_NAME in data:
redirect = data[REDIRECT_FIELD_NAME]
# NOTE: Django's `is_safe_url` is much better at catching bad
# redirections to different domains than social_auth's
# `sanitize_redirect` call.
if not is_safe_url(redirect, host=request.get_host()):
redirect = DEFAULT_REDIRECT
else:
redirect = backend_setting(backend, 'SOCIAL_AUTH_DISCONNECT_REDIRECT_URL')
if not redirect:
redirect = DEFAULT_REDIRECT
return HttpResponseRedirect(redirect)
def enabled(cls):
"""Return backend enabled status by checking basic settings"""
return backend_setting(cls, cls.SETTINGS_KEY_NAME) and\
backend_setting(cls, cls.SETTINGS_SECRET_NAME)
def get_redirect_uri(self, request, exception):
if self.backend is not None:
return backend_setting(self.backend,
'SOCIAL_AUTH_BACKEND_ERROR_URL') or \
settings.LOGIN_ERROR_URL
return settings.LOGIN_ERROR_URL
def raise_exception(self, request, exception):
backend = self.backend
return backend and backend_setting(backend, 'SOCIAL_AUTH_RAISE_EXCEPTIONS')
def auth_complete(self, *args, **kwargs):
"""Completes loging process, must return user instance"""
access_token = None
expires = None
if 'code' in self.data:
state = self.validate_state()
url = ACCESS_TOKEN + urlencode({
'client_id':
backend_setting(self, self.SETTINGS_KEY_NAME),
'redirect_uri':
self.get_redirect_uri(state),
'client_secret':
backend_setting(self, self.SETTINGS_SECRET_NAME),
'code':
self.data['code']
})
try:
http_response = requests.get(url)
if http_response.status_code == 200:
response = cgi.parse_qs(http_response.text)
else:
raise AuthFailed(self, u'There was an error authenticating ' \
'the app (status={0}, body={1})'\
.format(http_response.status_code,
http_response.text)
)
except requests.RequestException:
raise AuthFailed(self, 'There was an error authenticating ' \
'the app')
access_token = response['access_token'][0]
if 'expires' in response:
expires = response['expires'][0]
if 'signed_request' in self.data:
response = load_signed_request(
self.data.get('signed_request'),
backend_setting(self, self.SETTINGS_SECRET_NAME))
if response is not None:
access_token = response.get('access_token') or \
response.get('oauth_token') or \
self.data.get('access_token')
if 'expires' in response:
expires = response['expires']
if access_token:
data = self.user_data(access_token)
if not isinstance(data, dict):
# From time to time Facebook responds back a JSON with just
# False as value, the reason is still unknown, but since the
# data is needed (it contains the user ID used to identify the
# account on further logins), this app cannot allow it to
# continue with the auth process.
raise AuthUnknownError(self, 'An error ocurred while ' \
'retrieving users Facebook ' \
'data')
data['access_token'] = access_token
# expires will not be part of response if offline access
# premission was requested
if expires:
data['expires'] = expires
kwargs.update({
'auth': self,
'response': data,
self.AUTH_BACKEND.name: True
})
return authenticate(*args, **kwargs)
else:
if self.data.get('error') == 'access_denied':
raise AuthCanceled(self)
else:
raise AuthException(self)
def get_scope(self):
return backend_setting(self, 'ODNOKLASSNIKI_OAUTH2_EXTRA_SCOPE', [])
def get_settings(self):
client_key = backend_setting(self, self.SETTINGS_KEY_NAME)
client_secret = backend_setting(self, self.SETTINGS_SECRET_NAME)
public_key = backend_setting(self, self.SETTINGS_PUBLIC_NAME)
return client_key, client_secret, public_key
def get_auth_sig(self):
secret_key = backend_setting(self.auth, 'ODNOKLASSNIKI_APP_SECRET')
hash_source = '{0:d}{1:s}{2:s}'.format(
self.cleaned_data['logged_user_id'],
self.cleaned_data['session_key'], secret_key)
return md5(hash_source).hexdigest()
def complete_process(request, backend, *args, **kwargs):
"""Authentication complete process"""
# pop redirect value before the session is trashed on login()
redirect_value = request.session.get(REDIRECT_FIELD_NAME, '')
user = auth_complete(request, backend, *args, **kwargs)
if isinstance(user, HttpResponse):
return user
if not user and request.user.is_authenticated():
return HttpResponseRedirect(redirect_value)
if user:
if getattr(user, 'is_active', True):
# catch is_new flag before login() might reset the instance
is_new = getattr(user, 'is_new', False)
login(request, user)
# user.social_user is the used UserSocialAuth instance defined
# in authenticate process
social_user = user.social_user
if redirect_value:
request.session[REDIRECT_FIELD_NAME] = redirect_value or \
DEFAULT_REDIRECT
if setting('SOCIAL_AUTH_SESSION_EXPIRATION', True):
# Set session expiration date if present and not disabled by
# setting. Use last social-auth instance for current provider,
# users can associate several accounts with a same provider.
if social_user.expiration_delta():
try:
request.session.set_expiry(
social_user.expiration_delta())
except OverflowError:
# Handle django time zone overflow, set default expiry.
request.session.set_expiry(None)
# store last login backend name in session
key = setting('SOCIAL_AUTH_LAST_LOGIN',
'social_auth_last_login_backend')
request.session[key] = social_user.provider
# Remove possible redirect URL from session, if this is a new
# account, send him to the new-users-page if defined.
new_user_redirect = backend_setting(
backend, 'SOCIAL_AUTH_NEW_USER_REDIRECT_URL')
if new_user_redirect and is_new:
url = new_user_redirect
else:
url = redirect_value or \
backend_setting(backend,
'SOCIAL_AUTH_LOGIN_REDIRECT_URL') or \
DEFAULT_REDIRECT
else:
url = backend_setting(backend, 'SOCIAL_AUTH_INACTIVE_USER_URL',
LOGIN_ERROR_URL)
else:
msg = setting('LOGIN_ERROR_MESSAGE', None)
if msg:
messages.error(request, msg)
url = backend_setting(backend, 'LOGIN_ERROR_URL', LOGIN_ERROR_URL)
return HttpResponseRedirect(url)
