def generate_api_access_token(user, type='email'):
"""
Api access tokens have the following format:
type.user_id.md5(user_id + fb_access_token + secret_key)
"""
user_id = user.user_id
if type == 'email':
access_token = user.email_access_token
access_token_expiry = user.email_access_token_expiry
secret = h.site_secret()
elif type == 'facebook':
access_token = user.fb_access_token
access_token_expiry = user.fb_access_token_expiry
secret = h.fb_secret()
else:
raise ApiSecurityException('Unknown access token type: %r' % type)
print access_token, access_token_expiry, secret
if access_token is None:
raise UserNotLoggedInException()
elif access_token_expiry <= int(time.time()):
raise AccessTokenExpiredException(type)
token = generate_security_token(user_id, access_token, secret)
return '%s.%s.%s' % (type, user_id, token)
def verify_security_token(type, user, security_token):
"""
Verify that the security token is for the specified user and type
"""
access_token = None
if type == 'facebook':
access_token = user.fb_access_token
secret = h.fb_secret()
elif type == 'email':
access_token = user.email_access_token
secret = h.site_secret()
else:
raise ApiSecurityException('Unknown access token type: %r' % type)
if access_token is None:
raise UserNotLoggedInException()
expected = generate_security_token(user.user_id, access_token, secret)
return expected == security_token
