def handleLoginRequest(cls, request):
assert oauth is not None
redirect_uri = get_redirect_uri(request)
response_type = "code"
social = request.GET['social']
state = social + "," + request.GET.get('next', '/')
if social == 'google':
consumer_key = liboauth.conf.CONSUMER_KEY_GOOGLE.get()
token_request_uri = liboauth.conf.REQUEST_TOKEN_URL_GOOGLE.get()
scope = "https://www.googleapis.com/auth/userinfo.email"
access_type = "offline"
approval_prompt = "force"
url = "{token_request_uri}?response_type={response_type}&client_id={client_id}&redirect_uri={redirect_uri}&scope={scope}&state={state}&access_type={access_type}&approval_prompt={approval_prompt}".format(
token_request_uri=token_request_uri,
response_type=response_type,
client_id=consumer_key,
redirect_uri=redirect_uri,
scope=scope,
state=state,
access_type=access_type,
approval_prompt=approval_prompt)
#facebook
elif social == 'facebook':
consumer_key = liboauth.conf.CONSUMER_KEY_FACEBOOK.get()
token_request_uri = liboauth.conf.REQUEST_TOKEN_URL_FACEBOOK.get()
scope = "email"
grant_type = "client_credentials"
url = "{token_request_uri}?client_id={client_id}&redirect_uri={redirect_uri}&grant_type={grant_type}&scope={scope}&state={state}".format(
token_request_uri=token_request_uri,
client_id=consumer_key,
redirect_uri=redirect_uri,
grant_type=grant_type,
scope=scope,
state=state)
#linkedin
elif social == 'linkedin':
consumer_key = liboauth.conf.CONSUMER_KEY_LINKEDIN.get()
token_request_uri = liboauth.conf.REQUEST_TOKEN_URL_LINKEDIN.get()
scope = "r_emailaddress"
url = "{token_request_uri}?response_type={response_type}&client_id={client_id}&scope={scope}&state={state}&redirect_uri={redirect_uri}".format(
token_request_uri=token_request_uri,
response_type=response_type,
client_id=consumer_key,
scope=scope,
state=state,
redirect_uri=redirect_uri)
#twitter
else:
consumer_key = liboauth.conf.CONSUMER_KEY_TWITTER.get()
consumer_secret = liboauth.conf.CONSUMER_SECRET_TWITTER.get()
token_request_uri = liboauth.conf.REQUEST_TOKEN_URL_TWITTER.get()
token_authentication_uri = liboauth.conf.AUTHORIZE_URL_TWITTER.get(
)
consumer = oauth.Consumer(consumer_key, consumer_secret)
client = oauth.Client(consumer)
resp, content = client.request(
token_request_uri,
"POST",
body=lib_urlencode({'oauth_callback': redirect_uri}))
if resp['status'] != '200':
raise Exception(
_("Invalid response from OAuth provider: %s") % resp)
request.session['request_token'] = dict(cgi.parse_qsl(content))
url = "{token_authentication_uri}?oauth_token={oauth_token}".format(
token_authentication_uri=token_authentication_uri,
oauth_token=request.session['request_token']['oauth_token'])
return url
def handleAuthenticationRequest(cls, request):
assert oauth is not None
if 'oauth_verifier' in request.GET:
social = 'twitter'
consumer_key = liboauth.conf.CONSUMER_KEY_TWITTER.get()
consumer_secret = liboauth.conf.CONSUMER_SECRET_TWITTER.get()
access_token_uri = liboauth.conf.ACCESS_TOKEN_URL_TWITTER.get()
consumer = oauth.Consumer(consumer_key, consumer_secret)
token = oauth.Token(
request.session['request_token']['oauth_token'],
request.session['request_token']['oauth_token_secret'])
client = oauth.Client(consumer, token)
oauth_verifier = request.GET['oauth_verifier']
resp, content = client.request(access_token_uri + oauth_verifier,
"GET")
if resp['status'] != '200':
raise Exception(
_("Invalid response from OAuth provider: %s") % resp)
access_token = dict(cgi.parse_qsl(content))
access_token['screen_name'] = ''.join(
[x for x in access_token['screen_name'] if x.isalnum()])
else:
parser = httplib2.Http()
login_failed_url = '/'
if 'error' in request.GET or 'code' not in request.GET:
return ""
redirect_uri = get_redirect_uri(request)
code = request.GET['code']
grant_type = 'authorization_code'
state_split = request.GET['state'].split(',')
nexturl = state_split[1] if len(state_split) > 1 else '/'
social = state_split[0]
if social == 'google':
consumer_key = liboauth.conf.CONSUMER_KEY_GOOGLE.get()
consumer_secret = liboauth.conf.CONSUMER_SECRET_GOOGLE.get()
access_token_uri = liboauth.conf.ACCESS_TOKEN_URL_GOOGLE.get()
authentication_token_uri = liboauth.conf.AUTHORIZE_URL_GOOGLE.get(
)
elif social == 'facebook':
consumer_key = liboauth.conf.CONSUMER_KEY_FACEBOOK.get()
consumer_secret = liboauth.conf.CONSUMER_SECRET_FACEBOOK.get()
access_token_uri = liboauth.conf.ACCESS_TOKEN_URL_FACEBOOK.get(
)
authentication_token_uri = liboauth.conf.AUTHORIZE_URL_FACEBOOK.get(
)
elif social == 'linkedin':
consumer_key = liboauth.conf.CONSUMER_KEY_LINKEDIN.get()
consumer_secret = liboauth.conf.CONSUMER_SECRET_LINKEDIN.get()
access_token_uri = liboauth.conf.ACCESS_TOKEN_URL_LINKEDIN.get(
)
authentication_token_uri = liboauth.conf.AUTHORIZE_URL_LINKEDIN.get(
)
params = lib_urlencode({
'code': code,
'redirect_uri': redirect_uri,
'client_id': consumer_key,
'client_secret': consumer_secret,
'grant_type': grant_type
})
headers = {'content-type': 'application/x-www-form-urlencoded'}
resp, cont = parser.request(access_token_uri,
method='POST',
body=params,
headers=headers)
if resp['status'] != '200':
raise Exception(
_("Invalid response from OAuth provider: %s") % resp)
#google
if social == 'google':
access_tok = (json.loads(cont))['access_token']
auth_token_uri = authentication_token_uri + access_tok
resp, content = parser.request(auth_token_uri, "GET")
if resp['status'] != '200':
raise Exception(
_("Invalid response from OAuth provider: %s") % resp)
username = (json.loads(content))["email"]
access_token = dict(screen_name=map_username(username),
oauth_token_secret=access_tok)
whitelisted_domains = liboauth.conf.WHITELISTED_DOMAINS_GOOGLE.get(
)
if whitelisted_domains:
if username.split('@')[1] not in whitelisted_domains:
access_token = ""
#facebook
elif social == 'facebook':
access_tok = (dict(cgi.parse_qsl(cont)))['access_token']
auth_token_uri = authentication_token_uri + access_tok
resp, content = parser.request(auth_token_uri, "GET")
if resp['status'] != '200':
raise Exception(
_("Invalid response from OAuth provider: %s") % resp)
username = (json.loads(content))["email"]
access_token = dict(screen_name=map_username(username),
oauth_token_secret=access_tok)
#linkedin
elif social == 'linkedin':
access_tok = (json.loads(cont))['access_token']
auth_token_uri = authentication_token_uri + access_tok
resp, content = parser.request(auth_token_uri, "GET")
if resp['status'] != '200':
raise Exception(
_("Invalid response from OAuth provider: %s") % resp)
username = (json.loads(content))['emailAddress']
access_token = dict(screen_name=map_username(username),
oauth_token_secret=access_tok)
return access_token, nexturl