def current_oauth_map_from_session_unsafe(): # We have to use plain 'ole cookie handling before we switch over to a Flask-only # app, at which point we can strictly rely on Flask sessions. session_cookie_name = "session" session_cookie_value = cookie_util.get_cookie_value(session_cookie_name) if session_cookie_value and App.flask_secret_key: # Strip double quotes if session_cookie_value.startswith("\""): session_cookie_value = session_cookie_value[1:-1] # Fake little Flask request object to load up the Flask session cookie. fake_request = RequestMock( cookies={session_cookie_name: unicode(session_cookie_value)}) # Flask's sessions are secured by the secret key. session_cookie = Session.load_cookie(fake_request, session_cookie_name, secret_key=App.flask_secret_key) if session_cookie and session_cookie.has_key("oam"): oauth_map_id = session_cookie["oam"] oauth_map = OAuthMap.get_by_id_safe(oauth_map_id) if oauth_map: return oauth_map return None
def current_oauth_map_from_session_unsafe(): # We have to use plain 'ole cookie handling before we switch over to a Flask-only # app, at which point we can strictly rely on Flask sessions. session_cookie_name = "session" session_cookie_value = cookie_util.get_cookie_value(session_cookie_name) if session_cookie_value and App.flask_secret_key: # Strip double quotes if session_cookie_value.startswith("\""): session_cookie_value = session_cookie_value[1:-1] # Fake little Flask request object to load up the Flask session cookie. fake_request = RequestMock(cookies={session_cookie_name: unicode(session_cookie_value)}) # Flask's sessions are secured by the secret key. session_cookie = Session.load_cookie(fake_request, session_cookie_name, secret_key=App.flask_secret_key) if session_cookie and session_cookie.has_key("oam"): oauth_map_id = session_cookie["oam"] oauth_map = OAuthMap.get_by_id_safe(oauth_map_id) if oauth_map: return oauth_map return None
def request_token_callback(provider, oauth_map_id): oauth_map = OAuthMap.get_by_id_safe(oauth_map_id) if not oauth_map: return oauth_error_response(OAuthError("Unable to find OAuthMap by id during request token callback.")) if provider == "google": return google_request_token_handler(oauth_map) elif provider == "facebook": return facebook_request_token_handler(oauth_map)
def request_token_callback(provider, oauth_map_id): oauth_map = OAuthMap.get_by_id_safe(oauth_map_id) if not oauth_map: return oauth_error_response(OAuthError("Unable to find OAuthMap by id during request token callback.")) if provider == "google": return google_request_token_handler(oauth_map) elif provider == "facebook": return facebook_request_token_handler(oauth_map)
def google_token_callback(): oauth_map = OAuthMap.get_by_id_safe(request.values.get("oauth_map_id")) if not oauth_map: return oauth_error_response(OAuthError("Unable to find OAuthMap by id.")) if oauth_map.google_verification_code: return oauth_error_response(OAuthError("Request token already has google verification code.")) oauth_map.google_verification_code = request.values.get("oauth_verifier") try: oauth_map = retrieve_google_access_token(oauth_map) except OAuthError, e: return oauth_error_response(e)
def facebook_token_callback(): oauth_map = OAuthMap.get_by_id_safe(request.values.get("oauth_map_id")) if not oauth_map: return oauth_error_response(OAuthError("Unable to find OAuthMap by id.")) if oauth_map.facebook_authorization_code: return oauth_error_response(OAuthError("Request token already has facebook authorization code.")) oauth_map.facebook_authorization_code = request.values.get("code") try: oauth_map = retrieve_facebook_access_token(oauth_map) except OAuthError, e: return oauth_error_response(e)
def facebook_token_callback(): oauth_map = OAuthMap.get_by_id_safe(request.values.get("oauth_map_id")) if not oauth_map: return oauth_error_response(OAuthError( "Unable to find OAuthMap by id.")) if oauth_map.facebook_authorization_code: return oauth_error_response(OAuthError( "Request token already has facebook authorization code.")) oauth_map.facebook_authorization_code = request.values.get("code") try: oauth_map = retrieve_facebook_access_token(oauth_map) except OAuthBadRequestError, e: return pretty_error_response('Unable to log in with Facebook.')
def post(self): """POST submissions are for username/password based logins to acquire an OAuth access token. """ identifier = self.request_string('identifier') password = self.request_string('password') if not identifier or not password: self.render_login_page("Please enter your username and password.") return user_data = UserData.get_from_username_or_email(identifier.strip()) if not user_data or not user_data.validate_password(password): # TODO(benkomalo): IP-based throttling of failed logins? self.render_login_page("Your login or password is incorrect.") return # Successful login - convert to an OAuth access_token oauth_map_id = self.request_string("oauth_map_id", default="") oauth_map = OAuthMap.get_by_id_safe(oauth_map_id) if not oauth_map: self.render_login_page("Unable to find OAuthMap by id.") return # Mint the token and persist to the oauth_map oauth_map.khan_auth_token = AuthToken.for_user(user_data).value oauth_map.put() # Flush the "apply phase" of the above put() to ensure that subsequent # retrievals of this OAuthmap returns fresh data. GAE's HRD can # otherwise take a second or two to propagate the data, and the # following authorize endpoint redirect below could happen quicker # than that in some cases. oauth_map = OAuthMap.get(oauth_map.key()) # Need to redirect back to the http authorize endpoint return auth_util.authorize_token_redirect(oauth_map, force_http=True)
def post(self): """POST submissions are for username/password based logins to acquire an OAuth access token. """ identifier = self.request_string('identifier') password = self.request_string('password') if not identifier or not password: self.render_login_page("Please enter your username and password.") return user_data = UserData.get_from_username_or_email(identifier.strip()) if not user_data or not user_data.validate_password(password): # TODO(benkomalo): IP-based throttling of failed logins? self.render_login_page("Your login or password is incorrect.") return # Successful login - convert to an OAuth access_token oauth_map_id = self.request_string("oauth_map_id", default="") oauth_map = OAuthMap.get_by_id_safe(oauth_map_id) if not oauth_map: self.render_login_page("Unable to find OAuthMap by id.") return # Mint the token and persist to the oauth_map oauth_map.khan_auth_token = AuthToken.for_user(user_data).value oauth_map.put() # Flush the "apply phase" of the above put() to ensure that subsequent # retrievals of this OAuthmap returns fresh data. GAE's HRD can # otherwise take a second or two to propagate the data, and the # following authorize endpoint redirect below could happen quicker # than that in some cases. oauth_map = OAuthMap.get(oauth_map.key()) # Need to redirect back to the http authorize endpoint return auth_util.authorize_token_redirect(oauth_map, force_http=True)