Exemplo n.º 1
0
def userNameAction(id):
  if request.method == 'GET':
    try:
      user = User.get_user(id, include_points=True)
    except DoesNotExist:
      abort(404)

    return Response(json.dumps(user, cls=Encoder), mimetype='application/json')
  elif request.method == 'PUT':
    if not current_user.elder:
      abort(403)

    data = request.json
    data['settings'] = json.dumps(data['settings']) if 'settings' in data else '{}'

    user = User(**data)
    user.save()
    return jsonify(success=1)
  elif request.method == 'DELETE':
    if not current_user.elder:
      abort(403)

    try:
      user = User.get(User.id == id)
      user.delete_instance()
    except DoesNotExist:
      abort(404)

    return jsonify(success=1)
Exemplo n.º 2
0
def userNameAction(id):
    if request.method == 'GET':
        try:
            user = User.get_user(id, include_points=True)
        except DoesNotExist:
            abort(404)

        return Response(json.dumps(user, cls=Encoder),
                        mimetype='application/json')
    elif request.method == 'PUT':
        if not current_user.elder:
            abort(403)

        data = request.json
        data['settings'] = json.dumps(
            data['settings']) if 'settings' in data else '{}'

        user = User(**data)
        user.save()
        return jsonify(success=1)
    elif request.method == 'DELETE':
        if not current_user.elder:
            abort(403)

        try:
            user = User.get(User.id == id)
            user.delete_instance()
        except DoesNotExist:
            abort(404)

        return jsonify(success=1)
Exemplo n.º 3
0
def auth():
    session_csrf_token = session.pop('csrf_token', None)
    csrf_token = request.args.get('state', None)
    code = request.args.get('code')

    if not session_csrf_token or not csrf_token:
        raise WebException('Missing CSRF token')

    if not code:
        raise WebException('Missing authorization code')

    if csrf_token != session_csrf_token:
        raise WebException('CSRF Token Mismatch')

    flow = OAuth2WebServerFlow(
        client_id=current_app.config['GOOGLE_API_CLIENT_ID'],
        client_secret=current_app.config['GOOGLE_API_CLIENT_SECRET'],
        scope=current_app.config['GOOGLE_API_SCOPE'],
        redirect_uri=current_app.config['SITE_URL'] + '/auth')

    credentials = flow.step2_exchange(code)

    http = credentials.authorize(httplib2.Http())

    id_token = credentials.id_token
    if not validate_id_token(id_token):
        raise WebException('Invalid ID Token')

    (headers,
     content) = http.request('https://www.googleapis.com/oauth2/v3/userinfo',
                             'GET')

    if headers['status'] != '200':
        raise WebException('Unable to retrieve user info', 500)

    try:
        userinfo = json.loads(content)
    except ValueError:
        raise WebException('Unable to parse user info', 500)

    email = string.lower(userinfo['email'])

    try:
        user = User.get(User.email == email)
        user.name = userinfo['name']
        user.save()
    except DoesNotExist:
        user = User()
        user.name = userinfo['name']
        user.email = email
        user.api_key = str(uuid4())
        user.gravatar = hashlib.md5(email.strip().lower()).hexdigest()
        user.url = id_token['sub']
        user.save()

    if not user:
        raise WebException('Unable to upsert user', 500)

    login_user(user)

    return redirect(url_for('site.index'))