def post_reauthenticated( self, params ): choice = params.get( 'choice' ) if choice != 'cancel': tokenEntity = EnkiModelTokenVerify.get_by_user_id_auth_id_type( user_id = self.user_id, auth_id = choice, type = 'loginaddconfirm_3' ) if tokenEntity: self.set_auth_id( tokenEntity.auth_ids_provider, self.user_id ) self.add_infomessage( 'success', MSG.SUCCESS(), MSG.AUTH_PROVIDER_ADDED( str( tokenEntity.auth_ids_provider ))) tokenEntity.key.delete() self.redirect( enki.libutil.get_local_url( 'accountconnect' ))
def post_reauthenticated(self, params):
choice = params.get('choice')
if choice != 'cancel':
tokenEntity = EnkiModelTokenVerify.get_by_user_id_auth_id_type(
user_id=self.user_id, auth_id=choice, type='loginaddconfirm_3')
if tokenEntity:
self.set_auth_id(tokenEntity.auth_ids_provider, self.user_id)
self.add_infomessage(
'success', MSG.SUCCESS(),
MSG.AUTH_PROVIDER_ADDED(str(
tokenEntity.auth_ids_provider)))
tokenEntity.key.delete()
self.redirect(enki.libutil.get_local_url('accountconnect'))
def provider_authenticated_callback( self, loginInfo ): # We expect the fields of the dictionary to be: # - 'provider_name' unique 'pretty' provider name (e.g. google, facebook,...) # - 'provider_uid' provider specific (a.k.a "locally unique") user Id, i.e unique to the provider (e.g. the google user id number) # - 'email' # - 'email_verified' # We IGNORE: username, gender (facebook), avatar link, etc. # get the verified email from the auth provider email = None if loginInfo[ 'email' ] and loginInfo[ 'email_verified' ] == True: email = loginInfo[ 'email' ] # get the authId from the auth provider auth_id = loginInfo[ 'provider_name' ] + ':' + loginInfo[ 'provider_uid' ] if auth_id: # Modify existing or create user # check if it's an add login method request LoginAddToken = EnkiModelTokenVerify.get_by_user_id_auth_id_type( user_id = self.user_id, auth_id = loginInfo[ 'provider_name' ], type = 'loginaddconfirm_1' ) if LoginAddToken: # Add a login method if not enki.libuser.exist_Auth_Id( auth_id ): # store the new auth prov + id in the session LoginAddToken.auth_ids_provider = auth_id LoginAddToken.type = 'loginaddconfirm_2' LoginAddToken.put() self.redirect( enki.libutil.get_local_url( 'loginaddconfirm' )) else: self.add_infomessage( 'info', MSG.INFORMATION(), MSG.AUTH_PROVIDER_CANNOT_BE_ADDED( str( auth_id ))) self.redirect( enki.libutil.get_local_url( 'accountconnect' )) return else: user = self.get_user_from_authid( auth_id, email ) if user: # Existing authentication method / user if self.is_logged_in() and self.user_id == user.key.id(): # Refresh the reauthenticated status self.session[ 'reauth_time' ] = datetime.datetime.now() self.add_infomessage( 'success', MSG.SUCCESS(), MSG.REAUTHENTICATED()) self.redirect_to_relevant_page() return # Login self.log_in_session_token_create( user ) self.add_infomessage( 'success', MSG.SUCCESS(), MSG.LOGGED_IN()) self.redirect_to_relevant_page() else: # New authentication method register_token = EnkiModelTokenVerify.get_by_auth_id_type( auth_id, 'register' ) if register_token: # If a token already exists, get the token value and update the email token = register_token.token register_token.email = email # update in case the user changed their email or modified their email access permission else: # Create a new token token = security.generate_random_string( entropy = 256 ) register_token = EnkiModelTokenVerify( token = token, email = email, auth_ids_provider = auth_id, type = 'register' ) register_token.put() self.session[ 'tokenregisterauth' ] = token if enki.libuser.exist_EnkiUser( email ): self.redirect( enki.libutil.get_local_url( 'registeroauthwithexistingemail' )) else: self.redirect( enki.libutil.get_local_url( 'registeroauthconfirm' )) else: self.redirect_to_relevant_page()
def provider_authenticated_callback(self, loginInfo):
# We expect the fields of the dictionary to be:
# - 'provider_name' unique 'pretty' provider name (e.g. google, facebook,...)
# - 'provider_uid' provider specific (a.k.a "locally unique") user Id, i.e unique to the provider (e.g. the google user id number)
# - 'email'
# - 'email_verified'
# We IGNORE: username, gender (facebook), avatar link, etc.
# get the verified email from the auth provider
email = None
if loginInfo['email'] and loginInfo['email_verified'] == True:
email = loginInfo['email']
# get the authId from the auth provider
auth_id = loginInfo['provider_name'] + ':' + loginInfo['provider_uid']
if auth_id:
# Modify existing or create user
# check if it's an add login method request
LoginAddToken = EnkiModelTokenVerify.get_by_user_id_auth_id_type(
user_id=self.user_id,
auth_id=loginInfo['provider_name'],
type='loginaddconfirm_1')
if LoginAddToken:
# Add a login method
if not enki.libuser.exist_Auth_Id(auth_id):
# store the new auth prov + id in the session
LoginAddToken.auth_ids_provider = auth_id
LoginAddToken.type = 'loginaddconfirm_2'
LoginAddToken.put()
self.redirect(
enki.libutil.get_local_url('loginaddconfirm'))
else:
self.add_infomessage(
'info', MSG.INFORMATION(),
MSG.AUTH_PROVIDER_CANNOT_BE_ADDED(str(auth_id)))
self.redirect(enki.libutil.get_local_url('accountconnect'))
return
else:
user = self.get_user_from_authid(auth_id, email)
if user:
# Existing authentication method / user
if self.is_logged_in() and self.user_id == user.key.id():
# Refresh the reauthenticated status
self.session['reauth_time'] = datetime.datetime.now()
self.add_infomessage('success', MSG.SUCCESS(),
MSG.REAUTHENTICATED())
self.redirect_to_relevant_page()
return
# Login
self.log_in_session_token_create(user)
self.add_infomessage('success', MSG.SUCCESS(),
MSG.LOGGED_IN())
self.redirect_to_relevant_page()
else:
# New authentication method
register_token = EnkiModelTokenVerify.get_by_auth_id_type(
auth_id, 'register')
if register_token:
# If a token already exists, get the token value and update the email
token = register_token.token
register_token.email = email # update in case the user changed their email or modified their email access permission
else:
# Create a new token
token = security.generate_random_string(entropy=256)
register_token = EnkiModelTokenVerify(
token=token,
email=email,
auth_ids_provider=auth_id,
type='register')
register_token.put()
self.session['tokenregisterauth'] = token
if enki.libuser.exist_EnkiUser(email):
self.redirect(
enki.libutil.get_local_url(
'registeroauthwithexistingemail'))
else:
self.redirect(
enki.libutil.get_local_url('registeroauthconfirm'))
else:
self.redirect_to_relevant_page()
