Exemplo n.º 1
0
        def _view(request, *args, **kwargs):
            # Make sure we're receiving a signed_request from facebook
            if not request.POST.get('signed_request'):
                return HttpResponseBadRequest('<h1>400 Bad Request</h1>'
                                              '<p>Missing <em>signed_request</em>.</p>')

            # Parse the request and ensure it's valid
            signed_request = request.POST["signed_request"]
            data = facebook.parse_signed_request(signed_request,
                                                 settings.FACEBOOK_SECRET_KEY)
            if data is False:
                return HttpResponseBadRequest('<h1>400 Bad Request</h1>'
                                              '<p>Malformed <em>signed_request</em>.</p>')

            # If the user has not authorised redirect them
            if not data.get('user_id'):
                scope = getattr(settings, 'FACEBOOK_SCOPE', None)
                auth_url = facebook.auth_url(settings.FACEBOOK_APP_ID,
                                             settings.FACEBOOK_CANVAS_PAGE,
                                             scope)
                markup = ('<script type="text/javascript">'
                          'top.location.href="%s"</script>' % auth_url)
                return HttpResponse(markup)

            # Success so return the view
            return view_func(request, *args, **kwargs)
    def process_request(self, request):
        """
        Enables ``request.facebook`` and ``request.facebook.graph`` in your views 
        once the user authenticated the  application and connected with facebook. 
        You might want to use this if you don't feel confortable with the 
        javascript library.
        """
        
        data = facebook.get_user_from_cookie(request.COOKIES,
            getattr(settings, 'FACEBOOK_APP_ID', settings.FACEBOOK_API_KEY), settings.FACEBOOK_SECRET_KEY)

        if data is None:
            # maybe OAuth 2
            data = facebook.parse_signed_request(
                request.COOKIES.get(
                    'fbsr_' + getattr(
                        settings,
                        'FACEBOOK_APP_ID',
                        settings.FACEBOOK_API_KEY
                        ),
                    '',
                    ),
                settings.FACEBOOK_SECRET_KEY,
                )
            if data:
                data['uid'] = data['user_id']
            else:
                data = None

        request.facebook = Facebook(data)
        
        return None
Exemplo n.º 3
0
def decode_signed_request(signed_request):
    """Take the signed request and return the id and token."""
    data = facebook.parse_signed_request(signed_request, config.FACEBOOK_APP_SECRET)
    if data:
        return data.get("user_id", None), data.get("oauth_token", None)
    else:
        return None, None
Exemplo n.º 4
0
        def _view(request, *args, **kwargs):
            # Make sure we're receiving a signed_request from facebook
            if not request.POST.get('signed_request'):
                return HttpResponseBadRequest(
                    '<h1>400 Bad Request</h1>'
                    '<p>Missing <em>signed_request</em>.</p>')

            # Parse the request and ensure it's valid
            signed_request = request.POST["signed_request"]
            data = facebook.parse_signed_request(signed_request,
                                                 settings.FACEBOOK_SECRET_KEY)
            if data is False:
                return HttpResponseBadRequest(
                    '<h1>400 Bad Request</h1>'
                    '<p>Malformed <em>signed_request</em>.</p>')

            # If the user has not authorised redirect them
            if not data.get('user_id'):
                scope = getattr(settings, 'FACEBOOK_PERMS', None)
                auth_url = facebook.auth_url(settings.FACEBOOK_APP_ID,
                                             settings.FACEBOOK_CANVAS_PAGE,
                                             scope)
                markup = ('<script type="text/javascript">'
                          'top.location.href="%s"</script>' % auth_url)
                return HttpResponse(markup)

            # Success so return the view
            return view_func(request, *args, **kwargs)
Exemplo n.º 5
0
	def get(self):
		# Check signed request for uid
		uid = self.request.GET['userID']
		signedRequest = self.request.GET['signedRequest']
		if not uid or not signedRequest:
			return self.abort(400)

		parsed_request = facebook.parse_signed_request(self.request.GET['signedRequest'], FACEBOOK_APP_SECRET)
		if not parsed_request or uid != parsed_request['user_id']:
			return self.abort(403)

		try:
			result = facebook.get_access_token_from_code(parsed_request["code"], "", FACEBOOK_APP_ID, FACEBOOK_APP_SECRET)
			profile = facebook.GraphAPI(result['access_token']).get_object("me")
		except facebook.GraphAPIError:
			return self.abort(403)

		# Fetch existant user or create new one
		user = entities.User.get_by_key_name(profile['id'])
		if not user:
			api_key = ''. join(random.choice(string.hexdigits) for x in range(64))
			user = entities.User(key_name = str(profile['id']),
								uid = int(profile['id']),
								first_name = profile['first_name'], last_name = profile['last_name'],
								api_key = api_key, access_token = result['access_token'], active = True)
		else:
			user.access_token = result['access_token']
		user.put();

		profile['api_key'] = user.api_key
		profile['access_token'] = user.access_token
		self.response.out.write(json.dumps(profile))
        def _view(request, *args, **kwargs):
            # Make sure we're receiving a signed_request from facebook
            if not request.POST.get("signed_request"):
                if hasattr(settings, "FACEBOOK_RAISE_SR_EXCEPTIONS") and settings.FACEBOOK_RAISE_SR_EXCEPTIONS:
                    raise MissingSignedRequestException("Signed request token missing")
                else:
                    return HttpResponseBadRequest("<h1>400 Bad Request</h1>" "<p>Missing <em>signed_request</em>.</p>")

            # Parse the request and ensure it's valid
            signed_request = request.POST["signed_request"]
            data = facebook.parse_signed_request(signed_request, settings.FACEBOOK_SECRET_KEY)
            if data is False:
                if hasattr(settings, "FACEBOOK_RAISE_SR_EXCEPTIONS") and settings.FACEBOOK_RAISE_SR_EXCEPTIONS:
                    raise InvalidSignedRequestException("Signed request token does not parse")
                else:
                    return HttpResponseBadRequest(
                        "<h1>400 Bad Request</h1>" "<p>Malformed <em>signed_request</em>.</p>"
                    )

            # If the user has not authorised redirect them
            if not data.get("user_id"):
                scope = getattr(settings, "FACEBOOK_SCOPE", None)
                auth_url = facebook.auth_url(settings.FACEBOOK_APP_ID, settings.FACEBOOK_CANVAS_PAGE, scope)
                markup = '<script type="text/javascript">' 'top.location.href="%s"</script>' % auth_url
                return HttpResponse(markup)

            # Success so return the view
            return view_func(request, *args, **kwargs)
Exemplo n.º 7
0
 def post(self, template = post_template):
     """just to see what is POST ed """
     #TODO: rewrite this completly
     # NOTE rewriting this in the canvas handler
     log.debug(self.request.get("signed_request"))
     log.debug("Passed: " + template)
     try:
         # we use the facebook lib to parse the signed request
         fbdata = facebook.parse_signed_request(self.request.get("signed_request"),
                                                FACEBOOK_APP_SECRET)
         log.debug( fbdata )
         # and we try to get the data of the user from our database
         current_user = User.get_by_key_name(fbdata["user_id"])
         if not current_user:
             # Not an existing user so say not implemented yet and failback 
             # to the normal page
             raise NotImplementedError, u"""This feature is in beta stage, login
                   first using the standalone app in <a
                   href="simpleapp-test.appspot.com>simpleapp-test.appspot.com</a>"""
         
         self.render(user = current_user)
     except Exception as e:
         log.error("Pokemon exception in HomeHandler")
         log.exception(e)
         import sys
         self.response.out.write(template.render(data  = """
             Sorry, we are still working on this, so there are some
             errors like: <br /> {0}
             """.format(repr(sys.exc_info()))
        ))
Exemplo n.º 8
0
    def test_parse_signed_request_when_correct(self):
        result = facebook.parse_signed_request(signed_request=self.cookie, app_secret=self.secret)

        self.assertTrue(result)
        self.assertTrue("issued_at" in result)
        self.assertTrue("code" in result)
        self.assertTrue("user_id" in result)
        self.assertTrue("algorithm" in result)
Exemplo n.º 9
0
def deauthorize_callback():
    signed_request = request.form['signed_request']
    data = parse_signed_request(signed_request, app_secret=FB_APP_SECRET)
    uid = data['user_id']
    user = User.get_by_id(uid)
    clear_friends_cache(user)
    user.delete()
    return ''
Exemplo n.º 10
0
Arquivo: views.py Projeto: Taaag/taaag
def deauthorize_callback():
    signed_request = request.form['signed_request']
    data = parse_signed_request(signed_request, app_secret=FB_APP_SECRET)
    uid = data['user_id']
    user = User.get_by_id(uid)
    clear_friends_cache(user)
    user.delete()
    return ''
Exemplo n.º 11
0
    def test_parsing_valid_request(self):
        payload = '{"algorithm": "HMAC-SHA256", "user_id": "1234"}'
        signature = hmac.new("secret", base64.urlsafe_b64encode(payload),
                             hashlib.sha256).digest()
        signed = self.make_signed_req(signature, payload)

        parsed = facebook.parse_signed_request(signed, "secret")
        self.assertEquals("1234", parsed.get("user_id", None))
Exemplo n.º 12
0
def get_signed_request_data(request):
    """
    Check for signed_request argument in request and parse it

    """
    signed_request = request.POST.get("signed_request")
    if signed_request:
        return facebook.parse_signed_request(signed_request, settings.SECRET_KEY)
Exemplo n.º 13
0
    def test_parsing_valid_request(self):
        payload = '{"algorithm": "HMAC-SHA256", "user_id": "1234"}'
        signature = hmac.new("secret",
                             base64.urlsafe_b64encode(payload),
                             hashlib.sha256).digest()
        signed = self.make_signed_req(signature, payload)

        parsed = facebook.parse_signed_request(signed, "secret")
        self.assertEquals("1234", parsed.get("user_id", None))
    def test_parse_signed_request_when_correct(self):
        result = facebook.parse_signed_request(signed_request=self.cookie,
                                               app_secret=self.secret)

        self.assertTrue(result)
        self.assertTrue("issued_at" in result)
        self.assertTrue("code" in result)
        self.assertTrue("user_id" in result)
        self.assertTrue("algorithm" in result)
Exemplo n.º 15
0
    def test_parse_signed_request_when_correct(self):
        result = facebook.parse_signed_request(signed_request=self.cookie,
                                               app_secret=self.secret)

        self.assertTrue(result)
        self.assertTrue('issued_at' in result)
        self.assertTrue('code' in result)
        self.assertTrue('user_id' in result)
        self.assertTrue('algorithm' in result)
Exemplo n.º 16
0
 def signed_request(self):
     if not hasattr(self, '_signed_request'):
         signed_request = self.values.get('signed_request', None)
         if signed_request:
             self._signed_request = parse_signed_request(
                 signed_request, current_app.config['FACEBOOK_SECRET']
             )
         else:
             self._signed_request = None
     return self._signed_request
Exemplo n.º 17
0
 def test_valid_signed_request_parse(self):
     """
     Construct a valid signed request token, and run it through the parser
     """
     assert(
         facebook.parse_signed_request(
             self.generate_sr_payload(self.secret),
             self.secret
         ) == self.TEST_PAYLOAD
     )
Exemplo n.º 18
0
    def test_parse_signed_request_when_correct(self):
        result = facebook.parse_signed_request(
            signed_request=self.cookie,
            app_secret=self.secret)

        self.assertTrue(result)
        self.assertTrue('issued_at' in result)
        self.assertTrue('code' in result)
        self.assertTrue('user_id' in result)
        self.assertTrue('algorithm' in result)
Exemplo n.º 19
0
 def test_invalid_signed_request_parse(self):
     """
     Construct a signed request with an invalid secret, and run it through the parser
     """
     assert(
         not facebook.parse_signed_request(
             self.generate_sr_payload('THISISANONSENSESECRETTOgenerateAfaIlIngToken'),
             self.secret
         )
     )
Exemplo n.º 20
0
 def _get_fb_user_canvas(self, request):
     fb_user = None
     if request.POST.get('signed_request'):
         signed_request = request.POST["signed_request"]
         data = facebook.parse_signed_request(signed_request,
                                              settings.FACEBOOK_APP_SECRET)
         if data and data.get('user_id'):
             fb_user = data['user']
             fb_user['method'] = 'canvas'
             fb_user['uid'] = data['user_id']
             fb_user['access_token'] = data['oauth_token']
     return fb_user
Exemplo n.º 21
0
 def get_fb_user_canvas(self, request):
     """ Attempt to find a user using a signed_request (canvas). """
     fb_user = None
     if request.POST.get('signed_request'):
         signed_request = request.POST["signed_request"]
         data = facebook.parse_signed_request(signed_request, settings.FACEBOOK_SECRET_KEY)
         if data and data.get('user_id'):
             fb_user = data['user']
             fb_user['method'] = 'canvas'
             fb_user['uid'] = data['user_id']
             fb_user['access_token'] = data['oauth_token']
     return fb_user
Exemplo n.º 22
0
    def test_parsing_invalid_requests_doesnt_throw(self, log_error):
        self.assertEquals({},
                          facebook.parse_signed_request("invalid", "secret"))
        self.assertSafeFail("not", "encoded properly!")
        self.assertSafeFail("notjson", "blah")
        self.assertSafeFail("notdict", "null")
        self.assertSafeFail("notdict", "[]")
        self.assertSafeFail("notHMAC256", "{}")
        self.assertSafeFail("stillnotHMAC256", '{"algorithm": "invalid"}')
        self.assertSafeFail("sigmismatch", '{"algorithm": "HMAC-SHA256"}')

        self.assertEquals(8, log_error.call_count)
Exemplo n.º 23
0
 def get_fb_user_canvas(self, request):
     """ Attempt to find a user using a signed_request (canvas). """
     fb_user = None
     if request.POST.get("signed_request"):
         signed_request = request.POST["signed_request"]
         data = facebook.parse_signed_request(signed_request, settings.FACEBOOK_SECRET_KEY)
         if data and data.get("user_id"):
             fb_user = data["user"]
             fb_user["method"] = "canvas"
             fb_user["uid"] = data["user_id"]
             fb_user["access_token"] = data["oauth_token"]
     return fb_user
Exemplo n.º 24
0
    def test_parsing_invalid_requests_doesnt_throw(self, log_error):
        self.assertEquals({},
                          facebook.parse_signed_request("invalid", "secret"))
        self.assertSafeFail("not", "encoded properly!")
        self.assertSafeFail("notjson", "blah")
        self.assertSafeFail("notdict", "null")
        self.assertSafeFail("notdict", "[]")
        self.assertSafeFail("notHMAC256", "{}")
        self.assertSafeFail("stillnotHMAC256", '{"algorithm": "invalid"}')
        self.assertSafeFail("sigmismatch", '{"algorithm": "HMAC-SHA256"}')

        self.assertEquals(8, log_error.call_count)
Exemplo n.º 25
0
 def get_fb_user_canvas(self, request):
     """ Attempt to find a user using a signed_request (canvas). """
     fb_user = None
     if request.POST.get('signed_request'):
         signed_request = request.POST["signed_request"]
         data = facebook.parse_signed_request(signed_request, settings.FACEBOOK_SECRET_KEY)
         if data and data.get('user_id'):
             fb_user = data['user']
             fb_user['method'] = 'canvas'
             fb_user['uid'] = data['user_id']
             fb_user['access_token'] = data['oauth_token']
     return fb_user
Exemplo n.º 26
0
 def _get_fb_user_canvas(self, request):
     fb_user = None
     if request.POST.get('signed_request'):
         signed_request = request.POST["signed_request"]
         data = facebook.parse_signed_request(
             signed_request,
             settings.FACEBOOK_APP_SECRET)
         if data and data.get('user_id'):
             fb_user = data['user']
             fb_user['method'] = 'canvas'
             fb_user['uid'] = data['user_id']
             fb_user['access_token'] = data['oauth_token']
     return fb_user
Exemplo n.º 27
0
 def deauthorize_view(self):
     ''' Pinged by Facebook when a user removes the app. '''
     ## Does not play well with Unicode strings.
     data = facebook.parse_signed_request(
         str(self.request.REQUEST['signed_request']),
         str(self.connect['app_secret'])
         )
     account = FacebookAccount.objects.get(facebook_id=data['user_id'])
     account.access_token = None
     account.expires = None
     account.save()
     facebook_deauthorize.send(sender=FacebookAccount, account=account)
     return HttpResponse('OK')
Exemplo n.º 28
0
def get_logged_in_user():
    "Returns the logged in user or 'None' if no user is logged in"
    try:
        user_details = facebook.parse_signed_request(
            request.cookies['fbsr_' + app_id],
            app_key
        )
        facebook_id = user_details['user_id']
        g.facebook_user_details = user_details
        return User.query.filter_by(facebook_id = facebook_id).first()
    except (KeyError, TypeError):
        g.facebook_user_details = True
        return User.query.filter_by(facebook_id = 1101575668).first()
        return None
Exemplo n.º 29
0
 def get_third_party_auth(self, auth_type):
     """Wrangle and return authentication data from third parties; auth_type
     is either 'google' or 'facebook'.
     Returns a dictionary of user information, which will always contain
     the key 'auth_id'."""
     if auth_type == 'google':
         gae_user = app_engine_users.get_current_user()
         if not gae_user:
             raise CredentialsMissing("No google login found.")
         user_kwargs = {
             'auth_id': 'google_' + gae_user.user_id(),
             'login_email': gae_user.email(),
             # 'name': gae_user.nickname(),
         }
     elif auth_type == 'facebook':
         signed_request = self.facebook_cookie()
         if not signed_request:
             raise CredentialsMissing("No facebook login found.")
         parsed_request = facebook.parse_signed_request(
             signed_request, config.FACEBOOK_APP_SECRET)
         if not parsed_request:
             raise Exception("Invalid facebook authentication.")
         # beware of broken connections to facebook here
         try:
             fb_user = facebook.get_user_from_cookie(
                 self.request.cookies, config.FACEBOOK_APP_ID,
                 config.FACEBOOK_APP_SECRET)
         except IOError:
             fb_user = None
         if fb_user:
             graph = facebook.GraphAPI(fb_user['access_token'])
             profile = graph.get_object('me')
             user_kwargs = {
                 'auth_id': 'facebook_' + fb_user['uid'],
                 'login_email': profile[u'username'] + '@facebook.com',
                 'first_name': profile[u'first_name'],
                 'last_name': profile[u'last_name'],
                 'name': profile[u'first_name'],
             }
         else:
             # The connection between PERTS and facebook is expired or has
             # been used with the GraphAPI already. So just return what we
             # know, which is their facebook user id
             user_kwargs = {
                 'auth_id': 'facebook_' + parsed_request['user_id'],
             }
     else:
         raise Exception("Invalid auth_type: {}.".format(auth_type))
     return user_kwargs
Exemplo n.º 30
0
def get_current_user():
    cookie = request.cookies.get("fbsr_" + FB_APP_ID, "")
    if cookie:
        result = parse_signed_request(signed_request=cookie, app_secret=FB_APP_SECRET)
        if result:
            uid = result["user_id"]
            user = models.User.get_by_id(uid)
            if not user:
                user = models.User(id=uid)
                user.insert()
            g.uid = user.id
            g.user = user
            return
    g.uid = None
    g.user = None
Exemplo n.º 31
0
    def _get_canvas_user(self):
        """Attempt to get the Facebook user from a canvas signed_request."""
        signed_request = request.form.get('signed_request', None)
        if signed_request is not None:
            try:
                app_secret = self.app.config['FACEBOOK_APP_SECRET']
                data = facebook.parse_signed_request(signed_request, app_secret)
            except facebook.GraphAPIError as e:
                self.app.logger.error("Facebook Error: %s" % e)
                return None

            if data and 'user_id' in data:
                return dict(uid=data['user_id'],
                            access_token=data['oauth_token'])
        return None
Exemplo n.º 32
0
    def _get_canvas_user(self):
        """Attempt to get the Facebook user from a canvas signed_request."""
        signed_request = request.form.get('signed_request', None)
        if signed_request is not None:
            try:
                app_secret = self.app.config['FACEBOOK_APP_SECRET']
                data = facebook.parse_signed_request(signed_request,
                                                     app_secret)
            except facebook.GraphAPIError as e:
                self.app.logger.error("Facebook Error: %s" % e)
                return None

            if data and 'user_id' in data:
                return dict(uid=data['user_id'],
                            access_token=data['oauth_token'])
        return None
Exemplo n.º 33
0
def api_login():
    """
    This endpoint receives a POST request from client-side login
    It performs validation of the returned token, creates
    a new account if needed, and logs the user in
    """
    # request.json.keys()  -->  [u'expiresIn', u'userID', u'signedRequest', u'accessToken']
    user_id = request.json['userID']
    provider = 'facebook'
    app.logger.debug('Received signed request from user %s' % user_id)
    parsed_request = parse_signed_request(request.json['signedRequest'], app.config['FB_APP_SECRET'])
    if parsed_request:
        # The request was good, is this a new user?
        try:
            user = User.objects.get(id=user_id)
            new_user = False
            signal = user_logged_in

        except DoesNotExist:
            # Create an account for the user
            user = User(id=user_id)
            new_user = True
            signal = user_created

        # Save the access token
        token = AccessToken(
            provider=provider,
            access_token=request.json['accessToken'],
        )
        user.access_tokens.append(token)
        user.save()

        # Log the user in
        login_user(user)

        # Run the signal handler. If new user, this will pull their profile
        signal.send(current_app._get_current_object(), user_id=user_id, provider=provider)

        # Return success
        return Response(json.dumps({'new_user': new_user}), status=201, mimetype='application/json')
    else:
        # The request failed to validate: log an error and return http 400
        app.logger.warning('Signed request failed to validate, user %s' % user_id)
        return Response(json.dumps({
            'status': 'error',
            'message': 'Signed request failed to authenticate'
        }), status=400, mimetype='application/json')
Exemplo n.º 34
0
def read_user_token():
    if request.method == "POST" and request.form.get('signed_request'):
        fb_request = facebook.parse_signed_request(request.form['signed_request'], app.config['APP_SECRET'])
        if u'user_id' in fb_request:
            session['user_id'] = fb_request[u'user_id']
            session['oauth_token'] = fb_request[u'oauth_token']
            session['expires'] = fb_request[u'expires']
            return True
        else:
            return False

    if session.get('user_id'):
        expires = int(session[u'expires'])
        now = time.time()
        if expires > now:
            return True

    return False
Exemplo n.º 35
0
def _post_index(request):
    query_string = request.META["QUERY_STRING"]
    redirect_uri = settings.FACEBOOK_CANVAS_PAGE
    if query_string:
        redirect_uri += ("?" + query_string)
    signed_request = request.POST["signed_request"]
    data = facebook.parse_signed_request(
        signed_request,
        settings.FACEBOOK_APP_SECRET)
    if not data.get("user_id"):
        scope = ["user_birthday", "user_location", "friends_birthday,"
                 "friends_hometown", "friends_location", "email",
                 "publish_actions", "friends_online_presence"]
        auth_url = facebook.auth_url(settings.FACEBOOK_APP_ID,
                                     redirect_uri, scope)
        markup = ('<script type="text/javascript">'
                  'top.location.href="%s"</script>' % auth_url)
        return HttpResponse(markup)
    return None
Exemplo n.º 36
0
 def process_request(self, request):
     """
     Enables ``request.facebook`` and ``request.facebook.get_graph`` in your views
     once the user authenticated the  application and connected with facebook. 
     You might want to use this if you don't feel confortable with the 
     javascript library.
     """
     # Try get the new OAuth cookie
     cookie = request.COOKIES.get('fbsr_%s' % APP_ID, '')
     
     data = facebook.parse_signed_request(cookie, SECRET_KEY)
     
     if not data:
         # Whoopsie, no new OAuth cookie. Maybe an old one?
         data = facebook.get_user_from_cookie(request.COOKIES, APP_ID, SECRET_KEY)
     
     request.facebook = Facebook(data or {})        
     
     return None
Exemplo n.º 37
0
def get_fb_user_canvas(request):
    """ Attempt to find a user using a signed_request (canvas). """
    signed_request = request.REQUEST.get('signed_request')
    if signed_request:
        data = facebook.parse_signed_request(signed_request,
                                             settings.SECRET_KEY)
        if data:
            if request.method == 'POST':
                # If this is requset method is POST then prevent rising err 403
                # from Django CSRF middleware
                request.META["CSRF_COOKIE"] = _get_new_csrf_key()
                request.csrf_processing_done = True

            if data.get('user_id'):
                fb_user = data['user']
                fb_user['method'] = 'canvas'
                fb_user['uid'] = data['user_id']
                fb_user['access_token'] = data['oauth_token']
                return fb_user
Exemplo n.º 38
0
    def post(self, **kwargs):
        #logging.info(self.request)
        signed_request = facebook.parse_signed_request(self.request.get('signed_request'),self.get_config('facebook','app_secret'))
        #logging.info(signed_request)
        try:
          user_id = signed_request['user_id']
        except:
          user_id = None
        page_id = signed_request['page']['id']
        liked = signed_request['page']['liked']
        admin = signed_request['page']['admin']
        options_dict = {}
        status = 'True'
        try:
          page = Page.get_by_key_name(page_id)
          #check active account or for expired account.
          if page.upgraded != '1':

            expire_date = page.created + datetime.timedelta(days=14)
            min_expire_date = datetime.datetime(2011,5,1)
        
            if (expire_date < min_expire_date):
              expire_date = min_expire_date

            if expire_date < datetime.datetime.now():
              status = 'False'

          
          
          widgets = Widget.all().filter('page =', page).filter('deleted = ', False).order('order')
          options = Option.all().filter('type_reference =', page)
          for option in options:
              options_dict[option.name] = {'id': str(option.key().id()), 'value': option.value}
        except:
          page=None
          widgets=None
          options_dict = None
        self.render("app/fb-tab.html", page=page,widgets=widgets, method="post",options=options_dict,admin=admin,status=status)



        
Exemplo n.º 39
0
def _post_index(request):
    query_string = request.META["QUERY_STRING"]
    redirect_uri = settings.FACEBOOK_CANVAS_PAGE
    if query_string:
        redirect_uri += ("?" + query_string)
    signed_request = request.POST["signed_request"]
    data = facebook.parse_signed_request(signed_request,
                                         settings.FACEBOOK_APP_SECRET)
    if not data.get("user_id"):
        scope = [
            "user_birthday", "user_location", "friends_birthday,"
            "friends_hometown", "friends_location", "email", "publish_actions",
            "friends_online_presence"
        ]
        auth_url = facebook.auth_url(settings.FACEBOOK_APP_ID, redirect_uri,
                                     scope)
        markup = ('<script type="text/javascript">'
                  'top.location.href="%s"</script>' % auth_url)
        return HttpResponse(markup)
    return None
Exemplo n.º 40
0
        def _view(request, *args, **kwargs):
            # Make sure we're receiving a signed_request from facebook
            if not request.POST.get('signed_request'):
                return HttpResponseBadRequest()

            # Parse the request and ensure it's valid
            try:
                signed_request = request.POST["signed_request"]
                data = facebook.parse_signed_request(signed_request, settings.FACEBOOK_SECRET_KEY)
            except ValueError:
                return HttpResponseBadRequest()

            # If the user has not authorised redirect them
            if not data.get('user_id'):
                scope = getattr(settings, 'FACEBOOK_PERMS', None)
                auth_url = facebook.auth_url(settings.FACEBOOK_APP_ID, settings.FACEBOOK_CANVAS_PAGE, scope)
                markup = '<script type="text/javascript">top.location.href="%s"</script>' % auth_url
                return HttpResponse(markup)

            # Success so return the view
            return view_func(request, *args, **kwargs)
Exemplo n.º 41
0
    def process_request(self, request):
        """
        Add 'fb_signed_request' into the request context

        If no signed request was found, request.fb_signed_request will be None. Otherwise it will
        contain a dict object containing the contents of the signed_request.

        if a FB user is present, create request.facebook that contains the user.

        """

        if request.POST.get('signed_request'):
            signed_request = request.POST["signed_request"]
            data = facebook.parse_signed_request(signed_request,
                                                 settings.FACEBOOK_SECRET_KEY)
            if data:
                request.fb_signed_request = data
            else:
                request.fb_signed_request = None

        return None
Exemplo n.º 42
0
    def get(self):
        # Check signed request for uid
        uid = self.request.GET["userID"]
        signedRequest = self.request.GET["signedRequest"]
        if not uid or not signedRequest:
            return self.abort(400)

        parsed_request = facebook.parse_signed_request(self.request.GET["signedRequest"], FACEBOOK_APP_SECRET)
        if not parsed_request or uid != parsed_request["user_id"]:
            return self.abort(403)

        try:
            result = facebook.get_access_token_from_code(
                parsed_request["code"], "", FACEBOOK_APP_ID, FACEBOOK_APP_SECRET
            )
            profile = facebook.GraphAPI(result["access_token"]).get_object("me")
        except facebook.GraphAPIError:
            return self.abort(403)

            # Fetch existant user or create new one
        user = entities.User.get_by_key_name(profile["id"])
        if not user:
            api_key = "".join(random.choice(string.hexdigits) for x in range(64))
            user = entities.User(
                key_name=str(profile["id"]),
                uid=int(profile["id"]),
                first_name=profile["first_name"],
                last_name=profile["last_name"],
                api_key=api_key,
                access_token=result["access_token"],
                active=True,
            )
        else:
            user.access_token = result["access_token"]
        user.put()

        profile["api_key"] = user.api_key
        profile["access_token"] = user.access_token
        self.response.out.write(json.dumps(profile))
Exemplo n.º 43
0
 def test_parse_signed_request_when_erroneous(self):
     result = facebook.parse_signed_request(
         signed_request='corrupted.payload', app_secret=self.secret)
     self.assertFalse(result)
Exemplo n.º 44
0
def parse_signed_request_cached(signed_request, secret):
    """Similar to facebook.parse_signed_request, but using the requestcache."""
    return facebook.parse_signed_request(signed_request, secret)
Exemplo n.º 45
0
 def parse_signed_request(self, signed_request):
     return facebooklib.parse_signed_request(signed_request,
                                             self._app_secret)
Exemplo n.º 46
0
 def assertSafeFail(self, sig, payload):
     actual = facebook.parse_signed_request(
         self.make_signed_req(sig, payload), "secret")
     self.assertEquals({}, actual)