def get_implicit_response(self, request, client):
"""
Assumes validated and authorized request with a response_type that is
associated with an implicit flow.
"""
data = self.get_data(request)
lookup_kwargs = {
'user':
request.user,
'client':
client,
'scope':
scope.to_int(*data.get('scope', constants.SCOPES[0][1]).split()),
'reuse_existing_access_token':
constants.SINGLE_ACCESS_TOKEN,
'create_refresh_token':
False
}
token, __ = self.get_access_and_refresh_tokens(request,
**lookup_kwargs)
response_data = self.access_token_response_data(
token, data['response_type'])
basepath = data.get("redirect_uri")
if not basepath:
basepath = token.client.redirect_uri
if len(data.get('state', '')) > 0:
response_data['state'] = data.get('state')
path = "{0}#{1}".format(basepath, urlencode(response_data))
return HttpResponseRedirect(path)
def create_access_token(self, request, user, scope, client):
# Use client scope
client_scope = client.apiv2_client.get_scope_display()
# allowed_scopes = [requested_scope for requested_scope in to_names(scope) if requested_scope in client_scope]
return AccessToken.objects.create(user=user, client=client, scope=to_int(*client_scope.split("+")))
def create_access_token(self, request, user, scope, client):
# Use client scope
client_scope = client.apiv2_client.get_scope_display()
#allowed_scopes = [requested_scope for requested_scope in to_names(scope) if requested_scope in client_scope]
return AccessToken.objects.create(
user=user, client=client, scope=to_int(*client_scope.split('+')))
def register_by_access_token(request, backend):
if backend != 'facebook' and backend != 'google':
return HttpResponse(status=400, reason='Backend ' + backend + ' not supported')
token = request.GET.get('access_token')
print 'token = ', token
if backend == 'facebook':
response = requests.get('https://graph.facebook.com/me?access_token=' + token)
elif backend == 'google':
response = requests.get('https://www.googleapis.com/oauth2/v1/userinfo?alt=json&access_token=' + token)
data_json = response.content
data_dict = json.loads(data_json)
print 'data_dict = ', data_dict
if response.status_code != 200:
# if data_dict['error']['code'] == 190 and data_dict['error']['error_subcode'] == 463:
# return HttpResponse(status=400, reason='Facebook token expired')
# else:
return HttpResponse("Invalid access token")
# try:
# e = data_dict['email']
# except KeyError:
# return HttpResponse(status=400, reason="Facebook access token doesn't have email permissions")
if backend == 'facebook':
user = EmailUser.objects.filter(source=backend, facebook_id=data_dict['id'])
elif backend == 'google':
user = EmailUser.objects.filter(source=backend, google_id=data_dict['id'])
if user.exists():
user = user[0]
else:
if 'email' in data_dict:
email = data_dict['email']
else:
email = None
user = EmailUser(name=data_dict['name'],
email=email, source = backend)
if backend == 'facebook':
user.image_url = 'https://graph.facebook.com/v2.3/' + data_dict['id'] + '/picture'
user.facebook_id = data_dict['id']
elif backend == 'google':
user.image_url = data_dict['picture']
user.google_id = data_dict['id']
user.save()
cl = Client(user = user, name = 'opinion', client_type=1, url = 'http://opinion.elasticbeanstalk.com')
cl.save()
print 'user = '******' ', user.name, ' ', user.facebook_id, ' ', user.google_id, ' ', user.image_url
at = AccessTokenView().get_access_token(request, user, scope.to_int('read', 'write'), cl)
user_data = {'token': at.token}
user_data['id'] = user.id
user_data['name'] = user.name
user_data['email'] = user.email
print "facebook_id = ", user.facebook_id
user_data['image_url'] = user.image_url
print "Serialize Issue: user_data = ", user_data
if user:
return HttpResponse(json.dumps(user_data), content_type="application/json")
else:
return HttpResponse('ERROR')
def prepare_access_token_response(self, request, client, user):
self.request.user = user
scope = provider_scope.to_int('read', 'write')
if provider_constants.SINGLE_ACCESS_TOKEN:
at = self.get_access_token(request, user, scope, client)
else:
at = self.create_access_token(request, user, scope, client)
# Public clients don't get refresh tokens
if client.client_type == provider_constants.CONFIDENTIAL:
self.create_refresh_token(request, user, scope, at, client)
return self.access_token_response(at)
def clean_scope(self):
"""
The scope is assembled by combining all the set flags into a single
integer value which we can later check again for set bits.
If *no* scope is set, we return the default scope which is the first
defined scope in :attr:`provider.constants.SCOPES`.
"""
default = SCOPES[0][0]
flags = self.cleaned_data.get('scope', [])
return scope.to_int(default=default, *flags)
def get_access_token(self, user):
client = Client.objects.get(name='shoutit-web')
scope = provider_scope.to_int('read', 'write')
try:
# Attempt to fetch an existing access token.
at = AccessToken.objects.get(user=user,
client=client,
scope=scope,
expires__gt=now())
except AccessToken.DoesNotExist:
# None found... make a new one!
at = self.create_access_token(user, scope, client)
self.create_refresh_token(at)
return at
def clean_scope(self):
"""
The scope is assembled by combining all the set flags into a single
integer value which we can later check again for set bits.
If *no* scope is set, we return the default scope which is the first
defined scope in :attr:`provider.constants.SCOPES`.
"""
default = SCOPES[0][0]
flags = self.cleaned_data.get('scope', [])
return scope.to_int(default=default, *flags)
def shoutit_signup(self, request, data, client):
"""
Handle ``grant_type=shoutit_signup`` requests.
"""
user = self.get_shoutit_signup_grant(request, data, client)
self.request.user = user
scope = provider_scope.to_int('read', 'write')
if provider_constants.SINGLE_ACCESS_TOKEN:
at = self.get_access_token(request, user, scope, client)
else:
at = self.create_access_token(request, user, scope, client)
# Public clients don't get refresh tokens
if client.client_type == provider_constants.CONFIDENTIAL:
self.create_refresh_token(request, user, scope, at, client)
return self.access_token_response(at)
def test_get_scope_ints(self):
self.assertEqual(constants.READ, scope.to_int('read'))
self.assertEqual(constants.WRITE, scope.to_int('write'))
self.assertEqual(constants.READ_WRITE, scope.to_int('read', 'write'))
self.assertEqual(0, scope.to_int('invalid'))
self.assertEqual(1, scope.to_int('invalid', default=1))
def test_get_scope_ints(self):
self.assertEqual(constants.READ, scope.to_int('read'))
self.assertEqual(constants.READ_WRITE, scope.to_int('write'))
self.assertEqual(constants.READ_WRITE, scope.to_int('read', 'write'))
self.assertEqual(0, scope.to_int('invalid'))
self.assertEqual(1, scope.to_int('invalid', default=1))
