class FacebookMobileLoginAPI(LoginAPIView): '''Facebook Login''' serializer_class = FacebookLoginSerializer @method_decorator(psa('users:social-mobile-login')) def dispatch(self, request, *args, **kwargs): return super(FacebookMobileLoginAPI, self).dispatch(request, *args, **kwargs)
class AccessTokenExchangeView(AccessTokenView): """ View for token exchange from 3rd party OAuth access token to 1st party OAuth access token """ @method_decorator(csrf_exempt) @method_decorator(social_utils.psa("social:complete")) def dispatch(self, *args, **kwargs): return super(AccessTokenExchangeView, self).dispatch(*args, **kwargs) def get(self, request, _backend): # pylint: disable=arguments-differ return super(AccessTokenExchangeView, self).get(request) def post(self, request, _backend): # pylint: disable=arguments-differ form = AccessTokenExchangeForm(request=request, data=request.POST) if not form.is_valid(): return self.error_response(form.errors) user = form.cleaned_data["user"] scope = form.cleaned_data["scope"] client = form.cleaned_data["client"] if constants.SINGLE_ACCESS_TOKEN: edx_access_token = self.get_access_token(request, user, scope, client) else: edx_access_token = self.create_access_token( request, user, scope, client) return self.access_token_response(edx_access_token)
class AccessTokenExchangeBase(APIView): """ View for token exchange from 3rd party OAuth access token to 1st party OAuth access token. """ @method_decorator(csrf_exempt) @method_decorator(social_utils.psa("social:complete")) def dispatch(self, *args, **kwargs): # pylint: disable=arguments-differ return super(AccessTokenExchangeBase, self).dispatch(*args, **kwargs) def get(self, request, _backend): """ Pass through GET requests without the _backend """ return super(AccessTokenExchangeBase, self).get(request) def post(self, request, _backend): """ Handle POST requests to get a first-party access token. """ form = AccessTokenExchangeForm(request=request, oauth2_adapter=self.oauth2_adapter, data=request.POST) if not form.is_valid(): error_response = self.error_response(form.errors) # pylint: disable=no-member if error_response.status_code == 403: log.info( 'message=login_filed_1, status="%d", user="******" ,agent="%s"', error_response.status_code, request.user, request.META.get('HTTP_USER_AGENT', ''), ) return error_response user = form.cleaned_data["user"] scope = form.cleaned_data["scope"] client = form.cleaned_data["client"] response = self.exchange_access_token(request, user, scope, client) if response.status_code == 403: log.info( 'message=login_filed_2, status=%d, user="******" ,agent="%s"', response.status_code, request.user.username, request.META.get('HTTP_USER_AGENT', ''), ) return response def exchange_access_token(self, request, user, scope, client): """ Exchange third party credentials for an edx access token, and return a serialized access token response. """ edx_access_token = self.create_access_token(request, user, scope, client) return self.access_token_response(edx_access_token)
class AccessTokenExchangeBase(APIView): """ View for token exchange from 3rd party OAuth access token to 1st party OAuth access token. """ @method_decorator(csrf_exempt) @method_decorator(social_utils.psa("social:complete")) def dispatch(self, *args, **kwargs): return super(AccessTokenExchangeBase, self).dispatch(*args, **kwargs) def get(self, request, _backend): # pylint: disable=arguments-differ """ Pass through GET requests without the _backend """ return super(AccessTokenExchangeBase, self).get(request) def post(self, request, _backend): # pylint: disable=arguments-differ """ Handle POST requests to get a first-party access token. """ data = request.POST.copy() # log.info('=== AccessTokenExchangeBase ===') # log.info(data) log.error("=== AccessTokenExchangeBase ===") if data.get('is_linkedin_mobile', False): data['csrfmiddlewaretoken'] = _get_new_csrf_key() log.error(data) form = AccessTokenExchangeForm(request=request, oauth2_adapter=self.oauth2_adapter, data=data) # pylint: disable=no-member if not form.is_valid(): # log.info("=== form is not valid ===") log.error("form is not valid") log.error(form.errors) return self.error_response(form.errors) # pylint: disable=no-member user = form.cleaned_data["user"] scope = form.cleaned_data["scope"] client = form.cleaned_data["client"] return self.exchange_access_token(request, user, scope, client) def exchange_access_token(self, request, user, scope, client): """ Exchange third party credentials for an edx access token, and return a serialized access token response. """ if constants.SINGLE_ACCESS_TOKEN: edx_access_token = self.get_access_token(request, user, scope, client) # pylint: disable=no-member else: edx_access_token = self.create_access_token( request, user, scope, client) return self.access_token_response(edx_access_token) # pylint: disable=no-member
class AccessTokenExchangeBase(APIView): """ View for token exchange from 3rd party OAuth access token to 1st party OAuth access token. Note: This base class was originally created to support multiple libraries, but we currently only support django-oauth-toolkit (DOT). """ # No CSRF protection is required because the provided 3rd party OAuth access # token is sufficient authentication_classes = [] allowed_methods = ['POST'] @method_decorator(social_utils.psa("social:complete")) def dispatch(self, *args, **kwargs): # pylint: disable=arguments-differ return super().dispatch(*args, **kwargs) def post(self, request, _backend): """ Handle POST requests to get a first-party access token. """ form = AccessTokenExchangeForm(request=request, oauth2_adapter=self.oauth2_adapter, data=request.POST) # lint-amnesty, pylint: disable=no-member if not form.is_valid(): error_response = self.error_response(form.errors) # pylint: disable=no-member return error_response user = form.cleaned_data["user"] scope = form.cleaned_data["scope"] client = form.cleaned_data["client"] return self.exchange_access_token(request, user, scope, client) def exchange_access_token(self, request, user, scope, client): """ Exchange third party credentials for an edx access token, and return a serialized access token response. """ edx_access_token = self.create_access_token(request, user, scope, client) return self.access_token_response(edx_access_token) # lint-amnesty, pylint: disable=no-member def _get_invalid_request_response(self, description): return Response(status=400, data={ 'error': 'invalid_request', 'error_description': description, })
class AccessTokenExchangeBase(APIView): """ View for token exchange from 3rd party OAuth access token to 1st party OAuth access token. """ @method_decorator(csrf_exempt) @method_decorator(social_utils.psa("social:complete")) def dispatch(self, *args, **kwargs): return super(AccessTokenExchangeBase, self).dispatch(*args, **kwargs) def get(self, request, _backend): """ Pass through GET requests without the _backend """ return super(AccessTokenExchangeBase, self).get(request) def post(self, request, _backend): """ Handle POST requests to get a first-party access token. """ form = AccessTokenExchangeForm(request=request, oauth2_adapter=self.oauth2_adapter, data=request.POST) if not form.is_valid(): return self.error_response(form.errors) user = form.cleaned_data["user"] scope = form.cleaned_data["scope"] client = form.cleaned_data["client"] return self.exchange_access_token(request, user, scope, client) def exchange_access_token(self, request, user, scope, client): """ Exchange third party credentials for an edx access token, and return a serialized access token response. """ if constants.SINGLE_ACCESS_TOKEN: edx_access_token = self.get_access_token(request, user, scope, client) else: edx_access_token = self.create_access_token( request, user, scope, client) return self.access_token_response(edx_access_token)