def do_token_dance (self, perms=None) :
# WHAT WOULD CROWLEY DO ?
extra = self.request.get('extra')
e_params = {}
if extra and extra != '' :
extra = urlparse(extra)
e_params = dict([part.split('=') for part in extra[2].split('&')])
crumb = urllib.unquote(e_params['crumb'])
if not self.validate_crumb(None, 'auth_my_oauth', crumb) :
return False
# WHAT WOULD CROWLEY DO ?
# GET USER HERE...UH, HOW?
# SAME WITH PERMS...
if not user :
args = {
'password' : self.generate_password(),
'user_token' : user_token,
'user_secret' : user_secret,
'perms' : user_perms,
}
user = User.create(args)
else :
credentials = {
'user_token' : consumer_token,
'user_secret' : consumer_secret,
'perms' : user_perms,
}
User.update_credentials(user, credentials)
self.response.headers.add_header('Set-Cookie', self.ffo_cookie(user))
self.response.headers.add_header('Set-Cookie', self.fft_cookie(user))
if e_params.has_key('redir') :
self.redirect(e_params['redir'])
else :
self.redirect("/")
def check_logged_in (self, min_perms=None) :
cookies = self.request.cookies
if not cookies.has_key('ffo') :
return False
whoami = cookies['ffo'].split(":")
if len(whoami) != 2 :
return False
user = User.get_user_by_password(whoami[1])
if not user :
return False
self.user = user
if str(self.user.key()) != str(whoami[0]) :
return False
if min_perms :
if cookies.has_key('fft') :
# check that the cookie looks sane
fft = self.generate_fft(self.user)
if cookies['fft'] != fft :
return False
# check that the user token has
# some minimum permissions
need_perms = self.perms_map[min_perms]
has_perms = self.user.perms
if has_perms < need_perms :
return False
else :
if not self.check_token(min_perms) :
return False
return True
