def logged_in(self): """ Recieves authentication messages from the velruse service. It will log in users or connect their adhocracy account to an existing velruse account. It also creates adhocracy accounts if it thinks the user has none. We expect the ssi service to provide a *verified* email address. If none is provided, this function will crash. """ redirect_url = session.get('came_from', h.base_url('/login')) token = request.params['token'] payload = {'format': 'json', 'token': token} rsp = get(h.velruse_url('/auth_info'), params=payload, timeout=1, verify=config.get_bool('velruse.verify_ssl')) if rsp.status_code >= 400: return self._failure(_('Internal server error:' 'velruse service not available.'), redirect_url=redirect_url) auth_info = loads(rsp.content) log.debug('received auth_info from velruse:\n' + '<pre>' + dumps(auth_info, indent=4) + '</pre>') if 'error' in auth_info: error = auth_info['error'] if error == 'user_denied': return self._failure(_('Login failed: ') + _('You have to give Adhocracy permission ' 'to connect to your Facebook account.'), auth_info, redirect_url=redirect_url) else: return self._failure(_('Login failed: ') + auth_info['error'], auth_info, redirect_url=redirect_url) provider_name = auth_info['provider_name'] if provider_name not in allowed_login_types(): self._failure(_("Logging in with %s " "is not allowed on this installation.") % provider_name.capitalize(), auth_info, redirect_url=redirect_url) else: try: profile = auth_info['profile'] email = profile[ 'verifiedEmail'] # FIXME: this is not always available. we should catch that earlier above. display_name = profile['displayName'] preferred_name = profile['preferredUsername'].replace('.', '_') user_name = unused_user_name(preferred_name) accounts = profile['accounts'] except KeyError: log.error('could not parse velruse response:\n' + '<pre>' + dumps(auth_info, indent=4) + '</pre>') self._failure(_("Error")) if c.user is not None: adhocracy_user = c.user velruse_user = Velruse.by_user_and_domain_first( adhocracy_user, accounts[0]['domain']) if velruse_user is not None: self._failure(_("This %(provider)s account" " is already connected.") % {'provider': provider_name.capitalize()}, redirect_url=redirect_url) else: velruse_user = Velruse.find_any(accounts) if velruse_user is not None: adhocracy_user = velruse_user.user else: adhocracy_user = None if velruse_user is not None: domain = velruse_user.domain domain_user = velruse_user.domain_user else: domain = accounts[0]['domain'] domain_user = accounts[0][ 'userid'] # FIXME: this is not always available. we should catch that earlier above. if not domain or not domain_user: log.error('domain and/or domain_user not found:\n' + '<pre>\n' + str(domain, domain_user) + '\n' + dumps(auth_info, indent=4) + '\n' + '</pre>') self._failure(_("Error"), redirect_url=redirect_url) try: # login right away if adhocracy_user is not None and velruse_user is not None: update_email_trust(adhocracy_user, email) self._login(adhocracy_user, redirect_url=redirect_url) # create new user in both Velruse and User and login elif adhocracy_user is None and velruse_user is None: new_user = self._create(user_name, email, domain, domain_user, email_verified=True, display_name=display_name, redirect_url=redirect_url) adhocracy_user, velruse_user = new_user self._login(adhocracy_user, redirect_url=redirect_url) # create new user in Velruse for a logged in user elif adhocracy_user is not None and velruse_user is None: self._connect(adhocracy_user, domain, domain_user, provider_name, email, email_verified=True, redirect_url=redirect_url) # error case else: raise DatabaseInconsistent('velruse user is not associated' ' with any adhocracy user') # if users are deleted and we try to create them again # we get an IntegrityError except IntegrityError: self._failure( _("Your %(provider)s account is locked.") % {'provider': provider_name.capitalize()})
def logged_in(self): """ Recieves authentication messages from the velruse service. It will log in users or connect their adhocracy account to an existing velruse account. It also creates adhocracy accounts if it thinks the user has none. We expect the ssi service to provide a *verified* email address. If none is provided, this function will crash. """ redirect_url = session.get('came_from', h.base_url('/login')) token = request.params['token'] payload = {'format': 'json', 'token': token} rsp = get(h.velruse_url('/auth_info'), params=payload, timeout=1, verify=config.get_bool('velruse.verify_ssl')) if rsp.status_code >= 400: return self._failure(_('Internal server error:' 'velruse service not available.'), redirect_url=redirect_url) auth_info = loads(rsp.content) log.debug('received auth_info from velruse:\n' + '<pre>' + dumps(auth_info, indent=4) + '</pre>') if 'error' in auth_info: error = auth_info['error'] if error == 'user_denied': return self._failure(_('Login failed: ') + _('You have to give Adhocracy permission ' 'to connect to your Facebook account.'), auth_info, redirect_url=redirect_url) else: return self._failure(_('Login failed: ') + auth_info['error'], auth_info, redirect_url=redirect_url) provider_name = auth_info['provider_name'] if provider_name not in allowed_login_types(): self._failure(_("Logging in with %s " "is not allowed on this installation.") % provider_name.capitalize(), auth_info, redirect_url=redirect_url) else: try: profile = auth_info['profile'] email = profile['verifiedEmail'] # FIXME: this is not always available. we should catch that earlier above. display_name = profile['displayName'] preferred_name = profile['preferredUsername'].replace('.', '_') user_name = unused_user_name(preferred_name) accounts = profile['accounts'] except KeyError: log.error('could not parse velruse response:\n' + '<pre>' + dumps(auth_info, indent=4) + '</pre>') self._failure(_("Error")) if c.user is not None: adhocracy_user = c.user velruse_user = Velruse.by_user_and_domain_first( adhocracy_user, accounts[0]['domain']) if velruse_user is not None: self._failure(_("This %(provider)s account" " is already connected.") % {'provider': provider_name.capitalize()}, redirect_url=redirect_url) else: velruse_user = Velruse.find_any(accounts) if velruse_user is not None: adhocracy_user = velruse_user.user else: adhocracy_user = None if velruse_user is not None: domain = velruse_user.domain domain_user = velruse_user.domain_user else: domain = accounts[0]['domain'] domain_user = accounts[0]['userid'] # FIXME: this is not always available. we should catch that earlier above. if not domain or not domain_user: log.error('domain and/or domain_user not found:\n' + '<pre>\n' + str(domain, domain_user) + '\n' + dumps(auth_info, indent=4) + '\n' + '</pre>') self._failure(_("Error"), redirect_url=redirect_url) try: # login right away if adhocracy_user is not None and velruse_user is not None: update_email_trust(adhocracy_user, email) self._login(adhocracy_user, redirect_url=redirect_url) # create new user in both Velruse and User and login elif adhocracy_user is None and velruse_user is None: new_user = self._create(user_name, email, domain, domain_user, email_verified=True, display_name=display_name, redirect_url=redirect_url) adhocracy_user, velruse_user = new_user self._login(adhocracy_user, redirect_url=redirect_url) # create new user in Velruse for a logged in user elif adhocracy_user is not None and velruse_user is None: self._connect(adhocracy_user, domain, domain_user, provider_name, email, email_verified=True, redirect_url=redirect_url) # error case else: raise DatabaseInconsistent('velruse user is not associated' ' with any adhocracy user') # if users are deleted and we try to create them again # we get an IntegrityError except IntegrityError: self._failure(_("Your %(provider)s account is locked.") % {'provider': provider_name.capitalize()})
def logged_in(self): """ Recieves authentication messages from the velruse service. It will log in users or connect their adhocracy account to an existing velruse account. It also creates adhocracy accounts if it thinks the user has none. We expect the ssi service to provide a *verified* email address. If none is provided, this function will crash. """ token = request.params['token'] payload = {'format': 'json', 'token': token} rsp = get(h.velruse_url('/auth_info'), params=payload, timeout=1) if rsp.status_code >= 400: return self._failure(_('Internal server error:' 'velruse service not available.')) auth_info = loads(rsp.content) log.debug('received auth_info from velruse:\n' + '<pre>' + dumps(auth_info, indent=4) + '</pre>') if 'error' in auth_info: error = auth_info['error'] if error == 'user_denied': return self._failure(_('Login failed: ') + _('You have to give Adhocracy permission ' 'to connect to your Facebook account.'), auth_info) else: return self._failure(_('Login failed: ') + auth_info['error'], auth_info) provider_name = auth_info['provider_name'] if provider_name not in allowed_login_types(): self._failure(_("Logging in with %s " "is not allowed on this installation.") % provider_name.capitalize(), auth_info) else: profile = auth_info['profile'] email = profile['verifiedEmail'] display_name = profile['displayName'] preferred_name = profile['preferredUsername'].replace('.', '_') user_name = unused_user_name(preferred_name) accounts = profile['accounts'] if c.user: adhocracy_user = c.user velruse_user = Velruse.by_user_and_domain_first( adhocracy_user, accounts[0]['domain']) else: velruse_user = Velruse.find_any(accounts) adhocracy_user = velruse_user.user if velruse_user else None if velruse_user: domain = velruse_user.domain domain_user = velruse_user.domain_user else: domain = accounts[0]['domain'] domain_user = accounts[0]['userid'] try: # login right away if adhocracy_user and velruse_user: update_email_trust(adhocracy_user, email) self._login(adhocracy_user) # create new user in both Velruse and User and login elif not adhocracy_user and not velruse_user: new_user = self._create(user_name, email, domain, domain_user, email_verified=True, display_name=display_name) adhocracy_user, velruse_user = new_user self._login(adhocracy_user) # create new user in Velruse for a logged in user elif adhocracy_user and not velruse_user: self._connect(adhocracy_user, domain, domain_user, provider_name, email, email_verified=True) # error case elif not adhocracy_user and velruse_user: raise DatabaseInconsistent('velruse user is not associated' ' with any adhocracy user') else: raise Exception # if users are deleted and we try to create them again # we get an IntegrityError except IntegrityError: self._failure(_("Error"))