def persona_login(request):
assertion = request.POST.get('assertion', '')
audience = request.build_absolute_uri('/')
resp = requests.post('https://verifier.login.persona.org/verify', {
'assertion': assertion,
'audience': audience
})
if resp.json['status'] != 'okay':
return render_authentication_error(request)
email = resp.json['email']
user = User(email=email)
extra_data = resp.json
account = SocialAccount(uid=email,
provider=PersonaProvider.id,
extra_data=extra_data,
user=user)
# TBD: Persona e-mail addresses are verified, so we could check if
# a matching local user account already exists with an identical
# verified e-mail address and short-circuit the social login. Then
# again, this holds for all social providers that guarantee
# verified e-mail addresses, so if at all, short-circuiting should
# probably not be handled here...
login = SocialLogin(account)
login.state = SocialLogin.state_from_request(request)
return complete_social_login(request, login)
def get_access_token(self, code):
params = {'client_id': self.consumer_key,
'redirect_uri': self.callback_url,
'grant_type': 'authorization_code',
'client_secret': self.consumer_secret,
'scope': self.scope,
'code': code}
params = dict(params.items() + self.extra_access_token_post_params.items())
url = self.access_token_url
# TODO: Proper exception handling
resp = requests.post(url, params, True)
access_token = None
if resp.status_code == 200:
if resp.headers['content-type'].split(';')[0] == 'application/json':
data = resp.json
else:
data = dict(urlparse.parse_qsl(resp.content))
access_token = data.get('access_token')
refresh_token = data.get('refresh_token', None)
if not access_token:
raise OAuth2Error('Error retrieving access token: %s'
% resp.content)
return access_token, refresh_token
def refresh_token(self):
account = self.account
app = SocialApp.objects.get_current(self.account.get_provider().id)
tokens = SocialToken.objects.filter(app=app, account=account).order_by('-id')
if tokens:
token = tokens[0]
response = requests.post('https://accounts.google.com/o/oauth2/token', {
'client_id': app.key,
'client_secret': app.secret,
'refresh_token': token.token_secret,
'grant_type': 'refresh_token'
})
if 'access_token' in response.json:
token.token = response.json['access_token']
token.save()
def get_access_token(self, code):
params = {'client_id': self.consumer_key,
'redirect_uri': self.callback_url,
'grant_type': 'authorization_code',
'client_secret': self.consumer_secret,
'scope': self.scope,
'code': code}
url = self.access_token_url
# TODO: Proper exception handling
resp = requests.post(url, params)
access_token = None
if resp.status_code == 200:
if resp.headers['content-type'].split(';')[0] == 'application/json':
data = resp.json
else:
data = dict(urlparse.parse_qsl(resp.content))
access_token = data.get('access_token')
if not access_token:
raise OAuth2Error('Error retrieving access token: %s'
% resp.content)
return access_token
def get_access_token(self, code):
client = httplib2.Http()
params = {'client_id': self.consumer_key,
'redirect_uri': self.callback_url,
'grant_type': 'authorization_code',
'client_secret': self.consumer_secret,
'scope': self.scope,
'code': code}
url = self.access_token_url
# TODO: Proper exception handling
resp = requests.post(url, params)
access_token = None
if resp.status_code == 200:
if resp.headers['content-type'] == 'application/json':
data = resp.json
else:
data = dict(urlparse.parse_qsl(resp.content))
access_token = data.get('access_token')
if not access_token:
raise OAuth2Error('Error retrieving access token: %s'
% resp.content)
return access_token
def persona_login(request):
assertion = request.POST.get('assertion', '')
audience = request.build_absolute_uri('/')
resp = requests.post('https://verifier.login.persona.org/verify',
{ 'assertion': assertion,
'audience': audience })
if resp.json['status'] != 'okay':
return render_authentication_error(request)
email = resp.json['email']
user = User(email=email)
extra_data = resp.json
account = SocialAccount(uid=email,
provider=PersonaProvider.id,
extra_data=extra_data,
user=user)
# TBD: Persona e-mail addresses are verified, so we could check if
# a matching local user account already exists with an identical
# verified e-mail address and short-circuit the social login. Then
# again, this holds for all social providers that guarantee
# verified e-mail addresses, so if at all, short-circuiting should
# probably not be handled here...
login = SocialLogin(account)
login.state = SocialLogin.state_from_request(request)
return complete_social_login(request, login)