def post(self):
"""
This method uses Mozilla Persona to check if the user is
authenticated. On success, it creates a new account if the e-mail is
not in the DB and logs the user in.
:raise tornado.web.HTTPError: if the Persona verifier rejects the login
"""
assertion = self.get_argument('assertion')
http_client = tornado.httpclient.AsyncHTTPClient()
url = 'https://verifier.login.persona.org/verify'
input_data = {'assertion': assertion, 'audience': self.request.host}
response = yield self._async_post(http_client, url, input_data)
data = json_decode(response.body)
if data['status'] != 'okay':
raise tornado.web.HTTPError(400, 'Failed assertion test')
user_api.create_user(self.db, {'email': data['email']})
self.set_secure_cookie('user', data['email'], expires_days=None,
# secure=True,
httponly=True)
self.set_header('Content-Type', 'application/json; charset=UTF-8')
result = {'next_url': '/', 'email': data['email']}
self.write(json_encode(result))
self.finish()
def get(self, email=''):
user_api.create_user(self.db, {'email': email})
self.write('Created user {}'.format(email))
self.set_status(201)
