def post(self): """ This method uses Mozilla Persona to check if the user is authenticated. On success, it creates a new account if the e-mail is not in the DB and logs the user in. :raise tornado.web.HTTPError: if the Persona verifier rejects the login """ assertion = self.get_argument('assertion') http_client = tornado.httpclient.AsyncHTTPClient() url = 'https://verifier.login.persona.org/verify' input_data = {'assertion': assertion, 'audience': self.request.host} response = yield self._async_post(http_client, url, input_data) data = json_decode(response.body) if data['status'] != 'okay': raise tornado.web.HTTPError(400, 'Failed assertion test') user_api.create_user(self.db, {'email': data['email']}) self.set_secure_cookie('user', data['email'], expires_days=None, # secure=True, httponly=True) self.set_header('Content-Type', 'application/json; charset=UTF-8') result = {'next_url': '/', 'email': data['email']} self.write(json_encode(result)) self.finish()
def get(self, email=''): user_api.create_user(self.db, {'email': email}) self.write('Created user {}'.format(email)) self.set_status(201)