def logout(request):
credential_token = request.COOKIES.get('token', '')
if credential_token == '':
messages.add_message(request, SIGNIN, 'Logged out successfully.',
fail_silently=True)
return HttpResponseRedirect('/signin/')
crypter = oauth2.Crypter()
try:
logout_uri = 'https://accounts.google.com/o/oauth2/revoke?token=%s' \
% crypter.decrypt(credential_token)
except oauth2.CryptoException:
response = HttpResponseRedirect('/signin/')
else:
http = httplib2.Http()
http.disable_ssl_certificate_validation = True
resp = http.request(logout_uri, 'GET')
response = HttpResponseRedirect('/signin/')
# Need to wait for Google to process the revoke request
if resp[0].status == 200:
time.sleep(2)
response = HttpResponseRedirect('/logout/')
response.set_cookie('user_id', '')
response.set_cookie('login', '')
response.set_cookie('domain_url', '')
response.set_cookie('token', '')
return response
def auth_return(request):
oauth2_flow = oauth2.OAuth2Flow()
domains = oauth2_flow.get_domains()
flow = oauth2.OAuth2Flow().get_flow(domains[1])
# disable SSL certificate validation for exchanging access code
http = httplib2.Http()
http.disable_ssl_certificate_validation = True
credential = flow.step2_exchange(request.GET.get('code'), http)
credential_token = json.loads(credential.to_json())['id_token']
if credential_token['email_verified'] and credential_token['hd'] in domains:
email = credential_token['email']
crypter = oauth2.Crypter()
encrypted_email = crypter.encrypt(email)
encrypted_domain = crypter.encrypt(credential_token['hd'])
encrypted_token = crypter.encrypt(credential.access_token)
response = HttpResponseRedirect('/')
# cookie expires after a week
response.set_cookie('login', encrypted_email, max_age=7 * 24 * 60 * 60)
response.set_cookie('domain_url', encrypted_domain, max_age=7 * 24 * 60 * 60)
response.set_cookie('user_id', email, max_age=7 * 24 * 60 * 60)
response.set_cookie('token', encrypted_token)
return response
else:
messages.add_message(request, SIGNIN, 'Authentication failed.')
response = HttpResponseRedirect('/logout/')