def github_connect(): state = request.args.get('state') if login_session['state'] != state: abort(403) code = request.args.get('code') params = { "client_id": GIT_CLIENT_ID, "client_secret": GIT_CLIENT_SECRET, "code": code, "state": login_session['state'] } params_data = urllib.urlencode(params) auth_url = "https://github.com/login/oauth/access_token" http = httplib2.Http() auth_response = http.request(auth_url, 'POST', body=params_data) #TODO handle response errors #TODO handle user-granted limited scopes #TODO add user agent to requests https://developer.github.com/v3/ #TODO add explicit api version (v3) to requests https://developer.github.com/v3/ data = dict(urlparse.parse_qsl(auth_response[1])) # print data login_session['provider'] = 'github' login_session['access_token'] = data['access_token'] login_session['scope'] = data['scope'] access_token_param = "access_token=" + login_session['access_token'] github_user_api = 'https://api.github.com/user' user_request = github_user_api + "?" + access_token_param http = httplib2.Http() user_response = http.request(user_request, 'GET') #TODO handle profile response errors profile = json.loads(user_response[1]) login_session['github_username'] = profile['login'] login_session['full_name'] = profile['name'] login_session['picture'] = profile['avatar_url'] user_email_request = github_user_api + "/emails?" + access_token_param http = httplib2.Http() email_response = http.request(user_email_request, 'GET') emails = json.loads(email_response[1]) for email in emails: if email['primary'] == True and email['verified'] == True: login_session['email'] = email['email'] else: #TODO handle unverified email addresses pass if login_session.get('email') is not None: user_id = user_tools.get_user_id(login_session['email']) if not user_id: user_id = user_tools.create_user(login_session) login_session['user_id'] = user_id flash("Logged in as %s" % login_session['email']) return redirect(url_for('catalog.show_catalog'))
def gconnect(): code = request.data try: g_secrets_file = G_CLIENT_FILE oauth_flow = flow_from_clientsecrets(g_secrets_file, scope='') oauth_flow.redirect_uri = 'postmessage' credentials = oauth_flow.step2_exchange(code) except FlowExchangeError: response = make_response(json.dumps('Failed to upgrade the ' 'authorization code.'), 401) response.headers['content-type'] = 'application/json' return response access_token = credentials.access_token url = ('https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=%s' % access_token) http = httplib2.Http() result = json.loads(http.request(url, 'GET')[1]) if result.get('error') is not None: response = make_response(json.dumps(result.get('error')), 500) response.headers['content-type'] = 'application/json' return response gplus_id = credentials.id_token['sub'] if result['user_id'] != gplus_id: response = make_response(json.dumps("Token's user ID doesn't match " "given user ID."), 401) response.headers['content-type'] = 'application/json' return response if result['issued_to'] != G_CLIENT_ID: response = make_response(json.dumps("Token's client ID does not " "match app's."), 401) response.headers['content-type'] = 'application/json' return response stored_credentials = login_session.get('credentials') stored_gplus_id = login_session.get('gplus_id') if stored_credentials is not None and gplus_id == stored_gplus_id: response = make_response(json.dumps('Current user is already ' 'connected'), 200) response.headers['content-type'] = 'application/json' return response login_session['access_token'] = credentials.access_token login_session['gplus_id'] = gplus_id # USING URLLIB2 # userinfo_connection = urllib2.urlopen(userinfo_request) # answer = userinfo_connection.read() # userinfo_connection.close() # USING REQUESTS # answer = requests.get(userinfo_url, params=params) userinfo_url = "https://www.googleapis.com/oauth2/v1/userinfo" params = {'access_token': credentials.access_token, 'alt': 'json'} param_data = urllib.urlencode(params) userinfo_request = userinfo_url + "?" + param_data http = httplib2.Http() answer = http.request(userinfo_request, 'GET') data = json.loads(answer[1]) login_session['provider'] = 'google' login_session['full_name'] = data['name'] login_session['given_name'] = data['given_name'] login_session['family_name'] = data['family_name'] login_session['picture'] = data['picture'] login_session['email'] = data['email'] user_id = user_tools.get_user_id(login_session['email']) if not user_id: user_id = user_tools.create_user(login_session) login_session['user_id'] = user_id output = '' output += '<h4>Welcome ' + login_session['given_name'] + '<h4>' flash('You are now logged in as %s' % login_session['email']) return output