def gconnect(self): ''' Ensures that google authenticated our website user and stores their credentials and information in a temporary session. ''' # Get the OAuth2 code and try to retrieve credentials with it code = request.data try: oauth_flow = flow_from_clientsecrets(os.path.join( os.path.dirname(__file__), '../google_cs.json'), scope='') oauth_flow.redirect_uri = 'postmessage' credentials = oauth_flow.step2_exchange(code) except FlowExchangeError: return self.invalid_response( 'Failed to upgrade the authorization code', status_code=401) # Check the access token access_token = credentials.access_token url = ( 'https://www.googleapis.com/oauth2/v1/tokeninfo?access_token={0}'. format(access_token)) h = httplib2.Http() result = json.loads(h.request(url, 'get')[1]) if result.get('error') is not None: return self.invalid_response(result.get('error'), status_code=500) # Get the users Google ID and check it against the access token user id google_id = credentials.id_token['sub'] if result['user_id'] != google_id: return self.invalid_response('The IDs do not match.', status_code=401) # Get the user's data userinfo_url = 'https://www.googleapis.com/oauth2/v1/userinfo' params = {'access_token': credentials.access_token, 'alt': 'json'} answer = requests.get(userinfo_url, params=params) data = answer.json() # Try to use the currently logged in user user = g.get('user') # If no user is logged in, see if a user exists if user is None: user = g.db.query(Users).filter_by(email=data['email']).first() # If no user exists, create one if user is None: user = Users(name=data['name'], email=data['email'], provider='google') g.db.add(user) g.db.commit() else: user.provider = 'google' g.db.add(user) g.db.commit() # Store the user data in the session session['user_id'] = user.id session['access_token'] = access_token # Notify the user and redirect to the home page flash('Successfully logged in as {0}'.format(user.name), "success") return redirect(url_for('landing'))
def fbconnect(self): ''' Connects to Facebook ''' data = request.get_json() if data.get('id'): del data['id'] # Get the user or create a new one user = g.db.query(Users).filter_by(email=data['email']).first() if user is None: user = Users(**data) user.provider = 'facebook' g.db.add(user) g.db.commit() else: user.provider = 'facebook' g.db.add(user) g.db.commit() # Store the user data in the session session['user_id'] = user.id return redirect(url_for('landing'))