def login_handler(): """This is used by the persona js to kick off the verification securely from the server side. """ resp = None if request.form['assertion']: resp = requests.post(app.config['PERSONA_VERIFIER'], data={ 'assertion': request.form['assertion'], 'audience': request.host_url, }, verify=True) if resp and resp.ok: decoded = resp.content.decode('utf-8') verification_data = json.loads(decoded) if verification_data['status'] == 'okay': email = verification_data['email'] session['email'] = email ## See if there's an existing User with this email address. user = db.lookup_user_by_email(email) if user: print("FOUND USER:", user) session['user_id'] = user.id g.user = user out = {'username': user.username, 'fullname':user.fullname} return json.dumps(out) ## Otherwise, we're going to have to create one... return json.dumps('OK') abort(400)
def create_persona_user(): """Create a new PersonaUser and User for the associated email address and passed username. Fail out if we can't do that.""" ### XXX: we should only be doing this iff: ### - the user has currently verified their email address via Persona ### - but has not logged in with a Guampa account ### - and the email address is not yet associated with any Guampa account ### - and the account name is valid ### - and the account name is not yet in use if 'email' in session and g.user is None: d = request.get_json() username = d['username'] email = session['email'] if db.lookup_user_by_email(email): print("email address already in use, this should never happen") abort(400) if (db.lookup_username(username) or not constants.USERNAMEPATTERN.match(username)): abort(400) user = db.create_user_with_email(username, email) session['user_id'] = user.id g.user = user out = {'username': user.username, 'fullname':user.fullname} return json.dumps(out) abort(403)