def authorize(self):
code = request.args.get('code')
if not code:
abort(403)
d = self.exchange_code_to_token(code)
token = d.get('access_token')
refresh_token = d.get('refresh_token')
expires_in = d.get('expires_in')
user = self.load_user(token)
email = user.get('email')
id = user.get('id')
f = self.app.view_functions.get(self.current.next_endpoint)
if getattr(f, '_herokai_only', False) and not utils.is_herokai(email):
abort(401)
self.current.logged_in = True
self.current.token = token
self.current.id = id
self.current.username = email
self.current.refresh_token = refresh_token
self.current.expires_in = expires_in
self.current.expiry_time = utils.utc_timestamp() + expires_in
return redirect(self.current.next_url)
def valid(self):
if not self.logged_in:
return True
# Randomly check and refresh
if self.expiry_time < utils.utc_timestamp():
return False
if self.expires_in <= 0:
return False
return True
