def auth_return(request):
"""
Step 2 of Google OAuth 2.0 flow.
"""
if 'state' not in request.REQUEST:
return redirect('gauth_index')
if not xsrfutil.validate_token(
settings.SECRET_KEY, str(request.REQUEST['state']), request.user):
return HttpResponseBadRequest()
FLOW = Storage(FlowModel, 'id', request.user, 'flow').get()
if FLOW is None:
return redirect('gauth_index')
credential = FLOW.step2_exchange(request.REQUEST)
cred_storage = Storage(CredentialsModel, 'id', request.user, 'credential')
cred_storage.put(credential)
return redirect(request.session.get('next_view', '/'))
