def deauthorize_application(request):
"""
When a user deauthorizes an application, Facebook sends a HTTP POST request to the application's
"deauthorization callback" URL. This view picks up on requests of this sort and marks the corresponding
users as unauthorized.
"""
data = parse_signed_request(request.POST['signed_request'], FACEBOOK_APPLICATION_SECRET_KEY)
user = User.objects.get(facebook_id=data['user_id'])
user.authorized = False
user.save()
return HttpResponse()
def deauthorize_application(request):
"""
When a user deauthorizes an application, Facebook sends a HTTP POST request to the application's
"deauthorization callback" URL. This view picks up on requests of this sort and marks the corresponding
users as unauthorized.
"""
data = parse_signed_request(request.POST['signed_request'],
FACEBOOK_APPLICATION_SECRET_KEY)
user = User.objects.get(facebook_id=data['user_id'])
user.authorized = False
user.save()
return HttpResponse()
def deauthorize(request):
"""
Sets the 'is_active' field for user in user_profile table to false.
"""
if request.method == 'POST':
authResponse = request.POST.get('authResponse', '')
signed_request = authResponse['signedRequest']
secret = SocialApp.objects.filter(provider='facebook')[0].secret
# decoded data from signed request
data = utils.parse_signed_request(signed_request, secret)
# get the user account
userAccount = SocialAccount.objects.filter(uid=data['user_id'], provider='facebook')[0]
# set is_active = false in UserProfile
userProfile = UserProfile.objects.filter(user_id=userAccount.user_id)[0]
userProfile.deauthorize()
return HttpResponse('')
def fbstore(request, target):
secret = settings.LOGIN_REDIRECT_TARGETS['opensubs']['fb_secret']
data = json.loads(request.body)
signedRequest = data['signedRequest']
accessToken = data['accessToken']
k = data['k']
v = data['v']
fb = parse_signed_request(signedRequest, secret)
if fb is None:
return HttpResponse('%s: ERROR'%target)
else:
fb_user_id = fb['user_id']
fbuser = json.loads(urllib2.urlopen('https://graph.facebook.com/me?fields=id,email&access_token=%s'%accessToken).read(1000))
if fbuser['id'] != fb_user_id:
return HttpResponse('%s: ERROR'%target)
else:
email = fbuser['email']
user, is_created = User.objects.get_or_create(email=email)
user.get_profile().custom_metadata.add(UserCustomMetadata(app_id=target, k=k, v=v))
return HttpResponse('%s: OK'%target)
def deauthorize_application(request):
"""
When a user deauthorizes an application, Facebook sends a HTTP POST request to the application's
"deauthorization callback" URL. This view picks up on requests of this sort and marks the corresponding
users as unauthorized.
"""
# not sure why, but I didn't get any data in the post request
if not request.POST.get('signed_request', None):
logging.error("Facebook deauthorization callback didn't contain a signed_request ?")
logging.error(request.POST)
return HttpResponse()
data = parse_signed_request(request.POST['signed_request'], FACEBOOK_APPLICATION_SECRET_KEY)
user = User.objects.get(facebook_id=data['user_id'])
user.authorized = False
user.save()
return HttpResponse()
def fbstore(request, target):
secret = settings.LOGIN_REDIRECT_TARGETS['opensubs']['fb_secret']
data = json.loads(request.body)
signedRequest = data['signedRequest']
accessToken = data['accessToken']
k = data['k']
v = data['v']
fb = parse_signed_request(signedRequest, secret)
if fb is None:
return HttpResponse('%s: ERROR' % target)
else:
fb_user_id = fb['user_id']
fbuser = json.loads(
urllib2.urlopen(
'https://graph.facebook.com/me?fields=id,email&access_token=%s'
% accessToken).read(1000))
if fbuser['id'] != fb_user_id:
return HttpResponse('%s: ERROR' % target)
else:
email = fbuser['email']
user, is_created = User.objects.get_or_create(email=email)
user.profiles.get().custom_metadata.add(
UserCustomMetadata(app_id=target, k=k, v=v))
return HttpResponse('%s: OK' % target)
def process_request(self, request):
"""Populate request.facebook."""
if ENABLED_PATHS and DISABLED_PATHS:
raise ImproperlyConfigured('You may configure either FANDJANGO_ENABLED_PATHS or FANDJANGO_DISABLED_PATHS, but not both.')
if DISABLED_PATHS and is_disabled_path(request.path):
return
if ENABLED_PATHS and not is_enabled_path(request.path):
return
# Signed request found in either GET, POST or COOKIES...
if 'signed_request' in request.REQUEST or 'signed_request' in request.COOKIES:
request.facebook = Facebook()
# If the request method is POST and its body only contains the signed request,
# chances are it's a request from the Facebook platform and we'll override
# the request method to HTTP GET to rectify their misinterpretation
# of the HTTP protocol standard.
#
# References:
# "POST for Canvas" migration at http://developers.facebook.com/docs/canvas/post/
# "Incorrect use of the HTTP protocol" discussion at http://forum.developers.facebook.net/viewtopic.php?id=93554
if request.method == 'POST' and 'signed_request' in request.POST:
request.method = 'GET'
request.facebook.signed_request = request.REQUEST.get('signed_request') or request.COOKIES.get('signed_request')
facebook_data = parse_signed_request(
signed_request = request.facebook.signed_request,
app_secret = FACEBOOK_APPLICATION_SECRET_KEY
)
# The application is accessed from a tab on a Facebook page...
if 'page' in facebook_data:
request.facebook.page = FacebookPage(
id = facebook_data['page']['id'],
is_admin = facebook_data['page']['admin'],
is_liked = facebook_data['page']['liked']
)
# User has authorized the application...
if 'user_id' in facebook_data:
# Redirect to Facebook Authorization if the OAuth token has expired
if facebook_data['expires'] and datetime.fromtimestamp(facebook_data['expires']) < datetime.now():
return redirect_to_facebook_authorization(
redirect_uri = FACEBOOK_APPLICATION_URL + request.get_full_path()
)
# Initialize a User object and its corresponding OAuth token
try:
user = User.objects.get(facebook_id=facebook_data['user_id'])
except User.DoesNotExist:
oauth_token = OAuthToken.objects.create(
token = facebook_data['oauth_token'],
issued_at = datetime.fromtimestamp(facebook_data['issued_at']),
expires_at = datetime.fromtimestamp(facebook_data['expires'])
)
profile = get_facebook_profile(oauth_token.token)
user = User.objects.create(
facebook_id = profile.get('id'),
facebook_username = profile.get('username'),
first_name = profile.get('first_name'),
last_name = profile.get('last_name'),
profile_url = profile.get('link'),
gender = profile.get('gender'),
hometown = profile['hometown']['name'] if profile.has_key('hometown') else None,
location = profile['location']['name'] if profile.has_key('location') else None,
bio = profile.get('bio'),
relationship_status = profile.get('relationship_status'),
political_views = profile.get('political'),
email = profile.get('email'),
website = profile.get('website'),
locale = profile.get('locale'),
verified = profile.get('verified'),
birthday = datetime.strptime(profile['birthday'], '%m/%d/%Y') if profile.has_key('birthday') else None,
oauth_token = oauth_token
)
else:
user.last_seen_at = datetime.now()
user.authorized = True
if facebook_data.has_key('oauth_token'):
user.oauth_token.token = facebook_data['oauth_token']
user.oauth_token.issued_at = datetime.fromtimestamp(facebook_data['issued_at'])
user.oauth_token.expires_at = datetime.fromtimestamp(facebook_data['expires']) if facebook_data['expires'] else None
user.oauth_token.save()
user.save()
request.facebook.user = user
# ... no signed request found.
else:
request.facebook = False
def process_request(self, request):
"""Populate request.facebook."""
if ENABLED_PATHS and DISABLED_PATHS:
raise ImproperlyConfigured(
"You may configure either FANDJANGO_ENABLED_PATHS or FANDJANGO_DISABLED_PATHS, but not both."
)
if DISABLED_PATHS and is_disabled_path(request.path):
return
if ENABLED_PATHS and not is_enabled_path(request.path):
return
# Signed request found in either GET, POST or COOKIES...
if "signed_request" in request.REQUEST or "signed_request" in request.COOKIES:
request.facebook = Facebook()
# If the request method is POST and its body only contains the signed request,
# chances are it's a request from the Facebook platform and we'll override
# the request method to HTTP GET to rectify their misinterpretation
# of the HTTP protocol standard.
#
# References:
# "POST for Canvas" migration at http://developers.facebook.com/docs/canvas/post/
# "Incorrect use of the HTTP protocol" discussion at http://forum.developers.facebook.net/viewtopic.php?id=93554
if request.method == "POST" and "signed_request" in request.POST:
request.method = "GET"
request.facebook.signed_request = request.REQUEST.get("signed_request") or request.COOKIES.get(
"signed_request"
)
facebook_data = parse_signed_request(
signed_request=request.facebook.signed_request, app_secret=FACEBOOK_APPLICATION_SECRET_KEY
)
# The application is accessed from a tab on a Facebook page...
if "page" in facebook_data:
request.facebook.page = FacebookPage(
id=facebook_data["page"]["id"],
is_admin=facebook_data["page"]["admin"],
is_liked=facebook_data["page"]["liked"],
)
# User has authorized the application...
if "user_id" in facebook_data:
# Redirect to Facebook Authorization if the OAuth token has expired
if (
facebook_data.get("expires")
and datetime.fromtimestamp(facebook_data.get("expires")) < datetime.now()
):
return redirect_to_facebook_authorization(
redirect_uri=FACEBOOK_APPLICATION_URL + request.get_full_path()
)
# Initialize a User object and its corresponding OAuth token
try:
user = User.objects.get(facebook_id=facebook_data["user_id"])
except User.DoesNotExist:
oauth_token = OAuthToken.objects.create(
token=facebook_data["oauth_token"],
issued_at=datetime.fromtimestamp(facebook_data["issued_at"]),
expires_at=datetime.fromtimestamp(facebook_data.get("expires"))
if facebook_data.get("expires")
else None,
)
profile = get_facebook_profile(oauth_token.token)
user = User.objects.create(
facebook_id=profile.get("id"),
facebook_username=profile.get("username"),
first_name=profile.get("first_name"),
last_name=profile.get("last_name"),
profile_url=profile.get("link"),
gender=profile.get("gender"),
hometown=profile["hometown"].get("name") if profile.has_key("hometown") else None,
location=profile["location"].get("name") if profile.has_key("location") else None,
bio=profile.get("bio"),
relationship_status=profile.get("relationship_status"),
political_views=profile.get("political"),
email=profile.get("email"),
website=profile.get("website"),
locale=profile.get("locale"),
verified=profile.get("verified"),
birthday=datetime.strptime(profile["birthday"], "%m/%d/%Y")
if profile.has_key("birthday")
else None,
oauth_token=oauth_token,
)
else:
user.last_seen_at = datetime.now()
user.authorized = True
if facebook_data.has_key("oauth_token"):
user.oauth_token.token = facebook_data["oauth_token"]
user.oauth_token.issued_at = datetime.fromtimestamp(facebook_data["issued_at"])
user.oauth_token.expires_at = (
datetime.fromtimestamp(facebook_data.get("expires"))
if facebook_data.get("expires")
else None
)
user.oauth_token.save()
user.save()
request.facebook.user = user
# ... no signed request found.
else:
request.facebook = False
def process_request(self, request):
"""Populate request.facebook."""
if ENABLED_PATHS and DISABLED_PATHS:
raise ImproperlyConfigured(
'You may configure either FANDJANGO_ENABLED_PATHS or FANDJANGO_DISABLED_PATHS, but not both.'
)
if DISABLED_PATHS and is_disabled_path(request.path):
return
if ENABLED_PATHS and not is_enabled_path(request.path):
return
# Signed request found in either GET, POST or COOKIES...
if 'signed_request' in request.REQUEST or 'signed_request' in request.COOKIES:
request.facebook = Facebook()
# If the request method is POST and its body only contains the signed request,
# chances are it's a request from the Facebook platform and we'll override
# the request method to HTTP GET to rectify their misinterpretation
# of the HTTP protocol standard.
#
# References:
# "POST for Canvas" migration at http://developers.facebook.com/docs/canvas/post/
# "Incorrect use of the HTTP protocol" discussion at http://forum.developers.facebook.net/viewtopic.php?id=93554
if request.method == 'POST' and 'signed_request' in request.POST:
request.method = 'GET'
request.facebook.signed_request = request.REQUEST.get(
'signed_request') or request.COOKIES.get('signed_request')
facebook_data = parse_signed_request(
signed_request=request.facebook.signed_request,
app_secret=FACEBOOK_APPLICATION_SECRET_KEY)
# The application is accessed from a tab on a Facebook page...
if 'page' in facebook_data:
request.facebook.page = FacebookPage(
id=facebook_data['page']['id'],
is_admin=facebook_data['page']['admin'],
is_liked=facebook_data['page']['liked'])
# User has authorized the application...
if 'user_id' in facebook_data:
# Redirect to Facebook Authorization if the OAuth token has expired
if facebook_data['expires']:
if datetime.fromtimestamp(
facebook_data['expires']) < datetime.now():
return redirect_to_facebook_authorization(
redirect_uri=FACEBOOK_APPLICATION_URL +
request.get_full_path())
# Initialize a User object and its corresponding OAuth token
try:
user = User.objects.get(
facebook_id=facebook_data['user_id'])
except User.DoesNotExist:
oauth_token = OAuthToken.objects.create(
token=facebook_data['oauth_token'],
issued_at=datetime.fromtimestamp(
facebook_data['issued_at']),
expires_at=datetime.fromtimestamp(
facebook_data['expires']))
profile = get_facebook_profile(oauth_token.token)
user = User.objects.create(
facebook_id=profile.get('id'),
facebook_username=profile.get('username'),
first_name=profile.get('first_name'),
last_name=profile.get('last_name'),
profile_url=profile.get('link'),
gender=profile.get('gender'),
hometown=profile['hometown']['name']
if profile.has_key('hometown') else None,
location=profile['location']['name']
if profile.has_key('location') else None,
bio=profile.get('bio'),
relationship_status=profile.get('relationship_status'),
political_views=profile.get('political'),
email=profile.get('email'),
website=profile.get('website'),
locale=profile.get('locale'),
verified=profile.get('verified'),
birthday=datetime.strptime(profile['birthday'],
'%m/%d/%Y')
if profile.has_key('birthday') else None,
oauth_token=oauth_token)
else:
user.last_seen_at = datetime.now()
user.authorized = True
user.save()
if facebook_data.has_key('oauth_token'):
user.oauth_token.token = facebook_data['oauth_token']
user.oauth_token.issued_at = datetime.fromtimestamp(
facebook_data['issued_at'])
user.oauth_token.expires_at = datetime.fromtimestamp(
facebook_data['expires']
) if facebook_data['expires'] else None
user.oauth_token.save()
request.facebook.user = user
else:
request.facebook = False
def _parse_signed_request(self, signed_request, app_secret):
return parse_signed_request(signed_request, app_secret)
