def deauthorize_application(request): """ When a user deauthorizes an application, Facebook sends a HTTP POST request to the application's "deauthorization callback" URL. This view picks up on requests of this sort and marks the corresponding users as unauthorized. """ data = parse_signed_request(request.POST['signed_request'], FACEBOOK_APPLICATION_SECRET_KEY) user = User.objects.get(facebook_id=data['user_id']) user.authorized = False user.save() return HttpResponse()
def deauthorize(request): """ Sets the 'is_active' field for user in user_profile table to false. """ if request.method == 'POST': authResponse = request.POST.get('authResponse', '') signed_request = authResponse['signedRequest'] secret = SocialApp.objects.filter(provider='facebook')[0].secret # decoded data from signed request data = utils.parse_signed_request(signed_request, secret) # get the user account userAccount = SocialAccount.objects.filter(uid=data['user_id'], provider='facebook')[0] # set is_active = false in UserProfile userProfile = UserProfile.objects.filter(user_id=userAccount.user_id)[0] userProfile.deauthorize() return HttpResponse('')
def fbstore(request, target): secret = settings.LOGIN_REDIRECT_TARGETS['opensubs']['fb_secret'] data = json.loads(request.body) signedRequest = data['signedRequest'] accessToken = data['accessToken'] k = data['k'] v = data['v'] fb = parse_signed_request(signedRequest, secret) if fb is None: return HttpResponse('%s: ERROR'%target) else: fb_user_id = fb['user_id'] fbuser = json.loads(urllib2.urlopen('https://graph.facebook.com/me?fields=id,email&access_token=%s'%accessToken).read(1000)) if fbuser['id'] != fb_user_id: return HttpResponse('%s: ERROR'%target) else: email = fbuser['email'] user, is_created = User.objects.get_or_create(email=email) user.get_profile().custom_metadata.add(UserCustomMetadata(app_id=target, k=k, v=v)) return HttpResponse('%s: OK'%target)
def deauthorize_application(request): """ When a user deauthorizes an application, Facebook sends a HTTP POST request to the application's "deauthorization callback" URL. This view picks up on requests of this sort and marks the corresponding users as unauthorized. """ # not sure why, but I didn't get any data in the post request if not request.POST.get('signed_request', None): logging.error("Facebook deauthorization callback didn't contain a signed_request ?") logging.error(request.POST) return HttpResponse() data = parse_signed_request(request.POST['signed_request'], FACEBOOK_APPLICATION_SECRET_KEY) user = User.objects.get(facebook_id=data['user_id']) user.authorized = False user.save() return HttpResponse()
def fbstore(request, target): secret = settings.LOGIN_REDIRECT_TARGETS['opensubs']['fb_secret'] data = json.loads(request.body) signedRequest = data['signedRequest'] accessToken = data['accessToken'] k = data['k'] v = data['v'] fb = parse_signed_request(signedRequest, secret) if fb is None: return HttpResponse('%s: ERROR' % target) else: fb_user_id = fb['user_id'] fbuser = json.loads( urllib2.urlopen( 'https://graph.facebook.com/me?fields=id,email&access_token=%s' % accessToken).read(1000)) if fbuser['id'] != fb_user_id: return HttpResponse('%s: ERROR' % target) else: email = fbuser['email'] user, is_created = User.objects.get_or_create(email=email) user.profiles.get().custom_metadata.add( UserCustomMetadata(app_id=target, k=k, v=v)) return HttpResponse('%s: OK' % target)
def process_request(self, request): """Populate request.facebook.""" if ENABLED_PATHS and DISABLED_PATHS: raise ImproperlyConfigured('You may configure either FANDJANGO_ENABLED_PATHS or FANDJANGO_DISABLED_PATHS, but not both.') if DISABLED_PATHS and is_disabled_path(request.path): return if ENABLED_PATHS and not is_enabled_path(request.path): return # Signed request found in either GET, POST or COOKIES... if 'signed_request' in request.REQUEST or 'signed_request' in request.COOKIES: request.facebook = Facebook() # If the request method is POST and its body only contains the signed request, # chances are it's a request from the Facebook platform and we'll override # the request method to HTTP GET to rectify their misinterpretation # of the HTTP protocol standard. # # References: # "POST for Canvas" migration at http://developers.facebook.com/docs/canvas/post/ # "Incorrect use of the HTTP protocol" discussion at http://forum.developers.facebook.net/viewtopic.php?id=93554 if request.method == 'POST' and 'signed_request' in request.POST: request.method = 'GET' request.facebook.signed_request = request.REQUEST.get('signed_request') or request.COOKIES.get('signed_request') facebook_data = parse_signed_request( signed_request = request.facebook.signed_request, app_secret = FACEBOOK_APPLICATION_SECRET_KEY ) # The application is accessed from a tab on a Facebook page... if 'page' in facebook_data: request.facebook.page = FacebookPage( id = facebook_data['page']['id'], is_admin = facebook_data['page']['admin'], is_liked = facebook_data['page']['liked'] ) # User has authorized the application... if 'user_id' in facebook_data: # Redirect to Facebook Authorization if the OAuth token has expired if facebook_data['expires'] and datetime.fromtimestamp(facebook_data['expires']) < datetime.now(): return redirect_to_facebook_authorization( redirect_uri = FACEBOOK_APPLICATION_URL + request.get_full_path() ) # Initialize a User object and its corresponding OAuth token try: user = User.objects.get(facebook_id=facebook_data['user_id']) except User.DoesNotExist: oauth_token = OAuthToken.objects.create( token = facebook_data['oauth_token'], issued_at = datetime.fromtimestamp(facebook_data['issued_at']), expires_at = datetime.fromtimestamp(facebook_data['expires']) ) profile = get_facebook_profile(oauth_token.token) user = User.objects.create( facebook_id = profile.get('id'), facebook_username = profile.get('username'), first_name = profile.get('first_name'), last_name = profile.get('last_name'), profile_url = profile.get('link'), gender = profile.get('gender'), hometown = profile['hometown']['name'] if profile.has_key('hometown') else None, location = profile['location']['name'] if profile.has_key('location') else None, bio = profile.get('bio'), relationship_status = profile.get('relationship_status'), political_views = profile.get('political'), email = profile.get('email'), website = profile.get('website'), locale = profile.get('locale'), verified = profile.get('verified'), birthday = datetime.strptime(profile['birthday'], '%m/%d/%Y') if profile.has_key('birthday') else None, oauth_token = oauth_token ) else: user.last_seen_at = datetime.now() user.authorized = True if facebook_data.has_key('oauth_token'): user.oauth_token.token = facebook_data['oauth_token'] user.oauth_token.issued_at = datetime.fromtimestamp(facebook_data['issued_at']) user.oauth_token.expires_at = datetime.fromtimestamp(facebook_data['expires']) if facebook_data['expires'] else None user.oauth_token.save() user.save() request.facebook.user = user # ... no signed request found. else: request.facebook = False
def process_request(self, request): """Populate request.facebook.""" if ENABLED_PATHS and DISABLED_PATHS: raise ImproperlyConfigured( "You may configure either FANDJANGO_ENABLED_PATHS or FANDJANGO_DISABLED_PATHS, but not both." ) if DISABLED_PATHS and is_disabled_path(request.path): return if ENABLED_PATHS and not is_enabled_path(request.path): return # Signed request found in either GET, POST or COOKIES... if "signed_request" in request.REQUEST or "signed_request" in request.COOKIES: request.facebook = Facebook() # If the request method is POST and its body only contains the signed request, # chances are it's a request from the Facebook platform and we'll override # the request method to HTTP GET to rectify their misinterpretation # of the HTTP protocol standard. # # References: # "POST for Canvas" migration at http://developers.facebook.com/docs/canvas/post/ # "Incorrect use of the HTTP protocol" discussion at http://forum.developers.facebook.net/viewtopic.php?id=93554 if request.method == "POST" and "signed_request" in request.POST: request.method = "GET" request.facebook.signed_request = request.REQUEST.get("signed_request") or request.COOKIES.get( "signed_request" ) facebook_data = parse_signed_request( signed_request=request.facebook.signed_request, app_secret=FACEBOOK_APPLICATION_SECRET_KEY ) # The application is accessed from a tab on a Facebook page... if "page" in facebook_data: request.facebook.page = FacebookPage( id=facebook_data["page"]["id"], is_admin=facebook_data["page"]["admin"], is_liked=facebook_data["page"]["liked"], ) # User has authorized the application... if "user_id" in facebook_data: # Redirect to Facebook Authorization if the OAuth token has expired if ( facebook_data.get("expires") and datetime.fromtimestamp(facebook_data.get("expires")) < datetime.now() ): return redirect_to_facebook_authorization( redirect_uri=FACEBOOK_APPLICATION_URL + request.get_full_path() ) # Initialize a User object and its corresponding OAuth token try: user = User.objects.get(facebook_id=facebook_data["user_id"]) except User.DoesNotExist: oauth_token = OAuthToken.objects.create( token=facebook_data["oauth_token"], issued_at=datetime.fromtimestamp(facebook_data["issued_at"]), expires_at=datetime.fromtimestamp(facebook_data.get("expires")) if facebook_data.get("expires") else None, ) profile = get_facebook_profile(oauth_token.token) user = User.objects.create( facebook_id=profile.get("id"), facebook_username=profile.get("username"), first_name=profile.get("first_name"), last_name=profile.get("last_name"), profile_url=profile.get("link"), gender=profile.get("gender"), hometown=profile["hometown"].get("name") if profile.has_key("hometown") else None, location=profile["location"].get("name") if profile.has_key("location") else None, bio=profile.get("bio"), relationship_status=profile.get("relationship_status"), political_views=profile.get("political"), email=profile.get("email"), website=profile.get("website"), locale=profile.get("locale"), verified=profile.get("verified"), birthday=datetime.strptime(profile["birthday"], "%m/%d/%Y") if profile.has_key("birthday") else None, oauth_token=oauth_token, ) else: user.last_seen_at = datetime.now() user.authorized = True if facebook_data.has_key("oauth_token"): user.oauth_token.token = facebook_data["oauth_token"] user.oauth_token.issued_at = datetime.fromtimestamp(facebook_data["issued_at"]) user.oauth_token.expires_at = ( datetime.fromtimestamp(facebook_data.get("expires")) if facebook_data.get("expires") else None ) user.oauth_token.save() user.save() request.facebook.user = user # ... no signed request found. else: request.facebook = False
def process_request(self, request): """Populate request.facebook.""" if ENABLED_PATHS and DISABLED_PATHS: raise ImproperlyConfigured( 'You may configure either FANDJANGO_ENABLED_PATHS or FANDJANGO_DISABLED_PATHS, but not both.' ) if DISABLED_PATHS and is_disabled_path(request.path): return if ENABLED_PATHS and not is_enabled_path(request.path): return # Signed request found in either GET, POST or COOKIES... if 'signed_request' in request.REQUEST or 'signed_request' in request.COOKIES: request.facebook = Facebook() # If the request method is POST and its body only contains the signed request, # chances are it's a request from the Facebook platform and we'll override # the request method to HTTP GET to rectify their misinterpretation # of the HTTP protocol standard. # # References: # "POST for Canvas" migration at http://developers.facebook.com/docs/canvas/post/ # "Incorrect use of the HTTP protocol" discussion at http://forum.developers.facebook.net/viewtopic.php?id=93554 if request.method == 'POST' and 'signed_request' in request.POST: request.method = 'GET' request.facebook.signed_request = request.REQUEST.get( 'signed_request') or request.COOKIES.get('signed_request') facebook_data = parse_signed_request( signed_request=request.facebook.signed_request, app_secret=FACEBOOK_APPLICATION_SECRET_KEY) # The application is accessed from a tab on a Facebook page... if 'page' in facebook_data: request.facebook.page = FacebookPage( id=facebook_data['page']['id'], is_admin=facebook_data['page']['admin'], is_liked=facebook_data['page']['liked']) # User has authorized the application... if 'user_id' in facebook_data: # Redirect to Facebook Authorization if the OAuth token has expired if facebook_data['expires']: if datetime.fromtimestamp( facebook_data['expires']) < datetime.now(): return redirect_to_facebook_authorization( redirect_uri=FACEBOOK_APPLICATION_URL + request.get_full_path()) # Initialize a User object and its corresponding OAuth token try: user = User.objects.get( facebook_id=facebook_data['user_id']) except User.DoesNotExist: oauth_token = OAuthToken.objects.create( token=facebook_data['oauth_token'], issued_at=datetime.fromtimestamp( facebook_data['issued_at']), expires_at=datetime.fromtimestamp( facebook_data['expires'])) profile = get_facebook_profile(oauth_token.token) user = User.objects.create( facebook_id=profile.get('id'), facebook_username=profile.get('username'), first_name=profile.get('first_name'), last_name=profile.get('last_name'), profile_url=profile.get('link'), gender=profile.get('gender'), hometown=profile['hometown']['name'] if profile.has_key('hometown') else None, location=profile['location']['name'] if profile.has_key('location') else None, bio=profile.get('bio'), relationship_status=profile.get('relationship_status'), political_views=profile.get('political'), email=profile.get('email'), website=profile.get('website'), locale=profile.get('locale'), verified=profile.get('verified'), birthday=datetime.strptime(profile['birthday'], '%m/%d/%Y') if profile.has_key('birthday') else None, oauth_token=oauth_token) else: user.last_seen_at = datetime.now() user.authorized = True user.save() if facebook_data.has_key('oauth_token'): user.oauth_token.token = facebook_data['oauth_token'] user.oauth_token.issued_at = datetime.fromtimestamp( facebook_data['issued_at']) user.oauth_token.expires_at = datetime.fromtimestamp( facebook_data['expires'] ) if facebook_data['expires'] else None user.oauth_token.save() request.facebook.user = user else: request.facebook = False
def _parse_signed_request(self, signed_request, app_secret): return parse_signed_request(signed_request, app_secret)