Commits

Dan Callahan committed bd8ad8b

Update URLs

  • Participants
  • Parent commits 7598800

Comments (0)

Files changed (2)

 import json
 
 app = Flask(__name__)
-app.secret_key = '\x87\xb6\x1f\x0e|m6l\xfbh\xd9\x9f\xc1\xca\x08-'
+app.secret_key = '\x87\xb6\x1f\x0e|6l\xfbhn\xd9\x9f\xc1\xca\x08-'
 
 
 @app.route('/')
     return render_template('index.html')
 
 
+# Handle user login requests with a POST to /login on our server
 @app.route('/login', methods=['POST'])
 def login():
+
+    # The request has to have an "assertion" for us to verify"
     if 'assertion' not in request.form:
         abort(400)
 
+    # Send the assertion to Mozilla's verifier service.
+    # I could do this locally, too.
     data = {'assertion': request.form['assertion'], 'audience': 'localhost'}
-    resp = requests.post('https://dev.diresworb.org/verify', data=data)
+    resp = requests.post('https://verifier.login.persona.org/verify', data=data)
     if resp.ok:
+        # Now I have a JSON object with the user's verified email in it.
         verification = json.loads(resp.content)
+
+        # Did the assetion successfully validate? If so, log the user in.
         if verification['status'] == 'okay':
             session.update({'email': verification['email']})
         return resp.content
     abort(500)
 
 
+# Clear the user's session when they POST to /logout on my server
 @app.route('/logout', methods=['POST'])
 def logout():
     session.pop('email', None)

File templates/index.html

   <head>
     <meta http-equiv="content-type" content="text/html; charset=utf-8">
     <title>Mozilla Persona Example</title>
+  </head>
   <body>
     <p>You are currently logged in as {{ session.email or "Nobody" }}</p>
     {% if session.email %}
     {% endif %}
 
     <script type="text/javascript" src="/static/jquery-1.7.2.min.js"></script>
-    <script type="text/javascript" src="http://dev.diresworb.org/include.js"></script>
+    <script type="text/javascript" src="http://login.persona.org/include.js"></script>
     <script type="text/javascript">
+      /* What should we do when a user is logged in or out? */
+
+      // Who do we think is logged in right now?
+      {% if session.email %}
       var currentUser = '{{ session.email }}';
+      {% else %}
+      var currentUser = null;
+      {% endif %}
 
       navigator.id.watch({
+        // Who do we think is logged in?
         loggedInEmail: currentUser,
+
+        // On a login event, we should get an "assertion" from the user.
+        // Send it to our server's backend for verification.
         onlogin: function(assertion) {
+          console.log('Got assertion: ' + assertion);
           $.ajax({
             type: 'POST',
-            url: '/login',
+            url: '/login', // This is a URL on our website.
             data: {assertion: assertion},
+            success: function() { window.location.reload(); },
+          });
+          return false;
+        },
+
+        // On a logout event, we should clear the user's session.
+        // Let's do that by POSTing to a logout page on our server.
+        onlogout: function() {
+          navigator.id.logout();
+          $.ajax({
+            type: 'POST',
+            url: '/logout', // This is a URL on our website.
             success: function() { window.location.reload(); }
           });
           return false;
-        },
-        onlogout: function() {
-          if (currentUser) {
-            $.ajax({
-              type: 'POST',
-              url: '/logout',
-              success: function() { window.location.reload(); }
-            });
-            return false;
-          }
         }
       });
 
+
+
+      /* Hook up sign in / sign out links */
+
+      // Execute navigator.id.request(); when the user clicks "Sign In"
       var signinLink = document.getElementById('signin');
       if (signinLink) {
         signinLink.onclick = function() { navigator.id.request(); };
       };
 
-
+      // Execute navigator.id.logout(); when the user clicks "Sign Out"
       var signoutLink = document.getElementById('signout');
       if (signoutLink) {
         signoutLink.onclick = function() { navigator.id.logout(); };
       };
     </script>
-  </head>
   </body>
 </html>