Eldhose John avatar Eldhose John committed 518a402

Added Social auth via social_auth parameter [WIP].

Comments (0)

Files changed (3)

piston/authentication/oauth/views.py

 @csrf_exempt
 def get_access_token(request):
     oauth_request = get_oauth_request(request)
-
+    
     is_xauth = oauth_request is not None and 'x_auth_mode' in oauth_request
 
     if is_xauth:
 
     return HttpResponse(ret, content_type='application/x-www-form-urlencoded')
 
+        
 @csrf_exempt
+#Call inside app only
 
-def get_access_token_facebook(request):
+def get_access_token_for_user(request, user=None):
+
     oauth_request = get_oauth_request(request)
-    
-    if oauth_request['x_auth_mode'] != 'facebook_auth':
-        return HttpResponseBadRequest('Invalid x_auth_mode value, expected "facebook_auth".')
-        missing_params = require_params(oauth_request, ('facebook_id'))
-    else:
-        missing_params = require_params(oauth_request, ('oauth_token', 'oauth_verifier'))
-        
-    if missing_params is not None:
-        return missing_params
+       
+    is_xauth = True #XAuth status is required for the Consumer for Social Auth
     
     try:
         consumer = store.get_consumer(request, oauth_request, oauth_request['oauth_consumer_key'])
     except InvalidConsumerError:
         return HttpResponseBadRequest('Invalid consumer.')
+    
+    if is_xauth:
+        if not consumer.xauth_allowed:
+            return HttpResponseForbidden('xAuth not allowed for this consumer.')
+        request_token = None
+    else:
+        try:
+            request_token = store.get_request_token(request, oauth_request, oauth_request['oauth_token'])
+        except InvalidTokenError:
+            return HttpResponseBadRequest('Invalid request token.')
+
+    if not verify_oauth_request(request, oauth_request, consumer, request_token):
+        return HttpResponseBadRequest('Could not verify OAuth request.')
+
+    if not is_xauth and oauth_request.get('oauth_verifier', None) != request_token.verifier:
+        return HttpResponseBadRequest('Invalid OAuth verifier.')
+
+    if is_xauth:
+        if user and user.is_active:
+            access_token = store.create_access_token_for_user(request, oauth_request, consumer, user)
+        else:
+            return HttpResponseForbidden('xAuth username/password combination invalid.')
+    else:
+        access_token = store.create_access_token(request, oauth_request, consumer, request_token)
+
+    ret = urlencode({
+        'oauth_token': access_token.key,
+        'oauth_token_secret': access_token.secret,
+        'userid': access_token.user.id,
+        'screen_name': access_token.user.first_name.encode('utf-8'),    #The visible_name property is replaced with first_name for the default User
+    })
+
+    return HttpResponse(ret, content_type='application/x-www-form-urlencoded')
         
-    return "Yet to implement."
+    
+    
 
  

piston/handler.py

     Anonymous handler.
     """
     is_anonymous = True
-    allowed_methods = ('GET',)
+    allowed_methods = ('GET','POST',)   # To be Deleted POST
+    

piston/resource.py

     def cleanup_request(request):
         """
         Removes `oauth_` keys from various dicts on the
-        request object, and returns the sanitized version.
+        request object, and returns the sanitized version.    
+                
+        Social Authentication
+        
+        Facebook
+        
+        Facebook-id are stored typically in UserProfile and validation happens in the application.
+        So the OAuth tokens will be issued [authentication/views.py] once the facebook-id is validated.
+    
         """
-        for method_type in ('GET', 'PUT', 'POST', 'DELETE'):
-            block = getattr(request, method_type, { })
+        
+        if 'social_auth' in request.POST:
+            social_auth = True
+        else:
+            social_auth = False
 
-            if True in [ k.startswith("oauth_") for k in block.keys() ]:
-                sanitized = block.copy()
-
-                for k in sanitized.keys():
-                    if k.startswith("oauth_"):
-                        sanitized.pop(k)
-
-                setattr(request, method_type, sanitized)
-
-        return request
-
-    # --
+        if not social_auth:
+                
+            for method_type in ('GET', 'PUT', 'POST', 'DELETE'):
+                block = getattr(request, method_type, { })
+    
+                if True in [ k.startswith("oauth_") for k in block.keys() ]:
+                    sanitized = block.copy()
+    
+                    for k in sanitized.keys():
+                        if k.startswith("oauth_"):
+                            sanitized.pop(k)
+    
+                    setattr(request, method_type, sanitized)
+    
+            return request
+        else:
+            return request                  
 
     def email_exception(self, reporter):
         subject = "Piston crash report"
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.