Commits

ronald martinez  committed 6ff61fd

ok

  • Participants
  • Parent commits a6c9bcd
  • Branches dev2

Comments (0)

Files changed (3)

File controllers/__init__.py

 
 class Facebook(object):
 
-    def window_location(redirect):
+    def window_location(self, redirect):
 
         url = '%s%s' % (
             settings.FACEBOOK_CANVAS_PAGE,
 
         return "<script>window.top.location='%s'</script>" % url
 
-    def window_authorize_location(redirect=None):
+    def window_authorize_location(self, redirect=None):
 
         url = '%s%s%s' % (
             settings.FACEBOOK_CANVAS_PAGE,
             'authorize/',
             redirect
         )
+
         return "<script>window.top.location='%s'</script>" % url
 
-    def authorize_permission(redirect):
+    def authorize_permission(self, redirect, state):
 
         permissions = (
             'email',
             client_id=settings.FACEBOOK_API_KEY,
             redirect_uri='%sauthorize/%s' % (
                 settings.FACEBOOK_CANVAS_PAGE, redirect),
-            scope=','.join(permissions)
+            scope=','.join(permissions),
+            state=state
         )
 
         url = '%s?%s' % (settings.FACEBOOK_OAUTH, urllib.urlencode(params))
         else:
             return data
 
+    def get_access_token_code(self, code, redirect):
+
+        params = dict(
+            client_id=settings.FACEBOOK_API_KEY,
+            client_secret=settings.FACEBOOK_API_SECRET,
+            code=code,
+            redirect_uri='%sauthorize/%s' % (
+                settings.FACEBOOK_CANVAS_PAGE, redirect)
+        )
+
+        try:
+            data = urllib.urlopen('%s?%s' % (
+                settings.FACEBOOK_ACCESS_TOKEN,
+                urllib.urlencode(params))
+            ).read()
+
+            return data.split('&')[0][len('access_token') + 1:]
+
+        except Exception as exc:
+            logging.error(exc)
+            return None
+
+    def get_access_token(self, access_token):
+
+        params = dict(
+            client_id=settings.FACEBOOK_API_KEY,
+            client_secret=settings.FACEBOOK_API_SECRET,
+            grant_type='fb_exchange_token',
+            fb_exchange_token=access_token
+        )
+
+        try:
+            data = urllib.urlopen('%s?%s' % (
+                settings.FACEBOOK_ACCESS_TOKEN,
+                urllib.urlencode(params))
+            ).read()
+
+            return data.split('&')[0][len('access_token') + 1:]
+
+        except Exception as exc:
+            logging.error(exc)
+            return None
+
     def get_info(self, access_token, user_id):
 
         params = dict(
                 url = ','.join(tmp_queries)
                 q = '{%s}' % url
 
-                #logging.info('q: %s' % q)
+                logging.info('q: %s' % q)
 
             return {'q': q, 'tmp_queries': tmp_queries}
 
             except Exception as exc:
                 logging.error(exc)
                 return None
+
+    def search_im_profile(self, access_token, friend_id, search_items=None):
+
+        keywords = []
+
+        def tags(connector, access_token, url=None):
+
+            if not url:
+
+                params = dict(
+                    access_token=access_token,
+                    fields='name',
+                    limit=50
+                )
+
+                url = '%s/%s/%s?%s' % (
+                    settings.FACEBOOK_GRAPH,
+                    friend_id,
+                    connector,
+                    urllib.urlencode(params)
+                )
+
+            logging.info('url: %s' % url)
+
+            try:
+                data = simplejson.loads(urllib.urlopen(url).read())
+            except IOError as exc:
+                logging.info(exc)
+                tags(connector, friend_id, access_token)
+
+            items = data.get('data')
+
+            if items:
+
+                for x in items:
+                    keywords.append(x['name'].lower().split(' '))
+
+                paging = data.get('paging')
+
+                if 'next' in paging:
+                    tags(
+                        connector,
+                        access_token,
+                        paging.get('next')
+                    )
+
+        connectors = (
+            'books',
+            'games',
+            'likes',
+            'music',
+            'movies',
+            'interests',
+            'television',
+            'activities'
+        )
+
+        for connector in connectors:
+            tags(connector, access_token)
+
+        data3 = []
+        for x in keywords:
+            for y in x:
+                if not y in data3 or y != '':
+                    data3.append(y)
+
+        return data3

File controllers/gift.py

         #Memcached.delete('509300321')
         user = self.current_user
         data = facebook.get_info(user.access_token, friend_id)
+        data2 = facebook.search_im_profile(user.access_token, friend_id)
+
+        skus = Session.query(Gift.sku).filter(
+            Gift.keywords.in_(','.join(data2))).all()
 
         if data:
 

File controllers/user.py

 import logging
 import settings
 import cPickle
+import hashlib
+import random
 
 from models import User
 
             settings.FACEBOOK_API_SECRET
         )
 
+        oauth_state = self.get_cookie('oauth_state')
+
+        state = self.get_argument('state', None)
+        code = self.get_argument('code', None)
+
+        if not code:
+            state = hashlib.md5(str(random.random())).hexdigest()
+            self.set_cookie('oauth_state', state)
+            self.finish(facebook.authorize_permission(redirect, state))
+        else:
+            if oauth_state != state:
+                logging.error('atack ccrf')
+            else:
+                access_token = facebook.get_access_token_code(code, redirect)
+                logging.info('access_token: %s' % access_token)
+        return
+
         if not 'user_id' in user_data_facebook:
             self.finish(facebook.authorize_permission(redirect))
         else:
     def post(self):
 
         cookie = self.get_current_user()
-
-        logging.info('cookie: %s' % cookie)
+        logging.info('cookie: %s' % cookie.access_token)
 
         if not cookie:
             self.finish(facebook.window_authorize_location('list_friends'))
 
         if 'error' in data:
             if data.get('error').get('type') == 'OAuthException':
-                self.finish(facebook.window_authorize_location('list_friends'))
+                if data.get('error').get('error_subcode') == 463:
+                    # https://developers.facebook.com/
+                    # docs/reference/api/errors/
+                    self.finish(
+                        facebook.window_authorize_location('list_friends'))
             else:
                 raise HTTPError(500)
         else: