Last active
February 7, 2016 10:17
-
-
Save lrettig/7ca94ba45961207a7bd3 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import facebook | |
from flask.ext.security.decorators import anonymous_user_required | |
from flask.ext.social.utils import get_provider_or_404 | |
from flask.ext.social.views import _security, login_handler | |
@app.route('/login_social/<provider_id>', methods=['GET', 'POST']) | |
@anonymous_user_required | |
def login_social(provider_id=None): | |
""" | |
Login via credentials from a social network. For now only supports | |
Facebook. | |
""" | |
# TODO: add support for other providers | |
if not provider_id or provider_id != 'facebook': | |
abort(404) | |
if request.json: | |
form_data = MultiDict(request.json) | |
else: | |
form_data = request.form | |
form = LoginSocialForm(form_data) | |
if form.validate_on_submit(): | |
access_token = form_data['token'] | |
provider = get_provider_or_404(provider_id) | |
# validate/debug the token | |
graph = facebook.GraphAPI(access_token) | |
token_info = graph.get_object("/debug_token?input_token=%s" % | |
access_token) | |
debug("Got token info: %s", token_info) | |
def validate_token_info(token_info): | |
# We got a response | |
if not token_info: | |
return False | |
# We can read it | |
if not token_info['data']: | |
return False | |
# The token is valid | |
if not token_info['data']['is_valid']: | |
return False | |
# The app ID matches | |
if token_info['data']['app_id'] != provider.consumer_key: | |
return False | |
return True | |
if not validate_token_info(token_info): | |
do_flash('Invalid token for %s' % provider.name, 'error') | |
return _security.login_manager.unauthorized(), None | |
# look for a connection | |
query = dict( | |
provider_user_id=token_info['data']['user_id'], | |
provider_id=provider_id) | |
# login, or fail back to register workflow. The first argument, the | |
# oauth response, is probably unused and anyway we don't really have | |
# one. | |
return login_handler(None, provider, query) | |
if request.json: | |
return _render_json(form) | |
return render_template('login_social.html', form=form, provider=provider_id) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment