From: jordan Date: Sat, 10 Dec 2011 11:21:03 +0000 (+0000) Subject: do not use the JavaScript SDK for Facebook authentication, use the server side flow... X-Git-Tag: live~106 X-Git-Url: https://git.openstreetmap.org/osqa.git/commitdiff_plain/b86411ce4ba88589a32ce6c19a89ba5ae90e4a6e do not use the JavaScript SDK for Facebook authentication, use the server side flow, store access token in session (rather than in a cookie) git-svn-id: http://svn.osqa.net/svnroot/osqa/trunk@1211 0cfe37f9-358a-4d5e-be75-b63607b5c754 --- diff --git a/forum/views/auth.py b/forum/views/auth.py index d11c20b..9e7d6c6 100644 --- a/forum/views/auth.py +++ b/forum/views/auth.py @@ -196,11 +196,7 @@ def external_register(request): provider_class = AUTH_PROVIDERS[auth_provider].consumer - # Pass the cookies to the Facebook authentication class get_user_data method. We need them to take the access token. - if provider_class.__class__.__name__ == 'FacebookAuthConsumer': - user_data = provider_class.get_user_data(request.COOKIES) - else: - user_data = provider_class.get_user_data(request.session['assoc_key']) + user_data = provider_class.get_user_data(request.session['assoc_key']) if not user_data: user_data = request.session.get('auth_consumer_data', {}) diff --git a/forum_modules/facebookauth/authentication.py b/forum_modules/facebookauth/authentication.py index 4e9a44a..55cf16d 100644 --- a/forum_modules/facebookauth/authentication.py +++ b/forum_modules/facebookauth/authentication.py @@ -1,17 +1,20 @@ -import hashlib -from time import time -from datetime import datetime +# -*- coding: utf-8 -*- + +import cgi +import logging + from urllib import urlopen, urlencode -from urlparse import parse_qs from forum.authentication.base import AuthenticationConsumer, ConsumerTemplateContext, InvalidAuthentication -from django.utils.translation import ugettext as _ + +from django.conf import settings as django_settings from django.utils.encoding import smart_unicode +from django.utils.translation import ugettext as _ import settings try: from json import load as load_json -except: +except Exception: from django.utils.simplejson import JSONDecoder def load_json(json): @@ -19,60 +22,54 @@ except: return decoder.decode(json.read()) class FacebookAuthConsumer(AuthenticationConsumer): + + def prepare_authentication_request(self, request, redirect_to): + args = dict( + client_id=settings.FB_API_KEY, + redirect_uri="%s%s" % (django_settings.APP_URL, redirect_to), + scope="email" + ) + + facebook_api_authentication_url = "https://graph.facebook.com/oauth/authorize?" + urlencode(args) + + return facebook_api_authentication_url def process_authentication_request(self, request): - API_KEY = str(settings.FB_API_KEY) - - # Check if the Facebook cookie has been received. - if 'fbs_%s' % API_KEY in request.COOKIES: - fbs_cookie = request.COOKIES['fbs_%s' % API_KEY] - parsed_fbs = parse_qs(smart_unicode(fbs_cookie)) - self.parsed_fbs = parsed_fbs - - # Check if the session hasn't expired. - if self.check_session_expiry(request.COOKIES): - return parsed_fbs['uid'][0] - else: - raise InvalidAuthentication(_('Sorry, your Facebook session has expired, please try again')) - else: - raise InvalidAuthentication(_('The authentication with Facebook connect failed, cannot find authentication tokens')) - def check_session_expiry(self, cookies): - return datetime.fromtimestamp(float(self.parsed_fbs['expires'][0])) > datetime.now() - - def get_user_data(self, cookies): - API_KEY = str(settings.FB_API_KEY) - fbs_cookie = cookies['fbs_%s' % API_KEY] - parsed_fbs = parse_qs(smart_unicode(fbs_cookie)) - - # Communicate with the access token to the Facebook oauth interface. - json = load_json(urlopen('https://graph.facebook.com/me?access_token=%s' % parsed_fbs['access_token'][0])) - - first_name = smart_unicode(json['first_name']) - last_name = smart_unicode(json['last_name']) - full_name = '%s %s' % (first_name, last_name) - - # There is a limit in the Django user model for the username length (no more than 30 characaters) - if len(full_name) <= 30: - username = full_name - # If the full name is too long use only the first - elif len(first_name) <= 30: - username = first_name - # If it's also that long -- only the last - elif len(last_name) <= 30: - username = last_name - # If the real name of the user is indeed that weird, let him choose something on his own =) - else: - username = '' + try: + args = dict(client_id=settings.FB_API_KEY, redirect_uri="%s%s" % (django_settings.APP_URL, request.path)) + + args["client_secret"] = settings.FB_APP_SECRET #facebook APP Secret + + args["code"] = request.GET.get("code", None) + response = cgi.parse_qs(urlopen("https://graph.facebook.com/oauth/access_token?" + urlencode(args)).read()) + access_token = response["access_token"][-1] + + # Store the access token in cookie + request.session["assoc_key"] = access_token + + return access_token + except Exception, e: + logging.error("Problem during facebook authentication: %s" % e) + raise InvalidAuthentication(_("Something wrond happened during Facebook authentication, administrators will be notified")) + + def get_user_data(self, assoc_key): + profile = load_json(urlopen("https://graph.facebook.com/me?" + urlencode(dict(access_token=assoc_key)))) + + name = profile["name"] # Check whether the length if the email is greater than 75, if it is -- just replace the email # with a blank string variable, otherwise we're going to have trouble with the Django model. - email = smart_unicode(json['email']) + email = smart_unicode(profile['email']) if len(email) > 75: email = '' + # If the name is longer than 30 characters - leave it blank + if len(name) > 30: + name = '' + # Return the user data. return { - 'username': username, + 'username': name, 'email': email, } @@ -84,4 +81,4 @@ class FacebookAuthContext(ConsumerTemplateContext): code_template = 'modules/facebookauth/button.html' extra_css = [] - API_KEY = settings.FB_API_KEY \ No newline at end of file + API_KEY = settings.FB_API_KEY diff --git a/forum_modules/facebookauth/settings.py b/forum_modules/facebookauth/settings.py index 7f34a21..4127e61 100644 --- a/forum_modules/facebookauth/settings.py +++ b/forum_modules/facebookauth/settings.py @@ -1,3 +1,5 @@ +# -*- coding: utf-8 -*- + from forum.settings import EXT_KEYS_SET from forum.settings.base import Setting diff --git a/forum_modules/facebookauth/templates/button.html b/forum_modules/facebookauth/templates/button.html index 403ef71..497533d 100644 --- a/forum_modules/facebookauth/templates/button.html +++ b/forum_modules/facebookauth/templates/button.html @@ -1,31 +1,3 @@ {% load extra_tags %} -
- - - +