First iteration of sign-in with gihub.

2013-10-09 23:00:34 -04:00 · 2013-10-09 23:00:34 -04:00 · 3d89227752
commit 3d89227752
parent 5627dfc0c6
6 changed files with 153 additions and 8 deletions
--- a/endpoints/web.py
+++ b/endpoints/web.py
@ -1,4 +1,5 @@
 import logging
+import requests

 from flask import (abort, send_file, redirect, request, url_for,
                   render_template, make_response)
@ -66,7 +67,8 @@ def common_login(db_user):

@app.route('/signin', methods=['GET'])
 def render_signin_page():
-  return render_template('signin.html')
+  return render_template('signin.html', 
+                         github_client_id=app.config['GITHUB_CLIENT_ID'])


@app.route('/signin', methods=['POST'])
@ -81,12 +83,66 @@ def signin():
      return redirect(request.args.get('next') or url_for('index'))
    else:
      return render_template('signin.html',
-                             needs_email_verification=True)
+                             needs_email_verification=True,
+                             github_client_id=app.config['GITHUB_CLIENT_ID'])

  else:
    return render_template('signin.html',
                           username=username,
-                           invalid_credentials=True)
+                           invalid_credentials=True,
+                           github_client_id=app.config['GITHUB_CLIENT_ID'])
+
+
+@app.route('/oauth2/github/callback', methods=['GET'])
+def github_oauth_callback():
+  code = request.args.get('code')
+  payload = {
+    'client_id': app.config['GITHUB_CLIENT_ID'],
+    'client_secret': app.config['GITHUB_CLIENT_SECRET'],
+    'code': code,
+  }
+  headers = {
+    'Accept': 'application/json'
+  }
+
+  get_access_token = requests.post(app.config['GITHUB_TOKEN_URL'],
+                                   params=payload, headers=headers)
+
+  token = get_access_token.json()['access_token']
+
+  token_param = {
+    'access_token': token,
+  }
+  get_user = requests.get(app.config['GITHUB_USER_URL'], params=token_param)
+
+  user_data = get_user.json()
+  username = user_data['login']
+  github_id = user_data['id']
+
+  v3_media_type = {
+    'Accept': 'application/vnd.github.v3'
+  }
+  get_email = requests.get(app.config['GITHUB_USER_EMAILS'],
+                           params=token_param, headers=v3_media_type)
+
+  # We will accept any email, but we prefer the primary
+  found_email = None
+  for user_email in get_email.json():
+    found_email = user_email['email']
+    if user_email['primary']:
+      break
+
+  to_login = model.verify_federated_login('github', github_id)
+  if not to_login:
+    # try to create the user
+    to_login = model.create_federated_user(username, found_email, 'github',
+                                           github_id)
+
+  if common_login(to_login):
+    return redirect(url_for('index'))
+
+  # TODO something bad happened, we need to tell the user somehow
+  return redirect(url_for('signin'))


@app.route('/confirm', methods=['GET'])