smilli/init.py

## __init__.py
import os
from flask import Flask
from flask.ext.mongoengine import MongoEngine

app = Flask(__name__)
app.config["MONGODB_SETTINGS"] = {'DB': "myapp"}
app.config["SECRET_KEY"] = os.environ['APP_SECRET_KEY']

db = MongoEngine(app)

if __name__ == '__main__':
    app.run()

## auth.py
import json
from flask import url_for, session, request, redirect
from flask_oauthlib.client import OAuth, OAuthException
from flask.ext.login import login_user, current_user
from myapp.redirects import get_redirect_target
from myapp.models import User

oauth = OAuth()
facebook = oauth.remote_app('facebook',
    'facebook',
    consumer_key=os.environ['FACEBOOK_APP_ID'],
    consumer_secret=os.environ['FACEBOOK_APP_SECRET'],
    base_url='https://graph.facebook.com',
    access_token_url='/oauth/access_token',
    access_token_method='GET',
    authorize_url='https://www.facebook.com/dialog/oauth',
    request_token_params={'display': 'popup'}
)


@app.route('/login')
def login():
    callback = url_for(
        'facebook_authorized',
        next=get_redirect_target(),
        _external=True
    )
    return facebook.authorize(callback=callback)


@app.route('/login/authorized')
def facebook_authorized():
    resp = facebook.authorized_response()
    if resp is None:
        return 'Access denied: reason=%s error=%s' % (
            request.args['error_reason'],
            request.args['error_description']
        )
    if isinstance(resp, OAuthException):
        return 'Access denied: %s' % resp.message
    me = facebook.get('/me', token=(resp['access_token'], ''))
    user = User.objects(fb_id=me.data['id']).first()
    if user and user.fb_token != resp['access_token']:
        user.fb_token = resp['access_token']
        user.save()
    if not user:
        user = User(
            fb_id=me.data['id'],
            first_name=me.data['first_name'],
            last_name=me.data['last_name'],
            fb_token=resp['access_token']
        )
        user.save()
    login_user(user)
    return json.dumps(me.data)


@facebook.tokengetter
def get_facebook_oauth_token():
    if current_user.is_authenticated():
        return (current_user.fb_token, '')
    return None

## models.py
from myapp import db
from flask.ext.login import UserMixin

class User(UserMixin, db.Document):
    first_name = db.StringField()
    last_name = db.StringField()
    email = db.StringField()
    fb_id = db.IntField()
    fb_token = db.StringField()

## redirects.py
from urllib.parse import urlparse, urljoin
from flask import request, url_for

def is_safe_url(target):
    ref_url = urlparse(request.host_url)
    test_url = urlparse(urljoin(request.host_url, target))
    return test_url.scheme in ('http', 'https') and \
           ref_url.netloc == test_url.netloc

def get_redirect_target():
    for target in (request.values.get('next'), request.referrer):
        if target and is_safe_url(target):
            return target
    return None
	import os
	from flask import Flask
	from flask.ext.mongoengine import MongoEngine

	app = Flask(__name__)
	app.config["MONGODB_SETTINGS"] = {'DB': "myapp"}
	app.config["SECRET_KEY"] = os.environ['APP_SECRET_KEY']

	db = MongoEngine(app)

	if __name__ == '__main__':
	app.run()
	import json
	from flask import url_for, session, request, redirect
	from flask_oauthlib.client import OAuth, OAuthException
	from flask.ext.login import login_user, current_user
	from myapp.redirects import get_redirect_target
	from myapp.models import User

	oauth = OAuth()
	facebook = oauth.remote_app('facebook',
	'facebook',
	consumer_key=os.environ['FACEBOOK_APP_ID'],
	consumer_secret=os.environ['FACEBOOK_APP_SECRET'],
	base_url='https://graph.facebook.com',
	access_token_url='/oauth/access_token',
	access_token_method='GET',
	authorize_url='https://www.facebook.com/dialog/oauth',
	request_token_params={'display': 'popup'}
	)


	@app.route('/login')
	def login():
	callback = url_for(
	'facebook_authorized',
	next=get_redirect_target(),
	_external=True
	)
	return facebook.authorize(callback=callback)


	@app.route('/login/authorized')
	def facebook_authorized():
	resp = facebook.authorized_response()
	if resp is None:
	return 'Access denied: reason=%s error=%s' % (
	request.args['error_reason'],
	request.args['error_description']
	)
	if isinstance(resp, OAuthException):
	return 'Access denied: %s' % resp.message
	me = facebook.get('/me', token=(resp['access_token'], ''))
	user = User.objects(fb_id=me.data['id']).first()
	if user and user.fb_token != resp['access_token']:
	user.fb_token = resp['access_token']
	user.save()
	if not user:
	user = User(
	fb_id=me.data['id'],
	first_name=me.data['first_name'],
	last_name=me.data['last_name'],
	fb_token=resp['access_token']
	)
	user.save()
	login_user(user)
	return json.dumps(me.data)


	@facebook.tokengetter
	def get_facebook_oauth_token():
	if current_user.is_authenticated():
	return (current_user.fb_token, '')
	return None
	from myapp import db
	from flask.ext.login import UserMixin

	class User(UserMixin, db.Document):
	first_name = db.StringField()
	last_name = db.StringField()
	email = db.StringField()
	fb_id = db.IntField()
	fb_token = db.StringField()
	from urllib.parse import urlparse, urljoin
	from flask import request, url_for

	def is_safe_url(target):
	ref_url = urlparse(request.host_url)
	test_url = urlparse(urljoin(request.host_url, target))
	return test_url.scheme in ('http', 'https') and \
	ref_url.netloc == test_url.netloc

	def get_redirect_target():
	for target in (request.values.get('next'), request.referrer):
	if target and is_safe_url(target):
	return target
	return None