-
-
Save jbolda/b7d344f1f0d1a68f7be8 to your computer and use it in GitHub Desktop.
| @app.route('/login/<provider_name>', methods=['GET', 'POST']) | |
| @authomatic.login('g') | |
| @requires_ssl | |
| def login(provider_name): | |
| if g.user is not None and g.user.is_authenticated(): | |
| return redirect(url_for('index')) | |
| if authomatic.result: | |
| if authomatic.result.error: | |
| return 'Something went wrong: {0}'.format(authomatic.result.error.message) | |
| if authomatic.result.user: | |
| if not (authomatic.result.user.name and authomatic.result.user.id): | |
| authomatic.result.user.update() | |
| # while update_response.status/100 not in [4, 5]: | |
| # update_response = authomatic.result.user.update() | |
| # if update_response.status/100 in [4, 5]: | |
| # return 'Response status: {}'.format(authomatic.response.status) | |
| user = User.query.filter_by(email=authomatic.result.user.email).first() | |
| if user is None: | |
| nickname = authomatic.result.user.name | |
| if nickname is None or nickname == "": | |
| nickname = authomatic.result.user.email.split('@')[0] | |
| nickname = User.make_valid_nickname(nickname) | |
| nickname = User.make_unique_nickname(nickname) | |
| role = ROLE_USER | |
| if authomatic.result.user.email in PRESET_ADMINS: | |
| role = ROLE_SUPERADMIN | |
| user = User(nickname=authomatic.result.user.name, | |
| email=authomatic.result.user.email, | |
| about_me=authomatic.result.user.id, | |
| role=role, | |
| join=datetime.utcnow(), | |
| last_seen=datetime.utcnow()) | |
| db.session.add(user) | |
| db.session.commit() | |
| g.user = user | |
| login_user(g.user, remember=True) | |
| flash('You are now logged in!') | |
| return render_template('result.html', result=authomatic.result) | |
| return authomatic.response |
Thanks! This should be useful.
I <3 Authomatic, and the rest of the extensions utilized there. In my recent implementation just earlier today, I did this almost to a tee, though you've got a few slight differences. I wasn't sure if result.user.id would stay the same from google, but I added an oauth_id into my User model, and I check to see if an account exists with that id yet, if not, just create it with the user info available and log them in. One additional column on the User wouldn't work well for multiple oauth providers (I would just make a new table to keep track of those if I required that functionality), in which case your email-based linking would.
Thanks for sharing...I need to get into the habit of sharing too.
Yea, I am not hellbent on the security of just checking the email. I plan to eventually implement twitter/facebook (facebook, bleh, but everyone uses it) and I wanted to keep things simple, at least initially. Do you know if the result.user.id is something that is confidential / private? I can't find that information anywhere. I was just sticking it in the about_me so I could see what the value was. Perhaps maybe @peterhudec can comment?
Just came back to this while looking around to see why result.user.id was coming up None from a new machine. It was coming up as a unique id for each user from google at least, but I'm not sure how private/secure that id is. I just saw it as a unique identifier for each google account and went with that instead of the email, but not consciously.
On the matter of security, due to the method that is used with the authentication I think it would be difficult to get in the middle of or inject anything as long as you're using ssl - it would likely be easier to pretend to be google than attempt to exploit the flask app's route at that point.
So at that point in the authentication process, checking against email would be just fine, and probably makes more sense than the google id for account lookup. The usages of the google id for the authentication process are probably few.
The short and sweet is that the authomatic login only creates a session temporarily. Instead of using authomatic, pass the created (or queried) user object directly to Flask-Login to create the "permanent" session.
I am still having issues with L13-15 and updating errors, but the rest seems to work.