Skip to content
Snippets Groups Projects
Verified Commit 94b4df30 authored by Arthur Conrozier's avatar Arthur Conrozier
Browse files

second page

parent f9dc7a35
Branches
No related tags found
1 merge request!1Updating main
Show whitespace changes
Inline Side-by-side
Showing
with 71 additions and 24 deletions
main.py
+ 71
24
View file @ 94b4df30
...@@ -31,7 +31,7 @@ def home(): ...@@ -31,7 +31,7 @@ def home():
if 'access_token' in session: if 'access_token' in session:
user_profile = fetchUserProfile(session['access_token']) user_profile = fetchUserProfile(session['access_token'])
if user_profile: if user_profile:
return f'Hello, {user_profile["first_name"]} -> <a href="/logout">Log out</a>' return f'Hello, {user_profile["first_name"]} -> <a href="/logout">Log out</a> / <a href="/avatar">Avatar page</a>'
# Check if the user has been redirected back from the OAuth provider # Check if the user has been redirected back from the OAuth provider
if 'code' in request.args: if 'code' in request.args:
...@@ -41,17 +41,7 @@ def home(): ...@@ -41,17 +41,7 @@ def home():
if 'state' not in request.args or request.args['state'] != session['state']: if 'state' not in request.args or request.args['state'] != session['state']:
return 'A possible CSRF attempt was detected', 401 return 'A possible CSRF attempt was detected', 401
payload = { response = getAccessToken(code, "http://localhost:3000/")
"code": code,
"client_id": CLIENT_ID,
"client_secret": CLIENT_SECRET,
"redirect_uri": "http://localhost:3000/",
"grant_type": "authorization_code"
}
headers = {
"Content-Type": "application/x-www-form-urlencoded"
}
response = requests.post(TOKEN_URL, data=payload, headers=headers)
# If the response is successful, use the access token to fetch the user's profile # If the response is successful, use the access token to fetch the user's profile
if response.status_code == 200: if response.status_code == 200:
...@@ -59,7 +49,7 @@ def home(): ...@@ -59,7 +49,7 @@ def home():
session['access_token'] = access_token session['access_token'] = access_token
user_profile = fetchUserProfile(access_token) user_profile = fetchUserProfile(access_token)
if user_profile: if user_profile:
return f'Hello, {user_profile["first_name"]} -> <a href="/logout">Log out</a>' return f'Hello, {user_profile["first_name"]} -> <a href="/logout">Log out</a> / <a href="/avatar">Avatar page</a>'
else: else:
return 'Could not fetch user profile', 500 return 'Could not fetch user profile', 500
...@@ -68,18 +58,48 @@ def home(): ...@@ -68,18 +58,48 @@ def home():
session['state'] = state session['state'] = state
# If the user hasn't been redirected or has an invalid code, show a login button # If the user hasn't been redirected or has an invalid code, show a login button
params = { login_url = getLoginUrl(state, "http://localhost:3000/")
"client_id": CLIENT_ID,
"redirect_uri": "http://localhost:3000/", return f'Main page -> <a href={login_url}>Login</a> / <a href="/avatar">Avatar page</a>'
"response_type": "code",
"scope": "profile",
"state": state @app.route('/avatar')
} def avatar():
login_url = requests.Request( if 'access_token' in session:
'GET', AUTHORIZATION_URL, user_profile = fetchUserProfile(session['access_token'])
params=params).prepare().url if user_profile:
return f'Here is your face : <img src="{
user_profile["avatar"]} "> / <a href="/">Main page</a>'
# Check if the user has been redirected back from the OAuth provider
if 'code' in request.args:
code = request.args['code']
# Check if the state token matches
if 'state' not in request.args or request.args['state'] != session['state']:
return 'A possible CSRF attempt was detected', 401
response = getAccessToken(code, "http://localhost:3000/avatar")
# If the response is successful, use the access token to fetch the user's profile
if response.status_code == 200:
access_token = response.json()['access_token']
session['access_token'] = access_token
user_profile = fetchUserProfile(access_token)
if user_profile:
return f'Here is your face : <img src="{
user_profile["avatar"]} "> / <a href="/">Main page</a>'
else:
return 'Could not fetch user profile', 500
return f'Main page -> <a href={login_url}>Login</a>' # Generate a state token to prevent CSRF
state = str(uuid.uuid4())
session['state'] = state
# If the user hasn't been redirected or has an invalid code, show a login button
login_url = getLoginUrl(state, "http://localhost:3000/avatar")
return f'Avatar page -> <a href={login_url}>Login</a> / <a href="/">Main page</a>'
@app.route('/logout') @app.route('/logout')
...@@ -98,5 +118,32 @@ def fetchUserProfile(access_token): ...@@ -98,5 +118,32 @@ def fetchUserProfile(access_token):
return return
def getAccessToken(code, redirect_uri):
payload = {
"code": code,
"client_id": CLIENT_ID,
"client_secret": CLIENT_SECRET,
"redirect_uri": redirect_uri,
"grant_type": "authorization_code"
}
headers = {
"Content-Type": "application/x-www-form-urlencoded"
}
return requests.post(TOKEN_URL, data=payload, headers=headers)
def getLoginUrl(state, redirect_uri):
params = {
"client_id": CLIENT_ID,
"redirect_uri": redirect_uri,
"response_type": "code",
"scope": "profile",
"state": state
}
return requests.Request(
'GET', AUTHORIZATION_URL,
params=params).prepare().url
if __name__ == '__main__': if __name__ == '__main__':
app.run(debug=True, port=3000) app.run(debug=True, port=3000)
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment