def callback():
""" This is where the user comes after he logged in SSO """
# get the code from the login process
code = request.args.get('code')
token = request.args.get('state')
# compare the state with the saved token for CSRF check
sess_token = session.pop('token', None)
if sess_token is None or token is None or token != sess_token:
return 'Login EVE Online SSO failed: Session Token Mismatch', 403
# now we try to get tokens
try:
auth_response = esisecurity.auth(code)
except APIException as e:
return 'Login EVE Online SSO failed: %s' % e, 403
# we get the character informations
cdata = esisecurity.verify()
# if the user is already authed, we log him out
if current_user.is_authenticated:
logout_user()
# now we check in database, if the user exists
# actually we'd have to also check with character_owner_hash, to be
# sure the owner is still the same, but that's an example only...
try:
user = User.query.filter(
User.character_id == cdata['CharacterID'],
).one()
except NoResultFound:
user = User()
user.character_id = cdata['CharacterID']
user.character_owner_hash = cdata['CharacterOwnerHash']
user.character_name = cdata['CharacterName']
user.update_token(auth_response)
# now the user is ready, so update/create it and log the user
try:
db.session.merge(user)
db.session.commit()
login_user(user)
session.permanent = True
except:
logger.exception("Cannot login the user - uid: %d" % user.character_id)
db.session.rollback()
logout_user()
return redirect(url_for("index"))
# -----------------------------------------------------------------------
# Index Routes
# -----------------------------------------------------------------------
评论列表
文章目录
