def get(self):
"""
Sets the 'user' cookie with an appropriate *upn* and *session* and any
other values that might be attached to the user object given to us by
Google.
"""
self.base_url = "{protocol}://{host}:{port}{url_prefix}".format(
protocol=self.request.protocol,
host=self.request.host,
port=self.settings['port'],
url_prefix=self.settings['url_prefix'])
uri_port = ':{0}/'.format(self.settings['port'])
if uri_port in self.base_url:
# Get rid of the port (will be added automatically)
self.base_url = self.base_url.replace(uri_port, '/', 1)
redirect_uri = "{base_url}auth".format(base_url=self.base_url)
check = self.get_argument("check", None)
if check:
self.set_header('Access-Control-Allow-Origin', '*')
user = self.get_current_user()
if user:
logging.debug('GoogleAuthHandler: user is authenticated')
self.write('authenticated')
else:
logging.debug('GoogleAuthHandler: user is NOT authenticated')
self.write('unauthenticated')
self.finish()
return
logout_url = "https://accounts.google.com/Logout"
logout = self.get_argument("logout", None)
if logout:
user = self.get_current_user()['upn']
self.clear_cookie('gateone_user')
self.user_logout(user, logout_url)
return
if self.get_argument('code', False):
user = yield self.get_authenticated_user(
redirect_uri=redirect_uri,
code=self.get_argument('code'))
if not user:
self.clear_all_cookies()
raise tornado.web.HTTPError(500, 'Google auth failed')
access_token = str(user['access_token'])
http_client = self.get_auth_http_client()
response = yield http_client.fetch(
'https://www.googleapis.com/oauth2/v1/userinfo?access_token='
+access_token)
if not response:
self.clear_all_cookies()
raise tornado.web.HTTPError(500, 'Google auth failed')
user = json.loads(response.body.decode('utf-8'))
self._on_auth(user)
else:
yield self.authorize_redirect(
redirect_uri=redirect_uri,
client_id=self.settings['google_oauth']['key'],
scope=['email'],
response_type='code',
extra_params={'approval_prompt': 'auto'})
评论列表
文章目录
