Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Merge remote-tracking branch 'upstream/master' into foursquare_auth

  • Loading branch information...
commit 7e228f1dfca01e44917655578644cf871d8d19ae 2 parents 531cd1f + d586e62
Miha Novak authored
5 piplmesh/account/backends.py
@@ -42,6 +42,8 @@ class FacebookBackend(MongoEngineBackend):
42 42 Facebook authentication.
43 43 """
44 44
  45 + # TODO: List all profile data fields we (can) get
  46 +
45 47 def authenticate(self, facebook_access_token, request):
46 48 # Retrieve user's profile information
47 49 # TODO: Handle error, what if request was denied?
@@ -50,6 +52,7 @@ def authenticate(self, facebook_access_token, request):
50 52 try:
51 53 user = self.user_class.objects.get(facebook_profile_data__id=facebook_profile_data.get('id'))
52 54 except self.user_class.DoesNotExist:
  55 + # TODO: Based on user preference, we might create a new user here, not just link with existing, if existing user is lazy user
53 56 # We reload to make sure user object is recent
54 57 user = request.user.reload()
55 58 # TODO: Is it OK to override Facebook link if it already exist with some other Facebook user?
@@ -128,6 +131,7 @@ def authenticate(self, twitter_access_token, request):
128 131 try:
129 132 user = self.user_class.objects.get(twitter_profile_data__id=twitter_profile_data.get('id'))
130 133 except self.user_class.DoesNotExist:
  134 + # TODO: Based on user preference, we might create a new user here, not just link with existing, if existing user is lazy user
131 135 # We reload to make sure user object is recent
132 136 user = request.user.reload()
133 137 # TODO: Is it OK to override Twitter link if it already exist with some other Twitter user?
@@ -171,6 +175,7 @@ def authenticate(self, google_access_token, request):
171 175 try:
172 176 user = self.user_class.objects.get(google_profile_data__id=google_profile_data.get('id'))
173 177 except self.user_class.DoesNotExist:
  178 + # TODO: Based on user preference, we might create a new user here, not just link with existing, if existing user is lazy user
174 179 # We reload to make sure user object is recent
175 180 user = request.user.reload()
176 181 # TODO: Is it OK to override Google link if it already exist with some other Google user?
17 piplmesh/account/views.py
@@ -44,8 +44,9 @@ class FacebookCallbackView(generic_views.RedirectView):
44 44 url = settings.FACEBOOK_LOGIN_REDIRECT
45 45
46 46 def get(self, request, *args, **kwargs):
  47 + # TODO: Add security measures to prevent attackers from sending a redirect to this url with a forged 'code' (you can use 'state' parameter to set a random nonce and store it into session)
  48 +
47 49 if 'code' in request.GET:
48   - # TODO: Add security measures to prevent attackers from sending a redirect to this url with a forged 'code'
49 50 args = {
50 51 'client_id': settings.FACEBOOK_APP_ID,
51 52 'client_secret': settings.FACEBOOK_APP_SECRET,
@@ -65,8 +66,8 @@ def get(self, request, *args, **kwargs):
65 66
66 67 return super(FacebookCallbackView, self).get(request, *args, **kwargs)
67 68 else:
68   - # TODO: Message user that they have not been logged in because they cancelled the facebook app
69   - # TODO: Use information provided from facebook as to why the login was not successful
  69 + # TODO: Message user that they have not been logged in because they cancelled the Facebook app
  70 + # TODO: Use information provided by Facebook as to why the login was not successful
70 71 return super(FacebookCallbackView, self).get(request, *args, **kwargs)
71 72
72 73 class TwitterLoginView(generic_views.RedirectView):
@@ -77,7 +78,11 @@ class TwitterLoginView(generic_views.RedirectView):
77 78 permanent = False
78 79
79 80 def get_redirect_url(self, **kwargs):
80   - twitter_auth = tweepy.OAuthHandler(settings.TWITTER_CONSUMER_KEY, settings.TWITTER_CONSUMER_SECRET, self.request.build_absolute_uri(urlresolvers.reverse('twitter_callback')))
  81 + twitter_auth = tweepy.OAuthHandler(
  82 + settings.TWITTER_CONSUMER_KEY,
  83 + settings.TWITTER_CONSUMER_SECRET,
  84 + self.request.build_absolute_uri(urlresolvers.reverse('twitter_callback')),
  85 + )
81 86 redirect_url = twitter_auth.get_authorization_url(signin_with_twitter=True)
82 87 self.request.session['request_token'] = twitter_auth.request_token
83 88 return redirect_url
@@ -124,6 +129,8 @@ def get_redirect_url(self, **kwargs):
124 129 'scope': GOOGLE_SCOPE,
125 130 'redirect_uri': self.request.build_absolute_uri(urlresolvers.reverse('google_callback')),
126 131 'response_type': 'code',
  132 + 'access_type': 'online',
  133 + 'approval_prompt': 'auto',
127 134 }
128 135 return 'https://accounts.google.com/o/oauth2/auth?%s' % urllib.urlencode(args)
129 136
@@ -137,6 +144,8 @@ class GoogleCallbackView(generic_views.RedirectView):
137 144 url = settings.GOOGLE_LOGIN_REDIRECT
138 145
139 146 def get(self, request, *args, **kwargs):
  147 + # TODO: Add security measures to prevent attackers from sending a redirect to this url with a forged 'code' (you can use 'state' parameter to set a random nonce and store it into session)
  148 +
140 149 if 'code' in request.GET:
141 150 args = {
142 151 'client_id': settings.GOOGLE_CLIENT_ID,
2  piplmesh/frontend/static/piplmesh/js/home.js
@@ -5,7 +5,7 @@ function User(data) {
5 5 }
6 6
7 7 function redrawUserList() {
8   - // TODO: Currently we just remove logged out users from the list, it would be better to fade them out
  8 + // TODO: Currently we just replace the whole list of users, it would be better to fade gone out, and fade new in
9 9
10 10 var keys = [];
11 11 $.each(onlineUsers, function (key, user) {
3  piplmesh/nodes/__init__.py
@@ -58,7 +58,8 @@ def get_node(request):
58 58 Returns ``None`` if no node could be determined.
59 59 """
60 60
61   - # TODO: What if users moves from inside to outside, or outside to inside, inside existing session? How should we invalidate node?
  61 + # TODO: What if user moves from inside to outside, or outside to inside, inside existing session? How should we invalidate node?
  62 + # TODO: What if user moves between nodes, between outside locations?
62 63
63 64 node = None
64 65 try:

0 comments on commit 7e228f1

Please sign in to comment.
Something went wrong with that request. Please try again.