Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Branch: master
Fetching contributors…

Cannot retrieve contributors at this time

66 lines (56 sloc) 2.22 KB
# The JS from the sign in button needs to XHR the assertion to this code here
# will then verify it against the browserID server
# see
# if that works then we generate a session id
# store session id in a row in the users table along with username and email address
# redirect to (or back to index.html if login fails)
import cgi
import cgitb
import uuid
import Cookie
import subprocess
import simplejson
from database_tables import Player
from platformer_config import DOMAIN, DEFAULT_AVATAR_URL
def verifyBrowserId(assertion):
postargs = "assertion=%s&audience=%s" % (assertion, DOMAIN)
url = ""
# TODO verify SSL?
process = subprocess.Popen(["curl", "-d", postargs, url],
stdout = subprocess.PIPE )
data = simplejson.loads(process.communicate()[0])
# expect to return fields like this:{
# "status": "okay",
# "email": "",
# "audience": "",
# "valid-until": 1308859352261,
# "issuer": ""
if data["status"] == "okay":
return data["email"]
return False
if __name__ == "__main__":
q = cgi.FieldStorage()
print "Content-type: text/html"
assertion = q.getfirst("assertion", "")
email = verifyBrowserId(assertion)
if (email == False):
print simplejson.dumps({"logged_in": "false"})
session = str(uuid.uuid1())
matches = Player.selectBy( email = email )
if (matches.count() == 0):
# user has not logged in before: create account
kwargs = {"email": email,
"name": email.split("@")[0], # use first part of email address as username
"session": session,
newUser = Player(**kwargs)
oldUser = matches[0]
oldUser.session = session
# Return JSON to the client's XHR containing email and session uuid
print simplejson.dumps({"logged_in": "true", "email": email, "session": session})
Jump to Line
Something went wrong with that request. Please try again.