Permalink
Browse files

Facebook deauth hook added. (Actual deauth implementation pending)

  • Loading branch information...
1 parent 9dc84d2 commit 340ef0abcd12573e8445cbe9382794965f300f32 @subhranath committed Sep 16, 2011
Showing with 78 additions and 7 deletions.
  1. +6 −3 README
  2. BIN django_custom_auths.db
  3. +2 −0 facebook/backends.py
  4. +32 −0 facebook/helpers.py
  5. +2 −1 facebook/urls.py
  6. +36 −3 facebook/views.py
View
@@ -1,3 +1,6 @@
+Django auth backends without breaking each other.
+(django.contrib.auth + facebook auth)
+
To provide plugable django applications which integrates itself with
Django's own authentication system, without breaking any existing django code.
@@ -7,10 +10,10 @@ system, is included.
THIS IS A WORK IN PROGRESS, AND CURRENTLY NOT DOCUMENTED.
-Currently supported:
--------------------
+Currently supported, simultaneous auth backends:
+-------------------------------------------------
- Usual Django login
-- Login with Facebook
+- Login with Facebook (using Facebook Graph API)
Installing (Tryout)
-------------------
View
Binary file not shown.
@@ -3,6 +3,8 @@
from facebook.models import FacebookUser
class FacebookBackend:
+ supports_inactive_user = False
+
def authenticate(self, fb_user=None):
if fb_user is not None:
return fb_user.user
View
@@ -0,0 +1,32 @@
+import base64
+import hashlib
+import hmac
+import json
+
+def base64_url_decode(data):
+ data = data.encode(u'ascii')
+ data += '=' * (4 - (len(data) % 4))
+ return base64.urlsafe_b64decode(data)
+
+def unpack_signed_request(signed_request, app_secret):
+ """Upacks a 'signed_request' the base64url encoded JSON object,
+ signed with the 'app_secret' facebook application secret.
+ Returns,
+ On success: A python dictionary, with unpacked values from 'signed_request'.
+ On failure: None
+ """
+ try:
+ sig, payload = signed_request.split(u'.', 1)
+ except ValueError:
+ return None
+ sig = base64_url_decode(sig)
+ data = json.loads(base64_url_decode(payload))
+ expected_sig = hmac.new(
+ app_secret, msg=payload, digestmod=hashlib.sha256).digest()
+
+ # Check the authenticity of the data.
+ if sig == expected_sig:
+ return data
+ else:
+ return None
+
View
@@ -1,5 +1,6 @@
from django.conf.urls.defaults import patterns, include, url
urlpatterns = patterns('',
- url(r'^login/$', 'facebook.views.login_handler'),
+ url(r'login/$', 'facebook.views.login_handler'),
+ url(r'deauthorize/$', 'facebook.views.deauthorize_handler'),
)
View
@@ -4,17 +4,21 @@
from django.contrib.auth.models import User
from django.contrib.sites.models import Site
from django.core.urlresolvers import reverse
-from django.http import HttpResponseRedirect
+from django.http import HttpResponseRedirect, HttpResponse, HttpResponseNotAllowed,\
+ HttpResponseBadRequest, HttpResponseForbidden
from django.shortcuts import render_to_response
from django.template.context import RequestContext
+from django.views.decorators.csrf import csrf_exempt
import datetime
+import json
import urllib
import urlparse
-from facebook import utils
+from facebook import helpers, utils
from facebook.models import FacebookUser
-FACEBOOK_LOGIN_URL = reverse('facebook.views.login_handler')
+FACEBOOK_LOGIN_URL = '/facebook/login/'
+#FACEBOOK_LOGIN_URL = reverse('facebook.views.login_handler')
REDIRECT_URI = urlparse.urljoin( \
'http://' + Site.objects.get_current().domain, FACEBOOK_LOGIN_URL
)
@@ -106,3 +110,32 @@ def _create_or_update_facebook_user(profile, access_token, expires):
fb_user.save()
return fb_user
+
+@csrf_exempt
+def deauthorize_handler(request):
+ """Deauthorize handler.
+ """
+ if request.method == "GET":
+ return HttpResponseNotAllowed(['POST'])
+ else:
+ if 'signed_request' in request.POST:
+ signed_request_dict = helpers.unpack_signed_request( \
+ request.POST['signed_request'], settings.FACEBOOK_APP_SECRET \
+ )
+ if signed_request_dict:
+ _deauthorize_user(signed_request_dict['user_id'])
+ return HttpResponse(json.dumps({'deauthorized': True}), \
+ mimetype="application/json")
+ else:
+ return HttpResponseForbidden('Request not allowed.')
+ return HttpResponseBadRequest('Required parameter missing.')
+
+def _deauthorize_user(fb_id):
+ """An user has deauthorized the application.
+ """
+ try:
+ fb_user = FacebookUser.objects.get(fb_id=fb_id)
+ except FacebookUser.DoesNotExist:
+ return None
+ #TODO - This is not completed.
+ return HttpResponse("Temp done")

0 comments on commit 340ef0a

Please sign in to comment.