|
|
|
|
from flask import Flask, render_template, session, request, abort, g
|
|
|
|
|
|
|
|
|
|
import requests
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
app = Flask(__name__)
|
|
|
|
|
app.config.update(
|
|
|
|
|
DEBUG=True,
|
|
|
|
|
SECRET_KEY='my development key',
|
|
|
|
|
PERSONA_JS='https://login.persona.org/include.js',
|
|
|
|
|
PERSONA_VERIFIER='https://verifier.login.persona.org/verify',
|
|
|
|
|
)
|
|
|
|
|
app.config.from_envvar('PERSONA_SETTINGS', silent=True)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@app.before_request
|
|
|
|
|
def get_current_user():
|
|
|
|
|
g.user = None
|
|
|
|
|
email = session.get('email')
|
|
|
|
|
if email is not None:
|
|
|
|
|
g.user = email
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@app.route('/')
|
|
|
|
|
def index():
|
|
|
|
|
"""Just a generic index page to show."""
|
|
|
|
|
return render_template('index.html')
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@app.route('/_auth/login', methods=['GET', 'POST'])
|
|
|
|
|
def login_handler():
|
|
|
|
|
"""This is used by the persona.js file to kick off the
|
|
|
|
|
verification securely from the server side. If all is okay
|
|
|
|
|
the email address is remembered on the server.
|
|
|
|
|
"""
|
|
|
|
|
resp = requests.post(app.config['PERSONA_VERIFIER'], data={
|
|
|
|
|
'assertion': request.form['assertion'],
|
|
|
|
|
'audience': request.host_url,
|
|
|
|
|
}, verify=True)
|
|
|
|
|
if resp.ok:
|
|
|
|
|
verification_data = resp.json()
|
|
|
|
|
if verification_data['status'] == 'okay':
|
|
|
|
|
session['email'] = verification_data['email']
|
|
|
|
|
return 'OK'
|
|
|
|
|
|
|
|
|
|
abort(400)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@app.route('/_auth/logout', methods=['POST'])
|
|
|
|
|
def logout_handler():
|
|
|
|
|
"""This is what persona.js will call to sign the user
|
|
|
|
|
out again.
|
|
|
|
|
"""
|
|
|
|
|
session.clear()
|
|
|
|
|
return 'OK'
|
