diff --git a/helios_auth/auth_systems/google.py b/helios_auth/auth_systems/google.py
index 4a50f440308d221ceb8bb6caa5c1b78f04e7b203..e13a9f4c7e95bf865d7a4d481b557cd8a867d2b2 100644
--- a/helios_auth/auth_systems/google.py
+++ b/helios_auth/auth_systems/google.py
@@ -7,42 +7,54 @@ from django.http import *
from django.core.mail import send_mail
from django.conf import settings
+import httplib2,json
+
import sys, os, cgi, urllib, urllib2, re
-from xml.etree import ElementTree
-from openid import view_helpers
+from oauth2client.client import OAuth2WebServerFlow
# some parameters to indicate that status updating is not possible
STATUS_UPDATES = False
# display tweaks
LOGIN_MESSAGE = "Log in with my Google Account"
-OPENID_ENDPOINT = 'https://www.google.com/accounts/o8/id'
-# FIXME!
-# TRUST_ROOT = 'http://localhost:8000'
-# RETURN_TO = 'http://localhost:8000/auth/after'
+def get_flow(redirect_url=None):
+ return OAuth2WebServerFlow(client_id=settings.GOOGLE_CLIENT_ID,
+ client_secret=settings.GOOGLE_CLIENT_SECRET,
+ scope='profile email',
+ redirect_uri=redirect_url)
def get_auth_url(request, redirect_url):
- # FIXME?? TRUST_ROOT should be diff than return_url?
- request.session['google_redirect_url'] = redirect_url
- url = view_helpers.start_openid(request.session, OPENID_ENDPOINT, redirect_url, redirect_url)
- return url
+ flow = get_flow(redirect_url)
+
+ request.session['google-flow'] = flow
+ return flow.step1_get_authorize_url()
def get_user_info_after_auth(request):
- data = view_helpers.finish_openid(request.session, request.GET, request.session['google_redirect_url'])
+ flow = request.session['google-flow']
+ code = request.GET['code']
+ credentials = flow.step2_exchange(code)
- if not data.has_key('ax'):
- return None
+ # the email address is in the credentials, that's how we make sure it's verified
+ id_token = credentials.id_token
+ if not id_token['email_verified']:
+ raise Exception("email address with Google not verified")
+
+ email = id_token['email']
- email = data['ax']['email'][0]
+ # get the nice name
+ http = httplib2.Http(".cache")
+ http = credentials.authorize(http)
+ (resp_headers, content) = http.request("https://www.googleapis.com/plus/v1/people/me", "GET")
- # do we have a firstname/lastname?
- if data['ax'].has_key('firstname') and data['ax'].has_key('lastname'):
- name = "%s %s" % (data['ax']['firstname'][0], data['ax']['lastname'][0])
- else:
- name = email
+ response = json.loads(content)
+ name = response['displayName']
+
+ # watch out, response also contains email addresses, but not sure whether thsoe are verified or not
+ # so for email address we will only look at the id_token
+
return {'type' : 'google', 'user_id': email, 'name': name , 'info': {'email': email}, 'token':{}}
def do_logout(user):
@@ -67,4 +79,4 @@ def check_constraint(constraint, user_info):
"""
for eligibility
"""
- pass
+ pass
\ No newline at end of file
diff --git a/requirements.txt b/requirements.txt
index 0ee4a32c1e05758b8243c4c687a2a8f1ca3eba03..2b3103438e7107cfbfd95ccafaa7c349eaa8f896 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -23,3 +23,4 @@ bleach==1.4
boto==2.27.0
django-ses==0.6.0
validate_email==1.2
+oauth2client==1.2
\ No newline at end of file
diff --git a/settings.py b/settings.py
index f3ad0fe4e3566aa2651fef3f9d3b676c3a8cf089..eab44a0734c611faff63fbe89d27c6f04c6cc885 100644
--- a/settings.py
+++ b/settings.py
@@ -200,6 +200,10 @@ HELIOS_PRIVATE_DEFAULT = False
AUTH_ENABLED_AUTH_SYSTEMS = get_from_env('AUTH_ENABLED_AUTH_SYSTEMS', 'google').split(",")
AUTH_DEFAULT_AUTH_SYSTEM = get_from_env('AUTH_DEFAULT_AUTH_SYSTEM', None)
+# google
+GOOGLE_CLIENT_ID = get_from_env('GOOGLE_CLIENT_ID', '')
+GOOGLE_CLIENT_SECRET = get_from_env('GOOGLE_CLIENT_SECRET', '')
+
# facebook
FACEBOOK_APP_ID = get_from_env('FACEBOOK_APP_ID','')
FACEBOOK_API_KEY = get_from_env('FACEBOOK_API_KEY','')