Episodes.Community/LandingPage/views.py

from django.shortcuts import render
from django.views import View
from django.conf import settings
from django.http import HttpResponse
from django.http import HttpResponseRedirect
import requests
import hashlib
import json

# Create your views here.
# Redirect url should point to this view
class LoginRedirect(View):
    def get(self, req):
        
        # Check request has correct arguments
        request_valid = 'state' in req.GET and 'code' in req.GET
        if not request_valid:
            r = HttpResponse('<h1>Error</h1><p>There was an error in your request.  Please <a href=/login>try again</a></p>')
            r.status = 400
            return r

        # Check state
        userstate = generateState(req)
        if userstate == req.GET['state']:
            code = req.GET['code']
            resp = requests.post(
                    settings.AUTH_TOKEN_ENDPOINT+"token",
                    data={
                        'grant_type':'authorization_code',
                        'code':code,
                        'redirect_uri':settings.AUTH_REDIRECT_URL,
                        'client_id':settings.AUTH_CLIENT_ID
                    },
                    headers = {
                        'Authorization':'Basic %s'%settings.AUTH_B64
                    }
            )
            resp_json = resp.json()
            if 'error' in resp_json:
                r = HttpResponse('<h1>OAuth Error</h1><pre>%s</pre>'%json.dumps(resp_json))
                r.status = 500
                return r
            else:
                req.session['token'] = resp_json['access_token']
                return HttpResponseRedirect('/')
        else:
            return HttpResponse('<h1>Unmatching state tokens</h1><br><p>It looks like the request to login wasn\'t started by you.  Try going back to the home page and logging in again.</p>', status=400)

class Login(View):
    def get(self, req):
        url = '%sauthorize?response_type=code&client_id=%s&redirect_uri=%s&scope=email&state=%s'%(settings.AUTH_TOKEN_ENDPOINT,settings.AUTH_CLIENT_ID,settings.AUTH_REDIRECT_URL, generateState(req))
        response = HttpResponse("Redirecting you to the IcyNet auth page...")
        response.status_code = 302
        response['Location'] = url
        return response

def generateState(request):
    request.session.save()

    m = hashlib.sha256()
    m.update(bytearray(request.session.session_key, 'utf-8'))
    m.update(bytearray(settings.SECRET_KEY, 'utf-8'))
    return m.hexdigest()