def callback()

in pulseapi/users/views.py [0:0]

• 41 lines of code
• 13 McCabe index (conditional complexity)

def callback(request, **kwargs):
    """
    The callback route that Google will send the user to when authentication
    finishes (with successfully, or erroneously).
    """

    if 'state' not in request.session:
        msg = '\n'.join([
            'ERROR: No state key found in request.session!',
            'Are you making doubly sure your initial domain and callback domain are the same domain?'
        ])
        print(msg)
        return HttpResponseNotFound(msg)

    error = request.GET.get('error', False)
    auth_code = request.GET.get('code', False)

    if error is not False:
        return HttpResponse("login failed: " + str(error))

    if auth_code is not False:
        state = request.GET.get('state', False)

        if state is False:
            return HttpResponse("Questionable login: missing state value in callback.")

        if state != request.session['state']:
            return HttpResponse("Questionable login: incorrect state value in callback.")

        # get the authenticating user's name and email address from the Google API
        credentials = FlowHandler.get_flow().step2_exchange(auth_code)
        http_auth = credentials.authorize(Http())

        # get a user's full name
        service = build('oauth2', 'v2', http=http_auth)
        userinfo = service.userinfo().get().execute()
        name = userinfo['name']
        email = userinfo['email']

        if settings.ALLOW_UNIVERSAL_LOGIN is None:
            # Any user outside of the cleared mozilla domains is redirected to the main page.
            if not is_staff_address(email):
                return do_final_redirect(state, False, "Domain not in whitelist")

        try:
            # Get the db record for this user and make sure their
            # name matches what google says it should be.
            user = EmailUser.objects.get(email=email)
            # Just to be safe, we rebind the user's name, as this may have
            # changed since last time we saw this user.
            user.name = name
            user.save()

        except EmailUser.DoesNotExist:
            # Create a new database entry for this user.
            user = EmailUser.objects.create_user(
                name=name,
                email=email
            )

        # As this user just authenticated, we mark this user as logged in
        # for the duration of this session.
        login(request, user)

        return do_final_redirect(state, True, "User logged in")

    return HttpResponseNotFound(
        "callback happened without an error or code query argument: this should not be possible."
    )