Phi*_*Bot 11 python django facebook objective-c django-allauth
我正在使用Facebook iOS SDK将Facebook Access Token发布到我的Django服务器URI.相应的views.py函数如下所示,当我从iOS执行POST时,我得到200响应代码.但是,我有第二个@login_required修饰的URI,我立即从iOS设备调用后认为我没有登录并将我重定向到我的主页面.我究竟做错了什么?从iOS成功发布POST后,如何"保持"登录状态?
# For POSTing the facebook token
from django.views.decorators.csrf import csrf_exempt
from allauth.socialaccount import providers
from allauth.socialaccount.models import SocialLogin, SocialToken, SocialApp
from allauth.socialaccount.providers.facebook.views import fb_complete_login
from allauth.socialaccount.helpers import complete_social_login
# Log in from Facebook
@csrf_exempt
def mobile_facebook_login(request):
response = HttpResponse() ## Create an HTTP Response Object
if request.method == "POST": # The method better be a POST
access_token = request.POST.get('access_token') # Get token
try:
app = SocialApp.objects.get(provider="facebook")
token = SocialToken(app=app, token=access_token)
# Check token against facebook
login = fb_complete_login(request, app, token)
login.token = token
login.state = SocialLogin.state_from_request(request)
# Add or update the user into users table
ret = complete_social_login(request, login)
# If we get here we've succeeded
response['Auth-Response'] = 'success'
response.status_code = 200 # Set status
return response
except Exception,e:
# If we get here we've failed
response['Auth-Response'] = 'failure: %s'%(e)
response.status_code = 401 # Set status
return response
else:
# If we get here we've failed
response['Auth-Response'] = 'failure'
response.status_code = 401 # Set status
return response
=======更新==========
好的,谢谢你的评论.所以我现在也在发布Facebook电子邮件地址并获取用户并手动登录.但是,后续请求STILL未经过身份验证.所以@login_required装饰器仍然失败..还有其他想法吗?
# Log in from Facebook
@csrf_exempt
def mobile_facebook_login(request):
response = HttpResponse() ## Create an HTTP Response Object
if request.method == "POST": # The method better be a POST
access_token = request.POST.get('access_token') # Get token
email = request.POST.get('email') # Get email
try:
app = SocialApp.objects.get(provider="facebook")
token = SocialToken(app=app, token=access_token)
# Check token against facebook
login = fb_complete_login(request, app, token)
login.token = token
login.state = SocialLogin.state_from_request(request)
# Add or update the user into users table
ret = complete_social_login(request, login)
# Try to get username from email
try:
user = User.objects.get(email=email) # Get User
# Login the user from Django's perspective
user.backend = 'django.contrib.auth.backends.ModelBackend'
auth_login(request,user)
except User.DoesNotExist:
# If we get here we've failed
response['Auth-Response'] = 'failure: %s'%(e)
response.status_code = 401 # Set status
return response
# If we get here we've succeeded
response['Auth-Response'] = 'success'
response.status_code = 200 # Set status
return response
except Exception,e:
# If we get here we've failed
response['Auth-Response'] = 'failure: %s'%(e)
response.status_code = 401 # Set status
return response
else:
# If we get here we've failed
response['Auth-Response'] = 'failure'
response.status_code = 401 # Set status
return response
====另一个更新==========
基于这篇文章中的第二个答案: 没有密码的django身份验证
我创建了一个不需要密码的自定义登录后端.该帖子中的第3个答案讨论了如何做到这一点:
user.backend = 'django.contrib.auth.backends.ModelBackend'
login(request, user)
不在会话中存储登录验证.所以我尝试使用自定义后端.
这是我修改过的代码:
# Log in from Facebook
@csrf_exempt
def mobile_facebook_login(request):
response = HttpResponse() ## Create an HTTP Response Object
if request.method == "POST": # The method better be a POST
access_token = request.POST.get('access_token') # Get token
email = request.POST.get('email') # Get email
try:
app = SocialApp.objects.get(provider="facebook")
token = SocialToken(app=app, token=access_token)
# Check token against facebook
login = fb_complete_login(request, app, token)
login.token = token
login.state = SocialLogin.state_from_request(request)
# Add or update the user into users table
ret = complete_social_login(request, login)
# Try to get username from email
try:
user = User.objects.get(email=email) # Get User
# Login the user from Django's perspective
user.backend = 'django_tours.auth_backend.PasswordlessAuthBackend'
user = authenticate(email=user.email)
auth_login(request,user)
#request.session.cycle_key()
except User.DoesNotExist:
# If we get here we've failed
response['Auth-Response'] = 'failure: %s'%(e)
response.status_code = 401 # Set status
return response
# If we get here we've succeeded
response['Auth-Response'] = 'success'
response['User-Is-Authenticated'] = '%s'%(request.user.is_authenticated())
response.status_code = 200 # Set status
return response
except Exception,e:
# If we get here we've failed
response['Auth-Response'] = 'failure: %s'%(e)
response.status_code = 401 # Set status
return response
else:
# If we get here we've failed
response['Auth-Response'] = 'failure'
response.status_code = 401 # Set status
return response
使用hurl.it我得到这个HTTP 200响应,但仍然不认为从iPhone登录:
Auth-Response: success
Content-Encoding: gzip
Content-Length: 20
Content-Type: text/html; charset=utf-8
Date: Thu, 08 May 2014 00:22:47 GMT
Server: Apache/2.2.22 (Ubuntu)
Set-Cookie: csrftoken=UuJDP6OB3YCSDtXLEa10MgJ70tDtIfZX; expires=Thu, 07-May-2015 00:22:48 GMT; Max-Age=31449600; Path=/, sessionid=kdr061v1pcsbqtvgsn3pyyqj9237z6k8; expires=Thu, 22-May-2014 00:22:48 GMT; httponly; Max-Age=1209600; Path=/, messages="4f919699a4730a3df220a0eb3799ed59d2756825$[[\"__json_message\"\0540\05425\054\"Successfully signed in as philbot.\"]]"; Path=/
User-Is-Authenticated: True
Vary: Cookie,Accept-Encoding
感谢所有的帮助和意见——我终于解决了。我不知道为什么使用 Facebook 登录会破坏 cookie 而标准登录工作正常的确切根本原因。我确实注意到,从 Facebook 登录返回的 cookie 域的格式是以“.”开头。像这样:
[ .domain.com ]
而有效的标准登录具有如下 cookie 域:
[ www.domain.com ]
成功登录 Facebook 后,我从 HTTP 响应中解析了 cookie,并将它们存储在单例中:
// Extract cookie information
NSRange range = [cookieString rangeOfString:@"csrftoken="];
if (range.location!=NSNotFound){
cookieString = [cookieString substringFromIndex:NSMaxRange(range)];
range = [cookieString rangeOfString:@";"];
if (range.location!=NSNotFound){
self.appDelegate.djangoCsrftoken = [cookieString substringToIndex:range.location];
}
}
range = [cookieString rangeOfString:@"sessionid="];
if (range.location!=NSNotFound){
cookieString = [cookieString substringFromIndex:NSMaxRange(range)];
range = [cookieString rangeOfString:@";"];
if (range.location!=NSNotFound){
self.appDelegate.djangoSessionId = [cookieString substringToIndex:range.location];
}
}
if (LOGIN_DEBUG) { // Debug the response
NSLog(@"Extracted csrftoken is: %@",self.appDelegate.djangoCsrftoken);
NSLog(@"Extracted sessionid is: %@",self.appDelegate.djangoSessionId);
}
然后,我为以下请求显式创建了这些 cookie:
// Clear all cookies when app launches
NSHTTPCookieStorage *cookieStorage = [NSHTTPCookieStorage sharedHTTPCookieStorage];
for (NSHTTPCookie *each in cookieStorage.cookies) {
//if ( [each.domain isEqualToString:DOMAIN] ) {
NSLog(@"Deleting cookie: %@ -- %@",each.name,each.domain);
[cookieStorage deleteCookie:each];
//}
}
//////////////// CSRF TOKEN /////////////////////
// Create cookies based on parsed values
NSMutableDictionary *cookieCsrfProperties = [NSMutableDictionary dictionary];
[cookieCsrfProperties setObject:@"csrftoken" forKey:NSHTTPCookieName];
[cookieCsrfProperties setObject:self.appDelegate.djangoCsrftoken forKey:NSHTTPCookieValue];
[cookieCsrfProperties setObject:DOMAIN forKey:NSHTTPCookieDomain];
[cookieCsrfProperties setObject:DOMAIN forKey:NSHTTPCookieOriginURL];
[cookieCsrfProperties setObject:@"/" forKey:NSHTTPCookiePath];
[cookieCsrfProperties setObject:@"0" forKey:NSHTTPCookieVersion];
// Set expiration to one month from now or any NSDate of your choosing
// this makes the cookie sessionless and it will persist across web sessions and app launches
/// if you want the cookie to be destroyed when your app exits, don't set this
[cookieCsrfProperties setObject:[[NSDate date] dateByAddingTimeInterval:2629743] forKey:NSHTTPCookieExpires];
NSHTTPCookie *csrfCookie = [NSHTTPCookie cookieWithProperties:cookieCsrfProperties];
[[NSHTTPCookieStorage sharedHTTPCookieStorage] setCookie:csrfCookie];
//////////////// SessionId TOKEN /////////////////////
// Create cookies based on parsed values
NSMutableDictionary *cookieSessionIdProperties = [NSMutableDictionary dictionary];
[cookieSessionIdProperties setObject:@"sessionid" forKey:NSHTTPCookieName];
[cookieSessionIdProperties setObject:self.appDelegate.djangoSessionId forKey:NSHTTPCookieValue];
[cookieSessionIdProperties setObject:DOMAIN forKey:NSHTTPCookieDomain];
[cookieSessionIdProperties setObject:DOMAIN forKey:NSHTTPCookieOriginURL];
[cookieSessionIdProperties setObject:@"/" forKey:NSHTTPCookiePath];
[cookieSessionIdProperties setObject:@"0" forKey:NSHTTPCookieVersion];
// Set expiration to one month from now or any NSDate of your choosing
// this makes the cookie sessionless and it will persist across web sessions and app launches
/// if you want the cookie to be destroyed when your app exits, don't set this
[cookieCsrfProperties setObject:[[NSDate date] dateByAddingTimeInterval:2629743] forKey:NSHTTPCookieExpires];
NSHTTPCookie *sessionIdCookie = [NSHTTPCookie cookieWithProperties:cookieSessionIdProperties];
[[NSHTTPCookieStorage sharedHTTPCookieStorage] setCookie:sessionIdCookie];
///////////////////////////////////////////////////
// Create request
NSURL *url = [NSURL URLWithString:requestUrl];
NSMutableURLRequest *urlRequest = [NSMutableURLRequest requestWithURL:url];
urlRequest.HTTPShouldHandleCookies = YES;
NSHTTPCookie *setCookie;
for (setCookie in [NSHTTPCookieStorage sharedHTTPCookieStorage].cookies) {
if ( ([setCookie.name isEqualToString:@"csrftoken" ] || [setCookie.name isEqualToString:@"sessionid"]) ) {
NSLog(@"Adding Cookie: %@ = %@ [ %@ ]", setCookie.name, setCookie.value, setCookie.domain);
[urlRequest addValue:setCookie.value forHTTPHeaderField:setCookie.name];
}
}
NSURLResponse *response = nil;
NSError * error = nil;
NSData *responseData = [NSURLConnection sendSynchronousRequest:urlRequest returningResponse:&response error:&error];
完成此操作后,我可以使用 Django-allauth 成功登录 Facebook。
| 归档时间: |
|
| 查看次数: |
2875 次 |
| 最近记录: |