now also accepting authorization codes from social login (e.g. facebook)

philippeluickx · philippeluickx · commit 74f2ffec7f72 · 2015-08-07T13:26:57.000+03:00
diff --git a/docs/api_endpoints.rst b/docs/api_endpoints.rst
@@ -73,3 +73,4 @@ Basing on example from installation section :doc:`Installation </installation>`
 - /rest-auth/facebook/ (POST)
 
     - access_token
+    - code
diff --git a/rest_auth/registration/serializers.py b/rest_auth/registration/serializers.py
@@ -10,7 +10,8 @@
 
 
 class SocialLoginSerializer(serializers.Serializer):
-    access_token = serializers.CharField(required=True)
+    access_token = serializers.CharField(required=False)
+    code = serializers.CharField(required=False)
 
     def _get_request(self):
         request = self.context.get('request')
@@ -33,7 +34,6 @@ def get_social_login(self, adapter, app, token, response):
         return social_login
 
     def validate(self, attrs):
-        access_token = attrs.get('access_token')
         view = self.context.get('view')
         request = self._get_request()
 
@@ -48,6 +48,44 @@ def validate(self, attrs):
 
         adapter = adapter_class()
         app = adapter.get_provider().get_app(request)
+
+        # More info on code vs access_token
+        # http://stackoverflow.com/questions/8666316/facebook-oauth-2-0-code-and-token
+
+        # Case 1: We received the access_token
+        if('access_token' in attrs):
+            access_token = attrs.get('access_token')
+
+        # Case 2: We received the authorization code
+        elif('code' in attrs):
+            self.callback_url = getattr(view, 'callback_url', None)
+            self.client_class = getattr(view, 'client_class', None)
+
+            if not self.callback_url:
+                raise serializers.ValidationError(
+                    'Define callback_url in view'
+                )
+            if not self.client_class:
+                raise serializers.ValidationError(
+                    'Define client_class in view'
+                )
+
+            code = attrs.get('code')
+
+            provider = self.adapter.get_provider()
+            scope = provider.get_scope(request)
+            client = self.client_class(
+                request,
+                app.client_id,
+                app.secret,
+                self.adapter.access_token_method,
+                self.adapter.access_token_url,
+                self.callback_url,
+                scope
+            )
+            token = client.get_access_token(code)
+            access_token = token['access_token']
+
         token = adapter.parse_token({'access_token': access_token})
         token.app = app
 
diff --git a/rest_auth/registration/views.py b/rest_auth/registration/views.py
@@ -3,21 +3,33 @@
 from rest_framework.response import Response
 from rest_framework.permissions import AllowAny
 from rest_framework import status
+from rest_framework.authtoken.models import Token
 
 from allauth.account.views import SignupView, ConfirmEmailView
 from allauth.account.utils import complete_signup
 from allauth.account import app_settings
 
-from rest_auth.app_settings import UserDetailsSerializer
+from rest_auth.app_settings import UserDetailsSerializer, TokenSerializer
 from rest_auth.registration.serializers import SocialLoginSerializer
 from rest_auth.views import Login
 
 
 class Register(APIView, SignupView):
+    """
+    Accepts the credentials and creates a new user
+    if user does not exist already
+    Return the REST Token if the credentials are valid and authenticated.
+    Calls allauth complete_signup method
+
+    Accept the following POST parameters: username, email, password
+    Return the REST Framework Token Object's key.
+    """
 
     permission_classes = (AllowAny,)
-    user_serializer_class = UserDetailsSerializer
+    # user_serializer_class = UserDetailsSerializer
     allowed_methods = ('POST', 'OPTIONS', 'HEAD')
+    token_model = Token
+    serializer_class = TokenSerializer
 
     def get(self, *args, **kwargs):
         return Response({}, status=status.HTTP_405_METHOD_NOT_ALLOWED)
@@ -27,6 +39,9 @@ def put(self, *args, **kwargs):
 
     def form_valid(self, form):
         self.user = form.save(self.request)
+        self.token, created = self.token_model.objects.get_or_create(
+            user=self.user
+        )
         if isinstance(self.request, HttpRequest):
             request = self.request
         else:
@@ -47,7 +62,8 @@ def post(self, request, *args, **kwargs):
             return self.get_response_with_errors()
 
     def get_response(self):
-        serializer = self.user_serializer_class(instance=self.user)
+        # serializer = self.user_serializer_class(instance=self.user)
+        serializer = self.serializer_class(instance=self.token)
         return Response(serializer.data, status=status.HTTP_201_CREATED)
 
     def get_response_with_errors(self):
@@ -72,11 +88,25 @@ def post(self, request, *args, **kwargs):
 class SocialLogin(Login):
     """
     class used for social authentications
-    example usage for facebook
+    example usage for facebook with access_token
+    -------------
+    from allauth.socialaccount.providers.facebook.views import FacebookOAuth2Adapter
 
+    class FacebookLogin(SocialLogin):
+        adapter_class = FacebookOAuth2Adapter
+    -------------
+
+    example usage for facebook with code
+
+    -------------
     from allauth.socialaccount.providers.facebook.views import FacebookOAuth2Adapter
+    from allauth.socialaccount.providers.oauth2.client import OAuth2Client
+
     class FacebookLogin(SocialLogin):
         adapter_class = FacebookOAuth2Adapter
+         client_class = OAuth2Client
+         callback_url = 'localhost:8000'
+    -------------
     """
 
     serializer_class = SocialLoginSerializer

Original file line number	Diff line number	Diff line change
@@ -73,3 +73,4 @@ Basing on example from installation section :doc:`Installation </installation>`
`73`	`73`	`- /rest-auth/facebook/ (POST)`
`74`	`74`
`75`	`75`	`- access_token`
	`76`	`+ - code`