1 files changed, 54 insertions, 6 deletions

diff --git a/python/fatcat_web/auth.py b/python/fatcat_web/auth.py
index f6672e87..385f5c49 100644
--- a/python/fatcat_web/auth.py
+++ b/python/fatcat_web/auth.py
@@ -1,27 +1,75 @@
 
 from flask import Flask, render_template, send_from_directory, request, \
     url_for, abort, g, redirect, jsonify, session
-from fatcat_web import login_manager
+from fatcat_web import login_manager, api
+from flask_login import logout_user, login_user, UserMixin
+import pymacaroons
 
 
+def handle_logout():
+    logout_user()
+    for k in ('editor', 'token'):
+        if k in session:
+            session.pop(k)
+
+def handle_token_login(token):
+    try:
+        m = pymacaroons.Macaroon.deserialize(token)
+    except pymacaroons.exceptions.MacaroonDeserializationException:
+        # TODO: what kind of Exceptions?
+        return abort(400)
+    # extract editor_id
+    editor_id = None
+    for caveat in m.first_party_caveats():
+        caveat = caveat.caveat_id
+        if caveat.startswith(b"editor_id = "):
+            editor_id = caveat[12:].decode('utf-8')
+    if not editor_id:
+        abort(400)
+    # fetch editor info
+    editor = api.get_editor(editor_id).to_dict()
+    session['api_token'] = token
+    session['editor'] = editor
+    login_user(load_user(editor_id))
+    return redirect("/")
+
 # This will need to login/signup via fatcatd API, then set token in session
 def handle_oauth(remote, token, user_info):
     print(remote)
     if token:
         print(remote.name, token)
     if user_info:
-        # TODO: fetch api login/signup using user_info
         print(user_info)
-        # TODO: write token and username to session
-        # TODO: call login_user(load_user(editor_id))
+        print(user_info.iss)
+        print(user_info.prefered_username)
+
+        # fetch api login/signup using user_info
+        params = AuthOidc(remote.name, user_info.sub, user_info.iss)
+        resp = api.auth_oidc(params)
+        editor = resp['editor']
+        api_token = resp['token']
+
+        # write token and username to session
+        session['api_token'] = api_token
+        session['editor'] = editor.editor_id
+
+        # call login_user(load_user(editor_id))
+        login_user(load_user(editor_id))
         return redirect("/")
+
     raise some_error
 
 
 @login_manager.user_loader
 def load_user(editor_id):
-    # NOTE: this should look for extra info in session, and update the user
-    # object with that. If session isn't loaded/valid, should return None
+    # looks for extra info in session, and updates the user object with that.
+    # If session isn't loaded/valid, should return None
+    if not 'editor' in session or not 'api_token' in session:
+        return None
+    editor = session['editor']
+    token = session['api_token']
     user = UserMixin()
     user.id = editor_id
+    user.username = editor['username']
+    user.token = token
     return user