app.py

import os
import base64
import json
import functools
import time
import logging
from logging import StreamHandler

from flask import (
    Flask,
    session,
    redirect,
    url_for,
    request,
    render_template,
    current_app
)
from flask.ext.sqlalchemy import SQLAlchemy
import requests
import clef



SQLALCHEMY_DATABASE_URI = os.environ.get(
    'HEROKU_POSTGRESQL_WHITE_URL',
    'sqlite:////tmp/test.db'
)
DEBUG = not os.environ.get('PRODUCTION')
REDIRECT_URL = os.environ.get('REDIRECT_URL', 'http://localhost:5000/login')
CLEF_APP_ID = '4f318ac177a9391c2e0d221203725ffd'
CLEF_APP_SECRET = '2125d80f4583c52c46f8084bcc030c9b'
SECRET_KEY = 'development key'

app = Flask(__name__)
app.config.from_object(__name__)

# set up logging
app.logger.setLevel(logging.DEBUG)
app.logger.addHandler(StreamHandler())

db = SQLAlchemy(app)
clef.initialize(app_id=CLEF_APP_ID, app_secret=CLEF_APP_SECRET)

class User(db.Model):
    id = db.Column(db.Integer, primary_key=True)
    email = db.Column(db.String())
    first_name = db.Column(db.String())
    clef_id = db.Column(db.String())
    logged_out_at = db.Column(db.BigInteger)

class LogoutHookException(Exception):
    pass


def logged_in(view):
    """
    Decorator that checks whether a user is currently logged in.
    If a user is logged in it provides the user object.
    Uses Clef-based database logout.
    """
    @functools.wraps(view)
    def decorated_view(*args, **kwargs):
        user_id = session.get('user', -1)
        logged_in_at = session.get('logged_in_at', None)
        user = User.query.get(user_id)

        # does check for database logout of user
        if user and user.logged_out_at > logged_in_at:
            session.clear()
            user = None

        return view(user=user, *args, **kwargs)
    return decorated_view

def is_valid_state(state):
    state_is_valid = ('state' in session
        and len(session['state']) > 0
        and session['state'] == state)
    session.pop('state', None)
    return state_is_valid

def generate_state():
    state = base64.urlsafe_b64encode(os.urandom(32))
    session['state'] = state
    return state

@app.route('/')
@logged_in
def hello(user=None):
    return render_template(
        'index.html',
        user=user,
        state=generate_state(),
        redirect_url=current_app.config['REDIRECT_URL']
    )

@app.route('/login')
def login():
    # If the state parameter doesn't match what we passed into the Clef button,
    # then this request could have been generated by a 3rd party, so we should
    # abort it.
    #
    # For more protection about the state parameter and CSRF, check out
    # http://docs.getclef.com/v1.0/docs/verifying-state-parameter
    state = request.args.get('state')
    if not is_valid_state(state):
        return "Oops, the state parameter didn't match what was passed in to the Clef button."

    code = request.args.get('code')
    # call to get user information handles the OAuth handshake
    try:
        user_information = clef.get_login_information(code=code)

    except clef.APIError as e:
        app.logger.error(e)

    # request was successful so store the user in the session
    else:
        clef_id = user_information.get('id')
        email = user_information.get('email')
        first_name = user_information.get('first_name')

        user = User.query.filter_by(clef_id=clef_id).first()
        if not user:
            user = User(email=email, first_name=first_name, clef_id=clef_id)
            db.session.add(user)
            db.session.commit()

        session['user'] = user.id
        session['logged_in_at'] = time.time()
    return redirect(url_for('hello'))

@app.route('/logout', methods=['POST'])
@logged_in
def logout(user=None):

    # Clef is notifying you that a user has logged out from their phone
    logout_token = request.form.get('logout_token')

    # use the clef_id to look up the user in your database
    # http://docs.getclef.com/v1.0/docs/database-logout
    try:
        clef_id = clef.get_logout_information(logout_token=logout_token)

    except clef.APIError as e:
        app.logger.error(e)
        return 'Logout error'

    else:
        user = User.query.filter_by(clef_id=clef_id).first()
        if not user:
            app.logger.error('Invalid user')
        else:
            user.logged_out_at = time.time()
            db.session.add(user)
            db.session.commit()
        return 'Ok'

if __name__ == "__main__":
    # NOTE: For the sample app, we drop all information every time the app reloads.
    #
    # Obviously, this doesn't really work in production. Remove the following
    # lines to have a sane DB configuration.
    db.create_all()
    app.run(host='0.0.0.0', port=int(os.environ.get('PORT', 5000)))