From 5b0762a98c93fed6030eedac6671747777746f1f Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 1 Apr 2022 20:03:37 -0400 Subject: [PATCH] support refresh access token --- books/views.py | 6 +- common/models.py | 2 +- common/templatetags/oauth_token.py | 2 +- games/views.py | 6 +- mastodon/api.py | 115 +++++++++++++++++- mastodon/auth.py | 115 +----------------- movies/views.py | 6 +- music/views.py | 12 +- users/export.py | 1 - users/management/commands/refresh_mastodon.py | 13 +- users/models.py | 4 + users/views.py | 52 ++++---- 12 files changed, 170 insertions(+), 164 deletions(-) diff --git a/books/views.py b/books/views.py index 9b02bfc6..219afb99 100644 --- a/books/views.py +++ b/books/views.py @@ -323,7 +323,7 @@ def create_update_mark(request): content = words + '\n' + url + '\n' + \ form.cleaned_data['text'] + '\n' + tags response = post_toot( - request.user.mastodon_site, content, visibility, request.session['oauth_token']) + request.user.mastodon_site, content, visibility, request.user.mastodon_token) if response.status_code != 200: mastodon_logger.error(f"CODE:{response.status_code} {response.text}") return HttpResponseServerError("publishing mastodon status failed") @@ -415,7 +415,7 @@ def create_review(request, book_id): content = words + '\n' + url + \ '\n' + form.cleaned_data['title'] + '\n' + tags response = post_toot( - request.user.mastodon_site, content, visibility, request.session['oauth_token']) + request.user.mastodon_site, content, visibility, request.user.mastodon_token) if response.status_code != 200: mastodon_logger.error( f"CODE:{response.status_code} {response.text}") @@ -469,7 +469,7 @@ def update_review(request, id): content = words + '\n' + url + \ '\n' + form.cleaned_data['title'] + '\n' + tags response = post_toot( - request.user.mastodon_site, content, visibility, request.session['oauth_token']) + request.user.mastodon_site, content, visibility, request.user.mastodon_token) if response.status_code != 200: mastodon_logger.error(f"CODE:{response.status_code} {response.text}") return HttpResponseServerError("publishing mastodon status failed") diff --git a/common/models.py b/common/models.py index 0e2dbe06..a2ca383c 100644 --- a/common/models.py +++ b/common/models.py @@ -203,7 +203,7 @@ class UserOwnedEntity(models.Model): @classmethod def get_available(cls, entity, request_user, following_only=False): - # e.g. SongMark.get_available(song, request.user, request.session['oauth_token']) + # e.g. SongMark.get_available(song, request.user, request.user.mastodon_token) query_kwargs = {entity.__class__.__name__.lower(): entity} all_entities = cls.objects.filter(**query_kwargs).order_by("-edited_time") # get all marks for song visible_entities = list(filter(lambda _entity: _entity.is_visible_to(request_user) and (_entity.owner.mastodon_username in request_user.mastodon_following if following_only else True), all_entities)) diff --git a/common/templatetags/oauth_token.py b/common/templatetags/oauth_token.py index 7aac83a1..b2f24677 100644 --- a/common/templatetags/oauth_token.py +++ b/common/templatetags/oauth_token.py @@ -7,7 +7,7 @@ register = template.Library() class OAuthTokenNode(template.Node): def render(self, context): request = context.get('request') - oauth_token = request.session.get('oauth_token', default='') + oauth_token = request.user.mastodon_token return format_html(oauth_token) diff --git a/games/views.py b/games/views.py index 6edc4774..c5a73458 100644 --- a/games/views.py +++ b/games/views.py @@ -325,7 +325,7 @@ def create_update_mark(request): content = words + '\n' + url + '\n' + \ form.cleaned_data['text'] + '\n' + tags response = post_toot(request.user.mastodon_site, content, visibility, - request.session['oauth_token']) + request.user.mastodon_token) if response.status_code != 200: mastodon_logger.error( f"CODE:{response.status_code} {response.text}") @@ -418,7 +418,7 @@ def create_review(request, game_id): content = words + '\n' + url + \ '\n' + form.cleaned_data['title'] + '\n' + tags response = post_toot(request.user.mastodon_site, content, visibility, - request.session['oauth_token']) + request.user.mastodon_token) if response.status_code != 200: mastodon_logger.error( f"CODE:{response.status_code} {response.text}") @@ -472,7 +472,7 @@ def update_review(request, id): content = words + '\n' + url + \ '\n' + form.cleaned_data['title'] + '\n' + tags response = post_toot(request.user.mastodon_site, content, visibility, - request.session['oauth_token']) + request.user.mastodon_token) if response.status_code != 200: mastodon_logger.error( f"CODE:{response.status_code} {response.text}") diff --git a/mastodon/api.py b/mastodon/api.py index 905a8f8c..346f3e09 100644 --- a/mastodon/api.py +++ b/mastodon/api.py @@ -3,8 +3,10 @@ import string import random import functools from django.core.exceptions import ObjectDoesNotExist -from .models import CrossSiteUserInfo from django.conf import settings +from django.shortcuts import reverse +from urllib.parse import quote +from .models import CrossSiteUserInfo, MastodonApplication # See https://docs.joinmastodon.org/methods/accounts/ @@ -248,3 +250,114 @@ class TootVisibilityEnum: PRIVATE = 'private' DIRECT = 'direct' UNLISTED = 'unlisted' + + +def get_mastodon_application(domain): + app = MastodonApplication.objects.filter(domain_name=domain).first() + if app is not None: + return app, '' + if domain == TWITTER_DOMAIN: + return None, 'Twitter未配置' + error_msg = None + try: + response = create_app(domain) + except (requests.exceptions.Timeout, ConnectionError): + error_msg = _("联邦网络请求超时。") + except Exception as e: + error_msg = str(e) + else: + # fill the form with returned data + if response.status_code != 200: + error_msg = "实例连接错误,代码: " + str(response.status_code) + print(f'Error connecting {domain}: {response.status_code} {response.content.decode("utf-8")}') + else: + try: + data = response.json() + except Exception as e: + error_msg = "实例返回内容无法识别" + print(f'Error connecting {domain}: {response.status_code} {response.content.decode("utf-8")} {e}') + else: + app = MastodonApplication.objects.create(domain_name=domain, app_id=data['id'], client_id=data['client_id'], + client_secret=data['client_secret'], vapid_key=data['vapid_key'] if 'vapid_key' in data else '') + return app, error_msg + + +def get_mastodon_login_url(app, login_domain, version, request): + url = request.scheme + "://" + request.get_host() + reverse('users:OAuth2_login') + if login_domain == TWITTER_DOMAIN: + return f"https://twitter.com/i/oauth2/authorize?response_type=code&client_id={app.client_id}&redirect_uri={quote(url)}&scope={quote(settings.TWITTER_CLIENT_SCOPE)}&state=state&code_challenge=challenge&code_challenge_method=plain" + scope = 'read' if 'Pixelfed' in version else settings.MASTODON_CLIENT_SCOPE + return "https://" + login_domain + "/oauth/authorize?client_id=" + app.client_id + "&scope=" + quote(scope) + "&redirect_uri=" + url + "&response_type=code" + + +def obtain_token(site, request, code): + """ Returns token if success else None. """ + mast_app = MastodonApplication.objects.get(domain_name=site) + redirect_uri = request.scheme + "://" + request.get_host() + reverse('users:OAuth2_login') + payload = { + 'client_id': mast_app.client_id, + 'client_secret': mast_app.client_secret, + 'redirect_uri': redirect_uri, + 'grant_type': 'authorization_code', + 'code': code, + 'code_verifier': 'challenge' + } + headers = {'User-Agent': 'NeoDB/1.0'} + auth = None + if mast_app.is_proxy: + url = 'https://' + mast_app.proxy_to + API_OBTAIN_TOKEN + elif site == TWITTER_DOMAIN: + url = 'https://api.twitter.com/2/oauth2/token' + auth = (mast_app.client_id, mast_app.client_secret) + del payload['client_secret'] + else: + url = 'https://' + mast_app.domain_name + API_OBTAIN_TOKEN + response = post(url, data=payload, headers=headers, auth=auth) + # {"token_type":"bearer","expires_in":7200,"access_token":"VGpkOEZGR3FQRDJ5NkZ0dmYyYWIwS0dqeHpvTnk4eXp0NV9nWDJ2TEpmM1ZTOjE2NDg3ODMxNTU4Mzc6MToxOmF0OjE","scope":"block.read follows.read offline.access tweet.write users.read mute.read","refresh_token":"b1pXbGEzeUF1WE5yZHJOWmxTeWpvMTBrQmZPd0czLU0tQndZQTUyU3FwRDVIOjE2NDg3ODMxNTU4Mzg6MToxOnJ0OjE"} + if response.status_code != 200: + print(url) + print(response.status_code) + print(response.text) + return None, None + data = response.json() + return data.get('access_token'), data.get('refresh_token', '') + + +def refresh_access_token(site, refresh_token): + if site != TWITTER_DOMAIN: + return None + mast_app = MastodonApplication.objects.get(domain_name=site) + url = 'https://api.twitter.com/2/oauth2/token' + payload = { + 'client_id': mast_app.client_id, + 'refresh_token': refresh_token, + 'grant_type': 'refresh_token', + } + headers = {'User-Agent': 'NeoDB/1.0'} + auth = (mast_app.client_id, mast_app.client_secret) + response = post(url, data=payload, headers=headers, auth=auth) + if response.status_code != 200: + print(url) + print(payload) + print(response.status_code) + print(response.text) + return None + data = response.json() + return data.get('access_token') + + +def revoke_token(site, token): + mast_app = MastodonApplication.objects.get(domain_name=site) + + payload = { + 'client_id': mast_app.client_id, + 'client_secret': mast_app.client_secret, + 'token': token + } + + if mast_app.is_proxy: + url = 'https://' + mast_app.proxy_to + API_REVOKE_TOKEN + else: + url = 'https://' + site + API_REVOKE_TOKEN + post(url, data=payload, headers={'User-Agent': 'NeoDB/1.0'}) + diff --git a/mastodon/auth.py b/mastodon/auth.py index 069ecb66..02d7703f 100644 --- a/mastodon/auth.py +++ b/mastodon/auth.py @@ -1,118 +1,5 @@ from django.contrib.auth.backends import ModelBackend, UserModel -from django.shortcuts import reverse -from .api import * -from .models import MastodonApplication -from django.conf import settings -from urllib.parse import quote - - -def get_mastodon_application(domain): - app = MastodonApplication.objects.filter(domain_name=domain).first() - if app is not None: - return app, '' - if domain == TWITTER_DOMAIN: - return None, 'Twitter未配置' - error_msg = None - try: - response = create_app(domain) - except (requests.exceptions.Timeout, ConnectionError): - error_msg = _("联邦网络请求超时。") - except Exception as e: - error_msg = str(e) - else: - # fill the form with returned data - if response.status_code != 200: - error_msg = "实例连接错误,代码: " + str(response.status_code) - print(f'Error connecting {domain}: {response.status_code} {response.content.decode("utf-8")}') - else: - try: - data = response.json() - except Exception as e: - error_msg = "实例返回内容无法识别" - print(f'Error connecting {domain}: {response.status_code} {response.content.decode("utf-8")} {e}') - else: - app = MastodonApplication.objects.create(domain_name=domain, app_id=data['id'], client_id=data['client_id'], - client_secret=data['client_secret'], vapid_key=data['vapid_key'] if 'vapid_key' in data else '') - return app, error_msg - - -def get_mastodon_login_url(app, login_domain, version, request): - url = request.scheme + "://" + request.get_host() + reverse('users:OAuth2_login') - if login_domain == TWITTER_DOMAIN: - return f"https://twitter.com/i/oauth2/authorize?response_type=code&client_id={app.client_id}&redirect_uri={quote(url)}&scope={quote(settings.TWITTER_CLIENT_SCOPE)}&state=state&code_challenge=challenge&code_challenge_method=plain" - scope = 'read' if 'Pixelfed' in version else settings.MASTODON_CLIENT_SCOPE - return "https://" + login_domain + "/oauth/authorize?client_id=" + app.client_id + "&scope=" + quote(scope) + "&redirect_uri=" + url + "&response_type=code" - - -def obtain_token(site, request, code): - """ Returns token if success else None. """ - mast_app = MastodonApplication.objects.get(domain_name=site) - redirect_uri = request.scheme + "://" + request.get_host() + reverse('users:OAuth2_login') - payload = { - 'client_id': mast_app.client_id, - 'client_secret': mast_app.client_secret, - 'redirect_uri': redirect_uri, - 'grant_type': 'authorization_code', - 'code': code, - 'code_verifier': 'challenge' - } - headers = {'User-Agent': 'NeoDB/1.0'} - auth = None - if mast_app.is_proxy: - url = 'https://' + mast_app.proxy_to + API_OBTAIN_TOKEN - elif site == TWITTER_DOMAIN: - url = 'https://api.twitter.com/2/oauth2/token' - auth = (mast_app.client_id, mast_app.client_secret) - del payload['client_secret'] - else: - url = 'https://' + mast_app.domain_name + API_OBTAIN_TOKEN - response = post(url, data=payload, headers=headers, auth=auth) - # {"token_type":"bearer","expires_in":7200,"access_token":"VGpkOEZGR3FQRDJ5NkZ0dmYyYWIwS0dqeHpvTnk4eXp0NV9nWDJ2TEpmM1ZTOjE2NDg3ODMxNTU4Mzc6MToxOmF0OjE","scope":"block.read follows.read offline.access tweet.write users.read mute.read","refresh_token":"b1pXbGEzeUF1WE5yZHJOWmxTeWpvMTBrQmZPd0czLU0tQndZQTUyU3FwRDVIOjE2NDg3ODMxNTU4Mzg6MToxOnJ0OjE"} - if response.status_code != 200: - print(url) - print(response.status_code) - print(response.text) - return None, None - data = response.json() - return data.get('access_token'), data.get('refresh_token', '') - - -def refresh_access_token(site, refresh_token): - if site != TWITTER_DOMAIN: - return None - mast_app = MastodonApplication.objects.get(domain_name=site) - url = 'https://api.twitter.com/2/oauth2/token' - payload = { - 'client_id': mast_app.client_id, - 'refresh_token': refresh_token, - 'grant_type': 'refresh_token', - } - headers = {'User-Agent': 'NeoDB/1.0'} - auth = (mast_app.client_id, mast_app.client_secret) - response = post(url, data=payload, headers=headers, auth=auth) - if response.status_code != 200: - print(url) - print(response.status_code) - print(response.text) - return None - data = response.json() - return data.get('access_token') - - -def revoke_token(site, token): - mast_app = MastodonApplication.objects.get(domain_name=site) - - payload = { - 'client_id': mast_app.client_id, - 'client_secret': mast_app.client_secret, - 'token': token - } - - if mast_app.is_proxy: - url = 'https://' + mast_app.proxy_to + API_REVOKE_TOKEN - else: - url = 'https://' + site + API_REVOKE_TOKEN - post(url, data=payload, headers={'User-Agent': 'NeoDB/1.0'}) +from .api import verify_account class OAuth2Backend(ModelBackend): diff --git a/movies/views.py b/movies/views.py index 41443815..b659d932 100644 --- a/movies/views.py +++ b/movies/views.py @@ -324,7 +324,7 @@ def create_update_mark(request): content = words + '\n' + url + '\n' + \ form.cleaned_data['text'] + '\n' + tags response = post_toot(request.user.mastodon_site, content, visibility, - request.session['oauth_token']) + request.user.mastodon_token) if response.status_code != 200: mastodon_logger.error( f"CODE:{response.status_code} {response.text}") @@ -417,7 +417,7 @@ def create_review(request, movie_id): content = words + '\n' + url + \ '\n' + form.cleaned_data['title'] + '\n' + tags response = post_toot(request.user.mastodon_site, content, visibility, - request.session['oauth_token']) + request.user.mastodon_token) if response.status_code != 200: mastodon_logger.error( f"CODE:{response.status_code} {response.text}") @@ -471,7 +471,7 @@ def update_review(request, id): content = words + '\n' + url + \ '\n' + form.cleaned_data['title'] + '\n' + tags response = post_toot(request.user.mastodon_site, content, visibility, - request.session['oauth_token']) + request.user.mastodon_token) if response.status_code != 200: mastodon_logger.error( f"CODE:{response.status_code} {response.text}") diff --git a/music/views.py b/music/views.py index e35cc0eb..1bdc3578 100644 --- a/music/views.py +++ b/music/views.py @@ -343,7 +343,7 @@ def create_update_song_mark(request): content = words + '\n' + url + '\n' + \ form.cleaned_data['text'] + '\n' + tags response = post_toot(request.user.mastodon_site, content, visibility, - request.session['oauth_token']) + request.user.mastodon_token) if response.status_code != 200: mastodon_logger.error( f"CODE:{response.status_code} {response.text}") @@ -436,7 +436,7 @@ def create_song_review(request, song_id): content = words + '\n' + url + \ '\n' + form.cleaned_data['title'] + '\n' + tags response = post_toot(request.user.mastodon_site, content, visibility, - request.session['oauth_token']) + request.user.mastodon_token) if response.status_code != 200: mastodon_logger.error( f"CODE:{response.status_code} {response.text}") @@ -490,7 +490,7 @@ def update_song_review(request, id): content = words + '\n' + url + \ '\n' + form.cleaned_data['title'] + '\n' + tags response = post_toot(request.user.mastodon_site, content, visibility, - request.session['oauth_token']) + request.user.mastodon_token) if response.status_code != 200: mastodon_logger.error( f"CODE:{response.status_code} {response.text}") @@ -918,7 +918,7 @@ def create_update_album_mark(request): content = words + '\n' + url + '\n' + \ form.cleaned_data['text'] + '\n' + tags response = post_toot(request.user.mastodon_site, content, visibility, - request.session['oauth_token']) + request.user.mastodon_token) if response.status_code != 200: mastodon_logger.error( f"CODE:{response.status_code} {response.text}") @@ -1011,7 +1011,7 @@ def create_album_review(request, album_id): content = words + '\n' + url + \ '\n' + form.cleaned_data['title'] + '\n' + tags response = post_toot(request.user.mastodon_site, content, visibility, - request.session['oauth_token']) + request.user.mastodon_token) if response.status_code != 200: mastodon_logger.error( f"CODE:{response.status_code} {response.text}") @@ -1065,7 +1065,7 @@ def update_album_review(request, id): content = words + '\n' + url + \ '\n' + form.cleaned_data['title'] + '\n' + tags response = post_toot(request.user.mastodon_site, content, visibility, - request.session['oauth_token']) + request.user.mastodon_token) if response.status_code != 200: mastodon_logger.error( f"CODE:{response.status_code} {response.text}") diff --git a/users/export.py b/users/export.py index da94058a..65faab6d 100644 --- a/users/export.py +++ b/users/export.py @@ -9,7 +9,6 @@ from django.core.exceptions import ObjectDoesNotExist from django.db.models import Count from .models import User, Report, Preference from .forms import ReportForm -from mastodon.auth import * from mastodon.api import * from mastodon import mastodon_request_included from common.config import * diff --git a/users/management/commands/refresh_mastodon.py b/users/management/commands/refresh_mastodon.py index c5aca43d..ff79d5fc 100644 --- a/users/management/commands/refresh_mastodon.py +++ b/users/management/commands/refresh_mastodon.py @@ -2,6 +2,7 @@ from django.core.management.base import BaseCommand from users.models import User from datetime import timedelta from django.utils import timezone +from tqdm import tqdm class Command(BaseCommand): @@ -9,16 +10,16 @@ class Command(BaseCommand): def handle(self, *args, **options): count = 0 - for user in User.objects.filter(mastodon_last_refresh__lt=timezone.now() - timedelta(hours=24), is_active=True): - if user.mastodon_token: - print(f"Refreshing {user}") + for user in tqdm(User.objects.filter(mastodon_last_refresh__lt=timezone.now() - timedelta(hours=24), is_active=True)): + if user.mastodon_token or user.mastodon_refresh_token: + tqdm.write(f"Refreshing {user}") if user.refresh_mastodon_data(): - print(f"Refreshed {user}") + tqdm.write(f"Refreshed {user}") count += 1 else: - print(f"Refresh failed for {user}") + tqdm.write(f"Refresh failed for {user}") user.save() else: - print(f'Missing token for {user}') + tqdm.write(f'Missing token for {user}') print(f'{count} users updated') diff --git a/users/models.py b/users/models.py index a34e6e51..c6fc5113 100644 --- a/users/models.py +++ b/users/models.py @@ -61,6 +61,10 @@ class User(AbstractUser): """ Try refresh account data from mastodon server, return true if refreshed successfully, note it will not save to db """ self.mastodon_last_refresh = timezone.now() code, mastodon_account = verify_account(self.mastodon_site, self.mastodon_token) + if code == 401 and self.mastodon_refresh_token: + self.mastodon_token = refresh_access_token(self.mastodon_site, self.mastodon_refresh_token) + if self.mastodon_token: + code, mastodon_account = verify_account(self.mastodon_site, self.mastodon_token) updated = False if mastodon_account: self.mastodon_account = mastodon_account diff --git a/users/views.py b/users/views.py index 6e530b6e..7ee1e44e 100644 --- a/users/views.py +++ b/users/views.py @@ -9,7 +9,6 @@ from django.core.exceptions import ObjectDoesNotExist from django.db.models import Count from .models import User, Report, Preference from .forms import ReportForm -from mastodon.auth import * from mastodon.api import * from mastodon import mastodon_request_included from common.config import * @@ -89,7 +88,10 @@ def OAuth2_login(request): return swap_login(request, token, site, refresh_token) user = authenticate(request, token=token, site=site) if user: - auth_login(request, user, token) + user.mastodon_token = token + user.mastodon_refresh_token = refresh_token + user.save(update_fields=['mastodon_token', 'mastodon_refresh_token']) + auth_login(request, user) if request.session.get('next_url') is not None: response = redirect(request.session.get('next_url')) del request.session['next_url'] @@ -171,7 +173,7 @@ def reconnect(request): @login_required def logout(request): if request.method == 'GET': - # revoke_token(request.user.mastodon_site, request.session['oauth_token']) + # revoke_token(request.user.mastodon_site, request.user.mastodon_token) auth_logout(request) return redirect(reverse("users:login")) else: @@ -182,7 +184,7 @@ def logout(request): def register(request): """ register confirm page """ if request.method == 'GET': - if request.session.get('oauth_token'): + if request.user.is_authenticated: return redirect(reverse('common:home')) elif request.session.get('new_user_token'): return render( @@ -214,7 +216,7 @@ def register(request): new_user.save() del request.session['new_user_token'] del request.session['new_user_refresh_token'] - auth_login(request, new_user, token) + auth_login(request, new_user) response = redirect(reverse('common:home')) response.delete_cookie('mastodon_domain') return response @@ -225,6 +227,7 @@ def register(request): def delete(request): raise NotImplementedError + def home_anonymous(request, id): login_url = settings.LOGIN_URL + "?next=" + request.get_full_path() try: @@ -238,6 +241,7 @@ def home_anonymous(request, id): except Exception: return redirect(login_url) + @mastodon_request_included def home(request, id): if not request.user.is_authenticated: @@ -301,10 +305,10 @@ def home(request, id): # cross site info for visiting other's home page user.target_site_id = get_cross_site_id( - user, request.user.mastodon_site, request.session['oauth_token']) + user, request.user.mastodon_site, request.user.mastodon_token) # make queries - relation = get_relationship(request.user, user, request.session['oauth_token'])[0] + relation = get_relationship(request.user, user, request.user.mastodon_token)[0] if relation['blocked_by']: msg = _("你没有访问TA主页的权限😥") return render( @@ -435,6 +439,7 @@ def filter_marks(querysets, maximum, type_name): return result + def count_marks(querysets, type_name): """ Count all available marks, then assembly a dict to be used in template @@ -479,7 +484,7 @@ def followers(request, id): ) # mastodon request if not user == request.user: - relation = get_relationship(request.user, user, request.session['oauth_token'])[0] + relation = get_relationship(request.user, user, request.user.mastodon_token)[0] if relation['blocked_by']: msg = _("你没有访问TA主页的权限😥") return render( @@ -490,7 +495,7 @@ def followers(request, id): } ) user.target_site_id = get_cross_site_id( - user, request.user.mastodon_site, request.session['oauth_token']) + user, request.user.mastodon_site, request.user.mastodon_token) return render( request, 'users/relation_list.html', @@ -531,7 +536,7 @@ def following(request, id): ) # mastodon request if not user == request.user: - relation = get_relationship(request.user, user, request.session['oauth_token'])[0] + relation = get_relationship(request.user, user, request.user.mastodon_token)[0] if relation['blocked_by']: msg = _("你没有访问TA主页的权限😥") return render( @@ -542,7 +547,7 @@ def following(request, id): } ) user.target_site_id = get_cross_site_id( - user, request.user.mastodon_site, request.session['oauth_token']) + user, request.user.mastodon_site, request.user.mastodon_token) return render( request, 'users/relation_list.html', @@ -587,7 +592,7 @@ def book_list(request, id, status): tag = request.GET.get('t', default='') if user != request.user: # mastodon request - relation = get_relationship(request.user, user, request.session['oauth_token'])[0] + relation = get_relationship(request.user, user, request.user.mastodon_token)[0] if relation['blocked_by']: msg = _("你没有访问TA主页的权限😥") return render( @@ -605,7 +610,7 @@ def book_list(request, id, status): queryset = BookMark.get_available_by_user(user, relation['following']).filter( status=MarkStatusEnum[status.upper()]).order_by("-edited_time") user.target_site_id = get_cross_site_id( - user, request.user.mastodon_site, request.session['oauth_token']) + user, request.user.mastodon_site, request.user.mastodon_token) else: if status == 'reviewed': queryset = BookReview.objects.filter(owner=user).order_by("-edited_time") @@ -673,7 +678,7 @@ def movie_list(request, id, status): tag = request.GET.get('t', default='') if user != request.user: # mastodon request - relation = get_relationship(request.user, user, request.session['oauth_token'])[0] + relation = get_relationship(request.user, user, request.user.mastodon_token)[0] if relation['blocked_by']: msg = _("你没有访问TA主页的权限😥") return render( @@ -684,7 +689,7 @@ def movie_list(request, id, status): } ) user.target_site_id = get_cross_site_id( - user, request.user.mastodon_site, request.session['oauth_token']) + user, request.user.mastodon_site, request.user.mastodon_token) if status == 'reviewed': queryset = MovieReview.get_available_by_user(user, relation['following']).order_by("-edited_time") elif status == 'tagged': @@ -759,7 +764,7 @@ def game_list(request, id, status): tag = request.GET.get('t', default='') if user != request.user: # mastodon request - relation = get_relationship(request.user, user, request.session['oauth_token'])[0] + relation = get_relationship(request.user, user, request.user.mastodon_token)[0] if relation['blocked_by']: msg = _("你没有访问TA主页的权限😥") return render( @@ -770,7 +775,7 @@ def game_list(request, id, status): } ) user.target_site_id = get_cross_site_id( - user, request.user.mastodon_site, request.session['oauth_token']) + user, request.user.mastodon_site, request.user.mastodon_token) if status == 'reviewed': queryset = GameReview.get_available_by_user(user, relation['following']).order_by("-edited_time") elif status == 'tagged': @@ -845,7 +850,7 @@ def music_list(request, id, status): tag = request.GET.get('t', default='') if not user == request.user: # mastodon request - relation = get_relationship(request.user, user, request.session['oauth_token'])[0] + relation = get_relationship(request.user, user, request.user.mastodon_token)[0] if relation['blocked_by']: msg = _("你没有访问TA主页的权限😥") return render( @@ -867,7 +872,7 @@ def music_list(request, id, status): status=MarkStatusEnum[status.upper()])) user.target_site_id = get_cross_site_id( - user, request.user.mastodon_site, request.session['oauth_token']) + user, request.user.mastodon_site, request.user.mastodon_token) else: if status == 'reviewed': queryset = list(AlbumReview.objects.filter(owner=user).order_by("-edited_time")) + \ @@ -1016,18 +1021,15 @@ def refresh_mastodon_data_task(user, token=None): print(f"{user} mastodon data refresh failed") -def auth_login(request, user, token): +def auth_login(request, user): """ Decorates django ``login()``. Attach token to session.""" - request.session['oauth_token'] = token auth.login(request, user) if user.mastodon_last_refresh < timezone.now() - timedelta(hours=1) or user.mastodon_account == {}: - # refresh_mastodon_data_task(user, token) - django_rq.get_queue('mastodon').enqueue(refresh_mastodon_data_task, user, token) + django_rq.get_queue('mastodon').enqueue(refresh_mastodon_data_task, user) def auth_logout(request): """ Decorates django ``logout()``. Release token in session.""" - del request.session['oauth_token'] auth.logout(request) @@ -1077,7 +1079,7 @@ def export_marks(request): @login_required def sync_mastodon(request): if request.method == 'POST': - django_rq.get_queue('mastodon').enqueue(refresh_mastodon_data_task, request.user, request.session['oauth_token']) + django_rq.get_queue('mastodon').enqueue(refresh_mastodon_data_task, request.user) messages.add_message(request, messages.INFO, _('同步已开始。')) return redirect(reverse("users:data"))