VKontakte application authentication improvements.

diff --git a/example/local_settings.py.template b/example/local_settings.py.template
index c1b37c68210ea1f40983acf0bd87f9991607e802..fdae6edebeec1e8ea9da5b7bf03df4ec4cf35e8c 100644 (file)
--- a/example/local_settings.py.template
+++ b/example/local_settings.py.template
@@ -15,6 +15,10 @@ SOCIAL_AUTH_COMPLETE_URL_NAME     = 'socialauth_complete'
 LOGIN_ERROR_URL                   = '/login/error/'
 VKONTAKTE_APP_ID                  = ''
 VKONTAKTE_APP_SECRET              = ''
+# Usage for applications auth: {'key': application_key, 'user_mode': 0 (default) | 1 (check) | 2 (online check) }
+# 0 means is_app_user request parameter is ignored, 1 - must be = 1, 2 - checked via VK API request (useful when user
+# connects to your application on app page and you reload the iframe)
+VKONTAKTE_APP_AUTH                = None
 ODNOKLASSNIKI_OAUTH2_CLIENT_KEY   = ''
 ODNOKLASSNIKI_OAUTH2_APP_KEY      = ''
 ODNOKLASSNIKI_OAUTH2_CLIENT_SECRET = ''

diff --git a/social_auth/backends/contrib/vkontakte.py b/social_auth/backends/contrib/vkontakte.py
index 5d9191c0ad31c278ab4668711a5e142a321dd31d..3ab107fe32811b36a0073c1d25c3f5c62ff95155 100644 (file)
--- a/social_auth/backends/contrib/vkontakte.py
+++ b/social_auth/backends/contrib/vkontakte.py
@@ -135,11 +135,17 @@ class VKontakteOAuth2(BaseOAuth2):
         return auth_result
 
     def user_data(self, access_token):
-        """Return user data from VKontakte OpenAPI"""
+        """Return user data from VKontakte API"""
         data = {'access_token': access_token }
         
         return vkontakte_api('getUserInfoEx', data)
 
+    def is_app_user(self, access_token):
+        """Returs app usage flag from VKontakte API"""
+        data = {'access_token': access_token }
+
+        return vkontakte_api('isAppUser', data)['response']
+
     def application_auth(self):
         required_params = ('is_app_user', 'viewer_id', 'access_token', 'api_id', )
 
@@ -147,22 +153,25 @@ class VKontakteOAuth2(BaseOAuth2):
             if not param in self.request.REQUEST:
                 return (False, None,)
 
-        is_user = self.request.REQUEST.get('is_app_user')
-
-        if not int(is_user):
-            return (True, None,)
-
         auth_key = self.request.REQUEST.get('auth_key')
 
         # Verify signature, if present
         if auth_key:
             check_key = md5(self.request.REQUEST.get('api_id') + '_' + self.request.REQUEST.get('viewer_id') + '_' + \
-                            USE_APP_AUTH).hexdigest()
+                            USE_APP_AUTH['key']).hexdigest()
             if check_key != auth_key:
                 raise('VKontakte authentication failed: invalid auth key')
 
         access_token = self.request.REQUEST.get('access_token')
 
+        user_check = USE_APP_AUTH.get('user_mode', 0)
+
+        if user_check:
+            is_user = self.request.REQUEST.get('is_app_user') if user_check == 1 else self.is_app_user(access_token)
+
+            if not int(is_user):
+                return (True, None,)
+
         data = self.user_data(access_token)
         data['user_id'] = self.request.REQUEST.get('viewer_id')
         data['access_token'] = access_token