Remove _OAUTH_USERINFO_URL.

noxiouz · Jul 4, 2015 · 4b43e77 · 4b43e77
1 parent 2d8e56e
commit 4b43e77
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 8 deletions.
diff --git a/tornado/auth.py b/tornado/auth.py
@@ -885,10 +885,11 @@ def get(self):
                         access = yield self.get_authenticated_user(
                             redirect_uri='http://your.site.com/auth/google',
                             code=self.get_argument('code'))
-                        args = dict(access_token=access["access_token"])
-                        url = self._OAUTH_USERINFO_URL + "?" + urllib_parse.urlencode(args)
-                        user = yield self.oauth2_request(url)
-                        # Save the user with e.g. set_secure_cookie
+                        user = yield self.oauth2_request(
+                            "https://www.googleapis.com/oauth2/v1/userinfo",
+                            access_token=access["access_token"])
+                        # Save the user and access token with
+                        # e.g. set_secure_cookie.
                     else:
                         yield self.authorize_redirect(
                             redirect_uri='http://your.site.com/auth/google',

diff --git a/tornado/test/auth_test.py b/tornado/test/auth_test.py
@@ -418,10 +418,10 @@ def test_twitter_show_user_future_error(self):
 
 class GoogleLoginHandler(RequestHandler, GoogleOAuth2Mixin):
     def initialize(self, test):
+        self.test = test
         self._OAUTH_REDIRECT_URI = test.get_url('/client/login')
         self._OAUTH_AUTHORIZE_URL = test.get_url('/google/oauth2/authorize')
         self._OAUTH_ACCESS_TOKEN_URL = test.get_url('/google/oauth2/token')
-        self._OAUTH_USERINFO_URL = test.get_url('/google/oauth2/userinfo')
 
     @gen.coroutine
     def get(self):
@@ -430,9 +430,11 @@ def get(self):
             # retrieve authenticate google user
             access = yield self.get_authenticated_user(self._OAUTH_REDIRECT_URI,
                                                        code)
-            url = self._OAUTH_USERINFO_URL + "?access_token=" + access["access_token"]
-            user = yield self.oauth2_request(url)
-            # return the user as json
+            user = yield self.oauth2_request(
+                self.test.get_url("/google/oauth2/userinfo"),
+                access_token=access["access_token"])
+            # return the user and access token as json
+            user["access_token"] = access["access_token"]
             self.write(user)
         else:
             yield self.authorize_redirect(
@@ -494,4 +496,5 @@ def test_google_login(self):
         self.assertDictEqual({
             u('name'): u('Foo'),
             u('email'): u('[email protected]'),
+            u('access_token'): u('fake-access-token'),
         }, json_decode(response.body))