How to get the Email Address Of Visitors Signed In To Google

It’s not so much a security issue as a privacy issue, but Google fixed it none the less.  The Google AppEngine API allows sites to get the user’s email address, and if the user had logged in to another Google service AppEngine would do so with out prompting them to log in again free CV.

Once you had the user logged in you could pass that information to another site through a lot of methods. 

def get(self):
    user = users.get_current_user()

    if user:
        self.response.headers[‘Content-Type’] = ‘text/plain’
        self.response.out.write(user.email())
    else:
        self.redirect(users.create_login_url(self.request.uri)

 

The above code grabs the user’s email.  Putting the code in the middle of some Javascript that writes an iFrame, or creates a Get Request passing the Email is easy enough, but I’m not going to share that bit of code here herunterladen.

Google has patched the whole now requiring pages that use the get_current_user api to be re-authenticated.  The code still works… but the user is no longer automatically authenticated free ringtone iphone.