'SIGNIN_FEDORA_ENABLED',
default=False,
description=_('Enable Fedora OpenID login')
)
)
settings.register(
livesettings.BooleanValue(
LOGIN_PROVIDERS,
'SIGNIN_CUSTOM_OPENID_ENABLED',
default=False,
description=_('Enable custom OpenID login')
)
)
if module_exists('cas'):
settings.register(
livesettings.BooleanValue(
LOGIN_PROVIDERS,
'SIGNIN_CAS_ENABLED',
default=False,
description=_('Enable CAS authentication')
)
)
settings.register(
livesettings.StringValue(
LOGIN_PROVIDERS,
'CAS_SERVER_URL',
default='',
description=_('CAS server url')
)
def get_enabled_major_login_providers():
"""returns a dictionary with data about login providers
whose icons are to be shown in large format
disabled providers are excluded
items of the dictionary are dictionaries with keys:
* name
* display_name
* icon_media_path (relative to /media directory)
* type (oauth|openid-direct|openid-generic|openid-username|password)
Fields dependent on type of the login provider type
---------------------------------------------------
Password (type = password) - login provider using login name and password:
* extra_token_name - a phrase describing what the login name and the
password are from
* create_password_prompt - a phrase prompting to create an account
* change_password_prompt - a phrase prompting to change password
OpenID (type = openid) - Provider of login using the OpenID protocol
* openid_endpoint (required for type=openid|openid-username)
for type openid-username - the string must have %(username)s
format variable, plain string url otherwise
* extra_token_name - required for type=openid-username
describes name of required extra token - e.g. "XYZ user name"
OAuth2 (type = oauth)
* request_token_url - url to initiate OAuth2 protocol with the resource
* access_token_url - url to access users data on the resource via OAuth2
* authorize_url - url at which user can authorize the app to access a resource
* authenticate_url - url to authenticate user (lower privilege than authorize)
* get_user_id_function - a function that returns user id from data dictionary
containing: response to the access token url & consumer_key
and consumer secret. The purpose of this function is to hide the differences
between the ways user id is accessed from the different OAuth providers
"""
data = SortedDict()
if use_password_login():
site_name = askbot_settings.APP_SHORT_NAME
prompt = _('%(site)s user name and password') % {'site': site_name}
data['local'] = {
'name': 'local',
'display_name': site_name,
'extra_token_name': prompt,
'type': 'password',
'create_password_prompt': _('Create a password-protected account'),
'change_password_prompt': _('Change your password'),
'icon_media_path': askbot_settings.LOCAL_LOGIN_ICON,
'password_changeable': True
}
if askbot_settings.SIGNIN_CUSTOM_OPENID_ENABLED:
context_dict = {
'login_name': askbot_settings.SIGNIN_CUSTOM_OPENID_NAME
}
data['custom_openid'] = {
'name': 'custom_openid',
'display_name': askbot_settings.SIGNIN_CUSTOM_OPENID_NAME,
'type': askbot_settings.SIGNIN_CUSTOM_OPENID_MODE,
'icon_media_path':
askbot_settings.SIGNIN_CUSTOM_OPENID_LOGIN_BUTTON,
'tooltip_text': _('Sign in via %(login_name)s') % context_dict,
'openid_endpoint': askbot_settings.SIGNIN_CUSTOM_OPENID_ENDPOINT,
'extra_token_name': _('%(login_name)s username') % context_dict
}
def get_facebook_user_id(client):
"""returns facebook user id given the access token"""
profile = client.request('me')
return profile['id']
if askbot_settings.FACEBOOK_KEY and askbot_settings.FACEBOOK_SECRET:
data['facebook'] = {
'name': 'facebook',
'display_name': 'Facebook',
'type': 'oauth2',
'auth_endpoint': 'https://www.facebook.com/dialog/oauth/',
'token_endpoint': 'https://graph.facebook.com/oauth/access_token',
'resource_endpoint': 'https://graph.facebook.com/',
'icon_media_path': 'images/jquery-openid/facebook.gif',
'get_user_id_function': get_facebook_user_id,
'response_parser': lambda data: dict(urlparse.parse_qsl(data)),
'scope': [
'email',
],
}
if askbot_settings.SIGNIN_FEDORA_ENABLED:
data['fedora'] = {
'name': 'fedora',
'display_name': 'Fedora',
'type': 'openid-direct',
'openid_endpoint': 'https://id.fedoraproject.org/openid/',
'icon_media_path': 'images/jquery-openid/fedora.gif'
}
if askbot_settings.TWITTER_KEY and askbot_settings.TWITTER_SECRET:
data['twitter'] = {
'name': 'twitter',
'display_name': 'Twitter',
'type': 'oauth',
'request_token_url': 'https://api.twitter.com/oauth/request_token',
'access_token_url': 'https://api.twitter.com/oauth/access_token',
'authorize_url': 'https://api.twitter.com/oauth/authorize',
'authenticate_url': 'https://api.twitter.com/oauth/authenticate',
'get_user_id_url':
'https://twitter.com/account/verify_credentials.json',
'icon_media_path': 'images/jquery-openid/twitter.gif',
'get_user_id_function': lambda data: data['user_id'],
'get_username_function': lambda data: data['screen_name'],
}
if askbot_settings.MEDIAWIKI_KEY and askbot_settings.MEDIAWIKI_SECRET:
data['mediawiki'] = providers.mediawiki.Provider()
if module_exists('cas') and askbot_settings.SIGNIN_CAS_ENABLED \
and askbot_settings.CAS_SERVER_URL:
data['cas'] = providers.cas_provider.CASLoginProvider()
def get_identica_user_id(data):
consumer = oauth.Consumer(data['consumer_key'],
data['consumer_secret'])
token = oauth.Token(data['oauth_token'], data['oauth_token_secret'])
client = oauth.Client(consumer, token=token)
url = 'https://identi.ca/api/account/verify_credentials.json'
response, content = client.request(url, 'GET')
json = simplejson.loads(content)
return json['id']
if askbot_settings.IDENTICA_KEY and askbot_settings.IDENTICA_SECRET:
data['identi.ca'] = {
'name': 'identi.ca',
'display_name': 'identi.ca',
'type': 'oauth',
'request_token_url': 'https://identi.ca/api/oauth/request_token',
'access_token_url': 'https://identi.ca/api/oauth/access_token',
'authorize_url': 'https://identi.ca/api/oauth/authorize',
'authenticate_url': 'https://identi.ca/api/oauth/authorize',
'icon_media_path': 'images/jquery-openid/identica.png',
'get_user_id_function': get_identica_user_id,
}
if askbot_settings.SIGNIN_WORDPRESS_SITE_ENABLED and askbot_settings.WORDPRESS_SITE_URL:
data['wordpress_site'] = {
'name': 'wordpress_site',
'display_name':
'Self hosted wordpress blog', #need to be added as setting.
'icon_media_path': askbot_settings.WORDPRESS_SITE_ICON,
'type': 'wordpress_site',
}
def get_linked_in_user_id(data):
consumer = oauth.Consumer(data['consumer_key'],
data['consumer_secret'])
token = oauth.Token(data['oauth_token'], data['oauth_token_secret'])
client = oauth.Client(consumer, token=token)
url = 'https://api.linkedin.com/v1/people/~:(first-name,last-name,id)'
response, content = client.request(url, 'GET')
if response['status'] == '200':
id_re = re.compile(r'<id>([^<]+)</id>')
matches = id_re.search(content)
if matches:
return matches.group(1)
raise OAuthError()
if askbot_settings.LINKEDIN_KEY and askbot_settings.LINKEDIN_SECRET:
data['linkedin'] = {
'name': 'linkedin',
'display_name': 'LinkedIn',
'type': 'oauth',
'request_token_url':
'https://api.linkedin.com/uas/oauth/requestToken',
'access_token_url':
'https://api.linkedin.com/uas/oauth/accessToken',
'authorize_url': 'https://www.linkedin.com/uas/oauth/authorize',
'authenticate_url':
'https://www.linkedin.com/uas/oauth/authenticate',
'icon_media_path': 'images/jquery-openid/linkedin.gif',
'get_user_id_function': get_linked_in_user_id
}
def get_google_user_id(client):
return client.request('me')['id']
if askbot_settings.GOOGLE_PLUS_KEY and askbot_settings.GOOGLE_PLUS_SECRET:
data['google-plus'] = {
'name': 'google-plus',
'display_name': 'Google',
'type': 'oauth2',
'auth_endpoint': 'https://accounts.google.com/o/oauth2/auth',
'token_endpoint': 'https://accounts.google.com/o/oauth2/token',
'resource_endpoint': 'https://www.googleapis.com/plus/v1/people/',
'icon_media_path': 'images/jquery-openid/google.gif',
'get_user_id_function': get_google_user_id,
'extra_auth_params': {
'scope': ('profile', 'email', 'openid'),
'openid.realm': askbot_settings.APP_URL
}
}
data['mozilla-persona'] = {
'name': 'mozilla-persona',
'display_name': 'Mozilla Persona',
'type': 'mozilla-persona',
'icon_media_path': 'images/jquery-openid/mozilla-persona.gif',
}
data['yahoo'] = {
'name': 'yahoo',
'display_name': 'Yahoo',
'type': 'openid-direct',
'icon_media_path': 'images/jquery-openid/yahoo.gif',
'tooltip_text': _('Sign in with Yahoo'),
'openid_endpoint': 'https://me.yahoo.com',
}
data['aol'] = {
'name': 'aol',
'display_name': 'AOL',
'type': 'openid-direct',
'extra_token_name': _('AOL screen name'),
'icon_media_path': 'images/jquery-openid/aol.gif',
'openid_endpoint': 'http://openid.aol.com'
}
data['launchpad'] = {
'name': 'launchpad',
'display_name': 'LaunchPad',
'type': 'openid-direct',
'icon_media_path': 'images/jquery-openid/launchpad.gif',
'tooltip_text': _('Sign in with LaunchPad'),
'openid_endpoint': 'https://login.launchpad.net/'
}
data['openid'] = {
'name': 'openid',
'display_name': 'OpenID',
'type': 'openid-generic',
'extra_token_name': _('OpenID url'),
'icon_media_path': 'images/jquery-openid/openid.gif',
'openid_endpoint': None,
}
if askbot_settings.SIGNIN_OPENSTACKID_ENABLED and askbot_settings.OPENSTACKID_ENDPOINT_URL:
data['openstackid'] = {
'name': 'openstackid',
'display_name': 'OpenStackID',
'type': 'openid-direct',
'openid_endpoint': askbot_settings.OPENSTACKID_ENDPOINT_URL,
'icon_media_path': 'images/jquery-openid/openstackid.png',
'sreg_required': True
}
return filter_enabled_providers(data)
def get_enabled_major_login_providers():
"""returns a dictionary with data about login providers
whose icons are to be shown in large format
disabled providers are excluded
items of the dictionary are dictionaries with keys:
* name
* display_name
* icon_media_path (relative to /media directory)
* type (oauth|openid-direct|openid-generic|openid-username|password)
Fields dependent on type of the login provider type
---------------------------------------------------
Password (type = password) - login provider using login name and password:
* extra_token_name - a phrase describing what the login name and the
password are from
* create_password_prompt - a phrase prompting to create an account
* change_password_prompt - a phrase prompting to change password
OpenID (type = openid) - Provider of login using the OpenID protocol
* openid_endpoint (required for type=openid|openid-username)
for type openid-username - the string must have %(username)s
format variable, plain string url otherwise
* extra_token_name - required for type=openid-username
describes name of required extra token - e.g. "XYZ user name"
OAuth2 (type = oauth)
* request_token_url - url to initiate OAuth2 protocol with the resource
* access_token_url - url to access users data on the resource via OAuth2
* authorize_url - url at which user can authorize the app to access a resource
* authenticate_url - url to authenticate user (lower privilege than authorize)
* get_user_id_function - a function that returns user id from data dictionary
containing: response to the access token url & consumer_key
and consumer secret. The purpose of this function is to hide the differences
between the ways user id is accessed from the different OAuth providers
"""
data = SortedDict()
if use_password_login():
site_name = askbot_settings.APP_SHORT_NAME
prompt = _('%(site)s user name and password') % {'site': site_name}
data['local'] = {
'name': 'local',
'display_name': site_name,
'extra_token_name': prompt,
'type': 'password',
'create_password_prompt': _('Create a password-protected account'),
'change_password_prompt': _('Change your password'),
'icon_media_path': askbot_settings.LOCAL_LOGIN_ICON,
'password_changeable': True
}
if askbot_settings.SIGNIN_CUSTOM_OPENID_ENABLED:
context_dict = {'login_name': askbot_settings.SIGNIN_CUSTOM_OPENID_NAME}
data['custom_openid'] = {
'name': 'custom_openid',
'display_name': askbot_settings.SIGNIN_CUSTOM_OPENID_NAME,
'type': askbot_settings.SIGNIN_CUSTOM_OPENID_MODE,
'icon_media_path': askbot_settings.SIGNIN_CUSTOM_OPENID_LOGIN_BUTTON,
'tooltip_text': _('Sign in via %(login_name)s') % context_dict,
'openid_endpoint': askbot_settings.SIGNIN_CUSTOM_OPENID_ENDPOINT,
'extra_token_name': _('%(login_name)s username') % context_dict
}
def get_facebook_user_id(client):
"""returns facebook user id given the access token"""
profile = client.request('me')
return profile['id']
if askbot_settings.FACEBOOK_KEY and askbot_settings.FACEBOOK_SECRET:
data['facebook'] = {
'name': 'facebook',
'display_name': 'Facebook',
'type': 'oauth2',
'auth_endpoint': 'https://www.facebook.com/v2.2/dialog/oauth/',
'token_endpoint': 'https://graph.facebook.com/v2.2/oauth/access_token',
'resource_endpoint': 'https://graph.facebook.com/v2.2/',
'icon_media_path': 'images/jquery-openid/facebook.gif',
'get_user_id_function': get_facebook_user_id,
'response_parser': lambda data: dict(urlparse.parse_qsl(data)),
'scope': ['email',],
}
if askbot_settings.SIGNIN_FEDORA_ENABLED:
data['fedora'] = {
'name': 'fedora',
'display_name': 'Fedora',
'type': 'openid-direct',
'openid_endpoint': 'https://id.fedoraproject.org/openid/',
'icon_media_path': 'images/jquery-openid/fedora.gif'
}
if askbot_settings.TWITTER_KEY and askbot_settings.TWITTER_SECRET:
data['twitter'] = {
'name': 'twitter',
'display_name': 'Twitter',
'type': 'oauth',
'request_token_url': 'https://api.twitter.com/oauth/request_token',
'access_token_url': 'https://api.twitter.com/oauth/access_token',
'authorize_url': 'https://api.twitter.com/oauth/authorize',
'authenticate_url': 'https://api.twitter.com/oauth/authenticate',
'get_user_id_url': 'https://twitter.com/account/verify_credentials.json',
'icon_media_path': 'images/jquery-openid/twitter.gif',
'get_user_id_function': lambda data: data['user_id'],
'get_username_function': lambda data: data['screen_name'],
}
if askbot_settings.MEDIAWIKI_KEY and askbot_settings.MEDIAWIKI_SECRET:
data['mediawiki'] = providers.mediawiki.Provider()
if module_exists('cas') and askbot_settings.SIGNIN_CAS_ENABLED \
and askbot_settings.CAS_SERVER_URL:
data['cas'] = providers.cas_provider.CASLoginProvider()
def get_identica_user_id(data):
consumer = oauth.Consumer(data['consumer_key'], data['consumer_secret'])
token = oauth.Token(data['oauth_token'], data['oauth_token_secret'])
client = oauth.Client(consumer, token=token)
url = 'https://identi.ca/api/account/verify_credentials.json'
response, content = client.request(url, 'GET')
json = simplejson.loads(content)
return json['id']
if askbot_settings.IDENTICA_KEY and askbot_settings.IDENTICA_SECRET:
data['identi.ca'] = {
'name': 'identi.ca',
'display_name': 'identi.ca',
'type': 'oauth',
'request_token_url': 'https://identi.ca/api/oauth/request_token',
'access_token_url': 'https://identi.ca/api/oauth/access_token',
'authorize_url': 'https://identi.ca/api/oauth/authorize',
'authenticate_url': 'https://identi.ca/api/oauth/authorize',
'icon_media_path': 'images/jquery-openid/identica.png',
'get_user_id_function': get_identica_user_id,
}
if askbot_settings.SIGNIN_WORDPRESS_SITE_ENABLED and askbot_settings.WORDPRESS_SITE_URL:
data['wordpress_site'] = {
'name': 'wordpress_site',
'display_name': 'Self hosted wordpress blog', #need to be added as setting.
'icon_media_path': askbot_settings.WORDPRESS_SITE_ICON,
'type': 'wordpress_site',
}
def get_linked_in_user_id(data):
consumer = oauth.Consumer(data['consumer_key'], data['consumer_secret'])
token = oauth.Token(data['oauth_token'], data['oauth_token_secret'])
client = oauth.Client(consumer, token=token)
url = 'https://api.linkedin.com/v1/people/~:(first-name,last-name,id)'
response, content = client.request(url, 'GET')
if response['status'] == '200':
id_re = re.compile(r'<id>([^<]+)</id>')
matches = id_re.search(content)
if matches:
return matches.group(1)
raise OAuthError()
if askbot_settings.LINKEDIN_KEY and askbot_settings.LINKEDIN_SECRET:
data['linkedin'] = {
'name': 'linkedin',
'display_name': 'LinkedIn',
'type': 'oauth',
'request_token_url': 'https://api.linkedin.com/uas/oauth/requestToken',
'access_token_url': 'https://api.linkedin.com/uas/oauth/accessToken',
'authorize_url': 'https://www.linkedin.com/uas/oauth/authorize',
'authenticate_url': 'https://www.linkedin.com/uas/oauth/authenticate',
'icon_media_path': 'images/jquery-openid/linkedin.gif',
'get_user_id_function': get_linked_in_user_id
}
def get_google_user_id(client):
return client.request('me')['id']
if askbot_settings.GOOGLE_PLUS_KEY and askbot_settings.GOOGLE_PLUS_SECRET:
data['google-plus'] = {
'name': 'google-plus',
'display_name': 'Google',
'type': 'oauth2',
'auth_endpoint': 'https://accounts.google.com/o/oauth2/auth',
'token_endpoint': 'https://accounts.google.com/o/oauth2/token',
'resource_endpoint': 'https://www.googleapis.com/plus/v1/people/',
'icon_media_path': 'images/jquery-openid/google.gif',
'get_user_id_function': get_google_user_id,
'extra_auth_params': {'scope': ('profile', 'email', 'openid'), 'openid.realm': askbot_settings.APP_URL}
}
data['mozilla-persona'] = {
'name': 'mozilla-persona',
'display_name': 'Mozilla Persona',
'type': 'mozilla-persona',
'icon_media_path': 'images/jquery-openid/mozilla-persona.gif',
}
data['yahoo'] = {
'name': 'yahoo',
'display_name': 'Yahoo',
'type': 'openid-direct',
'icon_media_path': 'images/jquery-openid/yahoo.gif',
'tooltip_text': _('Sign in with Yahoo'),
'openid_endpoint': 'https://me.yahoo.com',
}
data['aol'] = {
'name': 'aol',
'display_name': 'AOL',
'type': 'openid-direct',
'extra_token_name': _('AOL screen name'),
'icon_media_path': 'images/jquery-openid/aol.gif',
'openid_endpoint': 'http://openid.aol.com'
}
data['launchpad'] = {
'name': 'launchpad',
'display_name': 'LaunchPad',
'type': 'openid-direct',
'icon_media_path': 'images/jquery-openid/launchpad.gif',
'tooltip_text': _('Sign in with LaunchPad'),
'openid_endpoint': 'https://login.launchpad.net/'
}
data['openid'] = {
'name': 'openid',
'display_name': 'OpenID',
'type': 'openid-generic',
'extra_token_name': _('OpenID url'),
'icon_media_path': 'images/jquery-openid/openid.gif',
'openid_endpoint': None,
}
if askbot_settings.SIGNIN_OPENSTACKID_ENABLED and askbot_settings.OPENSTACKID_ENDPOINT_URL:
data['openstackid'] = {
'name': 'openstackid',
'display_name': 'OpenStackID',
'type': 'openid-direct',
'openid_endpoint': askbot_settings.OPENSTACKID_ENDPOINT_URL,
'icon_media_path': 'images/jquery-openid/openstackid.png',
'sreg_required': True
}
return filter_enabled_providers(data)