Beispiel #1
0
def run(request):
	lang = choose_lang(request)
	sid = request.args.get("sid")
	consumer = Consumer({"sid": sid}, None)
	href = Href(request.url)
	url = href("../oid.py", {"sid": sid})
#	try:
	info = consumer.complete(request.args, url) # <-- It crashes here. (When using an OpenID from Yahoo!)
	#print info.status
#	except Exception as e:
#	info = openid.consumer.consumer.Response()
#	info.status = e
	if info.status == CANCEL:
		return Response(get_html("oid_failure", lang), 401, mimetype="text/html")
	if info.status ==  SETUP_NEEDED:
		html = get_html("oid_setup_needed", lang)
		html = html.replace("<!-- URL -->", info.setup_url)
		return Response(html, 423, mimetype="text/html")
	if info.status == SUCCESS:
		display_identifier =  info.getDisplayIdentifier()
		sregresp = SRegResponse.fromSuccessResponse(info)
		realoid = display_identifier
		if info.endpoint.canonicalID:
			realoid = info.endpoint.canonicalID
		try:
			nickname = sregresp.data["nickname"]
		except (AttributeError, KeyError):
			nickname = ""
		try:
			email = sregresp.data["email"]
		except (AttributeError, KeyError):
			email = ""
		con = SQLcon.con()
		cur = con.cursor()
		cur.execute("SELECT * FROM users WHERE openid=%s", (realoid,))
		result = cur.fetchall()
		if result.__len__() == 0:
			cur.execute("INSERT INTO users (username, openid, email, first_login) VALUES (%s, %s, %s, true)", (nickname, realoid, email))
		#log in
		cur.execute("SELECT uid FROM users WHERE openid=%s", (realoid,))
		result = cur.fetchall()
		uid = result[0][0]
		#print result
		cur.execute("UPDATE sessions SET uid=%s WHERE sid=%s", (str(uid), sid))
		cur.execute("UPDATE sessions SET oid=%s WHERE sid=%s", (realoid, sid))
		con.close()
		return Response(get_html("oid_success", lang), 200, mimetype="text/html")
	#Something went wrong.
	#TODO: More investigation.
	return Response(get_html("oid_failure", lang), 500, mimetype="text/html")
Beispiel #2
0
def success_openid_login(request,
                         openid_response,
                         redirect_field_name=REDIRECT_FIELD_NAME):
    """
    A view-helper to handle a successful OpenID authentication response.  Note that this
    doesn't mean we've found a matching user yet.  That's what this method
    does.  This view-helper requires adding ``openid_auth.models.OpenIDBackend`` to the
    ``settings.AUTHENTICATION_BACKENDS`` list.
    """
    #Get the OpenID URL
    openid_url = openid_response.identity_url

    sreg = SRegResponse.fromSuccessResponse(openid_response)

    nickname = None
    if sreg and sreg.has_key('nickname'):
        nickname = sreg.get('nickname')

    #Call the built in django auth function
    #(NOTE: this call won't work without adding 'openid_auth.models.OpenIDBackend' to the settings.AUTHENTICATION_BACKENDS list)
    user = authenticate(openid_url=openid_url, sreg=nickname)
    if user:
        #Log in the user with the built-in django function
        auth_login(request, user)

        #Add the user to EzSteroids if it is enabled
        add_user_to_EzSteroids("http://" + request.get_host(), user)

        #Do we not yet have any openids in the session?
        if OPENIDS_SESSION_NAME not in request.session.keys():
            request.session[OPENIDS_SESSION_NAME] = []
        #Eliminate any duplicate openids in the session
        request.session[OPENIDS_SESSION_NAME] = [
            o for o in request.session[OPENIDS_SESSION_NAME]
            if o.openid != openid_url
        ]
        #Add this new openid to the list
        request.session[OPENIDS_SESSION_NAME].append(
            from_openid_response(openid_response))
        #Get the page to redirect to
        redirect = request.REQUEST.get(redirect_field_name, None)
        if not redirect or not is_valid_redirect_url(redirect):
            redirect = settings.LOGIN_REDIRECT_URL
        return HttpResponseRedirect(redirect)
    else:
        #TODO: This should start the registration process
        return failure_openid_login(
            request, openid_url,
            _("The OpenID doesn't match any registered user."))
Beispiel #3
0
def from_openid_response(openid_response):
    issued = int(time.time())

    openid = OpenID(openid_response.identity_url, issued, openid_response.signed_fields)

    if getattr(settings, 'OPENID_PAPE', False):
        openid.pape = PapeResponse.fromSuccessResponse(openid_response)

    if getattr(settings, 'OPENID_SREG', False):
        openid.sreg = SRegResponse.fromSuccessResponse(openid_response)

    if getattr(settings, 'OPENID_AX', False):
        openid.ax = AXFetchResponse.fromSuccessResponse(openid_response)

    return openid
Beispiel #4
0
def from_openid_response(openid_response):
    issued = int(time.time())

    openid = OpenID(openid_response.identity_url, issued, openid_response.signed_fields)

    if getattr(settings, 'OPENID_PAPE', False):
        openid.pape = PapeResponse.fromSuccessResponse(openid_response)

    if getattr(settings, 'OPENID_SREG', False):
        openid.sreg = SRegResponse.fromSuccessResponse(openid_response)

    if getattr(settings, 'OPENID_AX', False):
        openid.ax = AXFetchResponse.fromSuccessResponse(openid_response)

    return openid
Beispiel #5
0
def success_openid_login(request, openid_response, redirect_field_name=REDIRECT_FIELD_NAME):
    """
    A view-helper to handle a successful OpenID authentication response.  Note that this
    doesn't mean we've found a matching user yet.  That's what this method
    does.  This view-helper requires adding ``openid_auth.models.OpenIDBackend`` to the
    ``settings.AUTHENTICATION_BACKENDS`` list.
    """
    #Get the OpenID URL
    openid_url = openid_response.identity_url
    
    sreg = SRegResponse.fromSuccessResponse(openid_response)

    nickname = None
    if sreg and sreg.has_key('nickname'):
        nickname = sreg.get('nickname')
    
    #Call the built in django auth function
    #(NOTE: this call won't work without adding 'openid_auth.models.OpenIDBackend' to the settings.AUTHENTICATION_BACKENDS list)
    user = authenticate(openid_url=openid_url, sreg=nickname)
    if user:
        #Log in the user with the built-in django function
        auth_login(request, user)
        
        #Add the user to EzSteroids if it is enabled
        add_user_to_EzSteroids("http://"+request.get_host(), user)
        
        #Do we not yet have any openids in the session?
        if OPENIDS_SESSION_NAME not in request.session.keys():
            request.session[OPENIDS_SESSION_NAME] = []
        #Eliminate any duplicate openids in the session
        request.session[OPENIDS_SESSION_NAME] = [o for o in request.session[OPENIDS_SESSION_NAME] if o.openid != openid_url]
        #Add this new openid to the list
        request.session[OPENIDS_SESSION_NAME].append(from_openid_response(openid_response))
        #Get the page to redirect to
        redirect = request.REQUEST.get(redirect_field_name, None)
        if not redirect or not is_valid_redirect_url(redirect):
            redirect = settings.LOGIN_REDIRECT_URL
        return HttpResponseRedirect(redirect)
    else:
        #TODO: This should start the registration process
        return failure_openid_login(request, openid_url, _("The OpenID doesn't match any registered user."))
Beispiel #6
0
def from_openid_response(openid_response):
    issued = int(time.time())
    return OpenID(
        openid_response.identity_url, issued, openid_response.signed_fields,
        SRegResponse.fromSuccessResponse(openid_response) 
    )