def test_services_service_not_supported(self, mock_discover):
        mock_discover.return_value = ('http://test.com/openid',
                                      self.mock_services)

        with self.assertRaises(openid.ServiceError) as e:
            openid.services('http://test.com/openid',
                            ['urn.test1', 'urn.test2'])

        self.assertEqual(
            str(e.exception),
            str(openid.ServiceError('http://test.com/openid', 'urn.test1')))
Beispiel #2
0
def login_oauth2(request):
    try:
        common.authentication_required(request)

        logger.info('Authenticating OAuth2 for {}'.format(
            request.user.auth.openid_url))

        auth_service, cert_service = openid.services(
            request.user.auth.openid_url, (URN_AUTHORIZE, URN_RESOURCE))

        redirect_url, state = oauth2.get_authorization_url(
            auth_service.server_url, cert_service.server_url)

        logger.info('Retrieved authorization url for OpenID {}'.format(
            request.user.auth.openid_url))

        request.session.update({
            'oauth_state': state,
            'openid': request.user.auth.openid_url
        })
    except WPSError as e:
        logger.exception('Error authenticating OAuth2')

        return common.failed(str(e))
    else:
        return common.success({'redirect': redirect_url})
def oauth2_callback(request):
    user = None

    try:
        openid_url = request.session.pop('openid')

        oauth_state = request.session.pop('oauth_state')

        logger.info('Handling OAuth2 callback for %r current state %r',
                    openid_url, oauth_state)

        user = models.User.objects.get(auth__openid_url=openid_url)

        logger.info('Discovering token and certificate services')

        token_service, cert_service = openid.services(
            openid_url, (URN_ACCESS, URN_RESOURCE))

        request_url = '{}?{}'.format(settings.WPS_OAUTH2_CALLBACK,
                                     request.META['QUERY_STRING'])

        logger.info('Getting token from service')

        token = oauth2.get_token(token_service.server_url, request_url,
                                 oauth_state)

        logger.info('Getting certificate from service')

        cert, key, new_token = oauth2.get_certificate(token, oauth_state,
                                                      token_service.server_url,
                                                      cert_service.server_url)

        logger.info('Updating user with token, certificate and state')

        user.auth.update('oauth2', [cert, key],
                         token=new_token,
                         state=oauth_state)
    except KeyError as e:
        logger.exception('Missing %r key from session data', e)

        return common.failed('Invalid OAuth state, report to server'
                             ' administrator')
    except (WPSError, oauth2.OAuth2Error) as e:
        logger.exception('OAuth2 callback failed')

        if user is not None:
            extra = json.loads(user.auth.extra)

            extra['error'] = 'OAuth2 callback failed "{}"'.format(str(e))

            user.auth.extra = json.dumps(extra)

            user.auth.save()

    logger.info('Finished handling OAuth2 callback, redirect to profile')

    metrics.track_login(metrics.WPS_OAUTH_LOGIN_SUCCESS, user.auth.openid_url)

    return redirect(settings.WPS_PROFILE_URL)
    def test_services(self, mock_discover):
        mock_discover.return_value = ('http://test.com/openid',
                                      self.mock_services)

        services = openid.services('http://test.com/openid',
                                   ['test_uri_1', 'test_uri_3'])

        self.assertEqual(len(services), 2)
def login_mpc(request):
    try:
        common.authentication_required(request)

        form = forms.MPCForm(request.POST)

        data = common.validate_form(form, ('username', 'password'))

        logger.info('Authenticating MyProxyClient for {}'.format(
            data['username']))

        services = openid.services(request.user.auth.openid_url, (URN_MPC, ))

        g = re.match('socket://(.*):(.*)', services[0].server_url)

        if g is None or len(g.groups()) != 2:
            raise MPCEndpointParseError()

        host, port = g.groups()

        from OpenSSL import SSL

        MyProxyClient.SSL_METHOD = SSL.TLSv1_2_METHOD

        try:
            m = MyProxyClient(hostname=host, caCertDir=settings.WPS_CA_PATH)

            c = m.logon(data['username'], data['password'], bootstrap=True)
        except Exception as e:
            raise common.AuthenticationError(user=data['username'])

        logger.info(
            'Authenticated with MyProxyClient backend for user {}'.format(
                data['username']))

        request.user.auth.update('myproxyclient', c)
    except WPSError as e:
        logger.exception('Error authenticating MyProxyClient')

        return common.failed(str(e))
    else:
        metrics.track_login(metrics.WPS_MPC_LOGIN_SUCCESS,
                            request.user.auth.openid_url)

        return common.success({
            'type': request.user.auth.type,
            'api_key': request.user.auth.api_key
        })
    finally:
        if not request.user.is_anonymous:
            metrics.track_login(metrics.WPS_MPC_LOGIN,
                                request.user.auth.openid_url)
Beispiel #6
0
def oauth2_callback(request):
    user = None

    try:
        openid_url = request.session.pop('openid')

        oauth_state = request.session.pop('oauth_state')

        user = models.User.objects.get(auth__openid_url=openid_url)

        token_service, cert_service = openid.services(
            openid_url, (URN_ACCESS, URN_RESOURCE))

        request_url = '{}?{}'.format(settings.OAUTH2_CALLBACK,
                                     request.META['QUERY_STRING'])

        token = oauth2.get_token(token_service.server_url, request_url,
                                 oauth_state)

        logger.info('Retrieved OAuth2 token for OpenID {}'.format(openid_url))

        cert, key, new_token = oauth2.get_certificate(token,
                                                      token_service.server_url,
                                                      cert_service.server_url)

        logger.info('Retrieved Certificated for OpenID {}'.format(openid_url))

        user.auth.update('oauth2', [cert, key], token=new_token)
    except KeyError as e:
        pass
    except WPSError as e:
        logger.exception('OAuth2 callback failed')

        if user is not None:
            extra = json.loads(user.auth.extra)

            extra['error'] = 'OAuth2 callback failed "{}"'.format(str(e))

            user.auth.extra = json.dumps(extra)

            user.auth.save()
    finally:
        return redirect(settings.PROFILE_URL)
 def test_services_discovery_error(self):
     with self.assertRaises(openid.DiscoverError) as e:
         openid.services('http://testbad.com/openid',
                         ['urn.test1', 'urn.test2'])