Ejemplo n.º 1
0
def endpoint(request):
    """
    Respond to low-level OpenID protocol messages.
    """
    s = getServer(request)

    query = util.normalDict(request.GET or request.POST)

    # First, decode the incoming request into something the OpenID
    # library can use.
    try:
        openid_request = s.decodeRequest(query)
    except ProtocolError as why:
        # This means the incoming request was invalid.
        return render_to_response('server/endpoint.html', {'error': str(why)},
                                  context_instance=RequestContext(request))

    # If we did not get a request, display text indicating that this
    # is an endpoint.
    if openid_request is None:
        return render_to_response('server/endpoint.html', {},
                                  context_instance=RequestContext(request))

    # We got a request; if the mode is checkid_*, we will handle it by
    # getting feedback from the user or by checking the session.
    if openid_request.mode in ["checkid_immediate", "checkid_setup"]:
        return handleCheckIDRequest(request, openid_request)
    else:
        # We got some other kind of OpenID request, so we let the
        # server handle this.
        openid_response = s.handleRequest(openid_request)
        return displayResponse(request, openid_response)
Ejemplo n.º 2
0
def endpoint(request):
    """
    Respond to low-level OpenID protocol messages.
    """
    s = getServer(request)

    query = util.normalDict(request.GET or request.POST)

    # First, decode the incoming request into something the OpenID
    # library can use.
    try:
        openid_request = s.decodeRequest(query)
    except ProtocolError as why:
        # This means the incoming request was invalid.
        return render_to_response(
            'server/endpoint.html', {'error': str(why)},
            context_instance=RequestContext(request))

    # If we did not get a request, display text indicating that this
    # is an endpoint.
    if openid_request is None:
        return render_to_response(
            'server/endpoint.html', {},
            context_instance=RequestContext(request))

    # We got a request; if the mode is checkid_*, we will handle it by
    # getting feedback from the user or by checking the session.
    if openid_request.mode in ["checkid_immediate", "checkid_setup"]:
        return handleCheckIDRequest(request, openid_request)
    else:
        # We got some other kind of OpenID request, so we let the
        # server handle this.
        openid_response = s.handleRequest(openid_request)
        return displayResponse(request, openid_response)
Ejemplo n.º 3
0
def endpoint(request):
    """
    Respond to low-level OpenID protocol messages.
    """
    s = getServer(request)

    query = util.normalDict(request.GET or request.POST)

    # First, decode the incoming request into something the OpenID
    # library can use.
    try:
        openid_request = s.decodeRequest(query)
    except ProtocolError, why:
        # This means the incoming request was invalid.
        return render(request, "server/endpoint.html", {"error": str(why)})
Ejemplo n.º 4
0
def endpoint(request):
    """
    Respond to low-level OpenID protocol messages.
    """
    ret_json = request.META.get('HTTP_ACCEPT', False) and \
            not (request.META['HTTP_ACCEPT'].find('html') > -1)

    query = util.normalDict(request.GET or request.POST)
    if query.get('data', ''):
        #TODO no use query.get('remember', '')
        username = query.get('user')
        password = query.get('passwd')
        user = _sign_in(request, username, password)
        if not user or not user.is_active:
            next_url = query.get('next') or request.META.get('HTTP_REFERER', '')
            if not ret_json:
                return direct_to_template(request, 'server/login.html', 
                            {'ret': 'error<a href=' + next_url + '>back</a>', 
                             'data': query['data'], 
                             'url': getViewURL(request, endpoint), 
                             'next': next_url})
            else:
                response_data = {'prompt': 'openid login', \
                        'action': getViewURL(request, endpoint), \
                        'method': 'POST', \
                        'fields': [
                            {'type': 'text', 'name': 'user', 'label': 'Username: '******'type': 'password', 'name': 'passwd', 'label': 'Password: '******'type': 'hidden', 'name': 'data', 'value': query['data']},

                        ]
                }
                return http.HttpResponse(json.dumps(response_data), mimetype="application/json")
        query = pickle.loads(base64.decodestring(query['data']))

    s = getServer(request)

    # First, decode the incoming request into something the OpenID
    # library can use.
    try:
        openid_request = s.decodeRequest(query)
    except ProtocolError, why:
        # This means the incoming request was invalid.
        return direct_to_template(
            request,
            'server/endpoint.html',
            {'error': str(why)})
Ejemplo n.º 5
0
def finishOpenID(request):
    """
    Finish the OpenID authentication process.  Invoke the OpenID
    library with the response from the OpenID server and render a page
    detailing the result.
    """
    result = {}

    # Because the object containing the query parameters is a
    # MultiValueDict and the OpenID library doesn't allow that, we'll
    # convert it to a normal dict.

    # OpenID 2 can send arguments as either POST body or GET query
    # parameters.
    request_args = util.normalDict(request.GET)
    if request.method == 'POST':
        request_args.update(util.normalDict(request.POST))

    if request_args:
        c = getConsumer(request)

        # Get a response object indicating the result of the OpenID
        # protocol.
        return_to = util.getViewURL(request, finishOpenID)
        response = c.complete(request_args, return_to)

        # Get a Simple Registration response object if response
        # information was included in the OpenID response.
        sreg_response = {}
        ax_items = {}
        if response.status == consumer.SUCCESS:
            sreg_response = sreg.SRegResponse.fromSuccessResponse(response)

            ax_response = ax.FetchResponse.fromSuccessResponse(response)
            if ax_response:
                ax_items = {
                    'fullname':
                    ax_response.get('http://schema.openid.net/namePerson'),
                    'web':
                    ax_response.get(
                        'http://schema.openid.net/contact/web/default'),
                }

        # Get a PAPE response object if response information was
        # included in the OpenID response.
        pape_response = None
        if response.status == consumer.SUCCESS:
            pape_response = pape.Response.fromSuccessResponse(response)

            if not pape_response.auth_policies:
                pape_response = None

        # Map different consumer status codes to template contexts.
        results = {
            consumer.CANCEL: {
                'message': 'OpenID authentication cancelled.'
            },
            consumer.FAILURE: {
                'error': 'OpenID authentication failed.'
            },
            consumer.SUCCESS: {
                'url': response.getDisplayIdentifier(),
                'sreg': sreg_response and list(sreg_response.items()),
                'ax': list(ax_items.items()),
                'pape': pape_response
            }
        }

        result = results[response.status]

        if isinstance(response, consumer.FailureResponse):
            # In a real application, this information should be
            # written to a log for debugging/tracking OpenID
            # authentication failures. In general, the messages are
            # not user-friendly, but intended for developers.
            result['failure_reason'] = response.message

    return renderIndexPage(request, **result)
Ejemplo n.º 6
0
Archivo: views.py Proyecto: XOEEst/hue
def finishOpenID(request):
    """
    Finish the OpenID authentication process.  Invoke the OpenID
    library with the response from the OpenID server and render a page
    detailing the result.
    """
    result = {}

    # Because the object containing the query parameters is a
    # MultiValueDict and the OpenID library doesn't allow that, we'll
    # convert it to a normal dict.

    # OpenID 2 can send arguments as either POST body or GET query
    # parameters.
    request_args = util.normalDict(request.GET)
    if request.method == "POST":
        request_args.update(util.normalDict(request.POST))

    if request_args:
        c = getConsumer(request)

        # Get a response object indicating the result of the OpenID
        # protocol.
        return_to = util.getViewURL(request, finishOpenID)
        response = c.complete(request_args, return_to)

        # Get a Simple Registration response object if response
        # information was included in the OpenID response.
        sreg_response = {}
        ax_items = {}
        if response.status == consumer.SUCCESS:
            sreg_response = sreg.SRegResponse.fromSuccessResponse(response)

            ax_response = ax.FetchResponse.fromSuccessResponse(response)
            if ax_response:
                ax_items = {
                    "fullname": ax_response.get("http://schema.openid.net/namePerson"),
                    "web": ax_response.get("http://schema.openid.net/contact/web/default"),
                }

        # Get a PAPE response object if response information was
        # included in the OpenID response.
        pape_response = None
        if response.status == consumer.SUCCESS:
            pape_response = pape.Response.fromSuccessResponse(response)

            if not pape_response.auth_policies:
                pape_response = None

        # Map different consumer status codes to template contexts.
        results = {
            consumer.CANCEL: {"message": "OpenID authentication cancelled."},
            consumer.FAILURE: {"error": "OpenID authentication failed."},
            consumer.SUCCESS: {
                "url": response.getDisplayIdentifier(),
                "sreg": sreg_response and sreg_response.items(),
                "ax": ax_items.items(),
                "pape": pape_response,
            },
        }

        result = results[response.status]

        if isinstance(response, consumer.FailureResponse):
            # In a real application, this information should be
            # written to a log for debugging/tracking OpenID
            # authentication failures. In general, the messages are
            # not user-friendly, but intended for developers.
            result["failure_reason"] = response.message

    return renderIndexPage(request, **result)
Ejemplo n.º 7
0
def handleCheckIDRequest(request, openid_request):
    """
    Handle checkid_* requests.  Get input from the user to find out
    whether she trusts the RP involved.  Possibly, get intput about
    what Simple Registration information, if any, to send in the
    response.
    """
    # If the request was an IDP-driven identifier selection request
    # (i.e., the IDP URL was entered at the RP), then return the
    # default identity URL for this server. In a full-featured
    # provider, there could be interaction with the user to determine
    # what URL should be sent.
    for k in dir(openid_request):
        if k.startswith('_'):
            continue

    if not request.user.is_authenticated():
        ret_json = request.META.get('HTTP_ACCEPT', False) and \
            not (request.META['HTTP_ACCEPT'].find('html') > -1)

        query = util.normalDict(request.GET or request.POST)
        if not ret_json:
            return direct_to_template(request, 'server/login.html',
                            {'ret': '',
                             'data': base64.encodestring(pickle.dumps(query)).strip('\n'),
                             'url': getViewURL(request, endpoint),
                             'next': request.GET.get('next', request.META.get('HTTP_REFERER', ''))
                            })
        else:
            response_data = {'prompt': 'openid login', \
                             'action': getViewURL(request, endpoint), \
                             'method': 'POST', \
                             'fields': [
                                 {'type': 'text', 'name': 'user', 'label': 'Username: '******'type': 'password', 'name': 'passwd', 'label': 'Password: '******'type': 'hidden', 'name': 'data', 'value': base64.encodestring(pickle.dumps(query)).strip('\n')},

                             ]
            }
            return http.HttpResponse(json.dumps(response_data), mimetype="application/json")

    if not openid_request.idSelect():

        id_url = getViewURL(request, idPage, args=[request.user.username])
        # Confirm that this server can actually vouch for that
        # identifier
        if id_url != openid_request.identity:
            # Return an error response
            error_response = ProtocolError(
                openid_request.message,
                "This server cannot verify the URL %r" %
                (openid_request.identity,))

            return displayResponse(request, error_response)

    if openid_request.immediate:
        # Always respond with 'cancel' to immediate mode requests
        # because we don't track information about a logged-in user.
        # If we did, then the answer would depend on whether that user
        # had trusted the request's trust root and whether the user is
        # even logged in.
        openid_response = openid_request.answer(False)
        return displayResponse(request, openid_response)
    else:
        # Store the incoming request object in the session so we can
        # get to it later.

        setRequest(request, openid_request)
        return showDecidePage(request, openid_request)
Ejemplo n.º 8
0
def finishOpenID(request):
    """
    Finish the OpenID authentication process.  Invoke the OpenID
    library with the response from the OpenID server and render a page
    detailing the result.
    """
    result = {}

    # Because the object containing the query parameters is a
    # MultiValueDict and the OpenID library doesn't allow that, we'll
    # convert it to a normal dict.

    # OpenID 2 can send arguments as either POST body or GET query
    # parameters.
    request_args = util.normalDict(request.GET)
    if request.method == 'POST':
        request_args.update(util.normalDict(request.POST))

    if request_args:
        c = getConsumer(request)

        # Get a response object indicating the result of the OpenID
        # protocol.
        return_to = util.getViewURL(request, finishOpenID)
        response = c.complete(request_args, return_to)

        # Get a Simple Registration response object if response
        # information was included in the OpenID response.
        sreg_response = {}
        if response.status == consumer.SUCCESS:
            sreg_response = sreg.SRegResponse.fromSuccessResponse(response)

        # Get a PAPE response object if response information was
        # included in the OpenID response.
        pape_response = None
        if response.status == consumer.SUCCESS:
            pape_response = pape.Response.fromSuccessResponse(response)

        # Map different consumer status codes to template contexts.
        results = {
            consumer.CANCEL:
            {'message': 'OpenID authentication cancelled.'},

            consumer.FAILURE:
            {'error': 'OpenID authentication failed.'},

            consumer.SUCCESS:
            {'url': response.getDisplayIdentifier(),
             'sreg': sreg_response.items(),
             'pape': pape_response},
            }

        result = results[response.status]

        if isinstance(response, consumer.FailureResponse):
            # In a real application, this information should be
            # written to a log for debugging/tracking OpenID
            # authentication failures. In general, the messages are
            # not user-friendly, but intended for developers.
            result['failure_reason'] = response.message

    return renderIndexPage(request, **result)