def endpoint(request):
"""
Respond to low-level OpenID protocol messages.
"""
s = getServer(request)
query = util.normalDict(request.GET or request.POST)
# First, decode the incoming request into something the OpenID
# library can use.
try:
openid_request = s.decodeRequest(query)
except ProtocolError as why:
# This means the incoming request was invalid.
return render_to_response('server/endpoint.html', {'error': str(why)},
context_instance=RequestContext(request))
# If we did not get a request, display text indicating that this
# is an endpoint.
if openid_request is None:
return render_to_response('server/endpoint.html', {},
context_instance=RequestContext(request))
# We got a request; if the mode is checkid_*, we will handle it by
# getting feedback from the user or by checking the session.
if openid_request.mode in ["checkid_immediate", "checkid_setup"]:
return handleCheckIDRequest(request, openid_request)
else:
# We got some other kind of OpenID request, so we let the
# server handle this.
openid_response = s.handleRequest(openid_request)
return displayResponse(request, openid_response)
def endpoint(request):
"""
Respond to low-level OpenID protocol messages.
"""
s = getServer(request)
query = util.normalDict(request.GET or request.POST)
# First, decode the incoming request into something the OpenID
# library can use.
try:
openid_request = s.decodeRequest(query)
except ProtocolError as why:
# This means the incoming request was invalid.
return render_to_response(
'server/endpoint.html', {'error': str(why)},
context_instance=RequestContext(request))
# If we did not get a request, display text indicating that this
# is an endpoint.
if openid_request is None:
return render_to_response(
'server/endpoint.html', {},
context_instance=RequestContext(request))
# We got a request; if the mode is checkid_*, we will handle it by
# getting feedback from the user or by checking the session.
if openid_request.mode in ["checkid_immediate", "checkid_setup"]:
return handleCheckIDRequest(request, openid_request)
else:
# We got some other kind of OpenID request, so we let the
# server handle this.
openid_response = s.handleRequest(openid_request)
return displayResponse(request, openid_response)
def endpoint(request):
"""
Respond to low-level OpenID protocol messages.
"""
s = getServer(request)
query = util.normalDict(request.GET or request.POST)
# First, decode the incoming request into something the OpenID
# library can use.
try:
openid_request = s.decodeRequest(query)
except ProtocolError, why:
# This means the incoming request was invalid.
return render(request, "server/endpoint.html", {"error": str(why)})
def endpoint(request):
"""
Respond to low-level OpenID protocol messages.
"""
ret_json = request.META.get('HTTP_ACCEPT', False) and \
not (request.META['HTTP_ACCEPT'].find('html') > -1)
query = util.normalDict(request.GET or request.POST)
if query.get('data', ''):
#TODO no use query.get('remember', '')
username = query.get('user')
password = query.get('passwd')
user = _sign_in(request, username, password)
if not user or not user.is_active:
next_url = query.get('next') or request.META.get('HTTP_REFERER', '')
if not ret_json:
return direct_to_template(request, 'server/login.html',
{'ret': 'error<a href=' + next_url + '>back</a>',
'data': query['data'],
'url': getViewURL(request, endpoint),
'next': next_url})
else:
response_data = {'prompt': 'openid login', \
'action': getViewURL(request, endpoint), \
'method': 'POST', \
'fields': [
{'type': 'text', 'name': 'user', 'label': 'Username: '******'type': 'password', 'name': 'passwd', 'label': 'Password: '******'type': 'hidden', 'name': 'data', 'value': query['data']},
]
}
return http.HttpResponse(json.dumps(response_data), mimetype="application/json")
query = pickle.loads(base64.decodestring(query['data']))
s = getServer(request)
# First, decode the incoming request into something the OpenID
# library can use.
try:
openid_request = s.decodeRequest(query)
except ProtocolError, why:
# This means the incoming request was invalid.
return direct_to_template(
request,
'server/endpoint.html',
{'error': str(why)})
def finishOpenID(request):
"""
Finish the OpenID authentication process. Invoke the OpenID
library with the response from the OpenID server and render a page
detailing the result.
"""
result = {}
# Because the object containing the query parameters is a
# MultiValueDict and the OpenID library doesn't allow that, we'll
# convert it to a normal dict.
# OpenID 2 can send arguments as either POST body or GET query
# parameters.
request_args = util.normalDict(request.GET)
if request.method == 'POST':
request_args.update(util.normalDict(request.POST))
if request_args:
c = getConsumer(request)
# Get a response object indicating the result of the OpenID
# protocol.
return_to = util.getViewURL(request, finishOpenID)
response = c.complete(request_args, return_to)
# Get a Simple Registration response object if response
# information was included in the OpenID response.
sreg_response = {}
ax_items = {}
if response.status == consumer.SUCCESS:
sreg_response = sreg.SRegResponse.fromSuccessResponse(response)
ax_response = ax.FetchResponse.fromSuccessResponse(response)
if ax_response:
ax_items = {
'fullname':
ax_response.get('http://schema.openid.net/namePerson'),
'web':
ax_response.get(
'http://schema.openid.net/contact/web/default'),
}
# Get a PAPE response object if response information was
# included in the OpenID response.
pape_response = None
if response.status == consumer.SUCCESS:
pape_response = pape.Response.fromSuccessResponse(response)
if not pape_response.auth_policies:
pape_response = None
# Map different consumer status codes to template contexts.
results = {
consumer.CANCEL: {
'message': 'OpenID authentication cancelled.'
},
consumer.FAILURE: {
'error': 'OpenID authentication failed.'
},
consumer.SUCCESS: {
'url': response.getDisplayIdentifier(),
'sreg': sreg_response and list(sreg_response.items()),
'ax': list(ax_items.items()),
'pape': pape_response
}
}
result = results[response.status]
if isinstance(response, consumer.FailureResponse):
# In a real application, this information should be
# written to a log for debugging/tracking OpenID
# authentication failures. In general, the messages are
# not user-friendly, but intended for developers.
result['failure_reason'] = response.message
return renderIndexPage(request, **result)
def finishOpenID(request):
"""
Finish the OpenID authentication process. Invoke the OpenID
library with the response from the OpenID server and render a page
detailing the result.
"""
result = {}
# Because the object containing the query parameters is a
# MultiValueDict and the OpenID library doesn't allow that, we'll
# convert it to a normal dict.
# OpenID 2 can send arguments as either POST body or GET query
# parameters.
request_args = util.normalDict(request.GET)
if request.method == "POST":
request_args.update(util.normalDict(request.POST))
if request_args:
c = getConsumer(request)
# Get a response object indicating the result of the OpenID
# protocol.
return_to = util.getViewURL(request, finishOpenID)
response = c.complete(request_args, return_to)
# Get a Simple Registration response object if response
# information was included in the OpenID response.
sreg_response = {}
ax_items = {}
if response.status == consumer.SUCCESS:
sreg_response = sreg.SRegResponse.fromSuccessResponse(response)
ax_response = ax.FetchResponse.fromSuccessResponse(response)
if ax_response:
ax_items = {
"fullname": ax_response.get("http://schema.openid.net/namePerson"),
"web": ax_response.get("http://schema.openid.net/contact/web/default"),
}
# Get a PAPE response object if response information was
# included in the OpenID response.
pape_response = None
if response.status == consumer.SUCCESS:
pape_response = pape.Response.fromSuccessResponse(response)
if not pape_response.auth_policies:
pape_response = None
# Map different consumer status codes to template contexts.
results = {
consumer.CANCEL: {"message": "OpenID authentication cancelled."},
consumer.FAILURE: {"error": "OpenID authentication failed."},
consumer.SUCCESS: {
"url": response.getDisplayIdentifier(),
"sreg": sreg_response and sreg_response.items(),
"ax": ax_items.items(),
"pape": pape_response,
},
}
result = results[response.status]
if isinstance(response, consumer.FailureResponse):
# In a real application, this information should be
# written to a log for debugging/tracking OpenID
# authentication failures. In general, the messages are
# not user-friendly, but intended for developers.
result["failure_reason"] = response.message
return renderIndexPage(request, **result)
def handleCheckIDRequest(request, openid_request):
"""
Handle checkid_* requests. Get input from the user to find out
whether she trusts the RP involved. Possibly, get intput about
what Simple Registration information, if any, to send in the
response.
"""
# If the request was an IDP-driven identifier selection request
# (i.e., the IDP URL was entered at the RP), then return the
# default identity URL for this server. In a full-featured
# provider, there could be interaction with the user to determine
# what URL should be sent.
for k in dir(openid_request):
if k.startswith('_'):
continue
if not request.user.is_authenticated():
ret_json = request.META.get('HTTP_ACCEPT', False) and \
not (request.META['HTTP_ACCEPT'].find('html') > -1)
query = util.normalDict(request.GET or request.POST)
if not ret_json:
return direct_to_template(request, 'server/login.html',
{'ret': '',
'data': base64.encodestring(pickle.dumps(query)).strip('\n'),
'url': getViewURL(request, endpoint),
'next': request.GET.get('next', request.META.get('HTTP_REFERER', ''))
})
else:
response_data = {'prompt': 'openid login', \
'action': getViewURL(request, endpoint), \
'method': 'POST', \
'fields': [
{'type': 'text', 'name': 'user', 'label': 'Username: '******'type': 'password', 'name': 'passwd', 'label': 'Password: '******'type': 'hidden', 'name': 'data', 'value': base64.encodestring(pickle.dumps(query)).strip('\n')},
]
}
return http.HttpResponse(json.dumps(response_data), mimetype="application/json")
if not openid_request.idSelect():
id_url = getViewURL(request, idPage, args=[request.user.username])
# Confirm that this server can actually vouch for that
# identifier
if id_url != openid_request.identity:
# Return an error response
error_response = ProtocolError(
openid_request.message,
"This server cannot verify the URL %r" %
(openid_request.identity,))
return displayResponse(request, error_response)
if openid_request.immediate:
# Always respond with 'cancel' to immediate mode requests
# because we don't track information about a logged-in user.
# If we did, then the answer would depend on whether that user
# had trusted the request's trust root and whether the user is
# even logged in.
openid_response = openid_request.answer(False)
return displayResponse(request, openid_response)
else:
# Store the incoming request object in the session so we can
# get to it later.
setRequest(request, openid_request)
return showDecidePage(request, openid_request)
def finishOpenID(request):
"""
Finish the OpenID authentication process. Invoke the OpenID
library with the response from the OpenID server and render a page
detailing the result.
"""
result = {}
# Because the object containing the query parameters is a
# MultiValueDict and the OpenID library doesn't allow that, we'll
# convert it to a normal dict.
# OpenID 2 can send arguments as either POST body or GET query
# parameters.
request_args = util.normalDict(request.GET)
if request.method == 'POST':
request_args.update(util.normalDict(request.POST))
if request_args:
c = getConsumer(request)
# Get a response object indicating the result of the OpenID
# protocol.
return_to = util.getViewURL(request, finishOpenID)
response = c.complete(request_args, return_to)
# Get a Simple Registration response object if response
# information was included in the OpenID response.
sreg_response = {}
if response.status == consumer.SUCCESS:
sreg_response = sreg.SRegResponse.fromSuccessResponse(response)
# Get a PAPE response object if response information was
# included in the OpenID response.
pape_response = None
if response.status == consumer.SUCCESS:
pape_response = pape.Response.fromSuccessResponse(response)
# Map different consumer status codes to template contexts.
results = {
consumer.CANCEL:
{'message': 'OpenID authentication cancelled.'},
consumer.FAILURE:
{'error': 'OpenID authentication failed.'},
consumer.SUCCESS:
{'url': response.getDisplayIdentifier(),
'sreg': sreg_response.items(),
'pape': pape_response},
}
result = results[response.status]
if isinstance(response, consumer.FailureResponse):
# In a real application, this information should be
# written to a log for debugging/tracking OpenID
# authentication failures. In general, the messages are
# not user-friendly, but intended for developers.
result['failure_reason'] = response.message
return renderIndexPage(request, **result)
