def oid_login_handler(self, f, oid):
"""
Hackish method to make use of oid.login_handler decorator.
"""
if request.args.get('openid_complete') != u'yes':
return f(False)
consumer = Consumer(SessionWrapper(self), oid.store_factory())
openid_response = consumer.complete(request.args.to_dict(),
oid.get_current_url())
if openid_response.status == SUCCESS:
return self.after_login(OpenIDResponse(openid_response, []))
elif openid_response.status == CANCEL:
oid.signal_error(u'The request was cancelled')
return redirect(oid.get_current_url())
oid.signal_error(u'OpenID authentication error')
return redirect(oid.get_current_url())
def login_finish(self):
"""Step two of logging in; the OpenID provider redirects back here."""
cons = Consumer(session=session, store=self.openid_store)
host = request.headers['host']
return_url = url(host=host,
controller='accounts',
action='login_finish')
res = cons.complete(request.params, return_url)
if res.status == CANCEL:
# I guess.. just.. back to the homepage?
h.flash(u"""Login canceled.""", icon='user-silhouette')
redirect(url('/'))
elif res.status != SUCCESS:
return 'Error! %s' % res.message
try:
# Grab an existing user record, if one exists
q = meta.Session.query(users_model.User) \
.filter(users_model.User.openids.any(openid=res.identity_url))
user = q.one()
except NoResultFound:
# Try to pull a name out of the SReg response
sreg_res = SRegResponse.fromSuccessResponse(res)
try:
username = sreg_res['nickname']
except (KeyError, TypeError):
# KeyError if sreg has no nickname; TypeError if sreg is None
username = '******'
# Create db records
user = users_model.User(name=username)
meta.Session.add(user)
openid = users_model.OpenID(openid=res.identity_url)
user.openids.append(openid)
meta.Session.commit()
# Remember who's logged in, and we're good to go
session['user_id'] = user.id
session.save()
h.flash(u"""Hello, {0}!""".format(user.name), icon='user')
redirect(url('/'), code=303)
def prepare_authentication_request(self, request, redirect_to):
if not redirect_to.startswith('http://') or redirect_to.startswith(
'https://'):
redirect_to = get_url_host(request) + redirect_to
user_url = self.get_user_url(request)
if xri.identifierScheme(user_url) == 'XRI' and getattr(
settings, 'OPENID_DISALLOW_INAMES', False):
raise InvalidAuthentication('i-names are not supported')
consumer = Consumer(request.session, OsqaOpenIDStore())
try:
auth_request = consumer.begin(user_url)
except DiscoveryFailure:
raise InvalidAuthentication(
_('Sorry, but your input is not a valid OpenId'))
#sreg = getattr(settings, 'OPENID_SREG', False)
#if sreg:
# s = SRegRequest()
# for sarg in sreg:
# if sarg.lower().lstrip() == "policy_url":
# s.policy_url = sreg[sarg]
# else:
# for v in sreg[sarg].split(','):
# s.requestField(field_name=v.lower().lstrip(), required=(sarg.lower().lstrip() == "required"))
# auth_request.addExtension(s)
#auth_request.addExtension(SRegRequest(required=['email']))
if request.session.get('force_email_request', True):
axr = AXFetchRequest()
for data_type, schema in self.dataype2ax_schema.items():
if isinstance(schema, tuple):
axr.add(AttrInfo(schema[0], 1, True, schema[1]))
else:
axr.add(AttrInfo(schema, 1, True, data_type))
auth_request.addExtension(axr)
trust_root = getattr(settings, 'OPENID_TRUST_ROOT',
get_url_host(request) + '/')
return auth_request.redirectURL(trust_root, redirect_to)
def clean_openid_url(self):
openid_error = self.request.session.get(OPENID_ERROR_SESSION_NAME, '')
if openid_error:
self.request.session[OPENID_ERROR_SESSION_NAME] = ''
raise forms.ValidationError(_(openid_error))
openid_url = self.cleaned_data['openid_url']
#Determine if we need to and can support openid inames
disallow_inames = getattr(settings, 'OPENID_DISALLOW_INAMES', False)
if disallow_inames and xri.identifierScheme(openid_url) == 'XRI':
raise forms.ValidationError(_('i-names are not allowed'))
#Set up the openid authorization request
consumer = Consumer(self.request.session, DjangoOpenIDStore())
try:
auth_request = consumer.begin(openid_url)
except DiscoveryFailure, df:
raise forms.ValidationError("%s: %s" %
(_("OpenID Discovery Failure"), df))
def complete(request, on_success=None, on_failure=None):
on_success = on_success or default_on_success
on_failure = on_failure or default_on_failure
consumer = Consumer(request.session, DjangoOpenIDStore())
openid_response = consumer.complete(dict(request.GET.items()))
if openid_response.status == SUCCESS:
return on_success(request, openid_response.identity_url, openid_response)
elif openid_response.status == CANCEL:
return on_failure(request, 'The request was cancelled')
elif openid_response.status == FAILURE:
return on_failure(request, openid_response.message)
elif openid_response.status == SETUP_NEEDED:
return on_failure(request, 'Setup needed')
else:
assert False, "Bad openid status: %s" % openid_response.status
def try_login(self,
identity_url,
ask_for=None,
ask_for_optional=None,
extensions=None):
"""This tries to login with the given identity URL. This function
must be called from the login_handler. The `ask_for` and
`ask_for_optional`parameter can be a set of values to be asked
from the openid provider, where keys in `ask_for` are marked as
required, and keys in `ask_for_optional` are marked as optional.
The following strings can be used in the `ask_for` and
`ask_for_optional` parameters:
``aim``, ``blog``, ``country``, ``dob`` (date of birth), ``email``,
``fullname``, ``gender``, ``icq``, ``image``, ``jabber``, ``language``,
``msn``, ``nickname``, ``phone``, ``postcode``, ``skype``,
``timezone``, ``website``, ``yahoo``
`extensions` can be a list of instances of OpenID extension requests
that should be passed on with the request. If you use this, please make
sure to pass the Response classes of these extensions when initializing
OpenID.
"""
if ask_for and __debug__:
for key in ask_for:
if key not in ALL_KEYS:
raise ValueError('invalid key %r' % key)
if ask_for_optional:
for key in ask_for_optional:
if key not in ALL_KEYS:
raise ValueError('invalid optional key %r' % key)
try:
consumer = Consumer(SessionWrapper(self), self.store_factory())
auth_request = consumer.begin(identity_url)
if ask_for or ask_for_optional:
self.attach_reg_info(auth_request, ask_for, ask_for_optional)
if extensions:
for extension in extensions:
auth_request.addExtension(extension)
except discover.DiscoveryFailure:
self.signal_error(u'The OpenID was invalid')
return redirect(self.get_current_url())
trust_root = request.host_url
return redirect(
auth_request.redirectURL(request.host_url, self.get_success_url()))
def openid2_finish_authentication(request, provider, original_callback):
from openid.consumer.consumer import Consumer, SUCCESS, FAILURE, CANCEL, SETUP_NEEDED
consumer = Consumer(request.session, openid_store)
ret = consumer.complete(request.REQUEST, original_callback)
if ret.status != SUCCESS:
return None
# this should get email but doesn't
profile = {"id": ret.identity_url}
ax = ret.extensionResponse("http://openid.net/srv/ax/1.0", False)
for k in ax:
if k[0:5] == "type.":
if ax[k] == "http://schema.openid.net/contact/email":
profile[k[5:]] = ax["value." + k[5:]]
return provider, ret.identity_url, profile
def process_authentication_request(self, request):
consumer = Consumer(request.session, OsqaOpenIDStore())
query_dict = dict([(k.encode('utf8'), v.encode('utf8'))
for k, v in request.GET.items()])
#for i in query_dict.items():
#print "%s : %s" % i
url = get_url_host(request) + request.path
openid_response = consumer.complete(query_dict, url)
if openid_response.status == SUCCESS:
if request.session.get('force_email_request', True):
try:
ax = AXFetchResponse.fromSuccessResponse(openid_response)
axargs = ax.getExtensionArgs()
ax_schema2data_type = dict([
(s, t) for t, s in self.dataype2ax_schema.items()
])
available_types = dict([(ax_schema2data_type[s],
re.sub('^type\.', '', n))
for n, s in axargs.items()
if s in ax_schema2data_type])
available_data = dict([(t, axargs["value.%s.1" % s])
for t, s in available_types.items()
])
request.session['auth_consumer_data'] = {
'email': available_data.get('email', None),
}
except Exception, e:
pass
#import sys, traceback
#traceback.print_exc(file=sys.stdout)
return request.GET['openid.identity']
def complete(self, requestData):
session = requestData.session
store = session.get("openId_store")
if store is None:
return False, {"status":"", "message":"Lost session store, try again!"}
session["openId_store"] = None
consumer = Consumer(session, store)
queryDict = requestData.args
realm = requestData.urlPath
response = consumer.complete(queryDict, realm)
result = False
d = {}
if response is None:
d["status"] = None
d["message"] = "Received no response!"
return result, d
displayId = response.getDisplayIdentifier()
d["displayId"] = displayId
d["status"] = response.status
if hasattr(response, "message"):
d["message"] = response.message
else:
d["message"] = ""
if response.status=="success":
canonicalId = response.endpoint.canonicalID
if canonicalId is None:
canonicalId = displayId
d["canonicalId"] = canonicalId
d["id"] = canonicalId
d["message"] = "OK"
result = True
elif response.status=="failure":
# Verification failed
d["message"] = "Failed verification: %s" % response.message
elif response.status=="cancel":
d["message"] = "Cancelled"
elif response.status=="setup_needed":
d["message"] = "Setup needed: %s" % response.message
else:
d["message"] = "Failed"
return result, d
def oid_login_handler(self, f, oid):
"""
Hackish method to make use of oid.login_handler decorator.
"""
from flask_openid import OpenIDResponse, SessionWrapper
from openid.consumer.consumer import CANCEL, Consumer, SUCCESS
if request.args.get("openid_complete") != u"yes":
return f(False)
consumer = Consumer(SessionWrapper(self), oid.store_factory())
openid_response = consumer.complete(
request.args.to_dict(), oid.get_current_url()
)
if openid_response.status == SUCCESS:
return self.after_login(OpenIDResponse(openid_response, []))
elif openid_response.status == CANCEL:
oid.signal_error(u"The request was cancelled")
return redirect(oid.get_current_url())
oid.signal_error(u"OpenID authentication error")
return redirect(oid.get_current_url())
def ask_openid(self, openid_url, return_url):
trust_root = self.get_trust_root()
consumer = Consumer(self.request.session, self.store_class())
try:
auth_request = consumer.begin(openid_url)
except DiscoveryFailure:
message = _('The OpenID %(url)s was invalid')
return self.failure(message % {'url': openid_url})
use_ax, use_sreg = discover_extensions(openid_url)
sreg_request = None
ax_request = None
if use_sreg:
sreg_attrs = self.get_sreg_attrs()
if 'optional' not in sreg_attrs:
sreg_attrs.update({'optional': ['nickname', 'email']})
sreg_request = sreg.SRegRequest(**sreg_attrs)
if use_ax:
ax_request = ax.FetchRequest()
ax_request.add(
ax.AttrInfo('http://schema.openid.net/contact/email',
alias='email',
required=True), )
ax_request.add(
ax.AttrInfo('http://schema.openid.net/namePerson/friendly',
alias='nickname',
required=True), )
ax_attrs = self.get_ax_attrs()
for attr in ax_attrs:
if len(attr) == 2:
ax_request.add(ax.AttrInfo(attr[0], required=attr[1]))
else:
ax_request.add(ax.AttrInfo(attr[0]))
if sreg_request is not None:
auth_request.addExtension(sreg_request)
if ax_request is not None:
auth_request.addExtension(ax_request)
redirect_url = auth_request.redirectURL(trust_root, return_url)
return redirect(redirect_url)
def begin_openid(session,
trust_root,
openid_url,
resource_redirect_url,
redirect_to=None):
if not redirect_to:
redirect_to = trust_root + '/idpauth/openid_login_complete/' + '?next=' + resource_redirect_url
else:
redirect_to = trust_root + '/' + redirect_to + '?next=' + resource_redirect_url
log.debug(redirect_to)
consumer = Consumer(session, DjangoOpenIDStore())
try:
auth_request = consumer.begin(openid_url)
except DiscoveryFailure:
return None
auth_request = set_attributes(auth_request)
redirect_url = auth_request.redirectURL(trust_root, redirect_to)
return redirect_url
def complete(request, failure_template='socialauthentication/openid_failure.html'):
consumer = Consumer(request.session, DjangoOpenIDStore())
# JanRain library raises a warning if passed unicode objects as the keys,
# so we convert to bytestrings before passing to the library
query_dict = dict([
(k.encode('utf8'), v.encode('utf8')) for k, v in request.REQUEST.items()
])
openid_response = consumer.complete(query_dict, request.build_absolute_uri(reverse("openid_complete")))
if openid_response.status == SUCCESS:
return on_success(request, openid_response.identity_url, openid_response)
elif openid_response.status == CANCEL:
return on_failure(request, _('The request was cancelled'), failure_template)
elif openid_response.status == FAILURE:
return on_failure(request, openid_response.message, failure_template)
elif openid_response.status == SETUP_NEEDED:
return on_failure(request, _('Setup needed'), failure_template)
else:
assert False, "Bad openid status: %s" % openid_response.status
def complete(request, on_success=None, on_failure=None, return_to=None):
""" complete openid signin """
on_success = on_success or default_on_success
on_failure = on_failure or default_on_failure
consumer = Consumer(request.session, DjangoOpenIDStore())
# make sure params are encoded in utf8
params = dict((k, smart_unicode(v)) for k, v in request.GET.items())
openid_response = consumer.complete(params, return_to)
if openid_response.status == SUCCESS:
return on_success(request, openid_response.identity_url,
openid_response)
elif openid_response.status == CANCEL:
return on_failure(request, 'The request was canceled')
elif openid_response.status == FAILURE:
return on_failure(request, openid_response.message)
elif openid_response.status == SETUP_NEEDED:
return on_failure(request, 'Setup needed')
else:
assert False, "Bad openid status: %s" % openid_response.status
def process_authentication_request(self, request):
consumer = Consumer(request.session, OsqaOpenIDStore())
query_dict = dict([(k.encode('utf8'), v.encode('utf8'))
for k, v in request.GET.items()])
#for i in query_dict.items():
# print "%s : %s" % i
url = get_url_host(request) + request.path
openid_response = consumer.complete(query_dict, url)
if openid_response.status == SUCCESS:
if request.session.get('force_email_request', True):
try:
ax = AXFetchResponse.fromSuccessResponse(openid_response)
email = ax.getExtensionArgs()['value.ext0.1']
request.session['auth_email_request'] = email
except Exception, e:
pass
return request.GET['openid.identity']
def complete(request, on_success=None, on_failure=None, return_to=None):
on_success = on_success or default_on_success
on_failure = on_failure or default_on_failure
return_to = return_to or get_url_host(request) + reverse('openid_complete')
consumer = Consumer(request.session, DjangoOpenIDStore())
# JanRain library raises a warning if passed unicode objects as the keys,
# so we convert to bytestrings before passing to the library
query_dict = dict((k, smart_unicode(v)) for k, v in request.GET.items())
openid_response = consumer.complete(query_dict, return_to)
if openid_response.status == SUCCESS:
return on_success(request, openid_response.identity_url,
openid_response)
elif openid_response.status == CANCEL:
return on_failure(request, _('The request was cancelled'))
elif openid_response.status == FAILURE:
return on_failure(request, openid_response.message)
elif openid_response.status == SETUP_NEEDED:
return on_failure(request, _('Setup needed'))
else:
assert False, "Bad openid status: %s" % openid_response.status
def mycomplete(request,
on_success=None,
on_failure=None,
return_to=None,
**kwargs):
on_success = on_success or default_on_success
on_failure = on_failure or default_on_failure
consumer = Consumer(request.session, DjangoOpenIDStore())
# make sure params are encoded in utf8
params = dict((k, smart_unicode(v)) for k, v in request.GET.items())
openid_response = consumer.complete(params, return_to)
if not hasattr(request.GET, 'openid.identity'):
_openid_url = 'None'
else:
_openid_url = request.GET['openid.identity']
if openid_response.status == SUCCESS:
auth_oidlogin.send(sender=None,
openid_url=_openid_url,
state='success')
return on_success(request, openid_response.identity_url,
openid_response, **kwargs)
elif openid_response.status == CANCEL:
auth_oidlogin.send(sender=None, openid_url=_openid_url, state='cancel')
return on_failure(request, 'The request was canceled', **kwargs)
elif openid_response.status == FAILURE:
auth_oidlogin.send(sender=None,
openid_url=_openid_url,
state='failure')
return on_failure(request, openid_response.message, **kwargs)
elif openid_response.status == SETUP_NEEDED:
auth_oidlogin.send(sender=None,
openid_url=_openid_url,
state='setup_needed')
return on_failure(request, 'Setup needed', **kwargs)
else:
assert False, "Bad openid status: %s" % openid_response.status
def verify(self, req):
consumer = Consumer({}, self.store)
return_to = req.values.get('continue', '/')
authres = consumer.complete(req.args,
urljoin(req.host_url, self.verify_url))
res = redirect(location=return_to)
if authres.status is SUCCESS:
sregres = sreg.SRegResponse.fromSuccessResponse(authres)
user = json.dumps({'openid': authres.identity_url})
sig = sign(current_app.config['OPENID2_USER_COOKIE_NAME'],
user=user)
one_year = 3600 * 24 * 365
res.set_cookie(current_app.config['OPENID2_USER_COOKIE_NAME'],
user,
max_age=one_year)
res.set_cookie(current_app.config['OPENID2_SIG_COOKIE_NAME'],
sig,
max_age=one_year)
profile = sregres and {s[0]: s[1] for s in sregres.items()} or {}
res.set_cookie(current_app.config['OPENID2_PROFILE_COOKIE_NAME'],
json.dumps(profile),
max_age=one_year)
return res
def decorated(*args, **kwargs):
if request.args.get('openid_complete') != 'yes':
return f(*args, **kwargs)
consumer = Consumer(SessionWrapper(self), self.store_factory())
args = request.args.to_dict()
args.update(request.form.to_dict())
openid_response = consumer.complete(args, self.get_current_url())
if openid_response.status == SUCCESS:
return self.after_login_func(
OpenIDResponse(openid_response, self.extension_responses))
elif openid_response.status == CANCEL:
self.signal_error('The request was cancelled')
elif openid_response.status == FAILURE:
self.signal_error('OpenID authentication failure. Mesage: %s' %
openid_response.message)
elif openid_response.status == SETUP_NEEDED:
# Unless immediate=True, we should never get here
self.signal_error('OpenID setup was needed')
else:
# We should also never get here, as this should be exhaustive
self.signal_error('OpenID authentication weird state: %s' %
openid_response.status)
return redirect(self.get_current_url())
def getConsumer(self):
session = self.REQUEST["SESSION"]
return Consumer(session, self.store)
def consumer(self):
"""Create an OpenID Consumer object for the given Django request."""
return Consumer(self.request.session.setdefault(SESSION_NAME, {}),
DjangoOpenIDStore())
def create_consumer(self, store=None):
return Consumer(self.strategy.openid_session_dict(SESSION_NAME), store)
def make_consumer(request):
"""Create an OpenID Consumer object for the given Django request."""
# Give the OpenID library its own space in the session object.
session = request.session.setdefault('OPENID', {})
store = DjangoOpenIDStore()
return Consumer(session, store)
def OpenIDStartSubmit(request, default_success_url='/'):
response = django.http.HttpResponse()
if request.method == 'POST':
openid = request.POST.get('openid_identifier', '')
openid = openid.strip()
if not openid:
return show_main_page(request)
c = Consumer({},get_store())
try:
auth_request = c.begin(openid)
except discover.DiscoveryFailure, e:
logging.error('OpenID discovery error with begin on %s: %s'
% (openid, str(e)))
return show_main_page(request, 'An error occured determining your server information. Please try again.')
from openid.extensions import sreg
sreg_request = sreg.SRegRequest(
optional=['dob', 'gender', 'postcode'],
required=['email', 'nickname', 'fullname', 'country', 'language', 'timezone'])
auth_request.addExtension(sreg_request)
from openid.extensions import ax
ax_req = ax.FetchRequest()
ax_req.add(ax.AttrInfo('http://schema.openid.net/contact/email',
alias='email',required=True))
ax_req.add(ax.AttrInfo('http://axschema.org/namePerson/first',
alias='firstname',required=True))
ax_req.add(ax.AttrInfo('http://axschema.org/namePerson/last',
alias='lastname',required=True))
ax_req.add(ax.AttrInfo('http://axschema.org/pref/language',
alias='language',required=True))
ax_req.add(ax.AttrInfo('http://axschema.org/contact/country/home',
alias='country',required=True))
auth_request.addExtension(ax_req)
import urlparse
parts = list(urlparse.urlparse(get_full_path(request)))
# finish URL with the leading "/" character removed
parts[2] = django.core.urlresolvers.reverse('openidgae.views.OpenIDFinish')[1:]
continueUrl = get_continue_url(request, default_success_url)
import urllib
parts[4] = 'continue=%s' % urllib.quote_plus(continueUrl)
parts[5] = ''
return_to = urlparse.urlunparse(parts)
realm = urlparse.urlunparse(parts[0:2] + [''] * 4)
# save the session stuff
session = openidgae.get_session(request, response)
import pickle
session.openid_stuff = pickle.dumps(c.session)
session.put()
# send the redirect! we use a meta because appengine bombs out
# sometimes with long redirect urls
redirect_url = auth_request.redirectURL(realm, return_to)
response.write(
"<html><head><meta http-equiv=\"refresh\" content=\"0;url=%s\"></head><body></body></html>"
% (redirect_url,))
return response
def create_consumer(openid_session):
global store
if store is None:
store = create_store()
return Consumer(openid_session, store)
def OpenIDFinish(request, default_success_url='/'):
response = django.http.HttpResponse()
if request.method not in ('GET', 'POST'):
return django.http.HttpResponseNotAllowed(['GET', 'POST'])
else:
args = args_to_dict(request.GET)
assert type(args) is dict
if request.method == 'POST':
args.update(args_to_dict(request.POST))
url = 'http://'+request.META['HTTP_HOST']+django.core.urlresolvers.reverse('openidgae.views.OpenIDFinish')
session = openidgae.get_session(request, response)
s = {}
if session.openid_stuff:
try:
import pickle
s = pickle.loads(str(session.openid_stuff))
except:
session.openid_stuff = None
session.put()
c = Consumer(s, get_store())
auth_response = c.complete(args, url)
sreg_response = {}
ax_items = {}
if auth_response.status == openid.consumer.consumer.SUCCESS:
from openid.extensions import sreg
sreg_response = sreg.SRegResponse.fromSuccessResponse(auth_response)
sreg_response = dict(sreg_response.iteritems())
logging.debug("sreg_response: %r" % sreg_response)
from openid.extensions import ax
ax_response = ax.FetchResponse.fromSuccessResponse(auth_response)
logging.debug("ax_response: %r" % ax_response)
if ax_response:
SHORTNAMES = (
('email', 'http://schema.openid.net/contact/email'),
('firstname', 'http://axschema.org/namePerson/first'),
('lastname', 'http://axschema.org/namePerson/last'),
('language', 'http://axschema.org/pref/language'),
('country', 'http://axschema.org/contact/country/home'),
)
for short, long in SHORTNAMES:
try:
ax_items[short] = ax_response.get(long)
except KeyError, e:
pass
logging.debug("ax_items: %r" % ax_items)
openid_url = auth_response.getDisplayIdentifier()
import models
persons = models.Person.gql('WHERE openid = :1', openid_url)
if persons.count() == 0:
p = models.Person()
p.openid = openid_url
p.ax_dict().update(ax_items)
p.sreg_dict().update(sreg_response)
p.put()
else:
p = persons[0]
changed = False
for key in sreg_response:
if not p.sreg_dict().has_key(key) or \
p.sreg_dict()[key] != sreg_response[key]:
logging.debug("Setting sreg %s" % key)
p.sreg_dict()[key] = sreg_response[key]
changed = True
for key in ax_items:
if not p.ax_dict().has_key(key) or \
p.ax_dict()[key] != ax_items[key]:
logging.info("Setting ax %s" % key)
p.ax_dict()[key] = ax_items[key]
changed = True
if changed:
p.put()
s = openidgae.get_session(request, response)
s.person = p.key()
request.openidgae_logged_in_person = p
s.put()
continueUrl = get_continue_url(request, default_success_url)
return django.http.HttpResponseRedirect(continueUrl)
else:
def signin(request,
sreg=None,
extension_args={},
on_failure=default_on_failure):
openid_url = None
if is_valid_next_url(request.GET.get('next')):
next = request.GET['next']
elif is_valid_next_url(
get_address(request.META.get('HTTP_REFERER'), request)):
next = get_address(request.META['HTTP_REFERER'], request)
else:
next = getattr(settings, 'OPENID_REDIRECT_NEXT', '/')
def get_with_next(url, next):
if next:
return '%s?%s' % (url, urlencode({'next': next}))
else:
return url
if request.user.is_authenticated() and 'force' not in request.GET:
return HttpResponseRedirect(next)
request_path = get_with_next(request.path, next)
if request.method == 'POST':
form = OpenidSigninForm(request.POST, auto_id='id_%s')
if form.is_valid():
# first remove email and nickname from sreg if the are in to prevent dup
extension_args['sreg.optional'] = 'email,nickname'
if sreg:
sreg = ','.join([
arg for arg in sreg.split(',')
if arg not in extension_args['sreg.optional']
])
extension_args['sreg.optional'] += ',' + sreg
trust_root = getattr(settings, 'OPENID_TRUST_ROOT',
request.build_absolute_uri('/'))
redirect_to = get_with_next(
request.build_absolute_uri(reverse('openid_complete')), next)
if xri.identifierScheme(
form.cleaned_data['openid_url']) == 'XRI' and getattr(
settings, 'OPENID_DISALLOW_INAMES', False):
return on_failure(request, _("i-names are not supported"))
consumer = Consumer(request.session, DjangoOpenIDStore())
try:
auth_request = consumer.begin(form.cleaned_data['openid_url'])
except DiscoveryFailure:
return on_failure(request, _("The OpenID was invalid"))
# Add extension args (for things like simple registration)
for name, value in extension_args.items():
namespace, key = name.split('.', 1)
auth_request.addExtensionArg(namespace, key, value)
redirect_url = auth_request.redirectURL(trust_root, redirect_to)
return HttpResponseRedirect(redirect_url)
else:
form = OpenidSigninForm(auto_id='id_%s')
return {
'form': form,
'action': request_path,
}
def begin(request,
confirmed=True,
redirect_to=None,
on_failure=None,
user_url=None,
template_name='openid_consumer/signin.html'):
on_failure = on_failure or default_on_failure
trust_root = getattr(settings, 'OPENID_TRUST_ROOT',
get_url_host(request) + '/')
# foo derbis.
redirect_to = redirect_to or getattr(
settings,
'OPENID_REDIRECT_TO',
# If not explicitly set, assume current URL with complete/ appended
get_full_url(request).split('?')[0] + 'complete/')
# In case they were lazy...
if not redirect_to.startswith('http://') or redirect_to.startswith(
'https://'):
redirect_to = get_url_host(request) + redirect_to
if request.GET.get('next') and is_valid_next_url(request.GET['next']):
if '?' in redirect_to:
join = '&'
else:
join = '?'
redirect_to += join + urlencode({'next': request.GET['next']})
if not user_url:
user_url = request.REQUEST.get('openid_url', None)
if not user_url:
request_path = request.path
if request.GET.get('next'):
request_path += '?' + urlencode({'next': request.GET['next']})
return render(template_name, {
'action': request_path,
}, RequestContext(request))
if xri.identifierScheme(user_url) == 'XRI' and getattr(
settings, 'OPENID_DISALLOW_INAMES', False):
return on_failure(request, _('i-names are not supported'))
consumer = Consumer(request.session, DjangoOpenIDStore())
try:
auth_request = consumer.begin(user_url)
except DiscoveryFailure:
return on_failure(request, _('The OpenID was invalid'))
sreg = getattr(settings, 'OPENID_SREG', False)
if sreg:
s = SRegRequest()
for sarg in sreg:
if sarg.lower().lstrip() == "policy_url":
s.policy_url = sreg[sarg]
else:
for v in sreg[sarg].split(','):
s.requestField(
field_name=v.lower().lstrip(),
required=(sarg.lower().lstrip() == "required"))
auth_request.addExtension(s)
pape = getattr(settings, 'OPENID_PAPE', False)
if pape:
if openid.__version__ <= '2.0.0' and openid.__version__ >= '2.1.0':
raise ImportError, 'For pape extension you need python-openid 2.1.0 or newer'
p = PapeRequest()
for parg in pape:
if parg.lower().strip() == 'policy_list':
for v in pape[parg].split(','):
p.addPolicyURI(v)
elif parg.lower().strip() == 'max_auth_age':
p.max_auth_age = pape[parg]
auth_request.addExtension(p)
ax = getattr(settings, 'OPENID_AX', [])
if ax:
axr = AXFetchRequest()
for i in ax:
axr.add(
AttrInfo(i['type_uri'], i['count'], i['required'], i['alias']))
auth_request.addExtension(axr)
redirect_url = auth_request.redirectURL(trust_root, redirect_to)
return HttpResponseRedirect(redirect_url)
def get_consumer(session):
if not settings.SCIPIO_STORE_ROOT:
raise OpenIdSetupError('SCIPIO_STORE_ROOT is not set')
return Consumer(session, FileOpenIDStore(settings.SCIPIO_STORE_ROOT))
def begin(request,
sreg=None,
extension_args=None,
redirect_to=None,
on_failure=None):
on_failure = on_failure or default_on_failure
if request.GET.get('logo'):
# Makes for a better demo
return logo(request)
extension_args = extension_args or {}
if sreg:
extension_args['sreg.optional'] = sreg
trust_root = getattr(settings, 'OPENID_TRUST_ROOT',
get_url_host(request) + '/')
redirect_to = redirect_to or getattr(
settings,
'OPENID_REDIRECT_TO',
# If not explicitly set, assume current URL with complete/ appended
get_full_url(request).split('?')[0] + 'complete/')
# In case they were lazy...
if not redirect_to.startswith('http://'):
redirect_to = get_url_host(request) + redirect_to
if request.GET.get('next') and is_valid_next_url(request.GET['next']):
if '?' in redirect_to:
join = '&'
else:
join = '?'
redirect_to += join + urllib.urlencode({'next': request.GET['next']})
user_url = request.POST.get('openid_url', None)
if not user_url:
request_path = request.path
if request.GET.get('next'):
request_path += '?' + urllib.urlencode(
{'next': request.GET['next']})
return render(request, 'openid_signin.html', {
'action': request_path,
'logo': request.path + '?logo=1',
})
if xri.identifierScheme(user_url) == 'XRI' and getattr(
settings, 'OPENID_DISALLOW_INAMES', False):
return on_failure(request, _('i-names are not supported'))
consumer = Consumer(request.session, DjangoOpenIDStore())
try:
auth_request = consumer.begin(user_url)
except DiscoveryFailure:
return on_failure(request, _("The OpenID was invalid"))
# Add extension args (for things like simple registration)
for name, value in extension_args.items():
namespace, key = name.split('.', 1)
auth_request.addExtensionArg(namespace, key, value)
redirect_url = auth_request.redirectURL(trust_root, redirect_to)
return redirect(redirect_url)
