def _verifyDiscoveryResultsOpenID2(self, resp_msg, endpoint):
to_match = OpenIDServiceEndpoint()
to_match.type_uris = [OPENID_2_0_TYPE]
to_match.claimed_id = resp_msg.getArg(OPENID2_NS, 'claimed_id')
to_match.local_id = resp_msg.getArg(OPENID2_NS, 'identity')
# Raises a KeyError when the op_endpoint is not present
to_match.server_url = resp_msg.getArg(
OPENID2_NS, 'op_endpoint', no_default)
# claimed_id and identifier must both be present or both
# be absent
if (to_match.claimed_id is None and
to_match.local_id is not None):
raise consumer.ProtocolError(
'openid.identity is present without openid.claimed_id')
elif (to_match.claimed_id is not None and
to_match.local_id is None):
raise consumer.ProtocolError(
'openid.claimed_id is present without openid.identity')
# This is a response without identifiers, so there's really no
# checking that we can do, so return an endpoint that's for
# the specified `openid.op_endpoint'
elif to_match.claimed_id is None:
return OpenIDServiceEndpoint.fromOPEndpointURL(to_match.server_url)
# The claimed ID doesn't match, so we have to do discovery
# again. This covers not using sessions, OP identifier
# endpoints and responses that didn't match the original
# request.
if to_match.server_url.startswith(u'https://www.google.com/a/'):
import urllib
claimed_id = u'https://www.google.com/accounts/o8/user-xrds?uri=%s' % urllib.quote_plus(to_match.claimed_id)
else:
claimed_id = to_match.claimed_id
if not endpoint:
oidutil.log('No pre-discovered information supplied.')
endpoint = self._discoverAndVerify(claimed_id, [to_match])
else:
# The claimed ID matches, so we use the endpoint that we
# discovered in initiation. This should be the most common
# case.
try:
self._verifyDiscoverySingle(endpoint, to_match)
except consumer.ProtocolError, e:
oidutil.log(
"Error attempting to use stored discovery information: " +
str(e))
oidutil.log("Attempting discovery to verify endpoint")
endpoint = self._discoverAndVerify(
claimed_id, [to_match])
def make_endpoint(self, protocol_uri, claimed_id, local_id=None):
"""Create an endpoint for use with `Consumer.beginWithoutDiscovery`.
:arg protocol_uri: The URI for the OpenID protocol version. This
should be one of the OPENID_X_Y_TYPE constants.
:arg claimed_id: The claimed identity URL for the endpoint.
:arg local_id: The OP local identifier for the endpoint. If this
argument is not provided, it defaults to claimed_id.
"""
msg = "Unexpected protocol URI: %s" % protocol_uri
assert protocol_uri in OPENID_TYPES, msg
endpoint = OpenIDServiceEndpoint()
endpoint.type_uris = [protocol_uri]
endpoint.server_url = self.base_openid_url
endpoint.claimed_id = claimed_id
endpoint.local_id = local_id or claimed_id
return endpoint
def make_endpoint(protocol_uri, claimed_id, local_id=None):
"""Create an endpoint for use with `Consumer.beginWithoutDiscovery`.
:arg protocol_uri: The URI for the OpenID protocol version. This
should be one of the OPENID_X_Y_TYPE constants.
:arg claimed_id: The claimed identity URL for the endpoint.
:arg local_id: The OP local identifier for the endpoint. If this
argument is not provided, it defaults to claimed_id.
"""
assert protocol_uri in [
OPENID_1_0_TYPE, OPENID_1_1_TYPE, OPENID_2_0_TYPE], (
"Unexpected protocol URI: %s" % protocol_uri)
endpoint = OpenIDServiceEndpoint()
endpoint.type_uris = [protocol_uri]
endpoint.server_url = get_requested_server_url(claimed_id)
endpoint.claimed_id = claimed_id
endpoint.local_id = local_id or claimed_id
return endpoint
def make_identifier_select_endpoint(self, protocol_uri):
"""Create an endpoint for use in OpenID identifier select mode.
:arg protocol_uri: The URI for the OpenID protocol version. This
should be one of the OPENID_X_Y_TYPE constants.
If the OpenID 1.x protocol is selected, the endpoint will be
suitable for use with Launchpad's non-standard identifier select
workflow.
"""
msg = "Unexpected protocol URI: %s" % protocol_uri
assert protocol_uri in OPENID_TYPES, msg
endpoint = OpenIDServiceEndpoint()
endpoint.server_url = self.base_openid_url
if protocol_uri == OPENID_2_0_TYPE:
endpoint.type_uris = [OPENID_IDP_2_0_TYPE]
else:
endpoint.type_uris = [protocol_uri]
endpoint.claimed_id = IDENTIFIER_SELECT
endpoint.local_id = IDENTIFIER_SELECT
return endpoint
def _test_success(server_url, user_url, delegate_url, links, immediate=False):
store = memstore.MemoryStore()
if immediate:
mode = 'checkid_immediate'
else:
mode = 'checkid_setup'
endpoint = OpenIDServiceEndpoint()
endpoint.claimed_id = user_url
endpoint.server_url = server_url
endpoint.local_id = delegate_url
endpoint.type_uris = [OPENID_1_1_TYPE]
fetcher = TestFetcher(None, None, assocs[0])
fetchers.setDefaultFetcher(fetcher, wrap_exceptions=False)
def run():
trust_root = consumer_url
consumer = GenericConsumer(store)
setConsumerSession(consumer)
request = consumer.begin(endpoint)
return_to = consumer_url
m = request.getMessage(trust_root, return_to, immediate)
redirect_url = request.redirectURL(trust_root, return_to, immediate)
parsed = urlparse.urlparse(redirect_url)
qs = parsed[4]
q = parseQuery(qs)
new_return_to = q['openid.return_to']
del q['openid.return_to']
assert q == {
'openid.mode':mode,
'openid.identity':delegate_url,
'openid.trust_root':trust_root,
'openid.assoc_handle':fetcher.assoc_handle,
}, (q, user_url, delegate_url, mode)
assert new_return_to.startswith(return_to)
assert redirect_url.startswith(server_url)
parsed = urlparse.urlparse(new_return_to)
query = parseQuery(parsed[4])
query.update({
'openid.mode':'id_res',
'openid.return_to':new_return_to,
'openid.identity':delegate_url,
'openid.assoc_handle':fetcher.assoc_handle,
})
assoc = store.getAssociation(server_url, fetcher.assoc_handle)
message = Message.fromPostArgs(query)
message = assoc.signMessage(message)
info = consumer.complete(message, request.endpoint, new_return_to)
assert info.status == SUCCESS, info.message
assert info.identity_url == user_url
assert fetcher.num_assocs == 0
run()
assert fetcher.num_assocs == 1
# Test that doing it again uses the existing association
run()
assert fetcher.num_assocs == 1
# Another association is created if we remove the existing one
store.removeAssociation(server_url, fetcher.assoc_handle)
run()
assert fetcher.num_assocs == 2
# Test that doing it again uses the existing association
run()
assert fetcher.num_assocs == 2
