def setup_request(self, extra_params=None):
"""Setup request"""
openid_request = self.openid_request(extra_params)
# Request some user details. Use attribute exchange if provider
# advertises support.
if openid_request.endpoint.supportsType(ax.AXMessage.ns_uri):
fetch_request = ax.FetchRequest()
# Mark all attributes as required, Google ignores optional ones
for attr, alias in (AX_SCHEMA_ATTRS + OLD_AX_ATTRS):
fetch_request.add(ax.AttrInfo(attr, alias=alias,
required=True))
else:
fetch_request = sreg.SRegRequest(optional=dict(SREG_ATTR).keys())
openid_request.addExtension(fetch_request)
# Add PAPE Extension for max_auth_age, if configured
max_age = setting('SOCIAL_AUTH_OPENID_PAPE_MAX_AUTH_AGE')
if max_age is not None:
try:
openid_request.addExtension(
pape.Request(max_auth_age=int(max_age)))
except (ValueError, TypeError):
pass
return openid_request
def _update_authrequest(self, request, authrequest):
"""Update the authrequest with Attribute Exchange and optionally OAuth
To optionally request OAuth, the request POST must include an
``oauth_scope`` parameter that indicates what Google Apps should have
access requested.
"""
ax_request = ax.FetchRequest()
for attr in self.openid_attributes:
ax_request.add(ax.AttrInfo(attributes[attr], required=True))
authrequest.addExtension(ax_request)
# Add OAuth request?
oauth_scope = self.oauth_scope
if 'oauth_scope' in request.POST:
oauth_scope = request.POST['oauth_scope']
if oauth_scope:
oauth_request = OAuthRequest(consumer=self.oauth_key,
scope=oauth_scope)
authrequest.addExtension(oauth_request)
if 'popup_mode' in request.POST:
kw_args = {'mode': request.POST['popup_mode']}
if 'popup_icon' in request.POST:
kw_args['icon'] = request.POST['popup_icon']
ui_request = UIRequest(**kw_args)
authrequest.addExtension(ui_request)
def setup_request(self, params=None):
"""Setup request"""
request = self.openid_request(params)
# Request some user details. Use attribute exchange if provider
# advertises support.
if request.endpoint.supportsType(ax.AXMessage.ns_uri):
fetch_request = ax.FetchRequest()
# Mark all attributes as required, Google ignores optional ones
for attr, alias in self.get_ax_attributes():
fetch_request.add(ax.AttrInfo(attr, alias=alias,
required=True))
else:
fetch_request = sreg.SRegRequest(
optional=list(dict(self.get_sreg_attributes()).keys()))
request.addExtension(fetch_request)
# Add PAPE Extension for if configured
preferred_policies = self.setting(
'OPENID_PAPE_PREFERRED_AUTH_POLICIES')
preferred_level_types = self.setting(
'OPENID_PAPE_PREFERRED_AUTH_LEVEL_TYPES')
max_age = self.setting('OPENID_PAPE_MAX_AUTH_AGE')
if max_age is not None:
try:
max_age = int(max_age)
except (ValueError, TypeError):
max_age = None
if max_age is not None or preferred_policies or preferred_level_types:
pape_request = pape.Request(
max_auth_age=max_age,
preferred_auth_policies=preferred_policies,
preferred_auth_level_types=preferred_level_types)
request.addExtension(pape_request)
return request
def index(self, extensions):
self.extensions = extensions == 'YES'
oidconsumer = consumer.Consumer(dict(), None)
try:
request = oidconsumer.begin('https://127.0.0.10:45080/idp1/')
except Exception as ex:
return 'ERROR: %s' % ex
if request is None:
return 'ERROR: No request'
# Attach extensions here
if self.extensions:
request.addExtension(sreg.SRegRequest(
required=['nickname', 'email', 'timezone']))
ax_req = ax.FetchRequest()
ax_req_name = ax.AttrInfo('http://schema.openid.net/namePerson')
ax_req.add(ax_req_name)
request.addExtension(ax_req)
username = pwd.getpwuid(os.getuid())[0]
request.addExtension(teams.TeamsRequest(requested=[username]))
# Build and send final request
trust_root = cherrypy.url()
return_to = trust_root + 'finish'
if request.shouldSendRedirect():
redirect_url = request.redirectURL(
trust_root, return_to)
raise cherrypy.HTTPRedirect(redirect_url)
else:
return request.htmlMarkup(
trust_root, return_to)
def setup_request(self, params=None):
"""
Setup the OpenID request
Because ActionID does not advertise the availiability of AX attributes
nor use standard attribute aliases, we need to setup the attributes
manually instead of rely on the parent OpenIdAuth.setup_request()
"""
request = self.openid_request(params)
fetch_request = ax.FetchRequest()
fetch_request.add(
ax.AttrInfo('http://openid.net/schema/contact/internet/email',
alias='ngpvanemail',
required=True))
fetch_request.add(
ax.AttrInfo('http://openid.net/schema/contact/phone/business',
alias='ngpvanphone',
required=False))
fetch_request.add(
ax.AttrInfo('http://openid.net/schema/namePerson/first',
alias='ngpvanfirstname',
required=False))
fetch_request.add(
ax.AttrInfo('http://openid.net/schema/namePerson/last',
alias='ngpvanlastname',
required=False))
request.addExtension(fetch_request)
return request
def test_construct(self):
self.assertEqual(self.msg.requested_attributes, {})
self.assertIsNone(self.msg.update_url)
msg = ax.FetchRequest('hailstorm')
self.assertEqual(msg.requested_attributes, {})
self.assertEqual(msg.update_url, 'hailstorm')
def get_redirect(self):
auth_request = self.consumer.begin(self.endpoint)
# Set the schema uri depending on who the openid provier is:
# request only name and email by default (same as Google schemas):
schemas = GoogleOpenIDSchemas()
if 'yahoo' in self.endpoint:
schemas = YahooOpenIDSchemas()
elif 'myopenid' in self.endpoint:
schemas = MyOpenIDSchemas()
# Add Attribute Exchange request information:
ax_request = ax.FetchRequest()
ax_request.add(ax.AttrInfo(schemas.name_schema, required=True))
ax_request.add(ax.AttrInfo(schemas.email_schema, required=True, count=1))
# Name and email schemas are always set, but not others so check if they are not empty first:
if schemas.birth_date_schema:
ax_request.add(ax.AttrInfo(schemas.birth_date_schema, required=True))
if schemas.zip_schema:
ax_request.add(ax.AttrInfo(schemas.zip_schema, required=True))
if schemas.gender_schema:
ax_request.add(ax.AttrInfo(schemas.gender_schema, required=True))
auth_request.addExtension(ax_request)
redirect_url = auth_request.redirectURL(
'http%s://%s/' % (_https(), Site.objects.get_current().domain),
self.return_to
)
return HttpResponseRedirect(redirect_url)
def init(self):
self.consumer = create_consumer(self.openid_session)
if not hasattr(self, 'form_result'):
return self._failure('', _("Invalid input."))
openid = self.form_result.get("openid")
try:
if not openid:
raise ValueError(_("No OpenID given!"))
authrequest = self.consumer.begin(openid)
if not c.user and not model.OpenID.find(openid):
axreq = ax.FetchRequest(h.base_url(c.instance,
path='/openid/update'))
axreq.add(ax.AttrInfo(AX_MAIL_SCHEMA, alias="email",
required=True))
authrequest.addExtension(axreq)
sreq = sreg.SRegRequest(required=['nickname'],
optional=['email'])
authrequest.addExtension(sreq)
redirecturl = authrequest.redirectURL(
h.base_url(c.instance, path='/'),
return_to=h.base_url(c.instance, path='/openid/verify'),
immediate=False)
session['openid_session'] = self.openid_session
session.save()
return redirect(redirecturl)
except HTTPFound:
raise
except Exception, e:
log.exception(e)
return self._failure(openid, str(e))
class FlowOpenID(Flow):
"""Does the OpenID Dance.
"""
def __init__(self, session, store, host_url, **kwargs):
self.session = session
self.store = store
self.host_url = host_url
def step1_get_authorize_url(self, openid_url, callback_url):
"""Returns a URI to redirect to the provider.
"""
consumer = Consumer(self.session, self.store)
# if consumer discovery or authentication fails, show error page
try:
request = consumer.begin(openid_url)
except Exception, e:
raise e
# TODO: Support custom specification of extensions
# TODO: Don't ask for data we already have, perhaps?
# use Simple Registration if available
request.addExtension(sreg.SRegRequest(required=OPENID_SREG_ATTRS))
# or Atribute Exchange if available
ax_request = ax.FetchRequest()
for attruri in OPENID_AX_ATTRS:
ax_request.add(
ax.AttrInfo(attruri,
required=True,
alias=OPENID_AX_ATTRS[attruri]))
request.addExtension(ax_request)
return request.redirectURL(self.host_url, callback_url)
def test_getExtensionArgs_empty_request(self):
expected_args = {
'mode': 'fetch_response',
}
req = ax.FetchRequest()
msg = ax.FetchResponse(request=req)
self.failUnlessEqual(expected_args, msg.getExtensionArgs())
def handle_openid_login_request():
openid_url = request.form['openid_identifier']
try:
consumer = openid.Consumer(session, None)
openid_req = consumer.begin(openid_url)
except openid.DiscoveryFailure:
logger.exception('Error in OpenID discovery')
raise
else:
if openid_req is None:
raise Exception('No OpenID services found for the given URL')
else:
ax_req = ax.FetchRequest()
ax_req.add(
ax.AttrInfo('http://schema.openid.net/contact/email',
alias='email'))
ax_req.add(
ax.AttrInfo('http://axschema.org/namePerson/friendly',
alias='nickname'))
openid_req.addExtension(ax_req)
url = openid_req.redirectURL(
get_openid_realm(),
url_for('.openid_login',
return_url=request.values.get('return_url'),
_external=True))
return redirect(url)
raise Exception('OpenID login failed')
def test_getExtensionArgs_empty_request(self):
expected_args = {
'mode': 'fetch_response',
}
req = ax.FetchRequest()
msg = ax.FetchResponse(request=req)
self.assertEqual(msg.getExtensionArgs(), expected_args)
def test_construct(self):
self.assertEqual({}, self.msg.requested_attributes)
self.assertEqual(None, self.msg.update_url)
msg = ax.FetchRequest('hailstorm')
self.assertEqual({}, msg.requested_attributes)
self.assertEqual('hailstorm', msg.update_url)
def get(self, request, *args, **kwargs):
c = self.get_consumer()
auth_request = c.begin(settings.DJANGO_ADMIN_SSO_OPENID_ENDPOINT)
trust_root = self.get_url()
return_to = self.get_url(self.return_to_url)
if auth_request.endpoint.supportsType(ax.AXMessage.ns_uri):
# Add Attribute Exchange request information.
ax_request = ax.FetchRequest()
# XXX - uses myOpenID-compatible schema values, which are
# not those listed at axschema.org.
for ax_name, field_name in settings.AX_MAPPING:
ax_request.add(ax.AttrInfo(ax_name, required=True))
auth_request.addExtension(ax_request)
else:
sreg_request = sreg.SRegRequest(required=['email', 'nickname'])
auth_request.addExtension(sreg_request)
if auth_request.shouldSendRedirect():
url = auth_request.redirectURL(trust_root, return_to)
return HttpResponseRedirect(url)
form_id = 'openid_message'
form_html = auth_request.formMarkup(trust_root, return_to,
False, {'id': form_id})
return render(
request, 'admin_sso/request_form.html', {'html': form_html})
def _update_authrequest(self, authrequest):
"""Update the authrequest with Attribute Exchange and optionally OAuth
To optionally request OAuth, the request POST must include an ``oauth_scope``
parameter that indicates what Google Apps should have access requested.
"""
request_attributes = request.POST.get('ax_attributes', ax_attributes.keys())
ax_request = ax.FetchRequest()
for attr in request_attributes:
ax_request.add(ax.AttrInfo(attributes[attr], required=True))
authrequest.addExtension(ax_request)
# Add PAPE request information. Setting max_auth_age to zero will force a login.
requested_policies = []
policy_prefix = 'policy_'
for k, v in request.POST.iteritems():
if k.startswith(policy_prefix):
policy_attr = k[len(policy_prefix):]
requested_policies.append(getattr(pape, policy_attr))
pape_request = pape.Request(requested_policies,
max_auth_age=request.POST.get('pape_max_auth_age',None))
authrequest.addExtension(pape_request)
oauth_request = OAuthRequest(consumer=self.consumer_key, scope=self.scope or 'http://www.google.com/m8/feeds/')
authrequest.addExtension(oauth_request)
if 'popup_mode' in request.POST:
kw_args = {'mode': request.POST['popup_mode']}
if 'popup_icon' in request.POST:
kw_args['icon'] = request.POST['popup_icon']
ui_request = UIRequest(**kw_args)
authrequest.addExtension(ui_request)
return None
def challenge(self, environ, status, app_headers, forget_headers):
"""the challenge method is called when the ``IChallengeDecider``
in ``classifiers.py`` returns ``True``. This is the case for either a
``401`` response from the client or if the key
``repoze.whoplugins.openid.openidrepoze.whoplugins.openid.openid``
is present in the WSGI environment.
The name of this key can be adjusted via the ``openid_field`` configuration
directive.
The latter is the case when we are coming from the login page where the
user entered the openid to use.
``401`` can come back in any case and then we simply redirect to the login
form which is configured in the who configuration as ``login_form_url``.
TODO: make the environment key to check also configurable in the challenge_decider.
For the OpenID flow check `the OpenID library documentation
<http://openidenabled.com/files/python-openid/docs/2.2.1/openid.consumer.consumer-module.html>`_
"""
request = Request(environ)
# check for the field present, if not redirect to login_form
if not request.params.has_key(self.openid_field):
# redirect to login_form
res = Response()
res.status = 302
res.location = get_full_path(self.login_form_url, environ)+"?%s=%s" %(self.came_from_field, request.url)
return res
# now we have an openid from the user in the request
openid_url = request.params[self.openid_field]
if environ['repoze.who.logger'] is not None:
environ['repoze.who.logger'].debug('starting openid request for : %s ' %openid_url)
try:
# we create a new Consumer and start the discovery process for the URL given
# in the library openid_request is called auth_req btw.
openid_request = self.get_consumer(environ).begin(openid_url)
if len(self.ax_require.values()) or len(self.ax_optional.values()):
fetch_request = ax.FetchRequest()
for value in self.ax_require.values():
fetch_request.add(ax.AttrInfo(value, required=True))
for value in self.ax_optional.values():
fetch_request.add(ax.AttrInfo(value, required=False))
openid_request.addExtension(fetch_request)
if len(self.sreg_require) or len(self.sreg_optional):
sreq = sreg.SRegRequest(required=self.sreg_require, optional=self.sreg_optional)
openid_request.addExtension(sreq)
except consumer.DiscoveryFailure, exc:
# eventually no openid server could be found
environ[self.error_field] = 'Error in discovery: %s' %exc[0]
environ['repoze.who.logger'].info('Error in discovery: %s ' %exc[0])
return self._redirect_to_loginform(environ)
def post_user_info(request_user_metadata):
logging.debug(
"login_openid post_user_info, request_user_metadata: {0}".
format(request_user_metadata))
oid_consumer = consumer.Consumer(self.get_openid_session(request),
self.store)
try:
oid_req = oid_consumer.begin(identity)
if request_user_metadata:
# SReg speaks this protocol: http://openid.net/specs/openid-simple-registration-extension-1_1-01.html
# and tries to request additional metadata about this OpenID identity
sreg_req = sreg.SRegRequest(
required=['fullname', 'nickname', 'email'],
optional=[])
oid_req.addExtension(sreg_req)
# AX speaks this protocol: http://openid.net/specs/openid-attribute-exchange-1_0.html
# and tries to get more attributes (by URI), we request some of the more common ones
ax_req = ax.FetchRequest()
for uri in self.AX_URIS:
ax_req.add(ax.AttrInfo(uri, required=True))
oid_req.addExtension(ax_req)
except consumer.DiscoveryFailure as exc:
logging.error("Error in login_openid: {0}".format(exc))
self._send_openid_redirect(request, {
"status": 401,
"message": "Unauthorized"
})
return
else:
if oid_req is None:
logging.error(
"Error in login_openid: no OpenID services found for: {0}"
.format(identity))
self._send_openid_redirect(request, {
"status": 401,
"message": "Unauthorized"
})
return
else:
trust_root = self.webserver.server_url
return_to = appendArgs(
trust_root + "/" + self.base_path + "/openid_process",
{})
logging.debug(
"OpenID, had oid_req, trust_root: {0}, return_to: {1}, oid_req: {2}"
.format(trust_root, return_to, oid_req))
redirect_url = oid_req.redirectURL(trust_root, return_to)
request.setHeader("Location", redirect_url)
request.setResponseCode(302, "Found")
request.finish()
return
def login_begin(request, attribute_set='default'):
"""Begin an MojeID login request."""
if mojeid_settings.MOJEID_SESSION_NEXT_PAGE_ATTR in request.session:
del request.session[mojeid_settings.MOJEID_SESSION_NEXT_PAGE_ATTR]
# create consumer, start login process
consumer = MojeIDConsumer(DjangoOpenIDStore())
openid_request = consumer.begin(create_service())
# Request user details.
attributes = get_attribute_query(attribute_set)
# save settings set name for response handler
request.session[SESSION_ATTR_SET_KEY] = attribute_set
fetch_request = ax.FetchRequest()
for attribute, required in attributes:
fetch_request.add(attribute.generate_ax_attrinfo(required))
if attributes:
openid_request.addExtension(fetch_request)
if mojeid_settings.MOJEID_LOGIN_METHOD != 'ANY' or \
mojeid_settings.MOJEID_MAX_AUTH_AGE is not None:
# set authentication method to OTP or CERT
if mojeid_settings.MOJEID_LOGIN_METHOD == "OTP":
auth_method = [pape.AUTH_MULTI_FACTOR]
elif mojeid_settings.MOJEID_LOGIN_METHOD == "CERT":
auth_method = [pape.AUTH_PHISHING_RESISTANT]
else:
auth_method = None
pape_request = pape.Request(
preferred_auth_policies=auth_method,
max_auth_age=mojeid_settings.MOJEID_MAX_AUTH_AGE,
)
openid_request.addExtension(pape_request)
# Construct the request completion URL
return_to = request.build_absolute_uri(reverse(login_complete))
# get 'next page' and save it to the session
redirect_to = sanitise_redirect_url(OpenIDBackend.get_redirect_to(request))
if redirect_to:
request.session[mojeid_settings.MOJEID_SESSION_NEXT_PAGE_ATTR] = redirect_to
# Realm should be always something like 'https://example.org/openid/'
realm = getattr(settings, 'MOJEID_REALM', None)
if not realm:
realm = request.build_absolute_uri(reverse(top))
# we always use POST request
form_html = openid_request.htmlMarkup(
realm, return_to, form_tag_attrs={'id': 'openid_message'})
return HttpResponse(form_html, content_type='text/html; charset=UTF-8')
def ask_openid(request, openid_url, redirect_to, on_failure=None):
""" basic function to ask openid and return response """
on_failure = on_failure or signin_failure
sreg_req = None
ax_req = None
trust_root = getattr(settings, 'OPENID_TRUST_ROOT',
get_url_host(request) + '/')
if xri.identifierScheme(openid_url) == 'XRI' and getattr(
settings, 'OPENID_DISALLOW_INAMES', False):
msg = _("i-names are not supported")
return on_failure(request, msg)
consumer = Consumer(request.session, DjangoOpenIDStore())
try:
auth_request = consumer.begin(openid_url)
except DiscoveryFailure:
msg = _("The OpenID %s was invalid") % openid_url
return on_failure(request, msg)
# get capabilities
use_ax, use_sreg = discover_extensions(openid_url)
if use_sreg:
# set sreg extension
# we always ask for nickname and email
sreg_attrs = getattr(settings, 'OPENID_SREG', {})
sreg_attrs.update({"optional": ['nickname', 'email']})
sreg_req = sreg.SRegRequest(**sreg_attrs)
if use_ax:
# set ax extension
# we always ask for nickname and email
ax_req = ax.FetchRequest()
ax_req.add(
ax.AttrInfo('http://schema.openid.net/contact/email',
alias='email',
required=True))
ax_req.add(
ax.AttrInfo('http://schema.openid.net/namePerson/friendly',
alias='nickname',
required=True))
# add custom ax attrs
ax_attrs = getattr(settings, 'OPENID_AX', [])
for attr in ax_attrs:
if len(attr) == 2:
ax_req.add(ax.AttrInfo(attr[0], required=alias[1]))
else:
ax_req.add(ax.AttrInfo(attr[0]))
if sreg_req is not None:
auth_request.addExtension(sreg_req)
if ax_req is not None:
auth_request.addExtension(ax_req)
redirect_url = auth_request.redirectURL(trust_root, redirect_to)
return HttpResponseRedirect(redirect_url)
def start_openid(session, openid_url, trust_root, return_to):
"""
Start the OpenID authentication process.
* Requests some Simple Registration data using the OpenID
library's Simple Registration machinery
* Generates the appropriate trust root and return URL values for
this application (tweak where appropriate)
* Generates the appropriate redirect based on the OpenID protocol
version.
"""
# Start OpenID authentication.
c = get_consumer(session)
error = None
try:
auth_request = c.begin(openid_url)
except DiscoveryFailure as e:
# Some other protocol-level failure occurred.
error = "OpenID discovery error: %s" % (str(e),)
if error:
raise Exception("error in openid")
# Add Simple Registration request information. Some fields
# are optional, some are required. It's possible that the
# server doesn't support sreg or won't return any of the
# fields.
sreg_request = sreg.SRegRequest(required=['email'],
optional=[])
auth_request.addExtension(sreg_request)
# Add Attribute Exchange request information.
ax_request = ax.FetchRequest()
# XXX - uses myOpenID-compatible schema values, which are
# not those listed at axschema.org.
for k, v in list(AX_REQUIRED_FIELDS.items()):
ax_request.add(ax.AttrInfo(v, required=True))
auth_request.addExtension(ax_request)
# Compute the trust root and return URL values to build the
# redirect information.
# trust_root = util.getViewURL(request, startOpenID)
# return_to = util.getViewURL(request, finishOpenID)
# Send the browser to the server either by sending a redirect
# URL or by generating a POST form.
url = auth_request.redirectURL(trust_root, return_to)
return url
def process_incoming_request(context, request, incoming_openid_url):
settings = request.registry.settings
log.info('OpenID URL supplied by user: %s' % incoming_openid_url)
openid_consumer = consumer.Consumer(request.session, None)
try:
openid_request = openid_consumer.begin(incoming_openid_url)
ax_required = get_ax_required_from_settings(settings)
ax_optional = get_ax_optional_from_settings(settings)
log.info('ax_required: %s' % ax_required)
log.info('ax_optional: %s' % ax_optional)
if len(ax_required.values()) or len(ax_optional.values()):
fetch_request = ax.FetchRequest()
for value in ax_required.values():
fetch_request.add(ax.AttrInfo(value, required=True))
for value in ax_optional.values():
fetch_request.add(ax.AttrInfo(value, required=False))
openid_request.addExtension(fetch_request)
sreg_required = get_sreg_required_from_settings(settings)
sreg_optional = get_sreg_optional_from_settings(settings)
log.info('sreg_required: %s' % sreg_required)
log.info('sreg_optional: %s' % sreg_optional)
if len(sreg_required) or len(sreg_optional):
sreq = sreg.SRegRequest(required=sreg_required,
optional=sreg_optional)
openid_request.addExtension(sreq)
# Default is magic which requests all groups from FAS-OpenID >= 0.2.0
groups = request.registry.settings.get('openid.groups',
'_FAS_ALL_GROUPS_')
if isinstance(groups, six.string_types):
groups = groups.split()
openid_request.addExtension(teams.TeamsRequest(requested=groups))
openid_request.addExtension(
cla.CLARequest(requested=[cla.CLA_URI_FEDORA_DONE]))
except consumer.DiscoveryFailure as exc:
# eventually no openid server could be found
return error_to_login_form(request, 'Error in discovery: %s' % exc[0])
except KeyError as exc:
# TODO: when does that happen, why does plone.openid use "pass" here?
return error_to_login_form(request, 'Error in discovery: %s' % exc[0])
# not sure this can still happen but we are making sure.
# should actually been handled by the DiscoveryFailure exception above
if openid_request is None:
return error_to_login_form(
request, 'No OpenID services found for %s' % incoming_openid_url)
#Not sure what the point of setting this to anything else is
realm_name = settings.get('openid.realm_name', request.host_url)
return_url = request.path_url
redirect_url = openid_request.redirectURL(realm_name, return_url)
log.info('Realm Name: %s' % realm_name)
log.info('Return URL from provider will be: %s' % return_url)
log.info('Redirecting to: %s' % redirect_url)
return HTTPFound(location=redirect_url)
def set_attributes(auth_request):
requested_attributes = OPENID_AX
if requested_attributes:
log.debug("AX true")
ax_request = oidax.FetchRequest()
for i in requested_attributes:
ax_request.add(
oidax.AttrInfo(i['type_uri'], i['count'], i['required'],
i['alias']))
auth_request.addExtension(ax_request)
return auth_request
def _update_authrequest(self, authrequest):
# Add on the Attribute Exchange for those that support that
request_attributes = request.POST.get('ax_attributes', ax_attributes.keys())
ax_request = ax.FetchRequest()
for attr in request_attributes:
ax_request.add(ax.AttrInfo(attributes[attr], required=False, count=1))
authrequest.addExtension(ax_request)
# Add OAuth request?
oauth_request = OAuthRequest(consumer=self.consumer_key)
authrequest.addExtension(oauth_request)
return None
def _update_authrequest(self, req, authrequest):
# Add on the Attribute Exchange for those that support that
ax_request = ax.FetchRequest()
for attrib in ax_attributes.values():
ax_request.add(ax.AttrInfo(attrib))
authrequest.addExtension(ax_request)
# Add OAuth request?
if 'oauth' in req.POST:
oauth_request = OAuthRequest(consumer=self.consumer)
authrequest.addExtension(oauth_request)
return None
def test_getExtensionArgs_some_request(self):
expected_args = {
'mode': 'fetch_response',
'type.' + self.alias_a: self.type_a,
'value.' + self.alias_a + '.1': self.value_a,
'count.' + self.alias_a: '1'
}
req = ax.FetchRequest()
req.add(ax.AttrInfo(self.type_a, alias=self.alias_a))
msg = ax.FetchResponse(request=req)
msg.addValue(self.type_a, self.value_a)
self.assertEqual(msg.getExtensionArgs(), expected_args)
def render_GET(self, request):
janrain_nonce = request.args.get('janrain_nonce', [None])[0]
if janrain_nonce is not None:
cookie = request.getCookie('pc_user')
if not cookie in globals()['REDIRECTED_USERS']:
request.redirect('http://buildpc.ru')
return ""
consumer = Consumer({}, STORAGE)
args = dict((k,unicode(v[0], 'utf-8')) for k,v in request.args.items())
info = consumer.complete(args, RETURN_TO)
# Если аутентификация не удалась или отменена
# Получение данных пользователя при успешной аутентификации
if info.status != SUCCESS:
request.redirect('http://buildpc.ru')
return ""
ax_info = ax.FetchResponse.fromSuccessResponse(info) or ax.FetchResponse()
user_data = {
'uid': info.identity_url,
'first_name': ax_info.getSingle(AXINFO['namePerson']),
'last_name': '',
}
globals()['PASSED_USERS'].update({cookie:user_data})
request.redirect(globals()['REDIRECTED_USERS'].pop(cookie).split('?')[0]\
+'?pr=yandex&code='+cookie)
return ""
# Далее — выборка существующего или регистрация нового пользователя
else:
backUrl = request.args.get('backurl', [None])[0]
globals()['REDIRECTED_USERS'].update({request.getCookie('pc_user'):backUrl})
# provider = request.get('provider', [None])[0]
# url = openid_request.redirectURL(ROOT, ROOT)
# Короткие названия для ключей необходимых данных о пользователе.
# Список доступных данных см. в разделе Дополнительные данные о пользователе
consumer = Consumer({}, STORAGE)
openid_request = consumer.begin('http://www.yandex.ru/')
# Запрос дополнительной информации о пользователе
# Поля, указанные с ключом required, на сайте Яндекса отображаются как обязательные
# (незаданные значения подсвечиваются красным цветом)
ax_request = ax.FetchRequest()
# ax_request.add(ax.AttrInfo(AXINFO['email'], required=True))
# ax_request.add(ax.AttrInfo(AXINFO['nickname']))
ax_request.add(ax.AttrInfo(AXINFO['namePerson'], required=True))
openid_request.addExtension(ax_request)
url = openid_request.redirectURL(ROOT, RETURN_TO)
request.redirect(url)
return ""
def init(self):
if self.connector:
return
from openid.consumer import consumer
from openid.extensions import ax
# from openid.store import memstore
self.cons = consumer.Consumer({}, None) # memstore.MemoryStore())
self.connector = self.cons.begin(self.provider)
ax_request = ax.FetchRequest()
# 'http://axschema.org/contact/email',
ax_request.add(
ax.AttrInfo('http://axschema.org/contact/email', required=True))
self.connector.addExtension(ax_request)
def attach_reg_info(self, auth_request, keys):
"""Attaches sreg and ax requests to the auth request.
:internal:
"""
keys = set(keys)
sreg_keys = list(SREG_KEYS & keys)
auth_request.addExtension(SRegRequest(required=sreg_keys))
ax_req = ax.FetchRequest()
for key in keys:
for uri in AX_MAPPING.get(key, ()):
ax_req.add(ax.AttrInfo(uri, required=key in REQUIRED_KEYS))
auth_request.addExtension(ax_req)
def test_getExtensionArgs_empty_request_some(self):
uri = 'http://not.found/'
alias = 'ext0'
expected_args = {
'mode': 'fetch_response',
'type.%s' % (alias, ): uri,
'count.%s' % (alias, ): '0'
}
req = ax.FetchRequest()
req.add(ax.AttrInfo(uri))
msg = ax.FetchResponse(request=req)
self.assertEqual(msg.getExtensionArgs(), expected_args)
def test_updateUrlInResponse(self):
uri = 'http://not.found/'
alias = 'ext0'
expected_args = {
'mode': 'fetch_response',
'update_url': self.request_update_url,
'type.%s' % (alias, ): uri,
'count.%s' % (alias, ): '0'
}
req = ax.FetchRequest(update_url=self.request_update_url)
req.add(ax.AttrInfo(uri))
msg = ax.FetchResponse(request=req)
self.assertEqual(msg.getExtensionArgs(), expected_args)
