def test02(self):
interface = SQLAlchemyAXInterface()
interface.connectionString = \
SQLAlchemyAXInterfaceTestCase.DB_CONNECTION_STR
interface.attributeNames = ('firstName', 'lastName', 'emailAddress')
interface.sqlQuery = ("select firstname, lastname, emailAddress from "
"users where username = '******'")
axReq = FetchRequest()
for typeURI in interface.attributeNames:
axReq.add(AttrInfo(typeURI, required=True))
axResp = FetchResponse()
authnCtx = {
SQLAlchemyAXInterface.USERNAME_SESSION_KEYNAME:
SQLAlchemyAXInterfaceTestCase.USERNAME
}
interface(axReq, axResp, None, authnCtx)
axData = axResp.getExtensionArgs()
self.assert_(len(axData.keys()) > 0)
print(axData)
def test01InvalidQueryUsernameKey(self):
interface = SQLAlchemyAXInterface()
interface.connectionString = \
SQLAlchemyAXInterfaceTestCase.DB_CONNECTION_STR
interface.sqlQuery = ("select firstname from users where username = "******"'${invalidUsernameKey}'")
axReq = FetchRequest()
axResp = FetchResponse()
authnCtx = {
SQLAlchemyAXInterface.USERNAME_SESSION_KEYNAME:
SQLAlchemyAXInterfaceTestCase.USERNAME
}
try:
interface(axReq, axResp, None, authnCtx)
except AXInterfaceConfigError:
pass
else:
self.fail("Expected AXInterfaceConfigError exception")
def openid_auth_site(request):
try:
oreq = request.session['openid_request']
except KeyError:
return render(request,
'openid-auth-site.html', {
'error':
'No OpenID request associated. The request may have \
expired.',
},
status=400)
sreg = SRegRequest.fromOpenIDRequest(oreq)
ax = FetchRequest.fromOpenIDRequest(oreq)
sreg_fields = set(sreg.allRequestedFields())
if ax:
for uri in ax.requested_attributes:
k = openid_ax_attribute_mapping.get(uri)
if k:
sreg_fields.add(k)
ldap_user = LDAPUser.objects.get(username=request.user.username)
if sreg_fields:
sreg_data = {
'nickname': ldap_user.username,
'email': ldap_user.email,
'fullname': ldap_user.full_name,
'dob': ldap_user.birthday,
}
for k in list(sreg_data):
if not sreg_data[k]:
del sreg_data[k]
else:
sreg_data = {}
sreg_fields = sreg_data.keys()
# Read preferences from the db.
try:
saved_pref = OpenID_Attributes.objects.get(
uid=ldap_user.uid,
trust_root=oreq.trust_root,
)
except OpenID_Attributes.DoesNotExist:
saved_pref = None
auto_auth = False
else:
auto_auth = saved_pref.always_auth
if auto_auth or request.POST:
if auto_auth:
# TODO: can we do this nicer?
form_inp = model_to_dict(saved_pref)
else:
form_inp = request.POST
form = SiteAuthForm(form_inp, instance=saved_pref)
# can it be invalid somehow?
assert (form.is_valid())
attrs = form.save(commit=False)
# nullify fields that were not requested
for fn in form.cleaned_data:
if fn in ('always_auth', ):
pass
elif hasattr(attrs, fn) and fn not in sreg_fields:
setattr(attrs, fn, None)
if auto_auth or 'accept' in request.POST:
# prepare sreg response
for fn, send in form.cleaned_data.items():
if fn not in sreg_data:
pass
elif not send:
del sreg_data[fn]
elif isinstance(sreg_data[fn], list):
form_key = 'which_%s' % fn
val = form.cleaned_data[form_key]
if val not in sreg_data[fn]:
raise NotImplementedError(
'Changing choices not implemented yet')
sreg_data[fn] = val
if not auto_auth:
setattr(attrs, form_key, val)
if not auto_auth:
# save prefs in the db
# (if auto_auth, then nothing changed)
attrs.uid = ldap_user.uid
attrs.trust_root = oreq.trust_root
attrs.save()
oresp = oreq.answer(True,
identity=request.build_absolute_uri(
reverse(user_page,
args=(request.user.username, ))))
sreg_resp = SRegResponse.extractResponse(sreg, sreg_data)
oresp.addExtension(sreg_resp)
if ax:
ax_resp = FetchResponse(ax)
for uri in ax.requested_attributes:
k = openid_ax_attribute_mapping.get(uri)
if k and k in sreg_data:
ax_resp.addValue(uri, sreg_data[k])
oresp.addExtension(ax_resp)
elif 'reject' in request.POST:
oresp = oreq.answer(False)
else:
return render(request,
'openid-auth-site.html', {
'error': 'Invalid request submitted.',
},
status=400)
if request.session.get('auto_logout', False):
# _logout clears request.session
_logout(request)
else:
del request.session['openid_request']
return render_openid_response(request, oresp)
form = SiteAuthForm(instance=saved_pref)
sreg_form = {}
# Fill in lists for choices
for f in sreg_fields:
if f not in sreg_data:
pass
elif isinstance(sreg_data[f], list):
form.fields['which_%s' % f].widget.choices = [
(x, x) for x in sreg_data[f]
]
sreg_form[f] = form['which_%s' % f]
else:
sreg_form[f] = format_html(
"<input type='text'" + " readonly='readonly'" +
" value='{0}' />", sreg_data[f])
try:
# TODO: cache it
if oreq.returnToVerified():
tr_valid = 'Return-To valid and trusted'
else:
tr_valid = 'Return-To untrusted'
except openid.yadis.discover.DiscoveryFailure:
tr_valid = 'Unable to verify trust (Yadis unsupported)'
except openid.fetchers.HTTPFetchingError:
tr_valid = 'Unable to verify trust (HTTP error)'
return render(
request, 'openid-auth-site.html', {
'openid_request': oreq,
'return_to_valid': tr_valid,
'form': form,
'sreg': sreg_fields,
'sreg_form': sreg_form,
'policy_url': sreg.policy_url,
})
