def __init__(self, base_url):
self.store = MemoryStore()
self.identity_url = base_url + 'identity'
self.localid_url = base_url + 'localid'
self.endpoint_url = base_url + 'endpoint'
self.server = Server(self.store, self.endpoint_url)
self.last_request = None
def main(host, port, data_path):
addr = (host, port)
httpserver = OpenIDHTTPServer(addr, ServerHandler)
# Instantiate OpenID consumer store and OpenID consumer. If you
# were connecting to a database, you would create the database
# connection and instantiate an appropriate store here.
store = MemoryStore()
# xxx For reasons unknown, the server is confused about whether
# our openid client is "smart" or "dumb" (one request is
# considered "smart", a later one is considered "dumb"), and since
# it uses this as data for the hashing algorithm used to store
# state, it never realises it's the same client making multiple
# requests.
# Fix by using the same string when hashing both types - unknown
# what potential buggy side effects this has...
server.Signatory._normal_key = server.Signatory._dumb_key = 'foo'
oidserver = server.Server(store, httpserver.base_url + 'openidserver')
httpserver.setOpenIDServer(oidserver)
print 'Server running at:'
print httpserver.base_url
httpserver.serve_forever()
def __init__(self, base_url):
self.store = MemoryStore()
self.identity_url = base_url + 'identity'
self.localid_url = base_url + 'localid'
self.endpoint_url = base_url + 'endpoint'
self.server = Server(self.store, self.endpoint_url)
self.last_request = None
self.type_uris = ['http://specs.openid.net/auth/2.0/signon']
def _getStore(self, db):
scheme, rest = self.connection_uri.split(':', 1)
if scheme == 'mysql':
return MySQLStore(db.cnx.cnx)
elif scheme == 'postgres':
return PostgreSQLStore(db.cnx.cnx)
elif scheme == 'sqlite':
return SQLiteStore(db.cnx.cnx)
else:
return MemoryStore()
def add_openid(config, *args, **kw):
""" Add OpenID login provider.
requires realm to be used.
"""
from velruse.providers.openid import add_openid_login
from openid.store.memstore import MemoryStore
realm = kw.pop('realm')
if 'domain' in kw:
domain = kw.pop('domain')
config.registry.settings['openid_domain'] = domain
add_openid_login(config, realm = realm, storage = MemoryStore(), **kw)
def __init__(self, trusted_providers=[], **kw):
super(OpenIDAuth, self).__init__(**kw)
# the name
self.name = 'openid'
# we only need openid
self.login_inputs = ['openid']
# logout is possible
self.logout_possible = True
# the store
self.store = MemoryStore()
self._trusted_providers = list(trusted_providers)
def __init__(self, trusted_providers=[]):
# the name
self.name = 'openid'
# we only need openid
self.login_inputs = ['openid']
# logout is possible
self.logout_possible = True
# the store
self.store = MemoryStore()
self._trusted_providers = list(trusted_providers)
BaseAuth.__init__(self)
def getRedirectUrlFor(self, session, openUrlId, returnUrl, realm):
store = MemoryStore()
session["openId_store"] = store
consumer = Consumer(session, store)
try:
authRequest = consumer.begin(openUrlId)
shouldSendRedirect = authRequest.shouldSendRedirect()
##print "should send redirect=%s" % shouldSendRedirect
## see example code for not redirecting??? .../examples/consumer.py
#if shouldSendRedirect==False:
# html = authRequest.htmlMarkup(realm, returnUrl, \
# form_tag_attrs={"id":"openid_message"})
redirectUrl = authRequest.redirectURL(realm=realm, \
return_to=returnUrl, immediate=False)
except Exception, e:
return None
def __init__(self, config):
self.config = config # Saves the config because Page needs it
self.encoder = json.JSONEncoder()
# The full URL of this openid server
if hasattr(config, 'server_url'):
self.base_path = '%s/' % config.server_url
else:
self.base_path = '%s/' % cherrypy.url()
# Now instantiates the OpenID Store (used for nonces and associations)
if config.store == 'filestore':
store = FileOpenIDStore(config.store_path)
elif config.store == 'dbstore':
store = DBOidStore(config.store_source)
else:
store = MemoryStore()
# Now instantiates the OpenID server
self.openid = server.Server(store, self.base_path + 'openidserver')
# Record how to get user details out...
factory = WMFactory('oid_factory')
self.userstore = factory.loadObject(config.users_store.object,
config.users_store)
# List of remote sites allowed to request auth/authz to this server
self.truststore = factory.loadObject(config.trust_store.object,
config.trust_store)
# This is a thread safe object to display web pages/forms related to
# the oid server. I put it on a separate class to avoid blowing
# the main class with html code.
self.webpages = OidServerWebPages()
# *** Should enable cherrypy session somewhere... sorry
cherrypy.config.update({
'tools.sessions.on': True,
'tools.sessions.storage_type': 'ram',
#'tools.sessions.storage_type': "file",
#'tools.sessions.storage_path': "/tmp/oidserver-sessions",
'tools.sessions.timeout': 60,
'tools.sessions.name': 'oidserver_sid'
})
def _get_openid_store(self):
if self._openid_store is None:
from openid.store.memstore import MemoryStore
self._openid_store = MemoryStore()
return self._openid_store
def __init__(self):
from openid.server.server import Server
from openid.store.memstore import MemoryStore
store = MemoryStore()
self.server = Server(store, 'http://www.jaraco.com/')
logoutPerson,
)
from lp.services.webapp.publisher import (
Navigation,
stepthrough,
)
from lp.testopenid.interfaces.server import (
get_server_url,
ITestOpenIDApplication,
ITestOpenIDLoginForm,
ITestOpenIDPersistentIdentity,
)
OPENID_REQUEST_SESSION_KEY = 'testopenid.request'
SESSION_PKG_KEY = 'TestOpenID'
openid_store = MemoryStore()
# Shut up noisy OpenID library
oidutil.log = lambda message, level=0: None
@implementer(ICanonicalUrlData)
class TestOpenIDRootUrlData:
"""`ICanonicalUrlData` for the test OpenID provider."""
path = ''
inside = None
rootsite = 'testopenid'
def __init__(self, context):
self.context = context
def associate(services, url):
'''Create an association (OpenID section 8) between RP and OP.
Return response as a dictionary.'''
req_data = {
'openid.ns': "http://specs.openid.net/auth/2.0",
'openid.mode': "associate",
'openid.assoc_type': "HMAC-SHA1",
'openid.session_type': "no-encryption",
}
if url.startswith('http:'):
# Use DH exchange
req_data['openid.session_type'] = "DH-SHA1"
# Private key: random number between 1 and dh_prime-1
priv = random.SystemRandom().randrange(1, dh_prime - 1)
# Public key: 2^priv mod prime
pubkey = pow(2L, priv, dh_prime)
dh_public_base64 = base64.b64encode(btwoc(pubkey))
# No need to send key and generator
req_data['openid.dh_consumer_public'] = dh_public_base64
if is_compat_1x(services):
# 14.2.1: clear session_type in 1.1 compatibility mode
if req_data['openid.session_type'] == "no-encryption":
req_data['openid.session_type'] = ''
del req_data['openid.ns']
res = urllib.urlopen(url, b(urllib.urlencode(req_data)))
try:
if res.getcode() != 200:
raise ValueError(
"OpenID provider refuses connection with status %s" %
res.getcode())
data = parse_response(res.read())
except ValueError:
endpoint = OpenIDServiceEndpoint.fromOPEndpointURL(url)
store = MemoryStore()
consumer = GenericConsumer(store)
try:
assoc = consumer._requestAssociation(
endpoint, req_data['openid.assoc_type'],
req_data['openid.session_type'])
data = {
'assoc_handle': assoc.handle,
'expires_in': assoc.lifetime,
'mac_key': oidutil.toBase64(assoc.secret),
}
except ServerError:
data = {
'error':
'Server %s refused its suggested association type: session_type=%s, assoc_type=%s'
% (url, req_data['openid.assoc_type'],
req_data['openid.session_type']),
}
if 'error' in data:
raise ValueError, "associate failed: " + data['error']
if url.startswith('http:'):
enc_mac_key = b(data.get('enc_mac_key'))
if not enc_mac_key:
raise ValueError, "Provider protocol error: not using DH-SHA1"
enc_mac_key = base64.b64decode(enc_mac_key)
dh_server_public = unbtwoc(
base64.b64decode(b(data['dh_server_public'])))
# shared secret: sha1(2^(server_priv*priv) mod prime) xor enc_mac_key
shared_secret = btwoc(pow(dh_server_public, priv, dh_prime))
shared_secret = hashlib.sha1(shared_secret).digest()
if len(shared_secret) != len(enc_mac_key):
raise ValueError, "incorrect DH key size"
# Fake mac_key result
data['mac_key'] = b(
base64.b64encode(string_xor(enc_mac_key, shared_secret)))
return data