def _handle_verify_continuation(self, request):
_ = request.getText
oidconsumer = consumer.Consumer(request.session, MoinOpenIDStore(request))
query = {}
for key in request.form:
query[key] = request.form[key][0]
current_url = get_multistage_continuation_url(request, self.name, {"oidstage": "1"})
info = oidconsumer.complete(query, current_url)
if info.status == consumer.FAILURE:
return CancelLogin(_("OpenID error: %s.") % info.message)
elif info.status == consumer.CANCEL:
return CancelLogin(_("Verification canceled."))
elif info.status == consumer.SUCCESS:
request.session["openid.id"] = info.identity_url
request.session["openid.info"] = info
# try to find user object
uid = user.getUserIdByOpenId(request, info.identity_url)
if uid:
u = user.User(request, id=uid, auth_method=self.name, auth_username=info.identity_url)
else:
u = None
# create or update the user according to the registration data
u = self._handle_user_data(request, u)
if u:
return ContinueLogin(u)
# if no user found, then we need to ask for a username,
# possibly associating an existing account.
request.session["openid.id"] = info.identity_url
return MultistageFormLogin(self._get_account_name)
else:
return CancelLogin(_("OpenID failure."))
def test_get_multistage_continuation_url():
test_url = get_multistage_continuation_url('test_auth_name',
extra_fields={'password': '******', 'test_key': 'test_value'})
assert 'test_key=test_value' in test_url
assert 'password=test_pass' in test_url
assert 'stage=test_auth_name' in test_url
assert 'login_submit=1' in test_url
def login(self, request, user_obj, **kw):
continuation = kw.get('multistage')
if continuation:
return self._handle_continuation(request)
# openid is designed to work together with other auths
if user_obj and user_obj.valid:
return ContinueLogin(user_obj)
openid_id = kw.get('openid_identifier')
# nothing entered? continue...
if not self._forced_service and not openid_id:
return ContinueLogin(user_obj)
_ = request.getText
# user entered something but the session can't be stored
if not request.cfg.cookie_lifetime[0]:
return ContinueLogin(user_obj,
_('Anonymous sessions need to be enabled for OpenID login.'))
oidconsumer = consumer.Consumer(request.session,
MoinOpenIDStore(request))
try:
fserv = self._forced_service
if fserv:
if isinstance(fserv, str) or isinstance(fserv, unicode):
oidreq = oidconsumer.begin(fserv)
else:
oidreq = oidconsumer.beginWithoutDiscovery(fserv)
else:
oidreq = oidconsumer.begin(openid_id)
except HTTPFetchingError:
return ContinueLogin(None, _('Failed to resolve OpenID.'))
except DiscoveryFailure:
return ContinueLogin(None, _('OpenID discovery failure, not a valid OpenID.'))
else:
if oidreq is None:
return ContinueLogin(None, _('No OpenID.'))
self._modify_request(oidreq, request.cfg)
return_to = get_multistage_continuation_url(request, self.name,
{'oidstage': '1'})
trust_root = request.url_root
if oidreq.shouldSendRedirect():
redirect_url = oidreq.redirectURL(trust_root, return_to)
return MultistageRedirectLogin(redirect_url)
else:
form_html = oidreq.formMarkup(trust_root, return_to,
form_tag_attrs={'id': 'openid_message'})
mcall = lambda request, form:\
self._openid_form(request, form, form_html)
ret = MultistageFormLogin(mcall)
return ret
def test_get_multistage_continuation_url():
test_url = get_multistage_continuation_url('test_auth_name',
extra_fields={
'password': '******',
'test_key': 'test_value'
})
assert 'test_key=test_value' in test_url
assert 'password=test_pass' in test_url
assert 'stage=test_auth_name' in test_url
assert 'login_submit=1' in test_url
def login(self, userobj, **kw):
"""
Handles an login request and continues to multistage continuation
if necessary.
"""
continuation = kw.get('multistage')
# process another subsequent step
if continuation:
return self._handleContinuation()
openid = kw.get('openid')
# no openid entered
if not openid:
return ContinueLogin(userobj)
# we make a consumer object with an in-memory storage
oid_consumer = consumer.Consumer(session, self.store)
# we catch any possible openid-related exceptions
try:
oid_response = oid_consumer.begin(openid)
except HTTPFetchingError:
return ContinueLogin(None, _('Failed to resolve OpenID.'))
except DiscoveryFailure:
return ContinueLogin(
None, _('OpenID discovery failure, not a valid OpenID.'))
else:
# we got no response from the service
if oid_response is None:
return ContinueLogin(None, _('No OpenID service at this URL.'))
# site root and where to return after the redirect
site_root = url_for('frontend.show_root', _external=True)
return_to = get_multistage_continuation_url(
self.name, {'oidstage': '1'})
# should we redirect the user?
if oid_response.shouldSendRedirect():
redirect_url = oid_response.redirectURL(site_root, return_to)
return MultistageRedirectLogin(redirect_url)
else:
# send a form
form_html = oid_response.htmlMarkup(
site_root,
return_to,
form_tag_attrs={'id': 'openid_message'})
# returns a MultistageFormLogin
return MultistageFormLogin(form_html)
def _handle_verify_continuation(self, request):
_ = request.getText
oidconsumer = consumer.Consumer(request.session,
MoinOpenIDStore(request))
query = {}
for key in request.values.keys():
query[key] = request.values.get(key)
current_url = get_multistage_continuation_url(request, self.name,
{'oidstage': '1'})
info = oidconsumer.complete(query, current_url)
if info.status == consumer.FAILURE:
logging.debug(_("OpenID error: %s.") % info.message)
return CancelLogin(_('OpenID error: %s.') % info.message)
elif info.status == consumer.CANCEL:
logging.debug(_("OpenID verification canceled."))
return CancelLogin(_('Verification canceled.'))
elif info.status == consumer.SUCCESS:
logging.debug(_("OpenID success. id: %s") % info.identity_url)
request.session['openid.id'] = info.identity_url
request.session['openid.info'] = info
# try to find user object
uid = user.getUserIdByOpenId(request, info.identity_url)
if uid:
u = user.User(request,
id=uid,
auth_method=self.name,
auth_username=info.identity_url,
auth_attribs=self.auth_attribs)
else:
u = None
# create or update the user according to the registration data
u = self._handle_user_data(request, u)
if u:
return ContinueLogin(u)
# if no user found, then we need to ask for a username,
# possibly associating an existing account.
logging.debug("OpenID: No user found, prompting for username")
#request.session['openid.id'] = info.identity_url
return MultistageFormLogin(self._get_account_name)
else:
logging.debug(_("OpenID failure"))
return CancelLogin(_('OpenID failure.'))
def login(self, userobj, **kw):
"""
Handles an login request and continues to multistage continuation
if necessary.
"""
continuation = kw.get('multistage')
# process another subsequent step
if continuation:
return self._handleContinuation()
openid = kw.get('openid')
# no openid entered
if not openid:
return ContinueLogin(userobj)
# we make a consumer object with an in-memory storage
oid_consumer = consumer.Consumer(session, self.store)
# we catch any possible openid-related exceptions
try:
oid_response = oid_consumer.begin(openid)
except HTTPFetchingError:
return ContinueLogin(None, _('Failed to resolve OpenID.'))
except DiscoveryFailure:
return ContinueLogin(None, _('OpenID discovery failure, not a valid OpenID.'))
else:
# we got no response from the service
if oid_response is None:
return ContinueLogin(None, _('No OpenID service at this URL.'))
# site root and where to return after the redirect
site_root = url_for('frontend.show_root', _external=True)
return_to = get_multistage_continuation_url(self.name, {'oidstage': '1'})
# should we redirect the user?
if oid_response.shouldSendRedirect():
redirect_url = oid_response.redirectURL(site_root, return_to)
return MultistageRedirectLogin(redirect_url)
else:
# send a form
form_html = oid_response.htmlMarkup(site_root, return_to, form_tag_attrs={'id': 'openid_message'})
# returns a MultistageFormLogin
return MultistageFormLogin(form_html)
def _handle_verify_continuation(self, request):
_ = request.getText
oidconsumer = consumer.Consumer(request.session,
MoinOpenIDStore(request))
query = {}
for key in request.values.keys():
query[key] = request.values.get(key)
current_url = get_multistage_continuation_url(request, self.name,
{'oidstage': '1'})
info = oidconsumer.complete(query, current_url)
if info.status == consumer.FAILURE:
logging.debug(_("OpenID error: %s.") % info.message)
return CancelLogin(_('OpenID error: %s.') % info.message)
elif info.status == consumer.CANCEL:
logging.debug(_("OpenID verification canceled."))
return CancelLogin(_('Verification canceled.'))
elif info.status == consumer.SUCCESS:
logging.debug(_("OpenID success. id: %s") % info.identity_url)
request.session['openid.id'] = info.identity_url
request.session['openid.info'] = info
# try to find user object
uid = user.getUserIdByOpenId(request, info.identity_url)
if uid:
u = user.User(request, id=uid, auth_method=self.name,
auth_username=info.identity_url,
auth_attribs=self.auth_attribs)
else:
u = None
# create or update the user according to the registration data
u = self._handle_user_data(request, u)
if u:
return ContinueLogin(u)
# if no user found, then we need to ask for a username,
# possibly associating an existing account.
logging.debug("OpenID: No user found, prompting for username")
#request.session['openid.id'] = info.identity_url
return MultistageFormLogin(self._get_account_name)
else:
logging.debug(_("OpenID failure"))
return CancelLogin(_('OpenID failure.'))
def login(self, request, user_obj, **kw):
continuation = kw.get('multistage')
if continuation:
return self._handle_continuation(request)
# openid is designed to work together with other auths
if user_obj and user_obj.valid:
return ContinueLogin(user_obj)
openid_id = kw.get('openid_identifier')
# nothing entered? continue...
if not self._forced_service and not openid_id:
return ContinueLogin(user_obj)
_ = request.getText
# user entered something but the session can't be stored
if not request.cfg.cookie_lifetime[0]:
return ContinueLogin(
user_obj,
_('Anonymous sessions need to be enabled for OpenID login.'))
oidconsumer = consumer.Consumer(request.session,
MoinOpenIDStore(request))
try:
fserv = self._forced_service
if fserv:
if isinstance(fserv, str) or isinstance(fserv, unicode):
oidreq = oidconsumer.begin(fserv)
else:
oidreq = oidconsumer.beginWithoutDiscovery(fserv)
else:
oidreq = oidconsumer.begin(openid_id)
except HTTPFetchingError:
return ContinueLogin(None, _('Failed to resolve OpenID.'))
except DiscoveryFailure:
return ContinueLogin(
None, _('OpenID discovery failure, not a valid OpenID.'))
else:
if oidreq is None:
return ContinueLogin(None, _('No OpenID.'))
self._modify_request(oidreq, request.cfg)
return_to = get_multistage_continuation_url(
request, self.name, {'oidstage': '1'})
trust_root = request.url_root
if oidreq.shouldSendRedirect():
redirect_url = oidreq.redirectURL(trust_root, return_to)
return MultistageRedirectLogin(redirect_url)
else:
form_html = oidreq.formMarkup(
trust_root,
return_to,
form_tag_attrs={'id': 'openid_message'})
mcall = lambda request, form:\
self._openid_form(request, form, form_html)
ret = MultistageFormLogin(mcall)
return ret
def _handleContinuationVerify(self):
"""
Handles the first stage continuation.
"""
# the consumer object with an in-memory storage
oid_consumer = consumer.Consumer(session, self.store)
# a dict containing the parsed query string
query = {}
for key in request.values.keys():
query[key] = request.values.get(key)
# the current url (w/o query string)
url = get_multistage_continuation_url(self.name, {'oidstage': '1'})
# we get the info about the authentication
oid_info = oid_consumer.complete(query, url)
# the identity we've retrieved from the response
if oid_info.status == consumer.FAILURE:
# verification has failed
# return an error message with description of error
logging.debug("OpenIDError: {0}".format(oid_info.message))
error_message = _('OpenID Error')
return CancelLogin(error_message)
elif oid_info.status == consumer.CANCEL:
logging.debug("OpenID verification cancelled.")
# verification was cancelled
# return error
return CancelLogin(_('OpenID verification cancelled.'))
elif oid_info.status == consumer.SUCCESS:
logging.debug('OpenID success. id: {0}'.format(
oid_info.identity_url))
# we get the provider's url
# and the list of trusted providers
trusted = self._trusted_providers
server = oid_info.endpoint.server_url
if server in trusted or not trusted:
# the provider is trusted or all providers are trusted
# we have successfully authenticated our openid
# we get the user with this openid associated to him
identity = oid_info.identity_url
users = user.search_users(openid=identity)
user_obj = users and user.User(users[0][ITEMID],
trusted=self.trusted)
# if the user actually exists
if user_obj:
# we get the authenticated user object
# success!
user_obj.auth_method = self.name
return ContinueLogin(user_obj)
# there is no user with this openid
else:
# redirect the user to registration
return MultistageRedirectLogin(
url_for('frontend.register',
_external=True,
openid_openid=identity,
openid_submit='1'))
# not trusted
return ContinueLogin(None,
_('This OpenID provider is not trusted.'))
else:
logging.debug("OpenID failure")
# the auth failed miserably
return CancelLogin(_('OpenID failure.'))
def _handleContinuationVerify(self):
"""
Handles the first stage continuation.
"""
# the consumer object with an in-memory storage
oid_consumer = consumer.Consumer(session, self.store)
# a dict containing the parsed query string
query = {}
for key in request.values.keys():
query[key] = request.values.get(key)
# the current url (w/o query string)
url = get_multistage_continuation_url(self.name, {'oidstage': '1'})
# we get the info about the authentication
oid_info = oid_consumer.complete(query, url)
# the identity we've retrieved from the response
if oid_info.status == consumer.FAILURE:
# verification has failed
# return an error message with description of error
logging.debug("OpenIDError: {0}".format(oid_info.message))
error_message = _('OpenID Error')
return CancelLogin(error_message)
elif oid_info.status == consumer.CANCEL:
logging.debug("OpenID verification cancelled.")
# verification was cancelled
# return error
return CancelLogin(_('OpenID verification cancelled.'))
elif oid_info.status == consumer.SUCCESS:
logging.debug('OpenID success. id: {0}'.format(oid_info.identity_url))
# we get the provider's url
# and the list of trusted providers
trusted = self._trusted_providers
server = oid_info.endpoint.server_url
if server in trusted or not trusted:
# the provider is trusted or all providers are trusted
# we have successfully authenticated our openid
# we get the user with this openid associated to him
identity = oid_info.identity_url
users = user.search_users(openid=identity)
user_obj = users and user.User(users[0][ITEMID], trusted=self.trusted)
# if the user actually exists
if user_obj:
# we get the authenticated user object
# success!
user_obj.auth_method = self.name
return ContinueLogin(user_obj)
# there is no user with this openid
else:
# redirect the user to registration
return MultistageRedirectLogin(url_for('frontend.register',
_external=True,
openid_openid=identity,
openid_submit='1'
))
# not trusted
return ContinueLogin(None, _('This OpenID provider is not trusted.'))
else:
logging.debug("OpenID failure")
# the auth failed miserably
return CancelLogin(_('OpenID failure.'))
