def set_password(cls,
user=None,
password=None,
provider_name=None
):
"""generic method to change password of
any for any login provider that uses password
and allows the password change function
"""
login_providers = util.get_login_providers()
if login_providers[provider_name]['type'] != 'password':
raise ImproperlyConfigured('login provider must use password')
if provider_name == 'local':
user.set_password(password)
user.save()
scrambled_password = user.password + str(user.id)
else:
raise NotImplementedError('external passwords not supported')
try:
assoc = UserAssociation.objects.get(
user = user,
provider_name = provider_name
)
except UserAssociation.DoesNotExist:
assoc = UserAssociation(
user = user,
provider_name = provider_name
)
assoc.openid_url = scrambled_password
assoc.last_used_timestamp = datetime.datetime.now()
assoc.save()
def set_password(cls, user=None, password=None, provider_name=None):
"""generic method to change password of
any for any login provider that uses password
and allows the password change function
"""
login_providers = util.get_login_providers()
if login_providers[provider_name]['type'] != 'password':
raise ImproperlyConfigured('login provider must use password')
if provider_name == 'local':
user.set_password(password)
user.save()
scrambled_password = user.password + str(user.id)
else:
raise NotImplementedError('external passwords not supported')
try:
assoc = UserAssociation.objects.get(user=user,
provider_name=provider_name)
except UserAssociation.DoesNotExist:
assoc = UserAssociation(user=user, provider_name=provider_name)
assoc.openid_url = scrambled_password
assoc.last_used_timestamp = datetime.datetime.now()
assoc.save()
def clean(self, value):
"""make sure that value is name of
one of the known password login providers
"""
value = super(PasswordLoginProviderField, self).clean(value)
providers = util.get_login_providers()
if providers[value]['type'] != 'password':
raise forms.ValidationError('provider %s must accept password' %
value)
return value
def clean(self, value):
"""makes sure that login provider name
exists is in the list of accepted providers
"""
providers = util.get_login_providers()
if value in providers:
return value
else:
error_message = 'unknown provider name %s' % value
logging.critical(error_message)
raise forms.ValidationError(error_message)
def clean(self, value):
"""make sure that value is name of
one of the known password login providers
"""
value = super(PasswordLoginProviderField, self).clean(value)
providers = util.get_login_providers()
if providers[value]['type'] != 'password':
raise forms.ValidationError(
'provider %s must accept password' % value
)
return value
def clean(self, value):
"""makes sure that login provider name
exists is in the list of accepted providers
"""
providers = util.get_login_providers()
if value in providers:
return value
else:
error_message = 'unknown provider name %s' % value
logging.critical(error_message)
raise forms.ValidationError(error_message)
def clean(self):
"""besides input data takes data from the
login provider settings
and stores final digested data into
the cleaned_data
the idea is that cleaned data can be used directly
to enact the signin action, without post-processing
of the data
contents of cleaned_data depends on the type
of login
"""
providers = util.get_login_providers()
if 'login_provider_name' in self.cleaned_data:
provider_name = self.cleaned_data['login_provider_name']
else:
raise forms.ValidationError('no login provider specified')
provider_data = providers[provider_name]
provider_type = provider_data['type']
if provider_type == 'password':
self.do_clean_password_fields()
self.cleaned_data['login_type'] = 'password'
elif provider_type.startswith('openid'):
self.do_clean_openid_fields(provider_data)
self.cleaned_data['login_type'] = 'openid'
elif provider_type == 'oauth':
self.cleaned_data['login_type'] = 'oauth'
pass
elif provider_type == 'facebook':
self.cleaned_data['login_type'] = 'facebook'
#self.do_clean_oauth_fields()
return self.cleaned_data
def clean(self):
"""besides input data takes data from the
login provider settings
and stores final digested data into
the cleaned_data
the idea is that cleaned data can be used directly
to enact the signin action, without post-processing
of the data
contents of cleaned_data depends on the type
of login
"""
providers = util.get_login_providers()
if 'login_provider_name' in self.cleaned_data:
provider_name = self.cleaned_data['login_provider_name']
else:
raise forms.ValidationError('no login provider specified')
provider_data = providers[provider_name]
provider_type = provider_data['type']
if provider_type == 'password':
self.do_clean_password_fields()
self.cleaned_data['login_type'] = 'password'
elif provider_type.startswith('openid'):
self.do_clean_openid_fields(provider_data)
self.cleaned_data['login_type'] = 'openid'
elif provider_type == 'oauth':
self.cleaned_data['login_type'] = 'oauth'
pass
elif provider_type == 'facebook':
self.cleaned_data['login_type'] = 'facebook'
#self.do_clean_oauth_fields()
return self.cleaned_data
def authenticate(
self,
username=None, #for 'password'
password=None, #for 'password'
user_id=None, #for 'force'
provider_name=None, #required with all except email_key
openid_url=None,
email_key=None,
oauth_user_id=None, #used with oauth
facebook_user_id=None, #user with facebook
ldap_user_id=None, #for ldap
method=None, #requried parameter
):
"""this authentication function supports many login methods
just which method it is going to use it determined
from the signature of the function call
"""
login_providers = util.get_login_providers()
if method == 'password':
if login_providers[provider_name]['type'] != 'password':
raise ImproperlyConfigured('login provider must use password')
if provider_name == 'local':
try:
user = User.objects.get(username=username)
if not user.check_password(password):
return None
except User.DoesNotExist:
return None
else:
#todo there must be a call to some sort of
#an external "check_password" function
raise NotImplementedError('do not support external passwords')
#this is a catch - make login token a little more unique
#for the cases when passwords are the same for two users
#from the same provider
try:
assoc = UserAssociation.objects.get(
user=user, provider_name=provider_name)
except UserAssociation.DoesNotExist:
assoc = UserAssociation(user=user, provider_name=provider_name)
assoc.openid_url = user.password + str(user.id)
elif method == 'openid':
provider_name = util.get_provider_name(openid_url)
try:
assoc = UserAssociation.objects.get(
openid_url=openid_url, provider_name=provider_name)
user = assoc.user
except UserAssociation.DoesNotExist:
return None
elif method == 'email':
#with this method we do no use user association
try:
#todo: add email_key_timestamp field
#and check key age
user = User.objects.get(email_key=email_key)
user.email_key = None #one time key so delete it
user.email_isvalid = True
user.save()
return user
except User.DoesNotExist:
return None
elif method == 'oauth':
if login_providers[provider_name]['type'] == 'oauth':
try:
assoc = UserAssociation.objects.get(
openid_url=oauth_user_id, provider_name=provider_name)
user = assoc.user
except UserAssociation.DoesNotExist:
return None
else:
return None
elif method == 'facebook':
try:
#assert(provider_name == 'facebook')
assoc = UserAssociation.objects.get(
openid_url=facebook_user_id, provider_name='facebook')
user = assoc.user
except UserAssociation.DoesNotExist:
return None
elif method == 'ldap':
try:
assoc = UserAssociation.objects.get(
openid_url=ldap_user_id, provider_name=provider_name)
user = assoc.user
except UserAssociation.DoesNotExist:
return None
elif method == 'force':
return self.get_user(user_id)
else:
raise TypeError('only openid and password supported')
#update last used time
assoc.last_used_timestamp = datetime.datetime.now()
assoc.save()
return user
def authenticate(
self,
username = None,#for 'password'
password = None,#for 'password'
user_id = None,#for 'force'
provider_name = None,#required with all except email_key
openid_url = None,
email_key = None,
oauth_user_id = None,#used with oauth
facebook_user_id = None,#user with facebook
ldap_user_id = None,#for ldap
method = None,#requried parameter
):
"""this authentication function supports many login methods
just which method it is going to use it determined
from the signature of the function call
"""
login_providers = util.get_login_providers()
if method == 'password':
if login_providers[provider_name]['type'] != 'password':
raise ImproperlyConfigured('login provider must use password')
if provider_name == 'local':
try:
user = User.objects.get(username=username)
if not user.check_password(password):
return None
except User.DoesNotExist:
return None
else:
#todo there must be a call to some sort of
#an external "check_password" function
raise NotImplementedError('do not support external passwords')
#this is a catch - make login token a little more unique
#for the cases when passwords are the same for two users
#from the same provider
try:
assoc = UserAssociation.objects.get(
user = user,
provider_name = provider_name
)
except UserAssociation.DoesNotExist:
assoc = UserAssociation(
user = user,
provider_name = provider_name
)
assoc.openid_url = user.password + str(user.id)
elif method == 'openid':
provider_name = util.get_provider_name(openid_url)
try:
assoc = UserAssociation.objects.get(
openid_url = openid_url,
provider_name = provider_name
)
user = assoc.user
except UserAssociation.DoesNotExist:
return None
elif method == 'email':
#with this method we do no use user association
try:
#todo: add email_key_timestamp field
#and check key age
user = User.objects.get(email_key = email_key)
user.email_key = None #one time key so delete it
user.email_isvalid = True
user.save()
return user
except User.DoesNotExist:
return None
elif method == 'oauth':
if login_providers[provider_name]['type'] == 'oauth':
try:
assoc = UserAssociation.objects.get(
openid_url = oauth_user_id,
provider_name = provider_name
)
user = assoc.user
except UserAssociation.DoesNotExist:
return None
else:
return None
elif method == 'facebook':
try:
#assert(provider_name == 'facebook')
assoc = UserAssociation.objects.get(
openid_url = facebook_user_id,
provider_name = 'facebook'
)
user = assoc.user
except UserAssociation.DoesNotExist:
return None
elif method == 'ldap':
try:
assoc = UserAssociation.objects.get(
openid_url = ldap_user_id,
provider_name = provider_name
)
user = assoc.user
except UserAssociation.DoesNotExist:
return None
elif method == 'force':
return self.get_user(user_id)
else:
raise TypeError('only openid and password supported')
#update last used time
assoc.last_used_timestamp = datetime.datetime.now()
assoc.save()
return user
