def browserid_authenticate(request, assertion, is_mobile=False, browserid_audience=get_audience):
"""
Verify a BrowserID login attempt. If the BrowserID assertion is
good, but no account exists, create one.
"""
extra_params = {}
url = settings.NATIVE_FXA_VERIFICATION_URL
log.debug("Verifying Native FxA at %s, audience: %s, " "extra_params: %s" % (url, browserid_audience, extra_params))
v = BrowserIDBackend().get_verifier()
v.verification_service_url = url
result = v.verify(assertion, browserid_audience, url=url, **extra_params)
if not result:
return None, _("Native FxA authentication failure.")
if "unverified-email" in result._response:
email = result._response["unverified-email"]
verified = False
elif result._response.get("issuer") == settings.NATIVE_FXA_ISSUER and "fxa-verifiedEmail" in result._response.get(
"idpClaims", {}
):
email = result._response["idpClaims"]["fxa-verifiedEmail"]
verified = True
else:
email = result.email
verified = True
try:
profile = UserProfile.objects.filter(email=email)[0]
except IndexError:
profile = None
if profile:
if profile.is_verified and not verified:
# An attempt to log in to a verified address with an unverified
# assertion is a very bad thing. Don't let that happen.
log.debug("Verified user %s attempted to log in with an " "unverified assertion!" % profile)
return None, _("Please use the verified email for this account.")
else:
profile.is_verified = verified
profile.save()
return profile, None
source = mkt.LOGIN_SOURCE_MMO_BROWSERID
display_name = email.partition("@")[0]
profile = UserProfile.objects.create(email=email, source=source, display_name=display_name, is_verified=verified)
log_cef(
"New Account",
5,
request,
username=display_name,
signature="AUTHNOTICE",
msg="User created a new account (from Persona)",
)
record_action("new-user", request)
return profile, None
def browserid_authenticate(request, assertion, is_mobile=False,
browserid_audience=get_audience):
"""
Verify a BrowserID login attempt. If the BrowserID assertion is
good, but no account exists, create one.
"""
extra_params = {}
url = settings.NATIVE_FXA_VERIFICATION_URL
log.debug('Verifying Native FxA at %s, audience: %s, '
'extra_params: %s' % (url, browserid_audience, extra_params))
v = BrowserIDBackend().get_verifier()
v.verification_service_url = url
result = v.verify(assertion, browserid_audience, url=url, **extra_params)
if not result:
return None, _('Native FxA authentication failure.')
if 'unverified-email' in result._response:
email = result._response['unverified-email']
verified = False
elif (result._response.get('issuer') == settings.NATIVE_FXA_ISSUER and
'fxa-verifiedEmail' in result._response.get('idpClaims', {})):
email = result._response['idpClaims']['fxa-verifiedEmail']
verified = True
else:
email = result.email
verified = True
try:
profile = UserProfile.objects.filter(email=email)[0]
except IndexError:
profile = None
if profile:
if profile.is_verified and not verified:
# An attempt to log in to a verified address with an unverified
# assertion is a very bad thing. Don't let that happen.
log.debug('Verified user %s attempted to log in with an '
'unverified assertion!' % profile)
return None, _('Please use the verified email for this account.')
else:
profile.is_verified = verified
profile.save()
return profile, None
username = autocreate_username(email.partition('@')[0])
source = amo.LOGIN_SOURCE_MMO_BROWSERID
profile = UserProfile.objects.create(username=username, email=email,
source=source, display_name=username,
is_verified=verified)
log_cef('New Account', 5, request, username=username,
signature='AUTHNOTICE',
msg='User created a new account (from Persona)')
record_action('new-user', request)
return profile, None
def native_fxa_authenticate(audience, assertion):
url = settings.NATIVE_FXA_VERIFICATION_URL
log.info('verifying Native FxA assertion. url: %s, audience: %s, '
'assertion: %s' % (url, audience, assertion))
v = BrowserIDBackend().get_verifier()
v.verification_service_url = url
result = v.verify(assertion, audience, url=url)
if result:
log.info('Native FxA assertion ok: %s' % result)
if (result._response.get('issuer') == settings.NATIVE_FXA_ISSUER and
'fxa-verifiedEmail' in result._response.get('idpClaims', {})):
return result._response['idpClaims']['fxa-verifiedEmail']
else:
return result.get('email')
def native_fxa_authenticate(audience, assertion):
url = settings.NATIVE_FXA_VERIFICATION_URL
log.info('verifying Native FxA assertion. url: %s, audience: %s, '
'assertion: %s' % (url, audience, assertion))
v = BrowserIDBackend().get_verifier()
v.verification_service_url = url
result = v.verify(assertion, audience, url=url)
if result:
log.info('Native FxA assertion ok: %s' % result)
if (result._response.get('issuer') == settings.NATIVE_FXA_ISSUER and
'fxa-verifiedEmail' in result._response.get('idpClaims', {})):
return result._response['idpClaims']['fxa-verifiedEmail']
else:
return result._response.get('email')
def browserid_authenticate(request,
assertion,
is_mobile=False,
browserid_audience=get_audience):
"""
Verify a BrowserID login attempt. If the BrowserID assertion is
good, but no account exists, create one.
"""
extra_params = {}
url = settings.NATIVE_FXA_VERIFICATION_URL
log.debug('Verifying Native FxA at %s, audience: %s, '
'extra_params: %s' % (url, browserid_audience, extra_params))
v = BrowserIDBackend().get_verifier()
v.verification_service_url = url
result = v.verify(assertion, browserid_audience, url=url, **extra_params)
if not result:
return None, _('Native FxA authentication failure.')
if 'unverified-email' in result._response:
email = result._response['unverified-email']
verified = False
elif (result._response.get('issuer') == settings.NATIVE_FXA_ISSUER
and 'fxa-verifiedEmail' in result._response.get('idpClaims', {})):
email = result._response['idpClaims']['fxa-verifiedEmail']
verified = True
else:
email = result.email
verified = True
try:
profile = UserProfile.objects.filter(email=email)[0]
except IndexError:
profile = None
if profile:
if profile.is_verified and not verified:
# An attempt to log in to a verified address with an unverified
# assertion is a very bad thing. Don't let that happen.
log.debug('Verified user %s attempted to log in with an '
'unverified assertion!' % profile)
return None, _('Please use the verified email for this account.')
else:
profile.is_verified = verified
profile.save()
return profile, None
username = autocreate_username(email.partition('@')[0])
source = amo.LOGIN_SOURCE_MMO_BROWSERID
profile = UserProfile.objects.create(username=username,
email=email,
source=source,
display_name=username,
is_verified=verified)
log_cef('New Account',
5,
request,
username=username,
signature='AUTHNOTICE',
msg='User created a new account (from Persona)')
record_action('new-user', request)
return profile, None
def browserid_authenticate(request,
assertion,
is_mobile=False,
browserid_audience=get_audience):
"""
Verify a BrowserID login attempt. If the BrowserID assertion is
good, but no account exists, create one.
"""
url = settings.BROWSERID_VERIFICATION_URL
# We must always force the Firefox OS identity provider. This is because
# we are sometimes allowing unverified assertions and you can't mix that
# feature with bridged IdPs. See bug 910938.
extra_params = {}
if settings.UNVERIFIED_ISSUER:
extra_params['experimental_forceIssuer'] = settings.UNVERIFIED_ISSUER
if is_mobile:
# When persona is running in a mobile OS then we can allow unverified
# assertions.
url = settings.NATIVE_BROWSERID_VERIFICATION_URL
extra_params['experimental_allowUnverified'] = 'true'
log.debug('Verifying Persona at %s, audience: %s, '
'extra_params: %s' % (url, browserid_audience, extra_params))
v = BrowserIDBackend().get_verifier()
v.verification_service_url = url
result = v.verify(assertion, browserid_audience, url=url, **extra_params)
if not result:
return None, _('Persona authentication failure.')
if 'unverified-email' in result._response:
email = result._response['unverified-email']
verified = False
else:
email = result.email
verified = True
try:
profile = UserProfile.objects.filter(email=email)[0]
except IndexError:
profile = None
if profile:
if profile.is_verified and not verified:
# An attempt to log in to a verified address with an unverified
# assertion is a very bad thing. Don't let that happen.
log.debug('Verified user %s attempted to log in with an '
'unverified assertion!' % profile)
return None, _('Please use the verified email for this account.')
else:
profile.is_verified = verified
profile.save()
return profile, None
username = autocreate_username(email.partition('@')[0])
source = amo.LOGIN_SOURCE_MMO_BROWSERID
profile = UserProfile.objects.create(username=username,
email=email,
source=source,
display_name=username,
is_verified=verified)
log_cef('New Account',
5,
request,
username=username,
signature='AUTHNOTICE',
msg='User created a new account (from Persona)')
record_action('new-user', request)
return profile, None
def browserid_authenticate(request, assertion, is_mobile=False,
browserid_audience=get_audience):
"""
Verify a BrowserID login attempt. If the BrowserID assertion is
good, but no account exists, create one.
"""
extra_params = {}
if waffle.switch_is_active('firefox-accounts'):
url = settings.NATIVE_FXA_VERIFICATION_URL
else:
url = settings.BROWSERID_VERIFICATION_URL
# We must always force the Firefox OS identity provider. This is
# because we are sometimes allowing unverified assertions and you
# can't mix that feature with bridged IdPs. See bug 910938.
if settings.UNVERIFIED_ISSUER:
extra_params['experimental_forceIssuer'] = settings.UNVERIFIED_ISSUER
if is_mobile:
# When persona is running in a mobile OS then we can allow
# unverified assertions.
url = settings.NATIVE_BROWSERID_VERIFICATION_URL
extra_params['experimental_allowUnverified'] = 'true'
log.debug('Verifying Persona at %s, audience: %s, '
'extra_params: %s' % (url, browserid_audience, extra_params))
v = BrowserIDBackend().get_verifier()
v.verification_service_url = url
result = v.verify(assertion, browserid_audience, url=url, **extra_params)
if not result:
return None, _('Persona authentication failure.')
if 'unverified-email' in result._response:
email = result._response['unverified-email']
verified = False
elif (result._response.get('issuer') == settings.NATIVE_FXA_ISSUER and
'fxa-verifiedEmail' in result._response.get('idpClaims', {})):
email = result._response['idpClaims']['fxa-verifiedEmail']
verified = True
else:
email = result.email
verified = True
try:
profile = UserProfile.objects.filter(email=email)[0]
except IndexError:
profile = None
if profile:
if profile.is_verified and not verified:
# An attempt to log in to a verified address with an unverified
# assertion is a very bad thing. Don't let that happen.
log.debug('Verified user %s attempted to log in with an '
'unverified assertion!' % profile)
return None, _('Please use the verified email for this account.')
else:
profile.is_verified = verified
profile.save()
return profile, None
username = autocreate_username(email.partition('@')[0])
source = amo.LOGIN_SOURCE_MMO_BROWSERID
profile = UserProfile.objects.create(username=username, email=email,
source=source, display_name=username,
is_verified=verified)
log_cef('New Account', 5, request, username=username,
signature='AUTHNOTICE',
msg='User created a new account (from Persona)')
record_action('new-user', request)
return profile, None
