def assertion(request):
"""
mojeID server connects here to propagate a response to the registration
"""
def _reject(request, error):
""" Reject response """
return HttpResponse(dictToKV({'mode': 'reject', 'reason': error}))
def _accept(request):
""" Accept response """
return HttpResponse(dictToKV({'mode': 'accept'}))
# Accept only post
if not request.method == 'POST':
return _reject(request, Assertion.ErrorString.BAD_REQUEST)
# Accept only valid status
status = request.POST.get('status', None)
if not status:
return _reject(request, Assertion.ErrorString.MISSING_STATUS)
if not status in Assertion.StatusCodes:
return _reject(request, Assertion.ErrorString.INVALID_STATUS)
# TODO check whether this request is from mojeID server and uses https with a proper certificate
# Test calimed ID
claimed_id = request.POST.get('claimed_id')
if not claimed_id:
return _reject(request, Assertion.ErrorString.MISSING_CLAIMED_ID)
# The user was registered for mojeID
if status == Assertion.StatusCodes.REGISTERED:
registration_nonce = request.POST.get('registration_nonce')
if registration_nonce is None:
return _reject(request, Assertion.ErrorString.MISSING_NONCE)
# check nonce
try:
nonce = Nonce.get_registration_nonce(registration_nonce)
except Nonce.DoesNotExist:
return _reject(request, Assertion.ErrorString.INVALID_NONCE)
user_id = nonce.user_id
nonce.delete()
# Fetch the user
user_model = get_user_model()
try:
user = user_model.objects.get(pk=user_id)
# Create association
OpenIDBackend.associate_openid(user, claimed_id)
except (user_model.DoesNotExist, IdentityAlreadyClaimed):
# Don't associte the user when the user doesn't exist or is already claimed
# And assume that server sent us a valid claimed_id
#
# Note that user might been deleted before this assertion is triggered
# Or the newly created mojeID account might been already associated
# with a local account by the client
#
# Both of these cases are not considered as errors
pass
return _accept(request)
def assertion(request):
"""
mojeID server connects here to propagate a response to the registration
"""
def _reject(request, error):
""" Reject response """
return HttpResponse(dictToKV({'mode': 'reject', 'reason': error}))
def _accept(request):
""" Accept response """
return HttpResponse(dictToKV({'mode': 'accept'}))
# Accept only post
if not request.method == 'POST':
return _reject(request, Assertion.ErrorString.BAD_REQUEST)
# Accept only valid status
status = request.POST.get('status', None)
if not status:
return _reject(request, Assertion.ErrorString.MISSING_STATUS)
if status not in Assertion.StatusCodes:
return _reject(request, Assertion.ErrorString.INVALID_STATUS)
# TODO check whether this request is from mojeID server and uses https with a proper certificate
# Test calimed ID
claimed_id = request.POST.get('claimed_id')
if not claimed_id:
return _reject(request, Assertion.ErrorString.MISSING_CLAIMED_ID)
# The user was registered for mojeID
if status == Assertion.StatusCodes.REGISTERED:
registration_nonce = request.POST.get('registration_nonce')
if registration_nonce is None:
return _reject(request, Assertion.ErrorString.MISSING_NONCE)
# check nonce
try:
nonce = Nonce.get_registration_nonce(registration_nonce)
except Nonce.DoesNotExist:
return _reject(request, Assertion.ErrorString.INVALID_NONCE)
user_id = nonce.user_id
nonce.delete()
# Try to associate the user with mojeID
if user_id:
# Fetch the user
user_model = get_user_model()
try:
user = user_model.objects.get(pk=user_id)
# Create association
OpenIDBackend.associate_openid(user, claimed_id)
except (user_model.DoesNotExist, IdentityAlreadyClaimed):
# Don't associte the user when the user doesn't exist or is already claimed
# And assume that server sent us a valid claimed_id
#
# Note that user might been deleted before this assertion is triggered
# Or the newly created mojeID account might been already associated
# with a local account by the client
#
# Both of these cases are not considered as errors
pass
return _accept(request)
