def server(request):
"""
Respond to requests for the server's primary web page.
"""
return render(
request,
"server/index.html",
{"user_url": reverse("server:idPage"), "server_xrds_url": getViewURL(request, idpXrds)},
)
def processTrustResult(request):
"""
Handle the result of a trust decision and respond to the RP
accordingly.
"""
# Get the request from the session so we can construct the
# appropriate response.
openid_request = getRequest(request)
# The identifier that this server can vouch for
response_identity = getViewURL(request, idPage)
# If the decision was to allow the verification, respond
# accordingly.
allowed = "allow" in request.POST
# Generate a response with the appropriate answer.
openid_response = openid_request.answer(allowed, identity=response_identity)
# Send Simple Registration data in the response, if appropriate.
if allowed:
sreg_data = {
"fullname": "Example User",
"nickname": "example",
"dob": "1970-01-01",
"email": "*****@*****.**",
"gender": "F",
"postcode": "12345",
"country": "ES",
"language": "eu",
"timezone": "America/New_York",
}
sreg_req = sreg.SRegRequest.fromOpenIDRequest(openid_request)
sreg_resp = sreg.SRegResponse.extractResponse(sreg_req, sreg_data)
openid_response.addExtension(sreg_resp)
pape_response = pape.Response()
pape_response.setAuthLevel(pape.LEVELS_NIST, 0)
openid_response.addExtension(pape_response)
return displayResponse(request, openid_response)
def test_unreachableRealm(self):
self.request = dummyRequest()
id_url = util.getViewURL(self.request, views.idPage)
# Set up the OpenID request we're responding to.
op_endpoint = 'http://127.0.0.1:8080/endpoint'
message = Message.fromPostArgs({
'openid.mode': 'checkid_setup',
'openid.identity': id_url,
'openid.return_to': 'http://unreachable.invalid/%s' % (self.id(),),
'openid.sreg.required': 'postcode',
})
self.openid_request = CheckIDRequest.fromMessage(message, op_endpoint)
views.setRequest(self.request, self.openid_request)
response = views.showDecidePage(self.request, self.openid_request)
self.failUnless('trust_root_valid is Unreachable' in response.content,
response)
def handleCheckIDRequest(request, openid_request):
"""
Handle checkid_* requests. Get input from the user to find out
whether she trusts the RP involved. Possibly, get intput about
what Simple Registration information, if any, to send in the
response.
"""
# If the request was an IDP-driven identifier selection request
# (i.e., the IDP URL was entered at the RP), then return the
# default identity URL for this server. In a full-featured
# provider, there could be interaction with the user to determine
# what URL should be sent.
if not openid_request.idSelect():
id_url = getViewURL(request, idPage)
# Confirm that this server can actually vouch for that
# identifier
if id_url != openid_request.identity:
# Return an error response
error_response = ProtocolError(
openid_request.message, "This server cannot verify the URL %r" % (openid_request.identity,)
)
return displayResponse(request, error_response)
if openid_request.immediate:
# Always respond with 'cancel' to immediate mode requests
# because we don't track information about a logged-in user.
# If we did, then the answer would depend on whether that user
# had trusted the request's trust root and whether the user is
# even logged in.
openid_response = openid_request.answer(False)
return displayResponse(request, openid_response)
else:
# Store the incoming request object in the session so we can
# get to it later.
setRequest(request, openid_request)
return showDecidePage(request, openid_request)
def trustPage(request):
"""
Display the trust page template, which allows the user to decide
whether to approve the OpenID verification.
"""
return render(request, "server/trust.html", {"trust_handler_url": getViewURL(request, processTrustResult)})
def idPage(request):
"""
Serve the identity page for OpenID URLs.
"""
return render(request, "server/idPage.html", {"server_url": getViewURL(request, endpoint)})
def idpXrds(request):
"""
Respond to requests for the IDP's XRDS document, which is used in
IDP-driven identifier selection.
"""
return util.renderXRDS(request, [OPENID_IDP_2_0_TYPE], [getViewURL(request, endpoint)])
def getServer(request):
"""
Get a Server object to perform OpenID authentication.
"""
return Server(getOpenIDStore(), getViewURL(request, endpoint))
try:
# Stringify because template's ifequal can only compare to strings.
trust_root_valid = verifyReturnTo(trust_root, return_to) and "Valid" or "Invalid"
except DiscoveryFailure, err:
trust_root_valid = "DISCOVERY_FAILED"
except HTTPFetchingError, err:
trust_root_valid = "Unreachable"
pape_request = pape.Request.fromOpenIDRequest(openid_request)
return render(
request,
"server/trust.html",
{
"trust_root": trust_root,
"trust_handler_url": getViewURL(request, processTrustResult),
"trust_root_valid": trust_root_valid,
"pape_request": pape_request,
},
)
def processTrustResult(request):
"""
Handle the result of a trust decision and respond to the RP
accordingly.
"""
# Get the request from the session so we can construct the
# appropriate response.
openid_request = getRequest(request)
