def init_user(self, new_user_metadata):
""" Check there is a user in the database, and initialise one if not.
If there are pending permission requests, initialise them too.
Callsback with an object with user details.
"""
logging.debug("IndxOpenID, init_user")
return_d = Deferred()
user = IndxUser(self.db, self.uri)
def info_cb(user_metadata):
logging.debug(
"IndxOpenID, init_user, info_cb user_metadata: {0}".format(
user_metadata))
if user_metadata is None:
# user does not exist: create a new user in the table now, with empty password hash
def connected_cb(conn):
user_metadata_json = json.dumps(new_user_metadata)
insert_q = "INSERT INTO tbl_users (username, username_type, password_hash, password_encrypted, user_metadata_json) VALUES (%s, %s, %s, %s, %s)"
insert_p = [self.uri, "openid", "", "", user_metadata_json]
def inserted_d(empty):
logging.debug(
"IndxOpenID, init_user, connected_d, query_d, inserted_d"
)
def generated_cb(empty):
logging.debug(
"IndxOpenID, init_user, connected_d, query_d, inserted_d, generated_cb"
)
user.get_user_info(decode_json=False).addCallbacks(
return_d.callback, return_d.errback)
user.generate_encryption_keys().addCallbacks(
generated_cb, return_d.errback)
conn.runOperation(insert_q, insert_p).addCallbacks(
inserted_d, return_d.errback)
self.db.connect_indx_db().addCallbacks(connected_cb,
return_d.errback)
else:
# user already exists, no init required here
return_d.callback(user_metadata)
user.get_user_info(decode_json=False).addCallbacks(
info_cb, return_d.errback)
return return_d
def auth_whoami(self, request, token):
wbSession = self.get_session(request)
logging.debug('auth whoami ' + repr(wbSession))
user = IndxUser(self.database, wbSession.username)
def info_cb(user_info):
if user_info is None:
user_info = {}
# add our username and is_authenticated information
if 'username' not in user_info:
user_info['username'] = wbSession and wbSession.username or 'nobody'
user_info['is_authenticated'] = wbSession and wbSession.is_authenticated
self.return_ok(request, user_info)
# don't decode the user_metadata string, leave as a json string
user.get_user_info(decode_json = False).addCallbacks(info_cb, lambda failure: self.return_internal_error(request))
def auth_whoami(self, request, token):
wbSession = self.get_session(request)
logging.debug('auth whoami ' + repr(wbSession))
user = IndxUser(self.database, wbSession.username)
def info_cb(user_info):
if user_info is None:
user_info = {}
# add our username and is_authenticated information
if 'username' not in user_info:
user_info['username'] = wbSession and wbSession.username or 'nobody'
user_info['is_authenticated'] = wbSession and wbSession.is_authenticated
self.return_ok(request, user_info)
# don't decode the user_metadata string, leave as a json string
user.get_user_info(decode_json = False).addCallbacks(info_cb, lambda failure: self.return_internal_error(request))
def init_user(self, new_user_metadata):
""" Check there is a user in the database, and initialise one if not.
If there are pending permission requests, initialise them too.
Callsback with an object with user details.
"""
logging.debug("IndxOpenID, init_user")
return_d = Deferred()
user = IndxUser(self.db, self.uri)
def info_cb(user_metadata):
logging.debug("IndxOpenID, init_user, info_cb user_metadata: {0}".format(user_metadata))
if user_metadata is None:
# user does not exist: create a new user in the table now, with empty password hash
def connected_cb(conn):
user_metadata_json = json.dumps(new_user_metadata)
insert_q = "INSERT INTO tbl_users (username, username_type, password_hash, password_encrypted, user_metadata_json) VALUES (%s, %s, %s, %s, %s)"
insert_p = [self.uri, "openid", "", "", user_metadata_json]
def inserted_d(empty):
logging.debug("IndxOpenID, init_user, connected_d, query_d, inserted_d")
def generated_cb(empty):
logging.debug("IndxOpenID, init_user, connected_d, query_d, inserted_d, generated_cb")
user.get_user_info(decode_json = False).addCallbacks(return_d.callback, return_d.errback)
user.generate_encryption_keys().addCallbacks(generated_cb, return_d.errback)
conn.runOperation(insert_q, insert_p).addCallbacks(inserted_d, return_d.errback)
self.db.connect_indx_db().addCallbacks(connected_cb, return_d.errback)
else:
# user already exists, no init required here
return_d.callback(user_metadata)
user.get_user_info(decode_json = False).addCallbacks(info_cb, return_d.errback)
return return_d
def login_openid(self, request, token):
""" Verify an OpenID identity. """
wbSession = self.get_session(request)
identity = self.get_arg(request, "identity")
if identity is None:
logging.error("login_openid error, identity is None, returning bad request.")
return self.return_bad_request(request, "You must specify an 'identity' in the GET/POST query parameters.")
redirect = self.get_arg(request, "redirect")
wbSession.set_openid_redirect(redirect)
if redirect is None:
logging.error("login_openid error, redirect is None, returning bad request.")
return self.return_bad_request(request, "You must specify a 'redirect' in the GET/POST query parameters.")
def post_user_info(request_user_metadata):
logging.debug("login_openid post_user_info, request_user_metadata: {0}".format(request_user_metadata))
oid_consumer = consumer.Consumer(self.get_openid_session(request), self.store)
try:
oid_req = oid_consumer.begin(identity)
if request_user_metadata:
# SReg speaks this protocol: http://openid.net/specs/openid-simple-registration-extension-1_1-01.html
# and tries to request additional metadata about this OpenID identity
sreg_req = sreg.SRegRequest(required=['fullname','nickname','email'], optional=[])
oid_req.addExtension(sreg_req)
# AX speaks this protocol: http://openid.net/specs/openid-attribute-exchange-1_0.html
# and tries to get more attributes (by URI), we request some of the more common ones
ax_req = ax.FetchRequest()
for uri in self.AX_URIS:
ax_req.add(ax.AttrInfo(uri, required = True))
oid_req.addExtension(ax_req)
except consumer.DiscoveryFailure as exc:
logging.error("Error in login_openid: {0}".format(exc))
self._send_openid_redirect(request, {"status": 401, "message": "Unauthorized"})
return
else:
if oid_req is None:
logging.error("Error in login_openid: no OpenID services found for: {0}".format(identity))
self._send_openid_redirect(request, {"status": 401, "message": "Unauthorized"})
return
else:
trust_root = self.webserver.server_url
return_to = appendArgs(trust_root + "/" + self.base_path + "/openid_process", {})
logging.debug("OpenID, had oid_req, trust_root: {0}, return_to: {1}, oid_req: {2}".format(trust_root, return_to, oid_req))
redirect_url = oid_req.redirectURL(trust_root, return_to)
request.setHeader("Location", redirect_url)
request.setResponseCode(302, "Found")
request.finish()
return
user = IndxUser(self.database, identity)
user.get_user_info().addCallbacks(lambda user_info: post_user_info(user_info is None), lambda failure: self.return_internal_error(request))
# if user_info is None, then request_user_metadata = True
return
def login_openid(self, request, token):
""" Verify an OpenID identity. """
wbSession = self.get_session(request)
identity = self.get_arg(request, "identity")
if identity is None:
logging.error(
"login_openid error, identity is None, returning bad request.")
return self.return_bad_request(
request,
"You must specify an 'identity' in the GET/POST query parameters."
)
redirect = self.get_arg(request, "redirect")
wbSession.set_openid_redirect(redirect)
if redirect is None:
logging.error(
"login_openid error, redirect is None, returning bad request.")
return self.return_bad_request(
request,
"You must specify a 'redirect' in the GET/POST query parameters."
)
def post_user_info(request_user_metadata):
logging.debug(
"login_openid post_user_info, request_user_metadata: {0}".
format(request_user_metadata))
oid_consumer = consumer.Consumer(self.get_openid_session(request),
self.store)
try:
oid_req = oid_consumer.begin(identity)
if request_user_metadata:
# SReg speaks this protocol: http://openid.net/specs/openid-simple-registration-extension-1_1-01.html
# and tries to request additional metadata about this OpenID identity
sreg_req = sreg.SRegRequest(
required=['fullname', 'nickname', 'email'],
optional=[])
oid_req.addExtension(sreg_req)
# AX speaks this protocol: http://openid.net/specs/openid-attribute-exchange-1_0.html
# and tries to get more attributes (by URI), we request some of the more common ones
ax_req = ax.FetchRequest()
for uri in self.AX_URIS:
ax_req.add(ax.AttrInfo(uri, required=True))
oid_req.addExtension(ax_req)
except consumer.DiscoveryFailure as exc:
logging.error("Error in login_openid: {0}".format(exc))
self._send_openid_redirect(request, {
"status": 401,
"message": "Unauthorized"
})
return
else:
if oid_req is None:
logging.error(
"Error in login_openid: no OpenID services found for: {0}"
.format(identity))
self._send_openid_redirect(request, {
"status": 401,
"message": "Unauthorized"
})
return
else:
trust_root = self.webserver.server_url
return_to = appendArgs(
trust_root + "/" + self.base_path + "/openid_process",
{})
logging.debug(
"OpenID, had oid_req, trust_root: {0}, return_to: {1}, oid_req: {2}"
.format(trust_root, return_to, oid_req))
redirect_url = oid_req.redirectURL(trust_root, return_to)
request.setHeader("Location", redirect_url)
request.setResponseCode(302, "Found")
request.finish()
return
user = IndxUser(self.database, identity)
user.get_user_info().addCallbacks(
lambda user_info: post_user_info(user_info is None),
lambda failure: self.return_internal_error(request))
# if user_info is None, then request_user_metadata = True
return