def get_storage(config, type='oidstorage'):
# loading provided storages
from oidserver.storage.memory import MemoryStorage
OIDStorage.register(MemoryStorage)
try:
from oidserver.storage._redis import RedisStorage
OIDStorage.register(RedisStorage)
except ImportError, ex:
logger.warn("Could not import redis. Has it been installed? [%s]" % ex)
pass
def check_cert(self, uid, cert_info, acceptible = None):
address_info = None
if 'id' not in cert_info:
logger.error("No email address found in certificate")
return (False, address_info)
address_info = self.app.storage.get_address_info(uid,
cert_info.get('id'))
if address_info is None:
logger.warn("No address info for certificate id %s, uid: %s " %
(cert_info.get('id'), uid))
return (False, address_info)
if acceptible is None:
acceptible = ('verified')
if address_info.get('state', None) not in acceptible:
logger.warn("Email address is not in acceptible states %s.",
acceptible)
return (False, address_info)
return (True, address_info)
def refresh_certificate(self, request, **kw):
""" Refresh a given's certificate """
jws = JWS(config = self.app.config)
error = None
response = None
(content_type, template) = self.get_template_from_request(request)
uid = self.get_session_uid(request)
pub_key = request.params.get('pubkey')
if pub_key is None:
logger.warn("Request missing pubkey argument")
raise HTTPBadRequest()
try:
cert_info = jws.parse(request.params.get('certificate', None))
if cert_info is None:
logger.error('Certificat information missing from request')
raise HTTPBadRequest()
except JWSException, ex:
logger.error('Could not parse JWS object: %s ' % str(ex))
raise HTTPBadRequest()
def get_certificate(self, request, **kw):
response = None
error = None
(content_type, template) = self.get_template_from_request(request,
html_template = 'register_cert')
pub_key = request.params.get('pubkey', None)
email = request.params.get('id', None)
uid = self.get_session_uid(request)
if email is None or pub_key is None:
logger.warn('get_cerficate is missing required data')
error = self.error_codes.get('INVALID')
elif email not in self.app.storage.get_addresses(uid, 'verified'):
logger.warn('get_certificate passed an unverified email')
error = self.error_codes.get('INVALID')
else:
response = {'certificate': self.gen_certificate(email,
pub_key),
'callbackUrl': self.gen_callback_url(uid, email)}
body = template.render(request = request,
response = response,
config = self.app.config,
error = error,
callback = "navigator.id.registerVerifiedEmailCertificate")
return Response(str(body), content_type = content_type)
def manage_email(self, request, **kw):
(content_type, template) = self.get_template_from_request(request,
html_template = 'confirm_email_notice')
if not self.is_internal(request):
raise HTTPForbidden()
uid = self.get_uid(request, strict = False)
email = request.params.get('email', '')
if not uid:
logger.warn("Invalid request, no uid")
return HTTPBadRequest()
if not email:
logger.warn("Malformed, manage request, no email")
return HTTPBadRequest()
if 'act' in request.params:
if '@' not in email:
email = unquote(email)
action = request.params.get('act').lower()
user = self.app.storage.get_user_info(uid)
if action == 'add':
if self.send_validate_email(uid, email):
body = template.render(request = request,
config = self.app.config,
user = user,
email = email)
return Response(str(body),
content_type = content_type)
elif action == 'del':
type = request.params.get('type', None)
error = False
if not type:
logger.warn("Malformed, missing type")
return HTTPBadRequest()
if type.lower() == 'unv':
if not self.app.storage.remove_email(uid,
email = email,
state = 'pending'):
error = True
elif type.lower() == 'reg':
#For now, don't allow users to remove their verified
# primary email
if email.lower() == user.get('primary', '').lower():
return HTTPBadRequest()
if not self.app.storage.remove_email(uid,
email = email,
state = 'verified'):
error = True
if error:
body = template.render(request = request,
config = self.app.config,
email = email,
user = user,
error = self.error_codes('INVALID'))
else:
body = template.render(request = request,
config = self.app.config,
user = user,
email = email)
return Response(str(body), content_type = content_type)
return HTTPBadRequest()
user_info = self.app.storage.get_user_info(uid)
raise HTTPFound(location = "%s/%s" %
(self.app.config.get('oid.login_host', 'https://localhost'),
quote(user_info.get('pemail'))))
def login(self, request, extra = {}, **kw):
""" Log a user into the ID server
"""
response = {}
error = {}
uid = None
email = None
storage = self.app.storage
if not self.is_internal(request):
raise HTTPForbidden()
(content_type, template) = self.get_template_from_request(request,
html_template = 'login')
# User is not logged in or the association is not present.
if (len(request.POST.get('id', '')) and
len(request.POST.get('password', ''))):
email = request.POST['id']
password = request.POST['password']
try:
username = extract_username(email)
except UnicodeError:
# Log the invalid username for diagnostics ()
logger.warn('Invalid username specified: %s (%s) '
% (email, username))
raise HTTPBadRequest()
# user normalization complete, check to see if we know this
# person
uid = self.app.auth.backend.authenticate_user(username,
password)
if uid is None:
error = self.error_codes.get('LOGIN_ERROR')
logger.debug('Login failed for %s ' % email)
body = template.render(error = error,
response = response,
extra = extra,
request = request,
config = self.app.config)
response = Response(str(body), content_type = content_type)
logger.debug('Nuking session cookie')
response.delete_cookie('beaker.session.uid')
try:
del request.environ['beaker.session']['uid']
except KeyError:
pass
return response
logger.debug('setting uid to %s' % uid)
request.environ['beaker.session']['uid'] = uid
# if this is an email validation, skip to that.
if 'validate' in request.params:
return self.validate(request)
# Attempt to get the uid.
if not email:
email = request.params.get('id', None)
if uid is None:
logger.debug('attempting to get uid')
uid = self.get_uid(request, strict = False)
if uid is None:
logger.debug('no uid present')
# Presume that this is the first time in.
# Display the login page for HTML only
body = template.render(error = error,
response = response,
config = self.app.config,
extra = extra,
request = request)
response = Response(str(body), content_type = content_type)
response.delete_cookie('beaker.session.uid')
return response
# Ok, got a UID, so let's get the user info
user = storage.get_user_info(uid)
if user is None:
user = storage.create_user(uid, email)
if email:
if email not in user.get('emails', []):
self.send_validate_email(uid, email)
if (len(request.params.get('audience', ''))):
return self.registered_emails(request)
location = "%s/%s" % (self.app.config.get('oid.login_host',
'localhost'),
quote(email))
else:
del (request.environ['beaker.session']['uid'])
location = "%s/%s/login" % (self.app.config.get('oid.login_host',
'localhost'),
VERSION)
logger.debug('Sending user to admin page %s' % location)
raise HTTPFound(location = location)
@abc.abstractmethod
def get_validation_token(self, uid, email):
""" Fetch out a validation token for a specific uid/email """
@abc.abstractmethod
def remove_email(self, uid, email, state):
""" remove an email from a user """
def get_storage(config, type='oidstorage'):
# loading provided storages
from oidserver.storage.memory import MemoryStorage
OIDStorage.register(MemoryStorage)
try:
from oidserver.storage._redis import RedisStorage
OIDStorage.register(RedisStorage)
except ImportError, ex:
logger.warn("Could not import redis. Has it been installed? [%s]" % ex)
pass
try:
from oidserver.storage.mongo import MongoStorage
OIDStorage.register(MongoStorage)
except ImportError, ex:
logger.warn("Could not import mongo. Has it been installed? [%s]" %
ex)
pass
return OIDStorage.get_from_config(config, 'oidstorage')