def _do_gs_login(form, request): xrd_location = form.cleaned_data['xrd_provider'] request.session[S_LOCATION] = xrd_location # Now, if we provide a store # store = memstore.MemoryStore() # we get errors: # ERROR:root:Missing required parameter in response from ... # ('http://openid.net/signon/1.0', 'assoc_type') # https://github.com/jbufu/openid4java/issues/192 # gives a clue: perhaps the Genomespace operates in stateless mode? # If we construct our consumer with None for the store it will # operate only in stateless mode - and there are no errors oid_consumer = consumer.Consumer(request.session, None) try: xrd_url = AgrfFeedConfig.get_openid_server(xrd_location) oid_request = oid_consumer.begin(xrd_url) if oid_request is None: error_message = 'No OpenId Services found for %s' % xrd_location logging.error(error_message) messages.add_message(request, messages.ERROR, error_message) return HttpResponseRedirect('/') return redirect(oid_request.redirectURL(TRUST_ROOT, RETURN_TO_URL)) except consumer.DiscoveryFailure as exc: error_message = 'Error in discovery: %s' % (html.escape(str(exc))) logging.error(error_message) messages.add_message(request, messages.ERROR, error_message) return HttpResponseRedirect('/')
def verify_core(req): """This is the first phase of the OpenID login. We check the provided identifier, try to work out who we should ask about it, and redirect the user to the provider's site for their login process.""" # Set up the OpenID library session = Session.Session(req, timeout=60) global store if store is None: Logger.log.debug("Creating new store") server_options = req.get_options() store_path = os.path.join(server_options['wor.root_path'], "oid_store") store = filestore.FileOpenIDStore(store_path) oid_consumer = consumer.Consumer(session, store) # Get the user's account details that they provided if getattr(req, "form", None) is None: req.form = util.FieldStorage(req, True) account = req.form.getfirst("openid_identifier") # Look up the OAuth provider for this account try: request = oid_consumer.begin(account) except consumer.DiscoveryFailure, ex: raise
def render_GET(self, request): session = {} oidconsumer = consumer.Consumer(session, None) request = oidconsumer.begin(self.provider) request.addExtension(sreg.SRegRequest( required=['nickname', 'fullname', 'email', 'timezone'])) request.addExtension(teams.TeamsRequest(requested=self.groups)) request.addExtension(cla.CLARequest( requested=[cla.CLA_URI_FEDORA_DONE])) trust_root = self.root_url return_to = self.root_url + '_openid_handle/' if request.shouldSendRedirect(): redirect_url = request.redirectURL(trust_root, return_to, False) request.redirect(redirect_url) else: return request.htmlMarkup( trust_root, return_to, form_tag_attrs={'id': 'openid_message'}, immediate=False) try: request.finish() except RuntimeError: # this occurs when the client has already disconnected; ignore # it (see #2027) log.msg("http client disconnected before results were sent")
def _get_consumer(self, req, db): s = self._get_oidsession(req) if 'id' not in s: s['id'] = req.session.sid store = self._getStore(db) return consumer.Consumer(s, store), s
def startLogin(): c = consumer.Consumer({}, None) error = None try: auth_request = c.begin("https://www.google.com/accounts/o8/id") except DiscoveryFailure, e: error = "OpenID discovery error: %s" % (str(e), )
def get_openid_consumer(request, session): """Initialize an OpenID store for authenticating comments. @param request: Pyblosxom request object @param session: session @type session: instance of C{Session} @return: An instance of OpenIDConsumer @rtype: OpenID consumer store or C{None} """ config = request.getConfiguration() logger = tools.getLogger() store_dir = config.get('openid_store_dir') if store_dir is None: logger.error('You must define openid_store_dir in your ' 'config to enable OpenID comments.') return None try: store = filestore.FileOpenIDStore(store_dir) return openid.Consumer(session, store) except Exception: trace = traceback.format_exception(*sys.exc_info()) logger.error('Error initializing OpenID server:\n' + '\n'.join(trace)) return None
def login(self, username=None, password=None, return_url=None, cancel_url=None, groups=['_FAS_ALL_GROUPS_']): """Tries to log in a user. Sets the user information on :attr:`flask.g.fas_user`. Will set 0 to :attr:`flask.g.fas_session_id, for compatibility with flask_fas. :arg username: Not used, but accepted for compatibility with the flask_fas module :arg password: Not used, but accepted for compatibility with the flask_fas module :arg return_url: The URL to forward the user to after login :arg groups: A string or a list of group the user should belong to to be authentified. :returns: True if the user was succesfully authenticated. :raises: Might raise an redirect to the OpenID endpoint """ if return_url is None: if 'next' in flask.request.args.values(): return_url = flask.request.args.values['next'] else: return_url = flask.request.url oidconsumer = consumer.Consumer(flask.session, None) try: request = oidconsumer.begin(self.app.config['FAS_OPENID_ENDPOINT']) except consumer.DiscoveryFailure, exc: # VERY strange, as this means it could not discover an OpenID endpoint at FAS_OPENID_ENDPOINT return 'discoveryfailure'
def begin(self, request, data): try: openid_url = data['openid_url'].strip() except KeyError: messages.error(request, lang.FILL_OPENID_URL) raise Redirect('publicauth-login') # allow user to type openid provider without http:// prefix if not openid_url.startswith("http"): openid_url = "http://%s" % openid_url return_url = request.build_absolute_uri( reverse('publicauth-complete', args=[self.provider])) request.session['openid_return_to'] = return_url client = consumer.Consumer(request.session, None) try: openid_request = client.begin(openid_url) sreg_extra = [i for i in self.PROFILE_MAPPING] sreg = SRegRequest(required=sreg_extra) openid_request.addExtension(sreg) ax_msg = FetchRequest() for detail in self.PROFILE_MAPPING: ax_msg.add(AttrInfo(settings.AX_URIS[detail], required=True)) openid_request.addExtension(ax_msg) redirect_url = openid_request.redirectURL(realm='http://' + request.get_host(), return_to=return_url) raise Redirect(redirect_url) except discover.DiscoveryFailure: messages.error(request, _('Could not find OpenID server')) raise Redirect('publicauth-login')
def _handle_oidreturn(self): request = self.request _ = request.getText oidconsumer = consumer.Consumer(request.session, MoinOpenIDStore(request)) query = {} for key in request.values: query[key] = request.values[key] qstr = {'action': 'userprefs', 'handler': 'oid', 'oid.return': '1'} return_to = request.getQualifiedURL(request.page.url(request, qstr)) info = oidconsumer.complete(query, return_to) if info.status == consumer.FAILURE: return 'error', _('OpenID error: %s.') % info.message elif info.status == consumer.CANCEL: return 'info', _('Verification canceled.') elif info.status == consumer.SUCCESS: if not hasattr(self.request.user, 'openids'): request.user.openids = [] if info.identity_url in request.user.openids: return 'error', _("OpenID is already present.") if user.getUserIdByOpenId(request, info.identity_url): return 'error', _("This OpenID is already used for another account.") # all fine request.user.openids.append(info.identity_url) request.user.save() return 'info', _("OpenID added successfully.") else: return 'error', _('OpenID failure.')
def handle_openid_login_response(): conn = db.session.connection() consumer = openid.Consumer(session, None) info = consumer.complete(request.args, request.url) if info.status == openid.SUCCESS: openid_url = info.identity_url values = {} ax_resp = ax.FetchResponse.fromSuccessResponse(info) if ax_resp: attrs = { 'email': 'http://schema.openid.net/contact/email', 'name': 'http://schema.openid.net/namePerson/friendly', } for name, uri in attrs.items(): try: value = ax_resp.getSingle(uri) if value: values[name] = value except KeyError: pass account_id = lookup_account_id_by_openid(conn, openid_url) if not account_id: account_id, account_api_key = insert_account(conn, { 'name': 'OpenID User', 'openid': openid_url, }) logger.info("Successfuly identified OpenID user %s (%d) with email '%s' and nickname '%s'", openid_url, account_id, values.get('email', ''), values.get('name', '')) return login_user_and_redirect(account_id) elif info.status == openid.CANCEL: raise Exception('OpenID login has been canceled') else: raise Exception('OpenID login failed')
def request_access(self): log_debug = self.log_debug if log_debug: log.debug('Handling OpenID login') # Load default parameters that all Auth Responders take session['end_point_success'] = request.POST.get( 'end_point_success', self.config.get('oauth_success')) fail_uri = session['end_point_auth_failure'] = request.POST.get( 'end_point_auth_failure', self.config.get('oauth_failure')) openid_url = request.POST.get('openid_identifier') # Let inherited consumers alter the openid identifier if desired openid_url = self._lookup_identifier(openid_url) if not openid_url or (self.endpoint_regex and not re.match(self.endpoint_regex, end_point)): return redirect(fail_uri) openid_session = {} oidconsumer = consumer.Consumer(openid_session, self.openid_store, self.consumer_class) try: authrequest = oidconsumer.begin(openid_url) except consumer.DiscoveryFailure, exc: log.error("openid discovery failure: %s", exc) return redirect(fail_uri)
def _finish_verification(request): """ Complete OpenID Verification Process. If the verification failed, will return false, otherwise, will return the response """ c = consumer.Consumer(request.session, SQLAlchemyOpenIDStore()) # Check the response from the provider response = c.complete(request.args, request.base_url) if response.status == consumer.FAILURE: messages.add_message( request, messages.WARNING, _('Verification of %s failed: %s' % (response.getDisplayIdentifier(), response.message))) elif response.status == consumer.SUCCESS: # Verification was successfull return response elif response.status == consumer.CANCEL: # Verification canceled messages.add_message(request, messages.WARNING, _('Verification cancelled')) return False
def start(request, identifier): if not openid: return {} oidconsumer = consumer.Consumer(request.session, __get_store()) try: auth_request = oidconsumer.begin(identifier) except consumer.DiscoveryFailure as exc: return {'msg': _('OpenID authentication failed')} else: if auth_request is None: return {'msg': _('No OpenID services found for %s') % identifier} else: trust_root = settings.BASE_URL + '/' if request.is_secure(): trust_root = trust_root.replace('http://', 'https://') return_to = request.build_absolute_uri() if auth_request.shouldSendRedirect(): redirect_url = auth_request.redirectURL(trust_root, return_to, immediate=False) return {'res': HttpResponseRedirect(redirect_url)} else: form_html = auth_request.htmlMarkup( trust_root, return_to, form_tag_attrs={'id': 'openid_message'}, immediate=False) return {'res': HttpResponse(form_html)}
def _handle_openid_login_response(self, req, errors): consumer = openid.Consumer(self.session, None) info = consumer.complete(req.args, self.login_url) if info.status == openid.SUCCESS: openid_url = info.identity_url values = {} ax_resp = ax.FetchResponse.fromSuccessResponse(info) if ax_resp: attrs = { 'email': 'http://schema.openid.net/contact/email', 'name': 'http://schema.openid.net/namePerson/friendly', } for name, uri in attrs.iteritems(): try: value = ax_resp.getSingle(uri) if value: values[name] = value except KeyError: pass account_id = lookup_account_id_by_openid(self.conn, openid_url) if not account_id: account_id = insert_account(self.conn, { 'name': 'OpenID User', 'openid': openid_url, }) logger.info("Successfuly identified OpenID user %s (%d) with email '%s' and nickname '%s'", openid_url, account_id, values.get('email', ''), values.get('name', '')) self.session['id'] = account_id elif info.status == openid.CANCEL: errors.append('OpenID verification has been canceled') else: errors.append('OpenID verification failed')
def _handle_openid_request(self): return_url = flask.session['FLASK_FAS_OPENID_RETURN_URL'] cancel_url = flask.session['FLASK_FAS_OPENID_CANCEL_URL'] oidconsumer = consumer.Consumer(flask.session, None) info = oidconsumer.complete(flask.request.values, flask.request.base_url) display_identifier = info.getDisplayIdentifier() if info.status == consumer.FAILURE and display_identifier: return 'FAILURE. display_identifier: %s' % display_identifier elif info.status == consumer.CANCEL: if cancel_url: return flask.redirect(cancel_url) return 'OpenID request was cancelled' elif info.status == consumer.SUCCESS: sreg_resp = sreg.SRegResponse.fromSuccessResponse(info) pape_resp = pape.Response.fromSuccessResponse(info) teams_resp = teams.TeamsResponse.fromSuccessResponse(info) cla_resp = cla.CLAResponse.fromSuccessResponse(info) user = dict() user['username'] = sreg_resp.get('nickname') user['fullname'] = sreg_resp.get('fullname') user['email'] = sreg_resp.get('email') user['timezone'] = sreg_resp.get('timezone') #user['locale'] = sreg_resp.get('LOCALE') user['cla_done'] = cla.CLA_URI_FEDORA_DONE in cla_resp.clas user[ 'groups'] = teams_resp.teams # The groups do not contain the cla_ groups flask.session['FLASK_FAS_OPENID_USER'] = user flask.session.modified = True return flask.redirect(return_url) else: return 'Strange state: %s' % info.status
def _get_response(req): """ Constructs the response returned from the OpenID provider @param req: request @type req: invenio.webinterface_handler_wsgi.SimulatedModPythonRequest """ from invenio.webinterface_handler import wash_urlargd from openid.consumer import consumer content = {} for key in req.form.keys(): content[key] = (str, '') args = wash_urlargd(req.form, content) if args.has_key('ln'): del args['ln'] if args.has_key('referer'): if not args['referer']: del args['referer'] oidconsumer = consumer.Consumer({"id": get_session(req)}, None) url = CFG_SITE_SECURE_URL + "/youraccount/login" req.g['openid_provider_name'] = args['provider'] req.g['openid_response'] = oidconsumer.complete(args, url)
def _get_consumer(self, environ): session = environ[self.session_middleware] session['id'] = session.id oidconsumer = consumer.Consumer(session, self.store) oidconsumer.consumer.openid1_nonce_query_arg_name = 'passurl_nonce' session.save() return oidconsumer
def finish(self, **args): oidconsumer = consumer.Consumer(dict(), None) info = oidconsumer.complete(cherrypy.request.params, cherrypy.url()) display_identifier = info.getDisplayIdentifier() if info.status == consumer.FAILURE and display_identifier: return 'ERROR:Verification of %s failed: %s' % ( display_identifier, info.message) elif info.status == consumer.CANCEL: return 'ERROR: Cancelled' elif info.status == consumer.SUCCESS: username = pwd.getpwuid(os.getuid())[0] expected_identifier = 'https://127.0.0.10:45080/idp1/openid/' + \ 'id/%s/' % username if expected_identifier != display_identifier: return 'ERROR: Wrong id returned: %s != %s' % ( expected_identifier, display_identifier) if self.extensions: sreg_resp = sreg.SRegResponse.fromSuccessResponse(info) teams_resp = teams.TeamsResponse.fromSuccessResponse(info) ax_resp = ax.FetchResponse.fromSuccessResponse(info) if sreg_resp is None: return 'ERROR: No sreg!' elif teams_resp is None: return 'ERROR: No teams!' elif ax_resp is None: return 'ERROR: No AX!' # Check values expected_name = 'Test User %s' % username expected_email = '*****@*****.**' % username ax_name = ax_resp.data[ 'http://schema.openid.net/namePerson'][0] sreg_email = sreg_resp.data['email'] if ax_name != expected_name: return 'ERROR: Wrong name returned: %s != %s' % ( expected_name, ax_name) if sreg_email != expected_email: return 'ERROR: Wrong email returned: %s != %s' % ( expected_email, sreg_email) if username not in teams_resp.teams: return 'ERROR: User not in self-named group (%s not ' + \ 'in %s)' %\ (username, teams_resp.teams) if self.extensions: return 'SUCCESS, WITH EXTENSIONS' else: return 'SUCCESS, WITHOUT EXTENSIONS' else: return 'ERROR: Strange error: %s' % info.message
def index(self, extensions): self.extensions = extensions == 'YES' oidconsumer = consumer.Consumer(dict(), None) try: request = oidconsumer.begin('https://127.0.0.10:45080/idp1/') except Exception as ex: return 'ERROR: %s' % ex if request is None: return 'ERROR: No request' # Attach extensions here if self.extensions: request.addExtension(sreg.SRegRequest( required=['nickname', 'email', 'timezone'])) ax_req = ax.FetchRequest() ax_req_name = ax.AttrInfo('http://schema.openid.net/namePerson') ax_req.add(ax_req_name) request.addExtension(ax_req) username = pwd.getpwuid(os.getuid())[0] request.addExtension(teams.TeamsRequest(requested=[username])) # Build and send final request trust_root = cherrypy.url() return_to = trust_root + 'finish' if request.shouldSendRedirect(): redirect_url = request.redirectURL( trust_root, return_to) raise cherrypy.HTTPRedirect(redirect_url) else: return request.htmlMarkup( trust_root, return_to)
def handle_openid_login_request(): openid_url = request.form['openid_identifier'] try: consumer = openid.Consumer(session, None) openid_req = consumer.begin(openid_url) except openid.DiscoveryFailure: logger.exception('Error in OpenID discovery') raise else: if openid_req is None: raise Exception('No OpenID services found for the given URL') else: ax_req = ax.FetchRequest() ax_req.add( ax.AttrInfo('http://schema.openid.net/contact/email', alias='email')) ax_req.add( ax.AttrInfo('http://axschema.org/namePerson/friendly', alias='nickname')) openid_req.addExtension(ax_req) url = openid_req.redirectURL( get_openid_realm(), url_for('.openid_login', return_url=request.values.get('return_url'), _external=True)) return redirect(url) raise Exception('OpenID login failed')
def _handle_openid_request(self): """ Code actually handling the openid requests. """ return_url = flask.session.get('FLASK_FAS_OPENID_RETURN_URL', None) cancel_url = flask.session.get('FLASK_FAS_OPENID_CANCEL_URL', None) base_url = self.normalize_url(flask.request.base_url) oidconsumer = consumer.Consumer(flask.session, None) info = oidconsumer.complete(flask.request.values, base_url) display_identifier = info.getDisplayIdentifier() if info.status == consumer.FAILURE and display_identifier: return 'FAILURE. display_identifier: %s' % display_identifier elif info.status == consumer.CANCEL: if cancel_url: return flask.redirect(cancel_url) return 'OpenID request was cancelled' elif info.status == consumer.SUCCESS: sreg_resp = sreg.SRegResponse.fromSuccessResponse(info) teams_resp = teams.TeamsResponse.fromSuccessResponse(info) cla_resp = cla.CLAResponse.fromSuccessResponse(info) ax_resp = ax.FetchResponse.fromSuccessResponse(info) user = { 'fullname': '', 'username': '', 'email': '', 'timezone': '', 'cla_done': False, 'groups': [] } if not sreg_resp: # If we have no basic info, be gone with them! return flask.redirect(cancel_url) user['username'] = sreg_resp.get('nickname') user['fullname'] = sreg_resp.get('fullname') user['email'] = sreg_resp.get('email') user['timezone'] = sreg_resp.get('timezone') user['login_time'] = datetime.datetime.utcnow() if cla_resp: user['cla_done'] = cla.CLA_URI_FEDORA_DONE in cla_resp.clas if teams_resp: # The groups do not contain the cla_ groups user['groups'] = frozenset(teams_resp.teams) if ax_resp: ssh_keys = ax_resp.get( 'http://fedoauth.org/openid/schema/SSH/key') if isinstance(ssh_keys, (list, tuple)): ssh_keys = '\n'.join(ssh_key for ssh_key in ssh_keys if ssh_key.strip()) if ssh_keys: user['ssh_key'] = ssh_keys flask.session['FLASK_FAS_OPENID_USER'] = user flask.session.modified = True if self.postlogin_func is not None: self._check_session() return self.postlogin_func(return_url) else: return flask.redirect(return_url) else: return 'Strange state: %s' % info.status
def login(self, return_url=None, cancel_url=None, groups=None): """Tries to log in a user. Sets the user information on :attr:`flask.g.fas_user`. Will set 0 to :attr:`flask.g.fas_session_id, for compatibility with flask_fas. :kwarg username: Not used, but accepted for compatibility with the flask_fas module :kwarg password: Not used, but accepted for compatibility with the flask_fas module :kwarg return_url: The URL to forward the user to after login :kwarg groups: A string or a list of group the user should belong to to be authentified. :returns: True if the user was succesfully authenticated. :raises: Might raise an redirect to the OpenID endpoint """ if groups is None: groups = ['_FAS_ALL_GROUPS_'] if return_url is None: return_url = flask.request.args.get('next', flask.request.url) session = {} oidconsumer = consumer.Consumer(session, None) try: request = oidconsumer.begin(self.app.config['FAS_OPENID_ENDPOINT']) except consumer.DiscoveryFailure: # VERY strange, as this means it could not discover an OpenID # endpoint at FAS_OPENID_ENDPOINT return 'discoveryfailure' if request is None: # Also very strange, as this means the discovered OpenID # endpoint is no OpenID endpoint return 'no-request' if isinstance(groups, basestring): groups = [groups] request.addExtension( sreg.SRegRequest( required=['nickname', 'fullname', 'email', 'timezone'])) request.addExtension(pape.Request([])) request.addExtension(teams.TeamsRequest(requested=groups)) request.addExtension( cla.CLARequest(requested=[cla.CLA_URI_FEDORA_DONE])) trust_root = self.normalize_url(flask.request.url_root) return_to = trust_root + '_flask_fas_openid_handler/' flask.session['FLASK_FAS_OPENID_RETURN_URL'] = return_url flask.session['FLASK_FAS_OPENID_CANCEL_URL'] = cancel_url if request.shouldSendRedirect(): redirect_url = request.redirectURL(trust_root, return_to, False) return flask.redirect(redirect_url) else: return request.htmlMarkup(trust_root, return_to, form_tag_attrs={'id': 'openid_message'}, immediate=False)
def main(): #create a base consumer object oidconsumer = consumer.Consumer({}, None) #create return to url url = "http://%s/complete.py" % (os.environ['HTTP_HOST']) #print page content type print 'Content-Type: text/plain' print '' #parse query string parameters into dictionary params = {} string_split = [s for s in os.environ['QUERY_STRING'].split('&') if s] for item in string_split: key, value = item.split('=') params[key] = urllib.unquote(value) #complete OpenID authentication and get identifier info = oidconsumer.complete(params, url) display_identifier = info.getDisplayIdentifier() #get simple registration and pape extension responses sreg_resp = sreg.SRegResponse.fromSuccessResponse(info) pape_resp = pape.Response.fromSuccessResponse(info) #build attribute exchange response object ax_response = ax.FetchResponse.fromSuccessResponse(info) if ax_response: ax_items = { 'email': ax_response.get('http://axschema.org/contact/email'), 'fullname': ax_response.get('http://axschema.org/namePerson'), 'gender': ax_response.get('http://axschema.org/person/gender'), 'picture': ax_response.get('http://axschema.org/media/image/default') } print ax_items #print all OpenID responses print display_identifier if sreg_resp is not None: print sreg_resp if pape_resp is not None: print pape_resp if info.status == consumer.FAILURE and display_identifier: message = "Verification failed" elif info.status == consumer.SUCCESS: message = 'Success' elif info.status == consumer.CANCEL: message = 'Verification cancelled' elif info.status == consumer.SETUP_NEEDED: message = 'Setup needed' else: message = 'Verification failed.' print message
def get_openid_request(openid_url): """ リダイレクト先URLとconsumerオブジェクトを返す """ # consumerオブジェクトを作ってリダイレクト先を取得 c = consumer.Consumer({}, FileOpenIDStore(settings.OPENID_STORE_DIR)) req = c.begin(openid_url) return req.redirectURL(get_openid_realm(), get_openid_verify_url()), c
def _get_consumer(self, req): s = self._get_session(req) if 'id' not in s: s['id'] = req.session.sid db = self.env.get_db_cnx() store = self._getStore(db) return consumer.Consumer(s, store), s
def confirm_openid(request, openid_id): session = {'id': request.session.session_key} current_url = settings.SITE_URL + request.path oidutil.log = openid_logging openid_consumer = consumer.Consumer(session, DjangoOpenIDStore()) if request.method == 'POST': info = openid_consumer.complete(request.POST, current_url) else: info = openid_consumer.complete(request.GET, current_url) if info.status == consumer.FAILURE: return render_to_response('account/openid_confirmationfailed.html', {'message': info.message}, context_instance=RequestContext(request)) elif info.status == consumer.CANCEL: return render_to_response('account/openid_confirmationfailed.html', {'message': '(cancelled by user)'}, context_instance=RequestContext(request)) elif info.status != consumer.SUCCESS: return render_to_response('account/openid_confirmationfailed.html', {'message': '(unknown verification error)'}, context_instance=RequestContext(request)) try: unconfirmed = UnconfirmedOpenId.objects.get(id=openid_id, user=request.user) except UnconfirmedOpenId.DoesNotExist: return render_to_response( 'account/openid_confirmationfailed.html', {'message': 'ID %s not found in the database.' % openid_id}, context_instance=RequestContext(request)) # TODO: check for a reasonable expiration time confirmed = ConfirmedOpenId() confirmed.user = unconfirmed.user confirmed.ip_address = request.META['REMOTE_ADDR'] confirmed.openid = unconfirmed.openid confirmed.save() unconfirmed.delete() # if there's a single image in this user's profile, assign it to the new email photos = confirmed.user.photos if photos.count() == 1: confirmed.set_photo(photos.get()) # Also allow user to login using this OpenID (if not taken already) if not UserOpenID.objects.filter(claimed_id=confirmed.openid).exists(): user_openid = UserOpenID() user_openid.user = request.user user_openid.claimed_id = confirmed.openid user_openid.display_id = confirmed.openid user_openid.save() return HttpResponseRedirect(reverse('libravatar.account.views.profile'))
def start_openid_auth(provider): oid_consumer = consumer.Consumer(session, None) oid_request = oid_consumer.begin(provider) user_data_request = sreg.SRegRequest(required=['email', 'fullname']) oid_request.addExtension(user_data_request) return_to = url_for('auth.signed_in', _external=True) return oid_request.redirectURL(request.url_root, return_to=return_to)
def handleOpenIdResponse(self, args): c = consumer.Consumer({}, AppEngineOpenIDStore()) result = c.complete(args, self.server_url(self.requestPath())) if result.status == consumer.SUCCESS: ax_response = ax.FetchResponse.fromSuccessResponse(result) self.handleSuccess(result.identity_url, ax_response) else: # NOTE(mzero): generally result.status == consumer.FAILURE self.handleFailure(result.message)
def login(self, request): log_debug = self.log_debug if log_debug: log.debug('Handling OpenID login') # Load default parameters that all Auth Responders take openid_url = request.params.get('openid_identifier') # Let inherited consumers alter the openid identifier if desired openid_url = self._lookup_identifier(request, openid_url) if not openid_url: log.error('Velruse: no openid_url') raise MissingParameter('No openid_identifier was found') openid_session = {} oidconsumer = consumer.Consumer(openid_session, self.openid_store) try: if log_debug: log.debug('About to try OpenID begin') authrequest = oidconsumer.begin(openid_url) except consumer.DiscoveryFailure: if log_debug: log.debug('OpenID begin DiscoveryFailure') raise if authrequest is None: if log_debug: log.debug('OpenID begin returned empty') raise ThirdPartyFailure("OpenID begin returned nothing") if log_debug: log.debug('Updating authrequest') # Update the authrequest self._update_authrequest(request, authrequest) return_to = request.route_url(self.process_url) # OpenID 2.0 lets Providers request POST instead of redirect, this # checks for such a request. if authrequest.shouldSendRedirect(): if log_debug: log.debug('About to initiate OpenID redirect') redirect_url = authrequest.redirectURL(realm=self.realm, return_to=return_to, immediate=False) request.session['openid_session'] = openid_session return HTTPFound(location=redirect_url) else: if log_debug: log.debug('About to initiate OpenID POST') html = authrequest.htmlMarkup( realm=self.realm, return_to=return_to, immediate=False) request.session['openid_session'] = openid_session return Response(body=html)
def auth_login(request): oidconsumer = consumer.Consumer(dict(request.session), None) openid_request = oidconsumer.begin(u'http://ru.wargaming.net/id/openid/') trust_root = 'http://%s' % request.META['HTTP_HOST'] return_to = '%s%s' % (trust_root, reverse('auth_callback')) redirect_to = openid_request.redirectURL(trust_root, return_to, immediate=False) return HttpResponseRedirect(redirect_to)