def _resp(self, request, userdata): req = ax.FetchRequest.fromOpenIDRequest(request) if req is None: return None resp = ax.FetchResponse(req) for name in req.requested_attributes: attr = req.requested_attributes[name] try: self.debug(name) value = None if name in AP_MAP: value = userdata[AP_MAP[name]] else: value = userdata[name] if '\n' in value: raise AuthenticationError('Newline in attribute %s' % name) added_vals = 0 if not isinstance(value, list): value = [value] for val in value: val = val.strip() if attr.wantsUnlimitedValues() or added_vals < attr.count: if val != '': added_vals += 1 resp.addValue(name, val) except Exception: # pylint: disable=broad-except pass return resp
def test_getExtensionArgs_empty_request(self): expected_args = { 'mode': 'fetch_response', } req = ax.FetchRequest() msg = ax.FetchResponse(request=req) self.assertEqual(msg.getExtensionArgs(), expected_args)
def test_getExtensionArgs_empty_request(self): expected_args = { 'mode': 'fetch_response', } req = ax.FetchRequest() msg = ax.FetchResponse(request=req) self.failUnlessEqual(expected_args, msg.getExtensionArgs())
def add_user_data(request, openid_response): """ Add user custom data to the request using sreg and ax extensions """ openid_request = get_request(request) if openid_request == None: return sreg_data = { 'fullname': request.user.get_full_name(), 'nickname': request.user.username, 'email': request.user.email, } sreg_req = sreg.SRegRequest.fromOpenIDRequest(openid_request) sreg_resp = sreg.SRegResponse.extractResponse(sreg_req, sreg_data) openid_response.addExtension(sreg_resp) ax_req = ax.FetchRequest.fromOpenIDRequest(openid_request) ax_resp = ax.FetchResponse(ax_req) ax_resp.addValue('http://openid.net/schema/namePerson/first', request.user.first_name) ax_resp.addValue('http://openid.net/schema/namePerson/last', request.user.last_name) ax_resp.addValue('http://openid.net/schema/namePerson/friendly', request.user.username) ax_resp.addValue('http://openid.net/schema/contact/internet/email', request.user.email) ax_resp.addValue('http://id.culturadigital.br/schema/cpf', request.user.get_profile().cpf) openid_response.addExtension(ax_resp)
def addAttributeExchangeResponse(oidrequest, response, request): ax_req = ax.FetchRequest.fromOpenIDRequest(oidrequest) if ax_req: required = ax_req.getRequiredAttrs() if len(required ) == 1 and 'http://axschema.org/contact/username' in required: ax_resp = ax.FetchResponse(request=ax_req) ax_resp.addValue('http://axschema.org/contact/username', request.session['username']) response.addExtension(ax_resp)
def test_getExtensionArgs_some_request(self): expected_args = { 'mode': 'fetch_response', 'type.' + self.alias_a: self.type_a, 'value.' + self.alias_a + '.1': self.value_a, 'count.' + self.alias_a: '1' } req = ax.FetchRequest() req.add(ax.AttrInfo(self.type_a, alias=self.alias_a)) msg = ax.FetchResponse(request=req) msg.addValue(self.type_a, self.value_a) self.assertEqual(msg.getExtensionArgs(), expected_args)
def render_GET(self, request): janrain_nonce = request.args.get('janrain_nonce', [None])[0] if janrain_nonce is not None: cookie = request.getCookie('pc_user') if not cookie in globals()['REDIRECTED_USERS']: request.redirect('http://buildpc.ru') return "" consumer = Consumer({}, STORAGE) args = dict((k,unicode(v[0], 'utf-8')) for k,v in request.args.items()) info = consumer.complete(args, RETURN_TO) # Если аутентификация не удалась или отменена # Получение данных пользователя при успешной аутентификации if info.status != SUCCESS: request.redirect('http://buildpc.ru') return "" ax_info = ax.FetchResponse.fromSuccessResponse(info) or ax.FetchResponse() user_data = { 'uid': info.identity_url, 'first_name': ax_info.getSingle(AXINFO['namePerson']), 'last_name': '', } globals()['PASSED_USERS'].update({cookie:user_data}) request.redirect(globals()['REDIRECTED_USERS'].pop(cookie).split('?')[0]\ +'?pr=yandex&code='+cookie) return "" # Далее — выборка существующего или регистрация нового пользователя else: backUrl = request.args.get('backurl', [None])[0] globals()['REDIRECTED_USERS'].update({request.getCookie('pc_user'):backUrl}) # provider = request.get('provider', [None])[0] # url = openid_request.redirectURL(ROOT, ROOT) # Короткие названия для ключей необходимых данных о пользователе. # Список доступных данных см. в разделе Дополнительные данные о пользователе consumer = Consumer({}, STORAGE) openid_request = consumer.begin('http://www.yandex.ru/') # Запрос дополнительной информации о пользователе # Поля, указанные с ключом required, на сайте Яндекса отображаются как обязательные # (незаданные значения подсвечиваются красным цветом) ax_request = ax.FetchRequest() # ax_request.add(ax.AttrInfo(AXINFO['email'], required=True)) # ax_request.add(ax.AttrInfo(AXINFO['nickname'])) ax_request.add(ax.AttrInfo(AXINFO['namePerson'], required=True)) openid_request.addExtension(ax_request) url = openid_request.redirectURL(ROOT, RETURN_TO) request.redirect(url) return ""
def test_getExtensionArgs_empty_request_some(self): uri = 'http://not.found/' alias = 'ext0' expected_args = { 'mode': 'fetch_response', 'type.%s' % (alias, ): uri, 'count.%s' % (alias, ): '0' } req = ax.FetchRequest() req.add(ax.AttrInfo(uri)) msg = ax.FetchResponse(request=req) self.assertEqual(msg.getExtensionArgs(), expected_args)
def add_ax_data(request, orequest, oresponse): callback = get_ax_callback() if callback is None or not callable(callback): return ax_data = callback(request, orequest) ax_req = ax.FetchRequest.fromOpenIDRequest(orequest) ax_resp = ax.FetchResponse(ax_req) if ax_req is not None: for attr in ax_req.getRequiredAttrs(): value = ax_data.get(attr, None) if value is not None: ax_resp.addValue(attr, value) oresponse.addExtension(ax_resp)
def decidePage(self, environ, start_response, oidRequest, oidResponse): """Handle user interaction required before final submit back to Relying Party""" self.title = 'Approve OpenID Request?' self.heading = 'Approve OpenID Request?' self.trust_root = oidRequest.trust_root self.oidRequest = oidRequest # Get all the content namespaced as AX type axArgs = oidResponse.fields.getArgs(ax.AXMessage.ns_uri) if len(axArgs) == 0: log.debug('No Attribute eXchange (AX) arguments specified') axRequestedAttr = {} axFetchResponse = None else: # Add to access object for convenient access based on type URI axFetchResponse = ax.FetchResponse() axFetchResponse.parseExtensionArgs(axArgs) ax_req = ax.FetchRequest.fromOpenIDRequest(oidRequest) axRequestedAttr = ax_req.requested_attributes self.environ = environ if oidRequest.idSelect(): if 'username' not in self.session: log.error("No 'username' key set in session object for " "idselect mode do decide page") msg = ('An internal error has occurred. Please contact ' 'your system administrator') response = self.errorPage(environ, start_response, msg) return response userIdentifier = self._authN.username2UserIdentifiers( environ, self.session['username'])[0] # Use the Yadis path because we want to use Yadis only # based discovery self.identityURI = OpenIDProviderMiddleware.createIdentityURI( self.urls['url_yadis'], userIdentifier) else: self.identityURI = oidRequest.identity response = self._render(GenshiRendering.DECIDE_PAGE_TMPL_NAME, axRequestedAttr=axRequestedAttr, axFetchResponse=axFetchResponse) self.identityURI = '' start_response("200 OK", [('Content-type', 'text/html' + self.charset), ('Content-length', str(len(response)))]) return response
def test_updateUrlInResponse(self): uri = 'http://not.found/' alias = 'ext0' expected_args = { 'mode': 'fetch_response', 'update_url': self.request_update_url, 'type.%s' % (alias, ): uri, 'count.%s' % (alias, ): '0' } req = ax.FetchRequest(update_url=self.request_update_url) req.add(ax.AttrInfo(uri)) msg = ax.FetchResponse(request=req) self.assertEqual(msg.getExtensionArgs(), expected_args)
def approve_id(identity, req, prof): res = req.answer(True, identity=identity) # Add (if requested) Simple Registration info sreg_req = sreg.SRegRequest.fromOpenIDRequest(req) if sreg_req: sreg_data = { 'nickname': prof['nickname'], 'fullname': prof.get('fullName', '') } sreg_resp = sreg.SRegResponse.extractResponse(sreg_req, sreg_data) res.addExtension(sreg_resp) # Check for Attribute Exchange ax_req = ax.FetchRequest.fromOpenIDRequest(req) if ax_req: ax_res = ax.FetchResponse(request=ax_req) ### Google uses the schema defined at axschema.org. fullname_types = ['http://schema.openid.net/namePerson', 'http://axschema.org/namePerson'] for t in fullname_types: if t in ax_req: ax_res.addValue(t, prof.get('fullName', 'anonymous')) break firstname_types = ['http://axschema.org/namePerson/first', 'http://openid.net/schema/namePerson/first'] for t in firstname_types: if t in ax_req: ax_res.addValue(t, prof.get('givenName', 'anonymous')) break nickname_types = ['http://schema.openid.net/namePerson/friendly', 'http://openid.net/schema/namePerson/friendly', 'http://axschema.org/namePerson/friendly'] for t in nickname_types: if t in ax_req: ax_res.addValue(t, prof['nickname']) break role_type = 'http://www.w3.org/2006/vcard/ns#role' if role_type in ax_req: ax_res.setValues(role_type, prof.get('groups',[])) res.addExtension(ax_res) return res
def add_openid_attribute_exchange(request, response, data): try: ax_request = ax.FetchRequest.fromOpenIDRequest(request) except ax.AXError: # not using OpenID attribute exchange extension pass else: ax_response = ax.FetchResponse() # if consumer requested attribute exchange fields, add them if ax_request and ax_request.requested_attributes: for type_uri in ax_request.requested_attributes.iterkeys(): email_schema = 'http://axschema.org/contact/email' name_schema = 'http://axschema.org/namePerson' if type_uri == email_schema and 'email' in data: ax_response.addValue(email_schema, data['email']) elif type_uri == name_schema and 'fullname' in data: ax_response.addValue(name_schema, data['fullname']) # construct ax response ax_response.toMessage(response.fields)
def addAX(openid_request, openid_response): ax_req = ax.FetchRequest.fromOpenIDRequest(openid_request) if ax_req is None: return {} ax_resp = ax.FetchResponse(ax_req) for type_uri, attribute in ax_req.requested_attributes.iteritems(): lookup = type_uri if lookup in AX_WELLKNOWN.keys(): lookup = AX_WELLKNOWN[type_uri] try: value = request.auth_module.get_attribute(lookup) ax_resp.addValue(type_uri, value) except: pass if openid_response: openid_response.addExtension(ax_resp) ax_data = {} for key in ax_resp.data.keys(): display = key if key in AX_WELLKNOWN.keys(): display = AX_WELLKNOWN[key].__str__() for value in ax_resp.data[key]: ax_data[display] = value return ax_data
def test_login_attribute_exchange(self): settings.OPENID_UPDATE_DETAILS_FROM_SREG = True user = User.objects.create_user('testuser', '*****@*****.**') useropenid = UserOpenID(user=user, claimed_id='http://example.com/identity', display_id='http://example.com/identity') useropenid.save() # Configure the provider to advertise attribute exchange # protocol and start the authentication process: self.provider.type_uris.append('http://openid.net/srv/ax/1.0') response = self.client.post( '/openid/login/', { 'openid_identifier': 'http://example.com/identity', 'next': '/getuser/' }) self.assertContains(response, 'OpenID transaction in progress') # The resulting OpenID request uses the Attribute Exchange # extension rather than the Simple Registration extension. openid_request = self.provider.parseFormPost(response.content) sreg_request = sreg.SRegRequest.fromOpenIDRequest(openid_request) self.assertEqual(sreg_request.required, []) self.assertEqual(sreg_request.optional, []) fetch_request = ax.FetchRequest.fromOpenIDRequest(openid_request) self.assertTrue('http://axschema.org/contact/email' in fetch_request) self.assertTrue('http://axschema.org/namePerson' in fetch_request) self.assertTrue( 'http://axschema.org/namePerson/first' in fetch_request) self.assertTrue('http://axschema.org/namePerson/last' in fetch_request) self.assertTrue( 'http://axschema.org/namePerson/friendly' in fetch_request) # myOpenID compatibilty attributes: self.assertTrue( 'http://schema.openid.net/contact/email' in fetch_request) self.assertTrue('http://schema.openid.net/namePerson' in fetch_request) self.assertTrue( 'http://schema.openid.net/namePerson/friendly' in fetch_request) # Build up a response including AX data. openid_response = openid_request.answer(True) fetch_response = ax.FetchResponse(fetch_request) fetch_response.addValue('http://axschema.org/contact/email', '*****@*****.**') fetch_response.addValue('http://axschema.org/namePerson/first', 'Firstname') fetch_response.addValue('http://axschema.org/namePerson/last', 'Lastname') fetch_response.addValue('http://axschema.org/namePerson/friendly', 'someuser') openid_response.addExtension(fetch_response) response = self.complete(openid_response) self.assertRedirects(response, 'http://testserver/getuser/') # And they are now logged in as testuser (the passed in # nickname has not caused the username to change). response = self.client.get('/getuser/') self.assertEqual(response.content, 'testuser') # The user's full name and email have been updated. user = User.objects.get(username='******') self.assertEqual(user.first_name, 'Firstname') self.assertEqual(user.last_name, 'Lastname') self.assertEqual(user.email, '*****@*****.**')
def test_getExtensionArgs_some_not_request(self): req = ax.FetchRequest() msg = ax.FetchResponse(request=req) msg.addValue(self.type_a, self.value_a) self.assertRaises(KeyError, msg.getExtensionArgs)
def setUp(self): self.msg = ax.FetchResponse() self.value_a = 'monkeys' self.type_a = 'http://phone.home/' self.alias_a = 'robocop' self.request_update_url = 'http://update.bogus/'