def test_login_create_users(self):
settings.OPENID_CREATE_USERS = True
# Create a user with the same name as we'll pass back via sreg.
User.objects.create_user('someuser', '*****@*****.**')
# Posting in an identity URL begins the authentication request:
response = self.client.post('/openid/login/',
{'openid_identifier': 'http://example.com/identity',
'next': '/getuser/'})
self.assertContains(response, 'OpenID transaction in progress')
# Complete the request, passing back some simple registration
# data. The user is redirected to the next URL.
openid_request = self.provider.parseFormPost(response.content)
sreg_request = SRegRequest.fromOpenIDRequest(openid_request)
openid_response = openid_request.answer(True)
sreg_response = SRegResponse.extractResponse(
sreg_request, {'nickname': 'someuser', 'fullname': 'Some User',
'email': '*****@*****.**'})
openid_response.addExtension(sreg_response)
response = self.complete(openid_response)
self.assertRedirects(response, 'http://testserver/getuser/')
# And they are now logged in as a new user (they haven't taken
# over the existing "someuser" user).
response = self.client.get('/getuser/')
self.assertEquals(response.content, 'someuser2')
# Check the details of the new user.
user = User.objects.get(username='******')
self.assertEquals(user.first_name, 'Some')
self.assertEquals(user.last_name, 'User')
self.assertEquals(user.email, '*****@*****.**')
def createPositiveResponse(self):
"""Create a positive assertion OpenIDResponse.
This method should be called to create the response to
successful checkid requests.
If the trust root for the request is in openid_sreg_trustroots,
then additional user information is included with the
response.
"""
assert self.account is not None, (
'Must be logged in for positive OpenID response')
assert self.openid_request is not None, (
'No OpenID request to respond to.')
if not self.isIdentityOwner():
return self.createFailedResponse()
if self.openid_request.idSelect():
response = self.openid_request.answer(
True, identity=self.user_identity_url)
else:
response = self.openid_request.answer(True)
person = IPerson(self.account)
sreg_fields = dict(nickname=person.name,
email=person.preferredemail.email,
fullname=self.account.displayname)
sreg_request = SRegRequest.fromOpenIDRequest(self.openid_request)
sreg_response = SRegResponse.extractResponse(sreg_request, sreg_fields)
response.addExtension(sreg_response)
return response
def test_login_create_users(self):
settings.OPENID_CREATE_USERS = True
# Create a user with the same name as we'll pass back via sreg.
User.objects.create_user('someuser', '*****@*****.**')
# Posting in an identity URL begins the authentication request:
response = self.client.post('/openid/login/',
{'openid_identifier': 'http://example.com/identity',
'next': '/getuser/'})
self.assertContains(response, 'OpenID transaction in progress')
# Complete the request, passing back some simple registration
# data. The user is redirected to the next URL.
openid_request = self.provider.parseFormPost(response.content)
sreg_request = SRegRequest.fromOpenIDRequest(openid_request)
openid_response = openid_request.answer(True)
sreg_response = SRegResponse.extractResponse(
sreg_request, {'nickname': 'someuser', 'fullname': 'Some User',
'email': '*****@*****.**'})
openid_response.addExtension(sreg_response)
response = self.complete(openid_response)
self.assertRedirects(response, 'http://testserver/getuser/')
# And they are now logged in as a new user (they haven't taken
# over the existing "someuser" user).
response = self.client.get('/getuser/')
self.assertEquals(response.content, 'someuser2')
# Check the details of the new user.
user = User.objects.get(username='******')
self.assertEquals(user.first_name, 'Some')
self.assertEquals(user.last_name, 'User')
self.assertEquals(user.email, '*****@*****.**')
def Respond(self, oidresponse, sreg_req=False):
"""Send an OpenID response.
Args:
oidresponse: OpenIDResponse
The response to send, usually created by OpenIDRequest.answer().
"""
logging.warning('Respond: oidresponse.request.mode ' + oidresponse.request.mode)
if oidresponse.request.mode in ['checkid_immediate', 'checkid_setup']:
if sreg_req:
sreg_resp = SRegResponse.extractResponse(sreg_req, {'email': self.user, 'nickname': self.user.rsplit('@',1)[0]})
oidresponse.addExtension(sreg_resp)
logging.debug('Using response: %s' % oidresponse)
encoded_response = oidserver.encodeResponse(oidresponse)
# update() would be nice, but wsgiref.headers.Headers doesn't implement it
for header, value in encoded_response.headers.items():
self.response.headers[header] = str(value)
if encoded_response.code in (301, 302):
self.redirect(self.response.headers['location'])
else:
self.response.set_status(encoded_response.code)
if encoded_response.body:
logging.debug('Sending response body: %s' % encoded_response.body)
self.response.out.write(encoded_response.body)
else:
self.response.out.write('')
def createPositiveResponse(self):
"""Create a positive assertion OpenIDResponse.
This method should be called to create the response to
successful checkid requests.
If the trust root for the request is in openid_sreg_trustroots,
then additional user information is included with the
response.
"""
assert self.account is not None, (
'Must be logged in for positive OpenID response')
assert self.openid_request is not None, (
'No OpenID request to respond to.')
if not self.isIdentityOwner():
return self.createFailedResponse()
if self.openid_request.idSelect():
response = self.openid_request.answer(
True, identity=self.user_identity_url)
else:
response = self.openid_request.answer(True)
person = IPerson(self.account)
sreg_fields = dict(
nickname=person.name,
email=person.preferredemail.email,
fullname=self.account.displayname)
sreg_request = SRegRequest.fromOpenIDRequest(self.openid_request)
sreg_response = SRegResponse.extractResponse(
sreg_request, sreg_fields)
response.addExtension(sreg_response)
return response
def Respond(self, oidresponse):
logging.warning('Respond: oidresponse.request.mode ' + oidresponse.request.mode)
if oidresponse.request.mode in ['checkid_immediate', 'checkid_setup']:
user = users.get_current_user()
if user:
from openid.extensions.sreg import SRegRequest, SRegResponse
sreg_req = SRegRequest.fromOpenIDRequest(oidresponse.request)
if sreg_req.wereFieldsRequested():
logging.info("sreg_req:%s", sreg_req.allRequestedFields())
user_data = {'nickname':user.nickname(),
'email':user.email()}
sreg_resp = SRegResponse.extractResponse(sreg_req, user_data)
sreg_resp.toMessage(oidresponse.fields)
logging.info('Using response: %s' % oidresponse)
encoded_response = oidserver.encodeResponse(oidresponse)
for header, value in encoded_response.headers.items():
self.response.headers[header] = str(value)
if encoded_response.code in (301, 302):
self.redirect(self.response.headers['location'])
else:
self.response.set_status(encoded_response.code)
if encoded_response.body:
logging.debug('Sending response body: %s' % encoded_response.body)
self.response.out.write(encoded_response.body)
else:
self.response.out.write('')
def Respond(self, oidresponse):
logging.warning('Respond: oidresponse.request.mode ' +
oidresponse.request.mode)
if oidresponse.request.mode in ['checkid_immediate', 'checkid_setup']:
user = users.get_current_user()
if user:
from openid.extensions.sreg import SRegRequest, SRegResponse
sreg_req = SRegRequest.fromOpenIDRequest(oidresponse.request)
if sreg_req.wereFieldsRequested():
logging.info("sreg_req:%s", sreg_req.allRequestedFields())
user_data = {
'nickname': user.nickname(),
'email': user.email()
}
sreg_resp = SRegResponse.extractResponse(
sreg_req, user_data)
sreg_resp.toMessage(oidresponse.fields)
logging.info('Using response: %s' % oidresponse)
encoded_response = oidserver.encodeResponse(oidresponse)
for header, value in encoded_response.headers.items():
self.response.headers[header] = str(value)
if encoded_response.code in (301, 302):
self.redirect(self.response.headers['location'])
else:
self.response.set_status(encoded_response.code)
if encoded_response.body:
logging.debug('Sending response body: %s' % encoded_response.body)
self.response.out.write(encoded_response.body)
else:
self.response.out.write('')
def handle_sreg(request, response):
"""Handle any sreg data requests"""
sreg_req = SRegRequest.fromOpenIDRequest(request)
# Extract information if required
if sreg_req.wereFieldsRequested():
fields = config.sreg_fields()
if not fields:
return
sreg_resp = SRegResponse.extractResponse(sreg_req, config.sreg_fields())
sreg_resp.toMessage(response.fields)
def Respond(self, oidresponse):
"""Send an OpenID response.
Args:
oidresponse: OpenIDResponse
The response to send, usually created by OpenIDRequest.answer().
"""
logging.warning('Respond: oidresponse.request.mode ' + oidresponse.request.mode)
if oidresponse.request.mode in ['checkid_immediate', 'checkid_setup']:
# user = users.get_current_user()
user = self.get_current_user()
if user:
from openid.extensions.sreg import SRegRequest,SRegResponse
sreg_req = SRegRequest.fromOpenIDRequest(oidresponse.request)
logging.info("sreg_req:%s",sreg_req.allRequestedFields())
if sreg_req.wereFieldsRequested():
user_data = {'nickname':user.nickname,
'email':user.email}
sreg_resp = SRegResponse.extractResponse(sreg_req, user_data)
sreg_resp.toMessage(oidresponse.fields)
# add nickname, using the Simple Registration Extension:
# http://www.openidenabled.com/openid/simple-registration-extension/
#oidresponse.fields.setArg('http://openid.net/sreg/1.0', 'nickname', user.nickname)
#oidresponse.fields.setArg('http://openid.net/sreg/1.0', 'email', user.email)
#oidresponse.fields.setArg('http://openid.net/srv/ax/1.0', 'nickname', user.nickname)
#oidresponse.fields.setArg('http://openid.net/srv/ax/1.0', 'email', user.email)
from openid.extensions.ax import FetchRequest, FetchResponse
res ={'nickname':user.nickname,'email':user.email,'attr0':user.email,'attr1':user.nickname}
ax_req = FetchRequest.fromOpenIDRequest(oidresponse.request)
logging.info("ax_req:%s",ax_req.getRequiredAttrs())
ax_res = FetchResponse()
for x in ax_req.iterAttrs():
ax_res.addValue(x.type_uri,res[x.alias] )
ax_res.toMessage(oidresponse.fields)
pass
logging.info('Using response: %s' % oidresponse)
encoded_response = oidserver.encodeResponse(oidresponse)
# update() would be nice, but wsgiref.headers.Headers doesn't implement it
for header, value in encoded_response.headers.items():
self.response.headers[header] = str(value)
if encoded_response.code in (301, 302):
self.redirect(self.response.headers['location'])
else:
self.response.set_status(encoded_response.code)
if encoded_response.body:
logging.debug('Sending response body: %s' % encoded_response.body)
self.response.out.write(encoded_response.body)
else:
self.response.out.write('')
def add_sreg_fields(self, oidresponse, user):
"""
Add requested Simple Registration Extension fields to oidresponse
and return it.
"""
sreg_req = SRegRequest.fromOpenIDRequest(oidresponse.request)
if sreg_req.wereFieldsRequested():
logging.debug("respond: sreg_req:%s",
sreg_req.allRequestedFields())
sreg_map = dict(((key, val) for (key, val) in {
'nickname': user.nickname(),
'email': user.email()
}.items() if key in sreg_req.allRequestedFields()))
oidresponse.addExtension(
SRegResponse.extractResponse(sreg_req, sreg_map))
return oidresponse
def add_sreg_fields(self, oidresponse, user):
"""
Add requested Simple Registration Extension fields to oidresponse
and return it.
"""
sreg_req = SRegRequest.fromOpenIDRequest(oidresponse.request)
if sreg_req.wereFieldsRequested():
logging.debug("respond: sreg_req:%s",
sreg_req.allRequestedFields())
sreg_map = dict(
((key, val) for (key, val) in
{'nickname':user.nickname(), 'email':user.email()}.items()
if key in sreg_req.allRequestedFields()))
oidresponse.addExtension(
SRegResponse.extractResponse(sreg_req, sreg_map))
return oidresponse
def _add_user_attribs(request, openid_request, openid_response):
# Add ax and sreg result data
sreg_request = SRegRequest.fromOpenIDRequest(openid_request)
ax_request = ax.FetchRequest.fromOpenIDRequest(openid_request)
rpconfig = utils.get_rpconfig(openid_request.trust_root)
form = UserAttribsRequestForm(
request, sreg_request, ax_request, rpconfig)
if form.data_approved_for_request:
sreg_response = SRegResponse.extractResponse(
sreg_request, form.data_approved_for_request)
openid_response.addExtension(sreg_response)
if ax_request is not None:
ax_response = ax.FetchResponse(ax_request)
for k, v in form.data_approved_for_request.iteritems():
if AX_DATA_FIELDS.getNamespaceURI(k) in ax_request:
ax_response.addValue(AX_DATA_FIELDS.getNamespaceURI(k), v)
openid_response.addExtension(ax_response)
def Respond(self, oidresponse):
"""Send an OpenID response.
Args:
oidresponse: OpenIDResponse
The response to send, usually created by OpenIDRequest.answer().
"""
logging.info('Respond: oidresponse.request.mode ' + oidresponse.request.mode)
if oidresponse.request.mode in ['checkid_immediate', 'checkid_setup']:
user = Auth.AuthenticatedUser(self.request)
if user:
from openid.extensions.sreg import SRegRequest,SRegResponse
sreg_req = SRegRequest.fromOpenIDRequest(oidresponse.request)
if sreg_req.wereFieldsRequested():
logging.info("sreg_req:%s",sreg_req.allRequestedFields())
user_data = {'nickname':user.nickname(),
'email':user.email}
sreg_resp = SRegResponse.extractResponse(sreg_req, user_data)
sreg_resp.toMessage(oidresponse.fields)
# add nickname, using the Simple Registration Extension:
# http://www.openidenabled.com/openid/simple-registration-extension/
#mrk
# oidresponse.fields.setArg('http://openid.net/sreg/1.0', 'nickname', user.nickname())
# oidresponse.fields.setArg('http://openid.net/sreg/1.0', 'email', user.email())
pass
logging.info('Using response: %s' % oidresponse)
encoded_response = oidserver.encodeResponse(oidresponse)
# update() would be nice, but wsgiref.headers.Headers doesn't implement it
for header, value in encoded_response.headers.items():
self.response.headers[header] = str(value)
if encoded_response.code in (301, 302):
self.redirect(self.response.headers['location'])
else:
self.response.set_status(encoded_response.code)
if encoded_response.body:
logging.debug('Sending response body: %s' % encoded_response.body)
self.response.out.write(encoded_response.body)
else:
self.response.out.write('')
def test_login_update_details(self):
settings.OPENID_UPDATE_DETAILS_FROM_SREG = True
user = User.objects.create_user('testuser', '*****@*****.**')
useropenid = UserOpenID(
user=user,
claimed_id='http://example.com/identity',
display_id='http://example.com/identity')
useropenid.save()
# Posting in an identity URL begins the authentication request:
response = self.client.post('/openid/login/',
{'openid_identifier': 'http://example.com/identity',
'next': '/getuser/'})
self.assertContains(response, 'OpenID transaction in progress')
# Complete the request, passing back some simple registration
# data. The user is redirected to the next URL.
openid_request = self.provider.parseFormPost(response.content)
sreg_request = SRegRequest.fromOpenIDRequest(openid_request)
openid_response = openid_request.answer(True)
sreg_response = SRegResponse.extractResponse(
sreg_request, {'nickname': 'someuser', 'fullname': 'Some User',
'email': '*****@*****.**'})
openid_response.addExtension(sreg_response)
response = self.complete(openid_response)
self.assertRedirects(response, 'http://testserver/getuser/')
# And they are now logged in as testuser (the passed in
# nickname has not caused the username to change).
response = self.client.get('/getuser/')
self.assertEquals(response.content, 'testuser')
# The user's full name and email have been updated.
user = User.objects.get(username='******')
self.assertEquals(user.first_name, 'Some')
self.assertEquals(user.last_name, 'User')
self.assertEquals(user.email, '*****@*****.**')
def test_login_update_details(self):
settings.OPENID_UPDATE_DETAILS_FROM_SREG = True
user = User.objects.create_user('testuser', '*****@*****.**')
useropenid = UserOpenID(
user=user,
claimed_id='http://example.com/identity',
display_id='http://example.com/identity')
useropenid.save()
# Posting in an identity URL begins the authentication request:
response = self.client.post('/openid/login/',
{'openid_identifier': 'http://example.com/identity',
'next': '/getuser/'})
self.assertContains(response, 'OpenID transaction in progress')
# Complete the request, passing back some simple registration
# data. The user is redirected to the next URL.
openid_request = self.provider.parseFormPost(response.content)
sreg_request = SRegRequest.fromOpenIDRequest(openid_request)
openid_response = openid_request.answer(True)
sreg_response = SRegResponse.extractResponse(
sreg_request, {'nickname': 'someuser', 'fullname': 'Some User',
'email': '*****@*****.**'})
openid_response.addExtension(sreg_response)
response = self.complete(openid_response)
self.assertRedirects(response, 'http://testserver/getuser/')
# And they are now logged in as testuser (the passed in
# nickname has not caused the username to change).
response = self.client.get('/getuser/')
self.assertEquals(response.content, 'testuser')
# The user's full name and email have been updated.
user = User.objects.get(username='******')
self.assertEquals(user.first_name, 'Some')
self.assertEquals(user.last_name, 'User')
self.assertEquals(user.email, '*****@*****.**')
# Create a directed identity if needed
if identity == IDENTIFIER_SELECT:
hash = hashlib.sha1(str(request.user.id)+'|'+orequest.trust_root) \
.hexdigest()
claimed_id = request.build_absolute_uri(
reverse('openid-provider-identity', args=[hash]))
logger.info('Giving directed identity %r to trusted root %r \
with sreg data %s' % (claimed_id, orequest.trust_root, user_data))
else:
claimed_id = identity
logger.info('Giving claimed identity %r to trusted root %r \
with sreg data %s' % (claimed_id, orequest.trust_root, user_data))
oresponse = orequest.answer(True, identity=claimed_id)
sreg_response = SRegResponse.extractResponse(sreg_request, user_data)
oresponse.addExtension(sreg_response)
else:
oresponse = server.handleRequest(orequest)
logger.info('Returning OpenID response %s' % oresponse)
return oresponse_to_response(server, oresponse)
def openid_xrds(request, identity=False, id=None):
'''XRDS discovery page'''
logger.debug('OpenID XRDS identity:%(identity)s id:%(id)s' % locals())
if identity:
types = [OPENID_2_0_TYPE, OPENID_1_0_TYPE, OPENID_1_1_TYPE, SREG_TYPE]
local_ids = []
else:
types = [OPENID_IDP_2_0_TYPE,SREG_TYPE]
local_ids = []
def openid_auth_site(request):
try:
oreq = request.session['openid_request']
except KeyError:
return render(request, 'openid-auth-site.html', {
'error': 'No OpenID request associated. The request may have \
expired.',
}, status=400)
sreg = SRegRequest.fromOpenIDRequest(oreq)
ax = FetchRequest.fromOpenIDRequest(oreq)
sreg_fields = set(sreg.allRequestedFields())
if ax:
for uri in ax.requested_attributes:
k = openid_ax_attribute_mapping.get(uri)
if k:
sreg_fields.add(k)
ldap_user = LDAPUser.objects.get(username=request.user.username)
if sreg_fields:
sreg_data = {
'nickname': ldap_user.username,
'email': ldap_user.email,
'fullname': ldap_user.full_name,
'dob': ldap_user.birthday,
}
for k in list(sreg_data):
if not sreg_data[k]:
del sreg_data[k]
else:
sreg_data = {}
sreg_fields = sreg_data.keys()
# Read preferences from the db.
try:
saved_pref = OpenID_Attributes.objects.get(
uid=ldap_user.uid,
trust_root=oreq.trust_root,
)
except OpenID_Attributes.DoesNotExist:
saved_pref = None
auto_auth = False
else:
auto_auth = saved_pref.always_auth
if auto_auth or request.POST:
if auto_auth:
# TODO: can we do this nicer?
form_inp = model_to_dict(saved_pref)
else:
form_inp = request.POST
form = SiteAuthForm(form_inp, instance=saved_pref)
# can it be invalid somehow?
assert(form.is_valid())
attrs = form.save(commit=False)
# nullify fields that were not requested
for fn in form.cleaned_data:
if fn in ('always_auth',):
pass
elif hasattr(attrs, fn) and fn not in sreg_fields:
setattr(attrs, fn, None)
if auto_auth or 'accept' in request.POST:
# prepare sreg response
for fn, send in form.cleaned_data.items():
if fn not in sreg_data:
pass
elif not send:
del sreg_data[fn]
elif isinstance(sreg_data[fn], list):
form_key = 'which_%s' % fn
val = form.cleaned_data[form_key]
if val not in sreg_data[fn]:
raise NotImplementedError(
'Changing choices not implemented yet')
sreg_data[fn] = val
if not auto_auth:
setattr(attrs, form_key, val)
if not auto_auth:
# save prefs in the db
# (if auto_auth, then nothing changed)
attrs.uid = ldap_user.uid
attrs.trust_root = oreq.trust_root
attrs.save()
oresp = oreq.answer(True, identity=request.build_absolute_uri(
reverse(user_page, args=(request.user.username,))))
sreg_resp = SRegResponse.extractResponse(sreg, sreg_data)
oresp.addExtension(sreg_resp)
if ax:
ax_resp = FetchResponse(ax)
for uri in ax.requested_attributes:
k = openid_ax_attribute_mapping.get(uri)
if k and k in sreg_data:
ax_resp.addValue(uri, sreg_data[k])
oresp.addExtension(ax_resp)
elif 'reject' in request.POST:
oresp = oreq.answer(False)
else:
return render(request, 'openid-auth-site.html', {
'error': 'Invalid request submitted.',
}, status=400)
if request.session.get('auto_logout', False):
# _logout clears request.session
_logout(request)
else:
del request.session['openid_request']
return render_openid_response(request, oresp)
form = SiteAuthForm(instance=saved_pref)
sreg_form = {}
# Fill in lists for choices
for f in sreg_fields:
if f not in sreg_data:
pass
elif isinstance(sreg_data[f], list):
form.fields['which_%s' % f].widget.choices = [
(x, x) for x in sreg_data[f]
]
sreg_form[f] = form['which_%s' % f]
else:
sreg_form[f] = format_html("<input type='text'"
+ " readonly='readonly'"
+ " value='{0}' />",
sreg_data[f])
try:
# TODO: cache it
if oreq.returnToVerified():
tr_valid = 'Return-To valid and trusted'
else:
tr_valid = 'Return-To untrusted'
except openid.yadis.discover.DiscoveryFailure:
tr_valid = 'Unable to verify trust (Yadis unsupported)'
except openid.fetchers.HTTPFetchingError:
tr_valid = 'Unable to verify trust (HTTP error)'
return render(request, 'openid-auth-site.html', {
'openid_request': oreq,
'return_to_valid': tr_valid,
'form': form,
'sreg': sreg_fields,
'sreg_form': sreg_form,
'policy_url': sreg.policy_url,
})
def openid_auth_site(request):
try:
oreq = request.session['openid_request']
except KeyError:
return render(request,
'openid-auth-site.html', {
'error':
'No OpenID request associated. The request may have \
expired.',
},
status=400)
sreg = SRegRequest.fromOpenIDRequest(oreq)
ax = FetchRequest.fromOpenIDRequest(oreq)
sreg_fields = set(sreg.allRequestedFields())
if ax:
for uri in ax.requested_attributes:
k = openid_ax_attribute_mapping.get(uri)
if k:
sreg_fields.add(k)
ldap_user = LDAPUser.objects.get(username=request.user.username)
if sreg_fields:
sreg_data = {
'nickname': ldap_user.username,
'email': ldap_user.email,
'fullname': ldap_user.full_name,
'dob': ldap_user.birthday,
}
for k in list(sreg_data):
if not sreg_data[k]:
del sreg_data[k]
else:
sreg_data = {}
sreg_fields = sreg_data.keys()
# Read preferences from the db.
try:
saved_pref = OpenID_Attributes.objects.get(
uid=ldap_user.uid,
trust_root=oreq.trust_root,
)
except OpenID_Attributes.DoesNotExist:
saved_pref = None
auto_auth = False
else:
auto_auth = saved_pref.always_auth
if auto_auth or request.POST:
if auto_auth:
# TODO: can we do this nicer?
form_inp = model_to_dict(saved_pref)
else:
form_inp = request.POST
form = SiteAuthForm(form_inp, instance=saved_pref)
# can it be invalid somehow?
assert (form.is_valid())
attrs = form.save(commit=False)
# nullify fields that were not requested
for fn in form.cleaned_data:
if fn in ('always_auth', ):
pass
elif hasattr(attrs, fn) and fn not in sreg_fields:
setattr(attrs, fn, None)
if auto_auth or 'accept' in request.POST:
# prepare sreg response
for fn, send in form.cleaned_data.items():
if fn not in sreg_data:
pass
elif not send:
del sreg_data[fn]
elif isinstance(sreg_data[fn], list):
form_key = 'which_%s' % fn
val = form.cleaned_data[form_key]
if val not in sreg_data[fn]:
raise NotImplementedError(
'Changing choices not implemented yet')
sreg_data[fn] = val
if not auto_auth:
setattr(attrs, form_key, val)
if not auto_auth:
# save prefs in the db
# (if auto_auth, then nothing changed)
attrs.uid = ldap_user.uid
attrs.trust_root = oreq.trust_root
attrs.save()
oresp = oreq.answer(True,
identity=request.build_absolute_uri(
reverse(user_page,
args=(request.user.username, ))))
sreg_resp = SRegResponse.extractResponse(sreg, sreg_data)
oresp.addExtension(sreg_resp)
if ax:
ax_resp = FetchResponse(ax)
for uri in ax.requested_attributes:
k = openid_ax_attribute_mapping.get(uri)
if k and k in sreg_data:
ax_resp.addValue(uri, sreg_data[k])
oresp.addExtension(ax_resp)
elif 'reject' in request.POST:
oresp = oreq.answer(False)
else:
return render(request,
'openid-auth-site.html', {
'error': 'Invalid request submitted.',
},
status=400)
if request.session.get('auto_logout', False):
# _logout clears request.session
_logout(request)
else:
del request.session['openid_request']
return render_openid_response(request, oresp)
form = SiteAuthForm(instance=saved_pref)
sreg_form = {}
# Fill in lists for choices
for f in sreg_fields:
if f not in sreg_data:
pass
elif isinstance(sreg_data[f], list):
form.fields['which_%s' % f].widget.choices = [
(x, x) for x in sreg_data[f]
]
sreg_form[f] = form['which_%s' % f]
else:
sreg_form[f] = format_html(
"<input type='text'" + " readonly='readonly'" +
" value='{0}' />", sreg_data[f])
try:
# TODO: cache it
if oreq.returnToVerified():
tr_valid = 'Return-To valid and trusted'
else:
tr_valid = 'Return-To untrusted'
except openid.yadis.discover.DiscoveryFailure:
tr_valid = 'Unable to verify trust (Yadis unsupported)'
except openid.fetchers.HTTPFetchingError:
tr_valid = 'Unable to verify trust (HTTP error)'
return render(
request, 'openid-auth-site.html', {
'openid_request': oreq,
'return_to_valid': tr_valid,
'form': form,
'sreg': sreg_fields,
'sreg_form': sreg_form,
'policy_url': sreg.policy_url,
})
# Create a directed identity if needed
if identity == IDENTIFIER_SELECT:
hash = hashlib.sha1(str(request.user.id)+'|'+orequest.trust_root) \
.hexdigest()
claimed_id = request.build_absolute_uri(
reverse('openid-provider-identity', args=[hash]))
logger.info('Giving directed identity %r to trusted root %r \
with sreg data %s' % (claimed_id, orequest.trust_root, user_data))
else:
claimed_id = identity
logger.info('Giving claimed identity %r to trusted root %r \
with sreg data %s' % (claimed_id, orequest.trust_root, user_data))
oresponse = orequest.answer(True, identity=claimed_id)
sreg_response = SRegResponse.extractResponse(sreg_request, user_data)
oresponse.addExtension(sreg_response)
else:
oresponse = server.handleRequest(orequest)
logger.info('Returning OpenID response %s' % oresponse)
return oresponse_to_response(server, oresponse)
def openid_xrds(request, identity=False, id=None):
'''XRDS discovery page'''
logger.debug('OpenID XRDS identity:%(identity)s id:%(id)s' % locals())
if identity:
types = [OPENID_2_0_TYPE, OPENID_1_0_TYPE, OPENID_1_1_TYPE, SREG_TYPE]
local_ids = []
else:
types = [OPENID_IDP_2_0_TYPE,SREG_TYPE]
local_ids = []
