def main(host, port, data_path): addr = (host, port) httpserver = OpenIDHTTPServer(addr, ServerHandler) # Instantiate OpenID consumer store and OpenID consumer. If you # were connecting to a database, you would create the database # connection and instantiate an appropriate store here. store = MemoryStore() # xxx For reasons unknown, the server is confused about whether # our openid client is "smart" or "dumb" (one request is # considered "smart", a later one is considered "dumb"), and since # it uses this as data for the hashing algorithm used to store # state, it never realises it's the same client making multiple # requests. # Fix by using the same string when hashing both types - unknown # what potential buggy side effects this has... server.Signatory._normal_key = server.Signatory._dumb_key = 'foo' oidserver = server.Server(store, httpserver.base_url + 'openidserver') httpserver.setOpenIDServer(oidserver) print 'Server running at:' print httpserver.base_url httpserver.serve_forever()
def InitializeOpenId(): global oidserver name = os.environ.get('SERVER_NAME', None) port = os.environ.get('SERVER_PORT', '80') op_endpoint = "http://%s%s/server" % ( name, ":%s" % port if port != "80" else "") if name else None logging.info('op_endpoint: %s', op_endpoint) oidserver = OpenIDServer.Server(store.DatastoreStore(), op_endpoint=op_endpoint)
def main(host, port, data_path): addr = (host, port) httpserver = OpenIDHTTPServer(addr, ServerHandler) # Instantiate OpenID consumer store and OpenID consumer. If you # were connecting to a database, you would create the database # connection and instantiate an appropriate store here. store = FileOpenIDStore(data_path) oidserver = server.Server(store, httpserver.base_url + 'openidserver') httpserver.setOpenIDServer(oidserver) httpserver.serve_forever()
def initialize_open_id(): """ Initialize and set the global OpenID protocol server. """ global oidserver if oidserver is None: # We have to use os.environ, the server uses it. name = os.environ.get('SERVER_NAME', None) port = os.environ.get('SERVER_PORT', '80') op_endpoint = "http://%s%s/server" % ( name, ":%s" % port if port != "80" else "") if name else None logging.info('op_endpoint: %s', op_endpoint) oidserver = OpenIDServer.Server(store.DatastoreStore(), op_endpoint=op_endpoint)
def __init__(self, config): self.config = config # Saves the config because Page needs it self.encoder = json.JSONEncoder() # The full URL of this openid server if hasattr(config, 'server_url'): self.base_path = '%s/' % config.server_url else: self.base_path = '%s/' % cherrypy.url() # Now instantiates the OpenID Store (used for nonces and associations) if config.store == 'filestore': store = FileOpenIDStore(config.store_path) elif config.store == 'dbstore': store = DBOidStore(config.store_source) else: store = MemoryStore() # Now instantiates the OpenID server self.openid = server.Server(store, self.base_path + 'openidserver') # Record how to get user details out... factory = WMFactory('oid_factory') self.userstore = factory.loadObject(config.users_store.object, config.users_store) # List of remote sites allowed to request auth/authz to this server self.truststore = factory.loadObject(config.trust_store.object, config.trust_store) # This is a thread safe object to display web pages/forms related to # the oid server. I put it on a separate class to avoid blowing # the main class with html code. self.webpages = OidServerWebPages() # *** Should enable cherrypy session somewhere... sorry cherrypy.config.update({ 'tools.sessions.on': True, 'tools.sessions.storage_type': 'ram', #'tools.sessions.storage_type': "file", #'tools.sessions.storage_path': "/tmp/oidserver-sessions", 'tools.sessions.timeout': 60, 'tools.sessions.name': 'oidserver_sid' })
def openid(request): # NECESSARIAMENTE OS 3 TRECHOS DE CÓDIGO DEVEM ESTAR NESSA MESMA URL POIS O CONSUMIDOR FAZ A VERIFICACAO # SE A URL QUE O RESPONDER EH A MESMA URL A QUAL ELE FEZ REQUISICAO, ENTAO OS RENDERS ABAIXO NAO PODEM TROCAR DE URL endpoint_url = 'http://' + request.environ['HTTP_HOST'] + '/openid' oidserver = server.Server( FileOpenIDStore('/tmp/openid_session_store_server'), endpoint_url) # TRECHO 1 # NESSE TRECHO DE CODIGO SE CRIA A ASSOCIACAO NECESSARIA NA PRIMEIRA INTERACAO COM O SERVIDOR # ESTA ASSOCIACAO COMPOE O PARAMETRO ASSOC_HANDLE NO PRIMEIRO FORM MONTADO PELO CONSUMIDOR if 'openid.mode' in request.POST: if request.POST['openid.mode'] in [ 'associate', 'check_authentication' ]: oidrequest = oidserver.decodeRequest(request.POST) oidresponse = oidserver.handleRequest(oidrequest) webresponse = oidserver.encodeResponse(oidresponse) return HttpResponse(webresponse.body) # TRECHO 2 # CASO O USUARIO NAO ESTEJA LOGADO RENDERIZA A TELA DE LOGIN # DEPOIS REDIRECIONA DE VOLTA PARA ESSA MESMA URL QUE A TRATA NOVAMENTE if not request.session.get('username', False): request.session['save_post'] = request.POST return render(request, 'login.html', {'next': '/openid'}) # TRECHO 3 # NESSE TRECHO DE CODIGO O SERVIDOR ASSOCIA DADOS DO USUÁRIO NO OBJETO RESPONSE E MANDA AO CONSUMIDOR if request.session.get('save_post', False): saved_post_data = request.session['save_post'] del request.session['save_post'] else: saved_post_data = request.POST openid_request = oidserver.decodeRequest(saved_post_data) openid_response = openid_request.answer(True, identity=None) # addSRegResponse(openid_request, openid_response, request) # PROTOCOLO SREG addAttributeExchangeResponse(openid_request, openid_response, request) webresponse = oidserver.encodeResponse(openid_response) # MONTA A URL COM QUERY STRING PARA REDIRECIONAR OS DADOS PARA O CONSUMIDOR location = None for header, value in webresponse.headers.iteritems(): if header == 'location': location = value return redirect(location)
# The OpenID library expects single values (which is naive). This # class makes it work. class TornadoArgumentDecoder(server.Decoder): def decode(self, arguments): q = {} for key, values in arguments .items(): q[key] = values[0] return server.Decoder.decode(self, q) store = FileOpenIDStore("openid_data") SERVER_ENDPOINT = server_config.external_base_url + '/openid' USER_ID_PATH_PREFIX = "/openid/" USER_ID_BASE = server_config.external_base_url + USER_ID_PATH_PREFIX + "%s" OpenIDServer = server.Server(store, SERVER_ENDPOINT) OpenIDServer.decoder = TornadoArgumentDecoder(OpenIDServer) def quoteattr(s): """Helper function to escape and quote a value for inclusion in HTML. >>> quoteattr("a b < > & c d") '"a b < > & c d"' """ if s: qs = cgi.escape(s, 1) return '"%s"' % (qs,) else: return '""'
import urlparse import wsgiref.handlers from google.appengine.api import datastore from google.appengine.api import users from google.appengine.ext.webapp import template import webapp2 from openid.server import server as OpenIDServer import store # Set to True if stack traces should be shown in the browser, etc. _DEBUG = False # the global openid server instance oidserver = OpenIDServer.Server(store.DatastoreStore()) class Handler(webapp2.RequestHandler): """A base handler class with a couple OpenID-specific utilities.""" def ArgsToDict(self): """Converts the URL and POST parameters to a singly-valued dictionary. Returns: dict with the URL and POST body parameters """ req = self.request return dict([(arg, req.get(arg)) for arg in req.arguments()]) def HasCookie(self): """Returns True if we "remember" the user, False otherwise.
def get_server(): url = 'http://%s%s' % (Site.objects.get_current().domain, reverse('openid_endpoint')) return server.Server(DjangoidStore(), url)
def InitializeOpenId(): global oidserver oidserver = OpenIDServer.Server(store.DatastoreStore())
def __init__(self): store_loc = os.path.join(os.path.dirname(__file__), 'openid store') self.store = FileOpenIDStore(store_loc) self.openid = server.Server(self.store, self.endpoint_url)
from openid.server import server from djangoidstore import DjangoidStore from django.http import HttpResponse import settings #OpenID server instance, using a DjangoidStore object as container _openidserver = server.Server(DjangoidStore(), settings.BASE_URL) def convertToHttpResponse(response): #Convert an OpenID server response to a Django-compatible HttpResponse: #copy HTTP headers, and payload r = _openidserver.encodeResponse(response) ret = HttpResponse(r.body) for header, value in r.headers.iteritems(): ret[header] = value ret.status_code = r.code return ret def convertToOpenIDRequest(request): #Copy over all query (GET and POST) key-value pairs, so we can pass them to out OpenID server. #request.REQUEST.copy() seems not to work, as openidserver.decodeRequest seems to use some function #on the passed object that's not implemented in the copied object. query = {} for i in request.REQUEST.items(): query[i[0]] = i[1] try: return _openidserver.decodeRequest(query) except server.ProtocolError, why: raise
from openid.server import server as OpenIDServer from openid.message import Message from openid import sreg except ImportError, e: msg = ('Could not find the JanRain OpenId libraries in:\n' + '\n'.join(sys.path)) data['openid_error'] = msg return False # initialize the OpenID server global oidserver if not oidserver: try: store = FileOpenIDStore(config['datadir']) endpoint = config.get('openid_trigger', DEFAULT_TRIGGER) oidserver = OpenIDServer.Server(store, endpoint) except Exception: exception = traceback.format_exception(*sys.exc_info()) msg = 'Error initializing OpenID server:\n' + '\n'.join(exception) data['openid_error'] = msg return False return True def verify_installation(request): if not request.getConfiguration().has_key('openid_password'): print 'The openid_password config variable is not set.' return False return True
with open(os.path.join(PROJECT_ROOT, 'config.yml'), 'r') as fh: config = yaml.load(fh.read()) app = Flask(__name__, static_folder=os.path.join(PROJECT_ROOT, 'static'), static_url_path='/static') app.secret_key = os.environ.get('SESSION_KEY') store = FileOpenIDStore('sstore') if 'SERVER_NAME' in os.environ: base_url = os.environ['SERVER_NAME'] else: port = os.environ.get('PORT', '5000') base_url = 'http://localhost:' + port + '/' oidserver = server.Server(store, base_url + 'openidserver') if 'error_emails' in config and not app.debug: email_config = config['error_emails'] if 'EMAIL_PASSWORD' in os.environ: credentials = (os.environ['EMAIL_USERNAME'], os.environ['EMAIL_PASSWORD']) else: credentials = None mail_handler = SMTPHandler(email_config['host'], email_config['sender'], email_config['recipients'], 'Identity error', credentials) mail_handler.setLevel(logging.ERROR) mail_handler.setFormatter( logging.Formatter(''' Message type: %(levelname)s
def getServer(url_root): openidstore = SQLiteStore(sqlite3.connect('/tmp/cstore.db')) oserver = server.Server(openidstore, url_root + '/openidserver') return oserver
def __init__(self, *args, **kw): super(OpenID, self).__init__(*args, **kw) store = model.SamadhiStore() self.openid = server.Server(store, endpoint_url)
def handle(self): _ = self._ request = self.request form = request.values username = request.page.page_name if 'openid.user' in request.page.pi: username = request.page.pi['openid.user'] if not request.cfg.openid_server_enabled: # since we didn't put any openid.server into # the page to start with, this is someone trying # to abuse us. No need to give a nice error request.makeForbidden(403, '') return server_url = request.getQualifiedURL( request.page.url(request, querystr={'action': 'serveopenid'})) yadis_type = form.get('yadis') if yadis_type == 'ep': return self.serveYadisEP(server_url) elif yadis_type == 'idp': return self.serveYadisIDP(server_url) # if the identity is set it must match the server URL # sort of arbitrary, but we have to have some restriction identity = form.get('openid.identity') if identity == IDENTIFIER_SELECT: identity, server_url = self._make_identity() if not identity: return self._sorry_no_identity() username = request.user.name elif identity is not None: if not self._verify_endpoint_identity(identity): request.makeForbidden(403, 'verification failed') return if 'openid.user' in request.page.pi: username = request.page.pi['openid.user'] store = MoinOpenIDStore(request) openidsrv = server.Server(store, op_endpoint=server_url) answer = None if 'dontapprove' in form: answer = self.handle_response(False, username, identity) if answer is None: return elif form.has_key('approve'): answer = self.handle_response(True, username, identity) if answer is None: return else: query = {} for key in form: query[key] = form[key] try: openidreq = openidsrv.decodeRequest(query) except Exception, e: request.makeForbidden(403, 'OpenID decode error: %r' % e) return if openidreq is None: request.makeForbidden(403, 'no request') return if request.user.valid and username != request.user.name: answer = openidreq.answer(False, identity=identity, server_url=server_url) elif openidreq.mode in ["checkid_immediate", "checkid_setup"]: answer = self.handleCheckIDRequest(identity, username, openidreq, server_url) if answer is None: return else: answer = openidsrv.handleRequest(openidreq)
MY_HOST = 'icardea-server.lksdom21.lks.local' try: from mod_wsgi import version # Running as wsgi application! # we assume that this wsgi application has been already "mounted" # in the '/idp' sub dir in the Apache configuration file. server_base_url = 'https://%s/idp' % (MY_HOST,) idp_app = app idp_app.catchall = False except: PORT = 4545 server_base_url = 'https://%s/idp' % (MY_HOST, ) idp_app = bottle.default_app.push() idp_app.mount(app, '/idp') oserver = server.Server(FileOpenIDStore(os.path.join(APP_HOME, "openid_sessions")), server_base_url + '/openidserver') session_opts = { 'session.type': 'dbm', 'session.cookie_expires': 3600, 'session.data_dir': os.path.join(APP_HOME, 'sessions'), 'session.key': 'icardea_idp_sid', 'session.secret': COOKIE_SECRET, 'session.auto': True } application = SessionMiddleware(idp_app, session_opts) def run_standalone_server(): print """======================================================= iCARDEA OpenID Provider is about to launch... It will %s contact the Windows Domain Controller and Active Directory for authenticating local MS Windows users. Please change the STANDALONE