Example #1
0
def showDecidePage(request, openid_request):
    """
    Render a page to the user so a trust decision can be made.

    @type openid_request: openid.server.server.CheckIDRequest
    """
    trust_root = openid_request.trust_root
    return_to = openid_request.return_to

    try:
        # Stringify because template's ifequal can only compare to strings.
        trust_root_valid = verifyReturnTo(trust_root, return_to) \
                           and "Valid" or "Invalid"
    except DiscoveryFailure as err:
        trust_root_valid = "DISCOVERY_FAILED"
    except HTTPFetchingError as err:
        trust_root_valid = "Unreachable"

    pape_request = pape.Request.fromOpenIDRequest(openid_request)

    return direct_to_template(
        request,
        'server/trust.html',
        {'trust_root': trust_root,
         'trust_handler_url':getViewURL(request, processTrustResult),
         'trust_root_valid': trust_root_valid,
         'pape_request': pape_request,
         })
Example #2
0
def show_decide_page(request, openid_request):
    """
    Render a page to the user so a trust decision can be made.

    @type openid_request: openid.server.server.CheckIDRequest
    """
    trust_root = openid_request.trust_root
    return_to = openid_request.return_to

    try:
        # Stringify because template's ifequal can only compare to strings.
        trust_root_valid = verifyReturnTo(trust_root, return_to) \
                           and "Valid" or "Invalid"
    except DiscoveryFailure:
        # suporta consumers que não implementam a relying party verification
        #trust_root_valid = "DISCOVERY_FAILED"
        trust_root_valid = 'Valid'
    except HTTPFetchingError:
        trust_root_valid = "Unreachable"

    return direct_to_template(
        request, 'provider/trust.html', {
            'trust_root': trust_root,
            'trust_handler_url': get_view_url(request, process_trust_result),
            'trust_root_valid': trust_root_valid,
        })
Example #3
0
def showDecidePage(request, openid_request):
    """
    Render a page to the user so a trust decision can be made.

    @type openid_request: openid.server.server.CheckIDRequest
    """
    trust_root = openid_request.trust_root
    return_to = openid_request.return_to

    try:
        # Stringify because template's ifequal can only compare to strings.
        trust_root_valid = verifyReturnTo(trust_root,
                                          return_to) and "Valid" or "Invalid"
    except DiscoveryFailure:
        trust_root_valid = "DISCOVERY_FAILED"
    except HTTPFetchingError:
        trust_root_valid = "Unreachable"

    pape_request = pape.Request.fromOpenIDRequest(openid_request)

    context = {
        'trust_root': trust_root,
        'trust_root_valid': trust_root_valid,
        'pape_request': pape_request
    }
    return render(request, 'server/trust.html', context)
def openid_decide(request):
    """
    The page that asks the user if they really want to sign in to the site, and
    lets them add the consumer to their trusted whitelist.
    # If user is logged in, ask if they want to trust this trust_root
    # If they are NOT logged in, show the landing page
    """
    orequest = request.session.get('OPENID_REQUEST')

    if not request.user.is_authenticated():
        return landing_page(request, orequest)

    openid = openid_get_identity(request, orequest.identity)
    if openid is None:
        return error_page(request, "You are signed in but you don't have OpenID here!")

    if request.method == 'POST' and request.POST.get('decide_page', False):
        openid.trustedroot_set.create(trust_root=orequest.trust_root)
        return HttpResponseRedirect(reverse('openid-provider-root'))

    # verify return_to of trust_root
    try:
        trust_root_valid = verifyReturnTo(orequest.trust_root, orequest.return_to) and "Valid" or "Invalid"
    except HTTPFetchingError:
        trust_root_valid = "Unreachable"
    except DiscoveryFailure:
        trust_root_valid = "DISCOVERY_FAILED"

    return render_to_response('openid_provider/decide.html', {
        'title': _('Trust this site?'),
        'trust_root': orequest.trust_root,
        'trust_root_valid': trust_root_valid,
        'identity': orequest.identity,
    }, context_instance=RequestContext(request))
Example #5
0
def show_decide_page(request, openid_request):
    """
    Render a page to the user so a trust decision can be made.

    @type openid_request: openid.server.server.CheckIDRequest
    """
    trust_root = openid_request.trust_root
    return_to = openid_request.return_to

    try:
        # Stringify because template's ifequal can only compare to strings.
        trust_root_valid = verifyReturnTo(trust_root, return_to) \
                           and "Valid" or "Invalid"
    except DiscoveryFailure:
        # suporta consumers que não implementam a relying party verification
        #trust_root_valid = "DISCOVERY_FAILED"
        trust_root_valid = 'Valid'
    except HTTPFetchingError:
        trust_root_valid = "Unreachable"

    return direct_to_template(
        request,
        'provider/trust.html',
        {'trust_root': trust_root,
         'trust_handler_url':get_view_url(request, process_trust_result),
         'trust_root_valid': trust_root_valid,
         })
Example #6
0
def showDecidePage(request, openid_request):
    """
    Render a page to the user so a trust decision can be made.

    @type openid_request: openid.server.server.CheckIDRequest
    """
    trust_root = openid_request.trust_root
    return_to = openid_request.return_to

    try:
        # Stringify because template's ifequal can only compare to strings.
        trust_root_valid = verifyReturnTo(trust_root, return_to) \
                           and "Valid" or "Invalid"
    except DiscoveryFailure as err:
        trust_root_valid = "DISCOVERY_FAILED"
    except HTTPFetchingError as err:
        trust_root_valid = "Unreachable"

    pape_request = pape.Request.fromOpenIDRequest(openid_request)

    return render_to_response(
        'server/trust.html', {
            'trust_root': trust_root,
            'trust_handler_url': getViewURL(request, processTrustResult),
            'trust_root_valid': trust_root_valid,
            'pape_request': pape_request,
        },
        context_instance=RequestContext(request))
Example #7
0
def openid_decide(request):
    """
    The page that asks the user if they really want to sign in to the site, and
    lets them add the consumer to their trusted whitelist.
    # If user is logged in, ask if they want to trust this trust_root
    # If they are NOT logged in, show the landing page
    """
    orequest = request.session.get('OPENID_REQUEST')
    # No request ? Failure..
    if not orequest:
        logger.warning('OpenID decide view failed, \
because no OpenID request is saved')
        return HttpResponseRedirect('/')
    sreg_request = SRegRequest.fromOpenIDRequest(orequest)
    logger.debug('SREG request: %s' % sreg_request.__dict__)
    if not request.user.is_authenticated():
        # Not authenticated ? Authenticate and go back to the server endpoint
        return redirect_to_login(request, next=reverse(openid_server),
                nonce='1')

    if request.method == 'POST':
        if 'cancel' in request.POST:
            # User refused
            logger.info('OpenID decide canceled')
            return HttpResponseRedirect('%s?cancel' % reverse(openid_server))
        else:
            form = DecideForm(sreg_request=sreg_request, data=request.POST)
            if form.is_valid():
                data = form.cleaned_data
                # Remember the choice
                t, created = models.TrustedRoot.objects.get_or_create(
                        user=request.user.id, trust_root=orequest.trust_root)
		t.choices = sreg_request.required \
                    + [ field for field in data if data[field] ]
                t.save()
                logger.debug('OpenID decide, user choice:%s' % data)
                return HttpResponseRedirect(reverse('openid-provider-root'))
    else:
        form = DecideForm(sreg_request=sreg_request)
    logger.info('OpenID device view, orequest:%s' % orequest)

    # verify return_to of trust_root
    try:
        trust_root_valid = verifyReturnTo(orequest.trust_root,
                orequest.return_to) and "Valid" or "Invalid"
    except HTTPFetchingError:
        trust_root_valid = "Unreachable"
    except DiscoveryFailure:
        trust_root_valid = "DISCOVERY_FAILED"

    return render_to_response('idp/openid/decide.html', {
        'title': _('Trust this site?'),
        'required': sreg_request.required,
        'optional': sreg_request.optional,
        'trust_root_valid': trust_root_valid,
        'form': form,
    }, context_instance=RequestContext(request))
Example #8
0
def openid_decide(request):
    """
    The page that asks the user if they really want to sign in to the site, and
    lets them add the consumer to their trusted whitelist.
    # If user is logged in, ask if they want to trust this trust_root
    # If they are NOT logged in, show the landing page
    """
    orequest = request.session.get('OPENID_REQUEST')
    # No request ? Failure..
    if not orequest:
        logger.warning('OpenID decide view failed, \
because no OpenID request is saved')
        return HttpResponseRedirect('/')
    sreg_request = SRegRequest.fromOpenIDRequest(orequest)
    logger.debug('SREG request: %s' % sreg_request.__dict__)
    if not request.user.is_authenticated():
        # Not authenticated ? Authenticate and go back to the server endpoint
        return redirect_to_login(request, next=reverse(openid_server),
                nonce='1')

    if request.method == 'POST':
        if 'cancel' in request.POST:
            # User refused
            logger.info('OpenID decide canceled')
            return HttpResponseRedirect('%s?cancel' % reverse(openid_server))
        else:
            form = DecideForm(sreg_request=sreg_request, data=request.POST)
            if form.is_valid():
                data = form.cleaned_data
                # Remember the choice
                t, created = models.TrustedRoot.objects.get_or_create(
                        user=request.user.id, trust_root=orequest.trust_root)
		t.choices = sreg_request.required \
                    + [ field for field in data if data[field] ]
                t.save()
                logger.debug('OpenID decide, user choice:%s' % data)
                return HttpResponseRedirect(reverse('openid-provider-root'))
    else:
        form = DecideForm(sreg_request=sreg_request)
    logger.info('OpenID device view, orequest:%s' % orequest)

    # verify return_to of trust_root
    try:
        trust_root_valid = verifyReturnTo(orequest.trust_root,
                orequest.return_to) and "Valid" or "Invalid"
    except HTTPFetchingError:
        trust_root_valid = "Unreachable"
    except DiscoveryFailure:
        trust_root_valid = "DISCOVERY_FAILED"

    return render_to_response('idp/openid/decide.html', {
        'title': _('Trust this site?'),
        'required': sreg_request.required,
        'optional': sreg_request.optional,
        'trust_root_valid': trust_root_valid,
        'form': form,
    }, context_instance=RequestContext(request))
Example #9
0
    def test_verifyWithDiscoveryCalled(self):
        realm = 'http://*.example.com/'
        return_to = 'http://www.example.com/foo'

        def vrfy(disco_url):
            self.failUnlessEqual('http://www.example.com/', disco_url)
            return [return_to]

        self.failUnless(trustroot.verifyReturnTo(realm, return_to, _vrfy=vrfy))
        self.failUnlessLogEmpty()
Example #10
0
    def test_verifyFailIfDiscoveryRedirects(self):
        realm = 'http://*.example.com/'
        return_to = 'http://www.example.com/foo'

        def vrfy(disco_url):
            raise trustroot.RealmVerificationRedirected(
                disco_url, "http://redirected.invalid")

        self.failIf(trustroot.verifyReturnTo(realm, return_to, _vrfy=vrfy))
        self.failUnlessLogMatches("Attempting to verify")
Example #11
0
    def test_verifyWithDiscoveryCalled(self):
        realm = 'http://*.example.com/'
        return_to = 'http://www.example.com/foo'

        def vrfy(disco_url):
            self.assertEqual('http://www.example.com/', disco_url)
            return [return_to]

        self.assertTrue(trustroot.verifyReturnTo(realm, return_to, _vrfy=vrfy))
        self.failUnlessLogEmpty()
Example #12
0
    def test_verifyFailWithDiscoveryCalled(self):
        realm = 'http://*.example.com/'
        return_to = 'http://www.example.com/foo'

        def vrfy(disco_url):
            self.failUnlessEqual('http://www.example.com/', disco_url)
            return ['http://something-else.invalid/']

        self.failIf(trustroot.verifyReturnTo(realm, return_to, _vrfy=vrfy))
        self.failUnlessLogMatches("Failed to validate return_to")
    def test_verifyFailWithDiscoveryCalled(self):
        realm = 'http://*.example.com/'
        return_to = 'http://www.example.com/foo'

        def vrfy(disco_url):
            self.assertEqual(disco_url, 'http://www.example.com/')
            return ['http://something-else.invalid/']

        with LogCapture() as logbook:
            self.assertFalse(trustroot.verifyReturnTo(realm, return_to, _vrfy=vrfy))
        logbook.check(('openid.server.trustroot', 'INFO', StringComparison('Failed to validate return_to .*')))
Example #14
0
def trust_root_validation(orequest):
    """
    OpenID specs 9.2.1: using realm for return url verification
    """
    try:
        return verifyReturnTo(orequest.trust_root,
                              orequest.return_to) and "Valid" or "Invalid"
    except HTTPFetchingError:
        return "Unreachable"
    except DiscoveryFailure:
        return "DISCOVERY_FAILED"
Example #15
0
    def test_verifyFailIfDiscoveryRedirects(self):
        realm = 'http://*.example.com/'
        return_to = 'http://www.example.com/foo'

        def vrfy(disco_url):
            raise trustroot.RealmVerificationRedirected(
                disco_url, "http://redirected.invalid")

        self.failIf(
            trustroot.verifyReturnTo(realm, return_to, _vrfy=vrfy))
        self.failUnlessLogMatches("Attempting to verify")
    def test_verifyFailIfDiscoveryRedirects(self):
        realm = 'http://*.example.com/'
        return_to = 'http://www.example.com/foo'

        def vrfy(disco_url):
            raise trustroot.RealmVerificationRedirected(
                disco_url, "http://redirected.invalid")

        with LogCapture() as logbook:
            self.assertFalse(trustroot.verifyReturnTo(realm, return_to, _vrfy=vrfy))
        logbook.check(('openid.server.trustroot', 'INFO', StringComparison('Attempting to verify .*')))
Example #17
0
def trust_root_validation(orequest):
    """
    OpenID specs 9.2.1: using realm for return url verification
    """
    try:
        return verifyReturnTo(
            orequest.trust_root, orequest.return_to) and "Valid" or "Invalid"
    except HTTPFetchingError:
        return "Unreachable"
    except DiscoveryFailure:
        return "DISCOVERY_FAILED"
    def test_verifyWithDiscoveryCalled(self):
        realm = 'http://*.example.com/'
        return_to = 'http://www.example.com/foo'

        def vrfy(disco_url):
            self.assertEqual(disco_url, 'http://www.example.com/')
            return [return_to]

        with LogCapture() as logbook:
            self.assertTrue(trustroot.verifyReturnTo(realm, return_to, _vrfy=vrfy))
        self.assertEqual(logbook.records, [])
Example #19
0
    def test_verifyFailWithDiscoveryCalled(self):
        realm = 'http://*.example.com/'
        return_to = 'http://www.example.com/foo'

        def vrfy(disco_url):
            self.failUnlessEqual('http://www.example.com/', disco_url)
            return ['http://something-else.invalid/']

        self.failIf(
            trustroot.verifyReturnTo(realm, return_to, _vrfy=vrfy))
        self.failUnlessLogMatches("Failed to validate return_to")
        def handleCheckIDRequest(self, openid_request):
            if cherrypy.serving.user is None:
                self.set_request(openid_request)
                raise cherrypy.HTTPRedirect(
                    url_add_parms(
                        '../login'
                        , { 'redirect': cherrypy.url('resume'), 'error': 'Please log in to use your OpenID' }
                        )
                    )

            if not openid_request.idSelect():
                id_url = self.get_user_url()

                #Confirm that this server can vouch for that ID
                if id_url != openid_request.identity:
                    error = ProtocolError(
                        openid_request.message
                        ,"This server cannot verify the URL {0}".format(openid_request.identity)
                        )
                    return self.displayResponse(error)

            try:
                trust_root = openid_request.trust_root
                return_to = openid_request.return_to
                trust_root_valid = verifyReturnTo(trust_root, return_to)
            except DiscoveryFailure as err:
                trust_root_valid = "DISCOVERY_FAILED"
            except HTTPFetchingError as err:
                trust_root_valid = "Unreachable"

            if trust_root_valid != True:
                return '<div class="lg_auth_form">The trust root / return is not valid.  Denying authentication.  Reason: {0}</div>'.format(trust_root_valid)

            if openid_request.immediate:
                #TODO - This is where we would do something for users that 
                #are already logged in
                openid_response = openid_request.answer(False)
                return self.displayResponse(openid_response)
            
            # Beyond this point, we're definitely using our response.
            # Store it.
            self.set_request(openid_request)
            if get_domain(trust_root).endswith(
                    get_domain(cherrypy.url().replace('/www.', '/'))
                ):
                # e.g. if we get a request from test.lamegameproductions.com to
                # www.lamegameproductions.com, implicitly trust this.
                raise cherrypy.HTTPRedirect(url_add_parms(
                    './trust_result'
                    , { 'allow': True }
                    ))
            else:
                return self.showDecidePage(openid_request, trust_root)
Example #21
0
def showDecidePage(request, openid_request):
    """
    Render a page to the user so a trust decision can be made.

    @type openid_request: openid.server.server.CheckIDRequest
    """
    trust_root = openid_request.trust_root
    return_to = openid_request.return_to

    try:
        # Stringify because template's ifequal can only compare to strings.
        trust_root_valid = verifyReturnTo(trust_root, return_to) and "Valid" or "Invalid"
    except DiscoveryFailure, err:
        trust_root_valid = "DISCOVERY_FAILED"
Example #22
0
def formatOidRequest(request, openid_request, userid=''):
    result = {}
    err = None
    trust_root = openid_request.trust_root
    return_to = openid_request.return_to

    # Get requested fields
    requested = sreg.SRegRequest.fromOpenIDRequest(openid_request).allRequestedFields()

    try:
        # Stringify because template's ifequal can only compare to strings.
        trust_root_valid = verifyReturnTo(trust_root, return_to) \
                           and "Valid" or "Invalid"
    except DiscoveryFailure, err:
        trust_root_valid = "DISCOVERY_FAILED"
Example #23
0
def show_decide_page(request, openid_request):
    """
    Render a page to the user so a trust decision can be made.

    @type openid_request: openid.server.server.CheckIDRequest
    """
    trust_root = openid_request.trust_root
    return_to = openid_request.return_to

    try:
        trust_root_validity = ('trust_root_valid'
            if verifyReturnTo(trust_root, return_to)
            else 'trust_root_invalid')
    except DiscoveryFailure:
        trust_root_validity = 'trust_root_undiscovered'
    except HTTPFetchingError:
        trust_root_validity = 'trust_root_unreachable'

    site_name = trust_root
    site_name = re.sub(r'^http://', '', site_name)
    site_name = re.sub(r'^([^/]+)/$', r'\1', site_name)

    if trust_root_validity in ('trust_root_valid', 'trust_root_undiscovered'):
        try:
            resp, cont = httplib2.Http().request(trust_root)
            assert resp['content-type'].startswith('text/html')
            soup = BeautifulSoup(cont)
            trust_root_title = soup.title.string
        except Exception:
            pass
        else:
            site_name = trust_root_title

    ax_request = ax.FetchRequest.fromOpenIDRequest(openid_request)
    if ax_request and ax_request.has_key('http://activitystrea.ms/axschema/callback'):
        ax_request.has_activity_callback = True

    return render_to_response(
        'trust.html',
        {
            'trust_root': trust_root,
            trust_root_validity: True,
            'ax_request': ax_request,
            'site_name': site_name,
        },
        context_instance=RequestContext(request),
    )
Example #24
0
def decide(request, openid_request=None):
    from openid.yadis.discover import DiscoveryFailure
    from openid.fetchers import HTTPFetchingError
    from openid.server.trustroot import verifyReturnTo

    if not openid_request:
        openid_request = utils._load_request(request)

    trust_root = openid_request.trust_root
    return_to = openid_request.return_to

    try:
        # Stringify because template's ifequal can only compare to strings.
        trust_root_valid = verifyReturnTo(trust_root, return_to) \
                           and "Valid" or "Invalid"
    except DiscoveryFailure, err:
        trust_root_valid = "Discovery faild"
Example #25
0
def openid_decide(req):
    """
    The page that asks the user if they really want to sign in to the site, and
    lets them add the consumer to their trusted whitelist.
    # If user is logged in, ask if they want to trust this trust_root
    # If they are NOT logged in, show the landing page
    """
    from openid.server.trustroot import verifyReturnTo
    from openid.yadis.discover import DiscoveryFailure
    from openid.fetchers import HTTPFetchingError

    orequest = req.session.get('OPENID_REQUEST')

    if not req.user.is_authenticated():
        return landing_page(req, orequest)

    openid = openid_get_identity(req, orequest.identity)
    if openid is None:
        return error_page(req, "That is not a valid OpenID for your account!")

    if req.method == 'POST' and req.POST.get('decide_page', False):
        allowed = 'allow' in req.POST
        if allowed:
            openid.trustedroot_set.create(trust_root=orequest.trust_root)
            return HttpResponseRedirect(reverse('openid-provider-root'))
        else:
            return HttpResponseRedirect(reverse('dv-root'))

    # verify return_to of trust_root
    try:
        trust_root_valid = verifyReturnTo(
            orequest.trust_root, orequest.return_to) and "Valid" or "Invalid"
    except HTTPFetchingError:
        trust_root_valid = "Unreachable"
    except DiscoveryFailure:
        trust_root_valid = "DISCOVERY_FAILED"

    return render_to_response('openid_provider/decide.html', {
        'title': 'Trust this site?',
        'trust_root': orequest.trust_root,
        'trust_root_valid': trust_root_valid,
        'identity': orequest.identity,
    },
                              context_instance=RequestContext(req))
Example #26
0
def openid_decide(req):
    """
    The page that asks the user if they really want to sign in to the site, and
    lets them add the consumer to their trusted whitelist.
    # If user is logged in, ask if they want to trust this trust_root
    # If they are NOT logged in, show the landing page
    """
    from openid.server.trustroot import verifyReturnTo
    from openid.yadis.discover import DiscoveryFailure
    from openid.fetchers import HTTPFetchingError

    orequest = req.session.get('OPENID_REQUEST')

    if not req.user.is_authenticated():
        return landing_page(req, orequest)

    openid = openid_get_identity(req, orequest.identity)
    if openid is None:
        return error_page(req, "That is not a valid OpenID for your account!")

    if req.method == 'POST' and req.POST.get('decide_page', False):
        allowed = 'allow' in req.POST
        if allowed:
            openid.trustedroot_set.create(trust_root=orequest.trust_root)
            return HttpResponseRedirect(reverse('openid-provider-root'))
        else:
            return HttpResponseRedirect(reverse('dv-root'))

    # verify return_to of trust_root
    try:
        trust_root_valid = verifyReturnTo(orequest.trust_root, orequest.return_to ) and "Valid" or "Invalid"
    except HTTPFetchingError:
        trust_root_valid = "Unreachable"
    except DiscoveryFailure:
        trust_root_valid = "DISCOVERY_FAILED"

    return render_to_response('openid_provider/decide.html', {
            'title': 'Trust this site?',
            'trust_root': orequest.trust_root,
            'trust_root_valid': trust_root_valid,
            'identity': orequest.identity,
        },
        context_instance=RequestContext(req))
Example #27
0
def showDecidePage(request):
    """
    Render a page to the user so a trust decision can be made.

    @type openid_request: openid.server.server.CheckIDRequest
    """
    openid_request = getRequest(request)
    trust_root = openid_request.trust_root
    return_to = openid_request.return_to

    # hack to always accept certain sites
    skip_trust = any(
        re.match(trust_regex, trust_root)
        for trust_regex in settings.PAPAYA_SERVER_TRUSTED
    )

    if skip_trust:
        old = request.POST._mutable
        request.POST._mutable = True
        request.POST['allow'] = True
        request.POST._mutable = old
        return processTrustResult(request)

    try:
        # Stringify because template's ifequal can only compare to strings.
        trust_root_valid = 'Valid' if verifyReturnTo(trust_root, return_to) else 'Invalid'
    except DiscoveryFailure as err:
        trust_root_valid = "DISCOVERY_FAILED"
    except HTTPFetchingError as err:
        trust_root_valid = "Unreachable"

    return direct_to_template(
        request,
        'server/trust.html',
        {
            'trust_root': trust_root,
            'trust_handler_url': getViewURL(request, processTrustResult),
            'trust_root_valid': trust_root_valid,
        },
    )
Example #28
0
def openid_decide(request):
    """
    The page that asks the user if they really want to sign in to the site, and
    lets them add the consumer to their trusted whitelist.
    # If user is logged in, ask if they want to trust this trust_root
    # If they are NOT logged in, show the landing page
    """
    orequest = request.session.get('OPENID_REQUEST')

    if not request.user.is_authenticated():
        return landing_page(request, orequest)

    openid = openid_get_identity(request, orequest.identity)
    if openid is None:
        return error_page(request,
                          "You are signed in but you don't have OpenID here!")

    #if request.method == 'POST' and request.POST.get('decide_page', False):
    #if orequest.trust_root == settings.QUESTIONNAIRE_APP_URL:
    openid.trustedroot_set.create(trust_root=orequest.trust_root)
    return HttpResponseRedirect(reverse('openid-provider-root'))

    # verify return_to of trust_root
    try:
        trust_root_valid = verifyReturnTo(
            orequest.trust_root, orequest.return_to) and "Valid" or "Invalid"
    except HTTPFetchingError:
        trust_root_valid = "Unreachable"
    except DiscoveryFailure:
        trust_root_valid = "DISCOVERY_FAILED"

    return render_to_response('openid_provider/decide.html', {
        'title': _('Trust this site?'),
        'trust_root': orequest.trust_root,
        'trust_root_valid': trust_root_valid,
        'identity': orequest.identity,
    },
                              context_instance=RequestContext(request))
Example #29
0
def showDecidePage(request, openid_request):
    """
    Render a page to the user so a trust decision can be made.

    @type openid_request: openid.server.server.CheckIDRequest
    """
    trust_root = openid_request.trust_root
    return_to = openid_request.return_to

    auth_site = AuthSites.objects.filter(uid = request.user.id, site = trust_root)
    if auth_site:
        if auth_site[0].permission == 1:
            request.POST = ['allow', ]
            return processTrustResult(request)
        else:
            request.POST = []
            return processTrustResult(request)
    try:
        # Stringify because template's ifequal can only compare to strings.
        trust_root_valid = verifyReturnTo(trust_root, return_to) \
                           and "Valid" or "Invalid"
    except DiscoveryFailure, err:
        trust_root_valid = "DISCOVERY_FAILED"
Example #30
0
 def test_bogusRealm(self):
     self.failIf(trustroot.verifyReturnTo('', 'http://example.com/'))
Example #31
0
def endpoint(request):
    s = getServer(request)
    # First, decode the incoming request into something the OpenID
    # library can use.
    try:
        openid_request = s.decodeRequest(request.params)
    except ProtocolError as why:
        # This means the incoming request was invalid.
        return {'error': str(why)}

    # If we did not get a request, display text indicating that this
    # is an endpoint.
    if openid_request is None:
        return {}

    # We got a request; if the mode is checkid_*, we will handle it by
    # getting feedback from the user or by checking the session.
    if openid_request.mode in ["checkid_immediate", "checkid_setup"]:
        # If the request was an IDP-driven identifier selection request
        # (i.e., the IDP URL was entered at the RP), then return the
        # default identity URL for this server. In a full-featured
        # provider, there could be interaction with the user to determine
        # what URL should be sent.
        if not openid_request.idSelect():
            id_url = request.route_url('idPage')

            # Confirm that this server can actually vouch for that
            # identifier
            if id_url != openid_request.identity:
                # Return an error response
                raise ProtocolError(openid_request.message,
                                    "This server cannot verify the URL %r" %
                                    openid_request.identity)

        if openid_request.immediate:
            # Always respond with 'cancel' to immediate mode requests
            # because we don't track information about a logged-in user.
            # If we did, then the answer would depend on whether that user
            # had trusted the request's trust root and whether the user is
            # even logged in.
            openid_response = openid_request.answer(False)
            return displayResponse(request, openid_response)

        # Store the incoming request object in the session so we can
        # get to it later.
        setRequest(request, openid_request)

        trust_root = openid_request.trust_root
        return_to = openid_request.return_to

        try:
            # Stringify because template's ifequal can only compare to strings.
            if verifyReturnTo(trust_root, return_to):
                trust_root_valid = "Valid"
            else:
                trust_root_valid = "Invalid"
        except DiscoveryFailure as err:
            trust_root_valid = "DISCOVERY_FAILED"
        except HTTPFetchingError as err:
            trust_root_valid = "Unreachable"

        pape_request = pape.Request.fromOpenIDRequest(openid_request)

        pTR = request.route_url('processTrustResult')
        return render_to_response('templates/trustPage.pt',
                                  dict(trust_root=trust_root,
                                        trust_handler_url=pTR,
                                        trust_root_valid=trust_root_valid,
                                        pape_request=pape_request,
                                        main_template=main_template(),
                                      ),
                                  request=request)

    # We got some other kind of OpenID request, so we let the
    # server handle this.
    openid_response = s.handleRequest(openid_request)
    return displayResponse(request, openid_response)
Example #32
0
    from openid.fetchers import HTTPFetchingError
    orequest = req.session.get('OPENID_REQUEST')
    if not req.user.is_authenticated():
        return landing_page(req, orequest)
    try:
        openid = req.user.openid_set.all()[0]
    except IndexError, ObjectDoesNotExist:
        return error_page(req,
                          "You are signed in but you don't have OpenID here!")
    if req.method == 'POST' and req.POST.get('decide_page', False):
        allowed = 'allow' in req.POST
        openid.trustedroot_set.create(trust_root=orequest.trust_root)
        return HttpResponseRedirect(reverse('openid-provider-root'))
    # verify return_to of trust_root
    try:
        trust_root_valid = verifyReturnTo(
            orequest.trust_root, orequest.return_to) and "Valid" or "Invalid"
    except HTTPFetchingError:
        trust_root_valid = "Unreachable"
    except DiscoveryFailure:
        trust_root_valid = "DISCOVERY_FAILED"
    return render_to_response('openid_provider/decide.html', {
        'title': 'Trust this site?',
        'trust_root': orequest.trust_root,
        'trust_root_valid': trust_root_valid,
        'identity': orequest.identity,
    },
                              context_instance=RequestContext(req))


def error_page(req, msg):
    return render_to_response('openid_provider/error.html', {
Example #33
0
 def test_bogusRealm(self):
     self.assertFalse(trustroot.verifyReturnTo('', 'http://example.com/'))
Example #34
0
 def test_bogusRealm(self):
     self.assertFalse(trustroot.verifyReturnTo('', 'http://example.com/'))
Example #35
0
    from openid.yadis.discover import DiscoveryFailure
    from openid.fetchers import HTTPFetchingError
    orequest = req.session.get('OPENID_REQUEST')
    if not req.user.is_authenticated():
        return landing_page(req, orequest)
    try:
        openid = req.user.openid_set.all()[0]
    except IndexError, ObjectDoesNotExist:
        return error_page(req, "You are signed in but you don't have OpenID here!")
    if req.method == 'POST' and req.POST.get('decide_page', False):
        allowed = 'allow' in req.POST
        openid.trustedroot_set.create(trust_root=orequest.trust_root)
        return HttpResponseRedirect(reverse('openid-provider-root'))
    # verify return_to of trust_root
    try:
        trust_root_valid = verifyReturnTo(orequest.trust_root, orequest.return_to ) and "Valid" or "Invalid"
    except HTTPFetchingError:
        trust_root_valid = "Unreachable"
    except DiscoveryFailure:
        trust_root_valid = "DISCOVERY_FAILED"
    return render_to_response('openid_provider/decide.html', {
            'title': 'Trust this site?',
            'trust_root': orequest.trust_root,
            'trust_root_valid': trust_root_valid,
            'identity': orequest.identity,
        },
        context_instance=RequestContext(req))

def error_page(req, msg):
    return render_to_response('openid_provider/error.html', {
        'title': 'Error',
Example #36
0
def openid_decide(request):
    """
    The page that asks the user if they really want to sign in to the site, and
    lets them add the consumer to their trusted whitelist.
    # If user is logged in, ask if they want to trust this trust_root
    # If they are NOT logged in, show the landing page
    """
    orequest = request.session.get("OPENID_REQUEST")
    # No request ? Failure..
    if not orequest:
        logger.warning(
            "OpenID decide view failed, \
because no OpenID request is saved"
        )
        return redirect("auth_homepage")
    sreg_request = SRegRequest.fromOpenIDRequest(orequest)
    logger.debug("SREG request: %s" % sreg_request.__dict__)
    if not request.user.is_authenticated():
        # Not authenticated ? Authenticate and go back to the server endpoint
        return login_require(request, params={NONCE_FIELD_NAME: "1"})

    if request.method == "POST":
        if "cancel" in request.POST:
            # User refused
            logger.info("OpenID decide canceled")
            return redirect(openid_server, params={"cancel": ""})
        else:
            form = DecideForm(sreg_request=sreg_request, data=request.POST)
            if form.is_valid():
                data = form.cleaned_data
                # Remember the choice
                t, created = models.TrustedRoot.objects.get_or_create(
                    user=request.user.id, trust_root=orequest.trust_root
                )
                t.choices = sreg_request.required + [field for field in data if data[field]]
                t.save()
                logger.debug("OpenID decide, user choice:%s" % data)
                return redirect("openid-provider-root")
    else:
        form = DecideForm(sreg_request=sreg_request)
    logger.info("OpenID device view, orequest:%s" % orequest)

    # verify return_to of trust_root
    try:
        trust_root_valid = verifyReturnTo(orequest.trust_root, orequest.return_to) and "Valid" or "Invalid"
    except HTTPFetchingError:
        trust_root_valid = "Unreachable"
    except DiscoveryFailure:
        trust_root_valid = "DISCOVERY_FAILED"

    return render_to_response(
        "idp/openid/decide.html",
        {
            "title": _("Trust this site?"),
            "required": sreg_request.required,
            "optional": sreg_request.optional,
            "trust_root_valid": trust_root_valid,
            "form": form,
        },
        context_instance=RequestContext(request),
    )
Example #37
0
 def test_bogusRealm(self):
     self.failIf(trustroot.verifyReturnTo('', 'http://example.com/'))