def clean_openid_identifier(self):
if 'openid_identifier' in self.cleaned_data:
openid_identifier = self.cleaned_data['openid_identifier']
if (xri.identifierScheme(openid_identifier) == 'XRI'
and conf.DISALLOW_INAMES):
raise forms.ValidationError(_('i-names are not supported'))
return self.cleaned_data['openid_identifier']
def __init__(self, openid_, issued, attrs=None, sreg_=None, ax_resp={}):
self.openid = openid_
self.issued = issued
self.attrs = attrs or {}
self.sreg = sreg_ or {}
self.ax_resp = ax_resp or {}
self.is_iname = (xri.identifierScheme(openid_) == 'XRI')
def clean_openid_url(self):
""" test if openid is accepted """
if "openid_url" in self.cleaned_data:
openid_url = self.cleaned_data["openid_url"]
if xri.identifierScheme(openid_url) == "XRI" and getattr(settings, "OPENID_DISALLOW_INAMES", False):
raise forms.ValidationError(_("i-names are not supported"))
return self.cleaned_data["openid_url"]
def clean_openid_identifier(self):
if 'openid_identifier' in self.cleaned_data:
openid_identifier = self.cleaned_data['openid_identifier']
if xri.identifierScheme(openid_identifier) == 'XRI' and getattr(
settings, 'OPENID_DISALLOW_INAMES', False):
raise forms.ValidationError(_('i-names are not supported'))
return self.cleaned_data['openid_identifier']
def __init__(self, openid_, issued, attrs=None, sreg_=None):
logging.debug('init janrain openid object')
self.openid = openid_
self.issued = issued
self.attrs = attrs or {}
self.sreg = sreg_ or {}
self.is_iname = (xri.identifierScheme(openid_) == 'XRI')
def ask_openid(request, openid_url, redirect_to, on_failure=None,
sreg_request=None):
""" basic function to ask openid and return response """
on_failure = on_failure or signin_failure
trust_root = getattr(
settings, 'OPENID_TRUST_ROOT', get_url_host(request) + '/'
)
if xri.identifierScheme(openid_url) == 'XRI' and getattr(
settings, 'OPENID_DISALLOW_INAMES', False
):
msg = _("i-names are not supported")
return on_failure(request, msg)
consumer = Consumer(request.session, DjangoOpenIDStore())
try:
auth_request = consumer.begin(openid_url)
except DiscoveryFailure:
msg = _("The OpenID %s was invalid" % openid_url)
return on_failure(request, msg)
if sreg_request:
auth_request.addExtension(sreg_request)
redirect_url = auth_request.redirectURL(trust_root, redirect_to)
return HttpResponseRedirect(redirect_url)
def __init__(self, openid, issued, attrs=None, sreg_=None, ax_=None):
self.openid = openid
self.issued = issued
self.attrs = attrs or {}
self.sreg = sreg_ or {}
self.ax = ax_ or {}
self.is_iname = (xri.identifierScheme(openid) == 'XRI')
def ask_openid(request, openid_url=None, next_url=None, on_failure=None):
""" basic function to ask openid and return response """
on_failure = on_failure or signin_failure
sreg_request = sreg.SRegRequest(optional=["nickname", "email"])
trust_root = getattr(settings, "OPENID_TRUST_ROOT", get_url_host(request) + "/")
if xri.identifierScheme(openid_url) == "XRI" and getattr(settings, "OPENID_DISALLOW_INAMES", False):
msg = _("i-names are not supported")
logging.debug("openid failed because i-names are not supported")
return on_failure(request, msg)
consumer = Consumer(request.session, util.DjangoOpenIDStore())
try:
auth_request = consumer.begin(openid_url)
except DiscoveryFailure:
msg = _(u"OpenID %(openid_url)s is invalid" % {"openid_url": openid_url})
logging.debug(msg)
return on_failure(request, msg)
logging.debug("openid seemed to work")
if sreg_request:
logging.debug("adding sreg_request - wtf it is?")
auth_request.addExtension(sreg_request)
redirect_to = "%s%s?%s" % (
get_url_host(request),
reverse("user_complete_openid_signin"),
urllib.urlencode({"next": next_url}),
)
redirect_url = auth_request.redirectURL(trust_root, redirect_to)
logging.debug("redirecting to %s" % redirect_url)
return HttpResponseRedirect(redirect_url)
def clean_openid_identifier(self):
if 'openid_identifier' in self.cleaned_data:
openid_identifier = self.cleaned_data['openid_identifier']
if (xri.identifierScheme(openid_identifier) == 'XRI' and
getattr(settings, 'OPENID_DISALLOW_INAMES', False)):
raise forms.ValidationError(_('i-names are not supported'))
return self.cleaned_data['openid_identifier']
def ask_openid(
request,
openid_url,
redirect_to,
on_failure=None,
sreg_request=None
):
""" basic function to ask openid and return response """
on_failure = on_failure or signin_failure
trust_root = getattr(
settings, 'OPENID_TRUST_ROOT', get_url_host(request) + '/'
)
if xri.identifierScheme(openid_url) == 'XRI' and getattr(
settings, 'OPENID_DISALLOW_INAMES', False
):
msg = _("i-names are not supported")
logging.debug('openid failed because i-names are not supported')
return on_failure(request, msg)
consumer = Consumer(request.session, util.DjangoOpenIDStore())
try:
auth_request = consumer.begin(openid_url)
except DiscoveryFailure:
msg = _(u"OpenID %(openid_url)s is invalid" % {'openid_url':openid_url})
logging.debug(msg)
return on_failure(request, msg)
logging.debug('openid seemed to work')
if sreg_request:
logging.debug('adding sreg_request - wtf it is?')
auth_request.addExtension(sreg_request)
redirect_url = auth_request.redirectURL(trust_root, redirect_to)
logging.debug('redirecting to %s' % redirect_url)
return HttpResponseRedirect(redirect_url)
def clean_openid_identifier(self):
if 'openid_identifier' in self.cleaned_data:
openid_identifier = self.cleaned_data['openid_identifier']
if (xri.identifierScheme(openid_identifier) == 'XRI'
and conf.DISALLOW_INAMES):
raise forms.ValidationError(_('i-names are not supported'))
return self.cleaned_data['openid_identifier']
def ask_openid(request,
openid_url,
redirect_to,
on_failure=None,
sreg_request=None):
""" basic function to ask openid and return response """
request.encoding = 'UTF-8'
on_failure = on_failure or signin_failure
trust_root = getattr(settings, 'OPENID_TRUST_ROOT',
get_url_host(request) + '/')
if xri.identifierScheme(openid_url) == 'XRI' and getattr(
settings, 'OPENID_DISALLOW_INAMES', False):
msg = _("i-names are not supported")
return on_failure(request, msg)
consumer = Consumer(request.session, DjangoOpenIDStore())
try:
auth_request = consumer.begin(openid_url)
except DiscoveryFailure:
msg = _(u"OpenID %(openid_url)s is invalid" %
{'openid_url': openid_url})
return on_failure(request, msg)
if sreg_request:
auth_request.addExtension(sreg_request)
redirect_url = auth_request.redirectURL(trust_root, redirect_to)
return HttpResponseRedirect(redirect_url)
def ask_openid(request,
openid_url,
redirect_to,
on_failure=None,
sreg_request=None):
""" basic function to ask openid and return response """
on_failure = on_failure or signin_failure
trust_root = getattr(settings, 'OPENID_TRUST_ROOT',
get_url_host(request) + '/')
if xri.identifierScheme(openid_url) == 'XRI' and getattr(
settings, 'OPENID_DISALLOW_INAMES', False):
msg = _("i-names are not supported")
logging.debug('openid failed because i-names are not supported')
return on_failure(request, msg)
consumer = Consumer(request.session, util.DjangoOpenIDStore())
try:
auth_request = consumer.begin(openid_url)
except DiscoveryFailure:
msg = _(u"OpenID %(openid_url)s is invalid" %
{'openid_url': openid_url})
logging.debug(msg)
return on_failure(request, msg)
logging.debug('openid seemed to work')
if sreg_request:
logging.debug('adding sreg_request - wtf it is?')
auth_request.addExtension(sreg_request)
redirect_url = auth_request.redirectURL(trust_root, redirect_to)
logging.debug('redirecting to %s' % redirect_url)
return HttpResponseRedirect(redirect_url)
def __init__(self, openid_, issued, attrs=None, sreg_=None):
logging.debug('init janrain openid object')
self.openid = openid_
self.issued = issued
self.attrs = attrs or {}
self.sreg = sreg_ or {}
self.is_iname = (xri.identifierScheme(openid_) == 'XRI')
def __init__(self, openid_, issued, attrs=None, sreg_=None, ax_=None):
self.openid = openid_
self.issued = issued
self.attrs = attrs or {}
self.sreg = sreg_ or {}
self.ax = ax_ or {}
self.is_iname = (xri.identifierScheme(openid_) == 'XRI')
def __init__(self, openid, issued, attrs=None, sreg=None, pape=None, ax=None):
self.openid = openid
self.issued = issued
self.attrs = attrs or {}
self.sreg = sreg or {}
self.pape = pape or {}
self.ax = ax or {}
self.is_iname = (xri.identifierScheme(openid) == 'XRI')
def __init__(self, openid, issued, attrs=None, sreg=None, pape=None, ax=None):
self.openid = openid
self.issued = issued
self.attrs = attrs or {}
self.sreg = sreg or {}
self.pape = pape or {}
self.ax = ax or {}
self.is_iname = xri.identifierScheme(openid) == "XRI"
def clean_openid_url(self):
""" test if openid is accepted """
if 'openid_url' in self.cleaned_data:
openid_url = self.cleaned_data['openid_url']
if xri.identifierScheme(openid_url) == 'XRI' and getattr(
django_settings, 'OPENID_DISALLOW_INAMES', False):
raise forms.ValidationError(_('i-names are not supported'))
return self.cleaned_data['openid_url']
def ask_openid(request, openid_url, redirect_to, on_failure=None):
on_failure = on_failure or signin_failure
sreg_req = None
ax_req = None
_openid_url = openid_url
trust_root = getattr(settings, 'OPENID_TRUST_ROOT',
get_url_host(request) + '/')
if xri.identifierScheme(openid_url) == 'XRI' and getattr(
settings, 'OPENID_DISALLOW_INAMES', False):
msg = ("i-names are not supported")
auth_oidlogin.send(sender=None,
openid_url=_openid_url,
state='not_supported')
return on_failure(request, msg)
consumer = Consumer(request.session, DjangoOpenIDStore())
try:
auth_request = consumer.begin(openid_url)
except DiscoveryFailure:
msg = ("The OpenID %s was invalid") % openid_url
auth_oidlogin.send(sender=None,
openid_url=_openid_url,
state='invalid')
return on_failure(request, msg)
# get capabilities
use_ax, use_sreg = discover_extensions(openid_url)
if use_sreg:
# set sreg extension
# we always ask for nickname and email
sreg_attrs = getattr(settings, 'OPENID_SREG', {})
sreg_attrs.update({"optional": ['nickname', 'email']})
sreg_req = sreg.SRegRequest(**sreg_attrs)
if use_ax:
# set ax extension
# we always ask for nickname and email
ax_req = ax.FetchRequest()
ax_req.add(
ax.AttrInfo('http://schema.openid.net/contact/email',
alias='email',
required=True))
ax_req.add(
ax.AttrInfo('http://schema.openid.net/namePerson/friendly',
alias='nickname',
required=True))
# add custom ax attrs
ax_attrs = getattr(settings, 'OPENID_AX', [])
for attr in ax_attrs:
if len(attr) == 2:
ax_req.add(ax.AttrInfo(attr[0], required=alias[1]))
else:
ax_req.add(ax.AttrInfo(attr[0]))
if sreg_req is not None:
auth_request.addExtension(sreg_req)
if ax_req is not None:
auth_request.addExtension(ax_req)
redirect_url = auth_request.redirectURL(trust_root, redirect_to)
return HttpResponseRedirect(redirect_url)
def clean_openid_url(self):
""" test if openid is accepted """
if 'openid_url' in self.cleaned_data:
openid_url = self.cleaned_data['openid_url']
if xri.identifierScheme(openid_url) == 'XRI' and getattr(
django_settings, 'OPENID_DISALLOW_INAMES', False
):
raise forms.ValidationError(_('i-names are not supported'))
return self.cleaned_data['openid_url']
def signin(request, sreg=None, extension_args={}, on_failure=default_on_failure):
openid_url = None
if is_valid_next_url(request.GET.get('next')):
next = request.GET['next']
elif is_valid_next_url(get_address(request.META.get('HTTP_REFERER'), request)):
next = get_address(request.META['HTTP_REFERER'], request)
else:
next = getattr(settings, 'OPENID_REDIRECT_NEXT', '/')
def get_with_next(url, next):
if next:
return '%s?%s' % (url, urlencode({'next': next}))
else:
return url
if request.user.is_authenticated() and 'force' not in request.GET:
return HttpResponseRedirect(next)
request_path = get_with_next(request.path, next)
if request.method == 'POST':
form = OpenidSigninForm(request.POST, auto_id='id_%s')
if form.is_valid():
# first remove email and nickname from sreg if the are in to prevent dup
extension_args['sreg.optional'] = 'email,nickname'
if sreg:
sreg = ','.join([arg for arg in sreg.split(',') if arg not in extension_args['sreg.optional']])
extension_args['sreg.optional'] += ',' + sreg
trust_root = getattr(settings, 'OPENID_TRUST_ROOT', absolutize_uri(request, '/'))
redirect_to = get_with_next(absolutize_uri(request, reverse('openid_complete')), next)
if xri.identifierScheme(form.cleaned_data['openid_url']) == 'XRI' and getattr(
settings, 'OPENID_DISALLOW_INAMES', False):
return on_failure(request, _("i-names are not supported"))
consumer = Consumer(request.session, DjangoOpenIDStore())
try:
auth_request = consumer.begin(form.cleaned_data['openid_url'])
except DiscoveryFailure:
return on_failure(request, _("The OpenID was invalid"))
# Add extension args (for things like simple registration)
for name, value in extension_args.items():
namespace, key = name.split('.', 1)
auth_request.addExtensionArg(namespace, key, value)
redirect_url = auth_request.redirectURL(trust_root, redirect_to)
return HttpResponseRedirect(redirect_url)
else:
form = OpenidSigninForm(auto_id='id_%s')
return {
'form': form,
'action': request_path,
}
def signin(request, sreg=None, extension_args={}, on_failure=default_on_failure):
openid_url = None
if is_valid_next_url(request.GET.get("next")):
next = request.GET["next"]
elif is_valid_next_url(get_address(request.META.get("HTTP_REFERER"), request)):
next = get_address(request.META["HTTP_REFERER"], request)
else:
next = getattr(settings, "OPENID_REDIRECT_NEXT", "/")
def get_with_next(url, next):
if next:
return "%s?%s" % (url, urlencode({"next": next}))
else:
return url
if request.user.is_authenticated() and "force" not in request.GET:
return HttpResponseRedirect(next)
request_path = get_with_next(request.path, next)
if request.method == "POST":
form = OpenidSigninForm(request.POST, auto_id="id_%s")
if form.is_valid():
# first remove email and nickname from sreg if the are in to prevent dup
extension_args["sreg.optional"] = "email,nickname"
if sreg:
sreg = ",".join([arg for arg in sreg.split(",") if arg not in extension_args["sreg.optional"]])
extension_args["sreg.optional"] += "," + sreg
trust_root = getattr(settings, "OPENID_TRUST_ROOT", absolutize_uri(request, "/"))
redirect_to = get_with_next(absolutize_uri(request, reverse("openid_complete")), next)
if xri.identifierScheme(form.cleaned_data["openid_url"]) == "XRI" and getattr(
settings, "OPENID_DISALLOW_INAMES", False
):
return on_failure(request, _("i-names are not supported"))
consumer = Consumer(request.session, DjangoOpenIDStore())
try:
auth_request = consumer.begin(form.cleaned_data["openid_url"])
except DiscoveryFailure:
return on_failure(request, _("The OpenID was invalid"))
# Add extension args (for things like simple registration)
for name, value in extension_args.items():
namespace, key = name.split(".", 1)
auth_request.addExtensionArg(namespace, key, value)
redirect_url = auth_request.redirectURL(trust_root, redirect_to)
return HttpResponseRedirect(redirect_url)
else:
form = OpenidSigninForm(auto_id="id_%s")
return {"form": form, "action": request_path}
def clean_openid_url(self):
"""
Проверка введённого OpenID идентификатора
"""
if 'openid_url' in self.cleaned_data:
openid_url = self.cleaned_data['openid_url']
if xri.identifierScheme(openid_url) == 'XRI' and getattr(
settings, 'OPENID_DISALLOW_INAMES', False
):
raise forms.ValidationError(_('i-names are not supported'))
return self.cleaned_data['openid_url']
def ask_openid(request, openid_url, redirect_to, on_failure=None):
""" basic function to ask openid and return response """
on_failure = on_failure or signin_failure
sreg_req = None
ax_req = None
trust_root = getattr(
settings, 'OPENID_TRUST_ROOT', get_url_host(request) + '/'
)
if xri.identifierScheme(openid_url) == 'XRI' and getattr(
settings, 'OPENID_DISALLOW_INAMES', False
):
msg = _("i-names are not supported")
return on_failure(request, msg)
consumer = Consumer(request.session, DjangoOpenIDStore())
try:
auth_request = consumer.begin(openid_url)
except DiscoveryFailure:
msg = _("The OpenID %s was invalid") % openid_url
return on_failure(request, msg)
# get capabilities
use_ax, use_sreg = discover_extensions(openid_url)
if use_sreg:
# set sreg extension
# we always ask for nickname and email
sreg_attrs = getattr(settings, 'OPENID_SREG', {})
sreg_attrs.update({"optional": ['nickname', 'email']})
sreg_req = sreg.SRegRequest(**sreg_attrs)
if use_ax:
# set ax extension
# we always ask for nickname and email
ax_req = ax.FetchRequest()
ax_req.add(ax.AttrInfo('http://schema.openid.net/contact/email',
alias='email', required=True))
ax_req.add(ax.AttrInfo('http://schema.openid.net/namePerson/friendly',
alias='nickname', required=True))
# add custom ax attrs
ax_attrs = getattr(settings, 'OPENID_AX', [])
for attr in ax_attrs:
if len(attr) == 2:
ax_req.add(ax.AttrInfo(attr[0], required=alias[1]))
else:
ax_req.add(ax.AttrInfo(attr[0]))
if sreg_req is not None:
auth_request.addExtension(sreg_req)
if ax_req is not None:
auth_request.addExtension(ax_req)
redirect_url = auth_request.redirectURL(trust_root, redirect_to)
return HttpResponseRedirect(redirect_url)
def begin(request, sreg=None, extension_args=None, redirect_to=None, on_failure=None, if_not_user_url=None):
on_failure = on_failure or default_on_failure
if_not_user_url = if_not_user_url or default_if_not_user_url
if request.GET.get("logo"):
# Makes for a better demo
return logo(request)
extension_args = extension_args or {}
if sreg:
extension_args["sreg.optional"] = sreg
trust_root = getattr(settings, "OPENID_TRUST_ROOT", get_url_host(request) + "/")
redirect_to = redirect_to or getattr(
settings,
"OPENID_REDIRECT_TO",
# If not explicitly set, assume current URL with complete/ appended
get_full_url(request).split("?")[0] + "complete/",
)
# In case they were lazy...
if not redirect_to.startswith("http://"):
redirect_to = get_url_host(request) + redirect_to
if request.GET.get("next") and is_valid_next_url(request.GET["next"]):
if "?" in redirect_to:
join = "&"
else:
join = "?"
redirect_to += join + urllib.urlencode({"next": request.GET["next"]})
user_url = request.REQUEST.get("openid_url", None)
if not user_url:
return if_not_user_url(request)
if xri.identifierScheme(user_url) == "XRI" and getattr(settings, "OPENID_DISALLOW_INAMES", False):
return on_failure(request, "i-names are not supported")
consumer = Consumer(request.session, DjangoOpenIDStore())
try:
auth_request = consumer.begin(user_url)
except DiscoveryFailure:
# basic logging exceptions, may help catch incompatible providers, change file to somefile on HDD
traceback.print_exc(file=sys.stdout)
return on_failure(request, "The OpenID was invalid")
# Add extension args (for things like simple registration)
for name, value in extension_args.items():
namespace, key = name.split(".", 1)
auth_request.addExtensionArg(namespace, key, value)
redirect_url = auth_request.redirectURL(trust_root, redirect_to)
return HttpResponseRedirect(redirect_url)
def prepare_authentication_request(self, request, redirect_to):
if not redirect_to.startswith('http://') or redirect_to.startswith(
'https://'):
redirect_to = get_url_host(request) + redirect_to
user_url = self.get_user_url(request)
if xri.identifierScheme(user_url) == 'XRI' and getattr(
settings, 'OPENID_DISALLOW_INAMES', False):
raise InvalidAuthentication('i-names are not supported')
consumer = Consumer(request.session, OsqaOpenIDStore())
try:
auth_request = consumer.begin(user_url)
except DiscoveryFailure:
raise InvalidAuthentication(
_('Sorry, but your input is not a valid OpenId'))
sreg = getattr(self, 'sreg_attributes', False)
if sreg:
s = SRegRequest()
for k, attr_dic in sreg.items():
if k == "policy_url":
s.policy_url = attr_dic
continue
for attr_name in attr_dic.keys():
s.requestField(field_name=attr_name,
required=(k == "required"))
auth_request.addExtension(s)
ax_schema = getattr(self, 'dataype2ax_schema', False)
if ax_schema and request.session.get('force_email_request', True):
axr = AXFetchRequest()
for data_type, schema in ax_schema.items():
if isinstance(schema, tuple):
axr.add(AttrInfo(schema[0], required=True,
alias=schema[1]))
else:
axr.add(AttrInfo(schema, required=True, alias=data_type))
auth_request.addExtension(axr)
trust_root = getattr(settings, 'OPENID_TRUST_ROOT',
get_url_host(request) + '/')
return auth_request.redirectURL(trust_root, redirect_to)
def prepare_authentication_request(self, request, redirect_to):
if not redirect_to.startswith('http://') or redirect_to.startswith('https://'):
redirect_to = get_url_host(request) + redirect_to
user_url = self.get_user_url(request)
if xri.identifierScheme(user_url) == 'XRI' and getattr(
settings, 'OPENID_DISALLOW_INAMES', False
):
raise InvalidAuthentication('i-names are not supported')
consumer = Consumer(request.session, OsqaOpenIDStore())
try:
auth_request = consumer.begin(user_url)
except DiscoveryFailure:
raise InvalidAuthentication(_('Sorry, but your input is not a valid OpenId'))
sreg = getattr(self, 'sreg_attributes', False)
if sreg:
s = SRegRequest()
for k, attr_dic in sreg.items():
if k == "policy_url":
s.policy_url = attr_dic
continue
for attr_name in attr_dic.keys():
s.requestField(field_name=attr_name, required=(k == "required"))
auth_request.addExtension(s)
ax_schema = getattr(self, 'dataype2ax_schema', False)
if ax_schema and request.session.get('force_email_request', True):
axr = AXFetchRequest()
for data_type, schema in ax_schema.items():
if isinstance(schema, tuple):
axr.add(AttrInfo(schema[0], 1, True, schema[1]))
else:
axr.add(AttrInfo(schema, 1, True, data_type))
auth_request.addExtension(axr)
trust_root = getattr(
settings, 'OPENID_TRUST_ROOT', get_url_host(request) + '/'
)
return auth_request.redirectURL(trust_root, redirect_to)
def clean_openid_url(self):
openid_error = self.request.session.get(OPENID_ERROR_SESSION_NAME, '')
if openid_error:
self.request.session[OPENID_ERROR_SESSION_NAME] = ''
raise forms.ValidationError(_(openid_error))
openid_url = self.cleaned_data['openid_url']
#Determine if we need to and can support openid inames
disallow_inames = getattr(settings, 'OPENID_DISALLOW_INAMES', False)
if disallow_inames and xri.identifierScheme(openid_url) == 'XRI':
raise forms.ValidationError(_('i-names are not allowed'))
#Set up the openid authorization request
consumer = Consumer(self.request.session, DjangoOpenIDStore())
try:
auth_request = consumer.begin(openid_url)
except DiscoveryFailure, df:
raise forms.ValidationError("%s: %s" % (_("OpenID Discovery Failure"), df))
def prepare_authentication_request(self, request, redirect_to):
if not redirect_to.startswith('http://') or redirect_to.startswith(
'https://'):
redirect_to = get_url_host(request) + redirect_to
user_url = self.get_user_url(request)
if xri.identifierScheme(user_url) == 'XRI' and getattr(
settings, 'OPENID_DISALLOW_INAMES', False):
raise InvalidAuthentication('i-names are not supported')
consumer = Consumer(request.session, OsqaOpenIDStore())
try:
auth_request = consumer.begin(user_url)
except DiscoveryFailure:
raise InvalidAuthentication(
_('Sorry, but your input is not a valid OpenId'))
#sreg = getattr(settings, 'OPENID_SREG', False)
#if sreg:
# s = SRegRequest()
# for sarg in sreg:
# if sarg.lower().lstrip() == "policy_url":
# s.policy_url = sreg[sarg]
# else:
# for v in sreg[sarg].split(','):
# s.requestField(field_name=v.lower().lstrip(), required=(sarg.lower().lstrip() == "required"))
# auth_request.addExtension(s)
#auth_request.addExtension(SRegRequest(required=['email']))
if request.session.get('force_email_request', True):
axr = AXFetchRequest()
for data_type, schema in self.dataype2ax_schema.items():
if isinstance(schema, tuple):
axr.add(AttrInfo(schema[0], 1, True, schema[1]))
else:
axr.add(AttrInfo(schema, 1, True, data_type))
auth_request.addExtension(axr)
trust_root = getattr(settings, 'OPENID_TRUST_ROOT',
get_url_host(request) + '/')
return auth_request.redirectURL(trust_root, redirect_to)
def prepare_authentication_request(self, request, redirect_to):
if not redirect_to.startswith('http://') or redirect_to.startswith('https://'):
redirect_to = get_url_host(request) + redirect_to
user_url = self.get_user_url(request)
if xri.identifierScheme(user_url) == 'XRI' and getattr(
settings, 'OPENID_DISALLOW_INAMES', False
):
raise InvalidAuthentication('i-names are not supported')
consumer = Consumer(request.session, OsqaOpenIDStore())
try:
auth_request = consumer.begin(user_url)
except DiscoveryFailure:
raise InvalidAuthentication(_('Sorry, but your input is not a valid OpenId'))
#sreg = getattr(settings, 'OPENID_SREG', False)
#if sreg:
# s = SRegRequest()
# for sarg in sreg:
# if sarg.lower().lstrip() == "policy_url":
# s.policy_url = sreg[sarg]
# else:
# for v in sreg[sarg].split(','):
# s.requestField(field_name=v.lower().lstrip(), required=(sarg.lower().lstrip() == "required"))
# auth_request.addExtension(s)
#auth_request.addExtension(SRegRequest(required=['email']))
if request.session.get('force_email_request', True):
axr = AXFetchRequest()
for data_type, schema in self.dataype2ax_schema.items():
if isinstance(schema, tuple):
axr.add(AttrInfo(schema[0], 1, True, schema[1]))
else:
axr.add(AttrInfo(schema, 1, True, data_type))
auth_request.addExtension(axr)
trust_root = getattr(
settings, 'OPENID_TRUST_ROOT', get_url_host(request) + '/'
)
return auth_request.redirectURL(trust_root, redirect_to)
def clean_openid_url(self):
openid_error = self.request.session.get(OPENID_ERROR_SESSION_NAME, '')
if openid_error:
self.request.session[OPENID_ERROR_SESSION_NAME] = ''
raise forms.ValidationError(_(openid_error))
openid_url = self.cleaned_data['openid_url']
#Determine if we need to and can support openid inames
disallow_inames = getattr(settings, 'OPENID_DISALLOW_INAMES', False)
if disallow_inames and xri.identifierScheme(openid_url) == 'XRI':
raise forms.ValidationError(_('i-names are not allowed'))
#Set up the openid authorization request
consumer = Consumer(self.request.session, DjangoOpenIDStore())
try:
auth_request = consumer.begin(openid_url)
except DiscoveryFailure, df:
raise forms.ValidationError("%s: %s" %
(_("OpenID Discovery Failure"), df))
def ask_openid(request, openid_url, redirect_to, on_failure=None):
on_failure = on_failure or signin_failure
sreg_req = None
ax_req = None
_openid_url = openid_url
trust_root = getattr(settings, "OPENID_TRUST_ROOT", get_url_host(request) + "/")
if xri.identifierScheme(openid_url) == "XRI" and getattr(settings, "OPENID_DISALLOW_INAMES", False):
msg = "i-names are not supported"
auth_oidlogin.send(sender=None, openid_url=_openid_url, state="not_supported")
return on_failure(request, msg)
consumer = Consumer(request.session, DjangoOpenIDStore())
try:
auth_request = consumer.begin(openid_url)
except DiscoveryFailure:
msg = ("The OpenID %s was invalid") % openid_url
auth_oidlogin.send(sender=None, openid_url=_openid_url, state="invalid")
return on_failure(request, msg)
# get capabilities
use_ax, use_sreg = discover_extensions(openid_url)
if use_sreg:
# set sreg extension
# we always ask for nickname and email
sreg_attrs = getattr(settings, "OPENID_SREG", {})
sreg_attrs.update({"optional": ["nickname", "email"]})
sreg_req = sreg.SRegRequest(**sreg_attrs)
if use_ax:
# set ax extension
# we always ask for nickname and email
ax_req = ax.FetchRequest()
ax_req.add(ax.AttrInfo("http://schema.openid.net/contact/email", alias="email", required=True))
ax_req.add(ax.AttrInfo("http://schema.openid.net/namePerson/friendly", alias="nickname", required=True))
# add custom ax attrs
ax_attrs = getattr(settings, "OPENID_AX", [])
for attr in ax_attrs:
if len(attr) == 2:
ax_req.add(ax.AttrInfo(attr[0], required=alias[1]))
else:
ax_req.add(ax.AttrInfo(attr[0]))
if sreg_req is not None:
auth_request.addExtension(sreg_req)
if ax_req is not None:
auth_request.addExtension(ax_req)
redirect_url = auth_request.redirectURL(trust_root, redirect_to)
return HttpResponseRedirect(redirect_url)
def clean_openid_url(self):
""" test if openid is accepted """
if 'openid_url' in self.cleaned_data:
openid_url = self.cleaned_data['openid_url']
if xri.identifierScheme(openid_url) == 'XRI' and getattr(
settings, 'OPENID_DISALLOW_INAMES', False
):
raise forms.ValidationError(_('i-names are not supported'))
try:
rel = UserAssociation.objects.get(openid_url__exact=openid_url)
except UserAssociation.DoesNotExist:
return self.cleaned_data['openid_url']
if rel.user != self.user:
raise forms.ValidationError(_("This openid is already \
registered in our database by another account. Please choose another."))
raise forms.ValidationError(_("You already associated this openid to your account."))
def ask_openid(request, openid_url):
""" basic function to ask openid and return response """
if xri.identifierScheme(openid_url) == 'XRI' and getattr(
settings, 'OPENID_DISALLOW_INAMES', False
):
#msg = _("i-names are not supported")
raise forms.ValidationError(_("i-names are not supported"))
#return on_failure(request, msg)
consumer = Consumer(request.session, DjangoOpenIDStore())
try:
auth_request = consumer.begin(openid_url)
return auth_request
except DiscoveryFailure:
#msg = _("The password or OpenID was invalid")
raise forms.ValidationError(_("The password or OpenID is invalid"))
#return on_failure(request, msg)
#return HttpResponseRedirect(redirect_url)
return False
def clean_openid_url(self):
""" test if openid is accepted """
if 'openid_url' in self.cleaned_data:
openid_url = self.cleaned_data['openid_url']
if xri.identifierScheme(openid_url) == 'XRI' and getattr(
settings, 'OPENID_DISALLOW_INAMES', False):
raise forms.ValidationError(_('i-names are not supported'))
try:
rel = UserAssociation.objects.get(openid_url__exact=openid_url)
except UserAssociation.DoesNotExist:
return self.cleaned_data['openid_url']
if rel.user != self.user:
raise forms.ValidationError(
_("This openid is already \
registered in our database by another account. Please choose another."
))
raise forms.ValidationError(
_("You already associated this openid to your account."))
def is_xri(self, user_url):
return xri.identifierScheme(user_url) == 'XRI'
def signin(request,
sreg=None,
extension_args={},
on_failure=default_on_failure):
openid_url = None
if is_valid_next_url(request.GET.get('next')):
next = request.GET['next']
elif is_valid_next_url(
get_address(request.META.get('HTTP_REFERER'), request)):
next = get_address(request.META['HTTP_REFERER'], request)
else:
next = getattr(settings, 'OPENID_REDIRECT_NEXT', '/')
def get_with_next(url, next):
if next:
return '%s?%s' % (url, urlencode({'next': next}))
else:
return url
if request.user.is_authenticated() and 'force' not in request.GET:
return HttpResponseRedirect(next)
request_path = get_with_next(request.path, next)
if request.method == 'POST':
form = OpenidSigninForm(request.POST, auto_id='id_%s')
if form.is_valid():
# first remove email and nickname from sreg if the are in to prevent dup
extension_args['sreg.optional'] = 'email,nickname'
if sreg:
sreg = ','.join([
arg for arg in sreg.split(',')
if arg not in extension_args['sreg.optional']
])
extension_args['sreg.optional'] += ',' + sreg
trust_root = getattr(settings, 'OPENID_TRUST_ROOT',
request.build_absolute_uri('/'))
redirect_to = get_with_next(
request.build_absolute_uri(reverse('openid_complete')), next)
if xri.identifierScheme(
form.cleaned_data['openid_url']) == 'XRI' and getattr(
settings, 'OPENID_DISALLOW_INAMES', False):
return on_failure(request, _("i-names are not supported"))
consumer = Consumer(request.session, DjangoOpenIDStore())
try:
auth_request = consumer.begin(form.cleaned_data['openid_url'])
except DiscoveryFailure:
return on_failure(request, _("The OpenID was invalid"))
# Add extension args (for things like simple registration)
for name, value in extension_args.items():
namespace, key = name.split('.', 1)
auth_request.addExtensionArg(namespace, key, value)
redirect_url = auth_request.redirectURL(trust_root, redirect_to)
return HttpResponseRedirect(redirect_url)
else:
form = OpenidSigninForm(auto_id='id_%s')
return {
'form': form,
'action': request_path,
}
def is_iname(self):
return xri.identifierScheme(self.openid) == 'XRI'
def begin(request, redirect_to=None, on_failure=None, user_url=None, template_name="openid_consumer/signin.html"):
on_failure = on_failure or default_on_failure
trust_root = getattr(settings, "OPENID_TRUST_ROOT", get_url_host(request) + "/")
# foo derbis.
redirect_to = redirect_to or getattr(
settings,
"OPENID_REDIRECT_TO",
# If not explicitly set, assume current URL with complete/ appended
get_full_url(request).split("?")[0] + "complete/",
)
# In case they were lazy...
if not (redirect_to.startswith("http://") or redirect_to.startswith("https://")):
redirect_to = get_url_host(request) + redirect_to
if request.GET.get("next") and is_valid_next_url(request.GET["next"]):
if "?" in redirect_to:
join = "&"
else:
join = "?"
redirect_to += join + urllib.urlencode({"next": request.GET["next"]})
if not user_url:
user_url = request.REQUEST.get("openid_url", None)
if not user_url:
request_path = request.path
if request.GET.get("next"):
request_path += "?" + urllib.urlencode({"next": request.GET["next"]})
return render(template_name, {"action": request_path}, RequestContext(request))
if xri.identifierScheme(user_url) == "XRI" and getattr(settings, "OPENID_DISALLOW_INAMES", False):
return on_failure(request, _("i-names are not supported"))
consumer = Consumer(request.session, DjangoOpenIDStore())
try:
auth_request = consumer.begin(user_url)
except DiscoveryFailure:
return on_failure(request, _("The OpenID was invalid"))
sreg = getattr(settings, "OPENID_SREG", False)
if sreg:
s = SRegRequest()
for sarg in sreg:
if sarg.lower().lstrip() == "policy_url":
s.policy_url = sreg[sarg]
else:
for v in sreg[sarg].split(","):
s.requestField(field_name=v.lower().lstrip(), required=(sarg.lower().lstrip() == "required"))
auth_request.addExtension(s)
pape = getattr(settings, "OPENID_PAPE", False)
if pape:
if openid.__version__ <= "2.0.0" and openid.__version__ >= "2.1.0":
raise (ImportError, "For pape extension you need python-openid 2.1.0 or newer")
p = PapeRequest()
for parg in pape:
if parg.lower().strip() == "policy_list":
for v in pape[parg].split(","):
p.addPolicyURI(v)
elif parg.lower().strip() == "max_auth_age":
p.max_auth_age = pape[parg]
auth_request.addExtension(p)
OPENID_AX_PROVIDER_MAP = getattr(settings, "OPENID_AX_PROVIDER_MAP", {})
openid_provider = "Google" if "google" in request.session.get("openid_provider", "") else "Default"
ax = OPENID_AX_PROVIDER_MAP.get(openid_provider)
if ax:
axr = AXFetchRequest()
for attr_name, attr_url in ax.items():
# axr.add(AttrInfo(i['type_uri'],
# i['count'], i['required'],
# i['alias']))
# setting all as required attrs
axr.add(AttrInfo(attr_url, required=True))
auth_request.addExtension(axr)
redirect_url = auth_request.redirectURL(trust_root, redirect_to)
return HttpResponseRedirect(redirect_url)
def is_iname(self):
return xri.identifierScheme(self.openid) == 'XRI'
def openidURI(self):
from openid.yadis import xri
if xri.identifierScheme(self.openid) == 'XRI':
return 'http://xri.net/%s' % self.openid
return self.openid
def openidURI(self):
from openid.yadis import xri
if xri.identifierScheme(self.openid) == "XRI":
return "http://xri.net/%s" % self.openid
return self.openid
def begin(request, redirect_to=None, on_failure=None, user_url=None, template_name='openid_consumer/signin.html'):
on_failure = on_failure or default_on_failure
trust_root = getattr(
settings, 'OPENID_TRUST_ROOT', get_url_host(request) + '/'
)
# foo derbis.
redirect_to = redirect_to or getattr(
settings, 'OPENID_REDIRECT_TO',
# If not explicitly set, assume current URL with complete/ appended
get_full_url(request).split('?')[0] + 'complete/'
)
# In case they were lazy...
if not redirect_to.startswith('http://') or redirect_to.startswith('https://'):
redirect_to = get_url_host(request) + redirect_to
if request.GET.get('next') and is_valid_next_url(request.GET['next']):
if '?' in redirect_to:
join = '&'
else:
join = '?'
redirect_to += join + urllib.urlencode({
'next': request.GET['next']
})
if not user_url:
user_url = request.REQUEST.get('openid_url', None)
if not user_url:
request_path = request.path
if request.GET.get('next'):
request_path += '?' + urllib.urlencode({
'next': request.GET['next']
})
return render(template_name, {
'action': request_path,
}, RequestContext(request))
if xri.identifierScheme(user_url) == 'XRI' and getattr(
settings, 'OPENID_DISALLOW_INAMES', False
):
return on_failure(request, _('i-names are not supported'))
consumer = Consumer(request.session, DjangoOpenIDStore())
try:
auth_request = consumer.begin(user_url)
except DiscoveryFailure:
return on_failure(request, _('The OpenID was invalid'))
sreg = getattr(settings, 'OPENID_SREG', False)
if sreg:
s = SRegRequest()
for sarg in sreg:
if sarg.lower().lstrip() == "policy_url":
s.policy_url = sreg[sarg]
else:
for v in sreg[sarg].split(','):
s.requestField(field_name=v.lower().lstrip(), required=(sarg.lower().lstrip() == "required"))
auth_request.addExtension(s)
pape = getattr(settings, 'OPENID_PAPE', False)
if pape:
if openid.__version__ <= '2.0.0' and openid.__version__ >= '2.1.0':
raise ImportError, 'For pape extension you need python-openid 2.1.0 or newer'
p = PapeRequest()
for parg in pape:
if parg.lower().strip() == 'policy_list':
for v in pape[parg].split(','):
p.addPolicyURI(v)
elif parg.lower().strip() == 'max_auth_age':
p.max_auth_age = pape[parg]
auth_request.addExtension(p)
OPENID_AX_PROVIDER_MAP = getattr(settings, 'OPENID_AX_PROVIDER_MAP', {})
openid_provider = 'Google' if 'Google' == request.session.get('openid_provider', '') else 'Default'
ax = OPENID_AX_PROVIDER_MAP.get(openid_provider)
if ax:
axr = AXFetchRequest()
for attr_name, attr_url in ax.items():
# axr.add(AttrInfo(i['type_uri'], i['count'], i['required'], i['alias']))
axr.add(AttrInfo(attr_url, required=True)) # setting all as required attrs
auth_request.addExtension(axr)
redirect_url = auth_request.redirectURL(trust_root, redirect_to)
return HttpResponseRedirect(redirect_url)
def discover(identifier):
if xri.identifierScheme(identifier) == "XRI":
return discoverXRI(identifier)
else:
return discoverURI(identifier)
def begin(request, sreg=None, extension_args=None, redirect_to=None,
on_failure=None,**kwards):
on_failure = on_failure or default_on_failure
if request.GET.get('logo'):
# Makes for a better demo
return logo(request)
extension_args = extension_args or {}
if sreg:
extension_args['sreg.optional'] = sreg
trust_root = getattr(
settings, 'OPENID_TRUST_ROOT', get_url_host(request) + '/'
)
redirect_to = redirect_to or getattr(
settings, 'OPENID_REDIRECT_TO',
# If not explicitly set, assume current URL with complete/ appended
get_full_url(request).split('?')[0] + 'complete/'
)
# In case they were lazy...
if not redirect_to.startswith('http://'):
redirect_to = get_url_host(request) + redirect_to
if request.GET.get('next') and is_valid_next_url(request.GET['next']):
if '?' in redirect_to:
join = '&'
else:
join = '?'
redirect_to += join + urllib.urlencode({
'next': request.GET['next']
})
user_url = request.POST.get('openid_url', None)
if not user_url:
request_path = request.path
if request.GET.get('next'):
request_path += '?' + urllib.urlencode({
'next': request.GET['next']
})
return render('openid_signin.html', {
'action': request_path,
'logo': request.path + '?logo=1',
})
if xri.identifierScheme(user_url) == 'XRI' and getattr(
settings, 'OPENID_DISALLOW_INAMES', False
):
return on_failure(request, 'i-names are not supported')
consumer = Consumer(request.session, DjangoOpenIDStore())
try:
auth_request = consumer.begin(user_url)
except DiscoveryFailure:
return on_failure(request, "The OpenID was invalid")
# Add extension args (for things like simple registration)
for name, value in extension_args.items():
namespace, key = name.split('.', 1)
auth_request.addExtensionArg(namespace, key, value)
redirect_url = auth_request.redirectURL(trust_root, redirect_to)
return HttpResponseRedirect(redirect_url)
def is_xri(self, user_url):
return xri.identifierScheme(user_url) == 'XRI'
def openidURI(self):
from openid.yadis import xri
if xri.identifierScheme(self.openid) == "XRI":
return "http://xri.net/%s" % self.openid
return self.openid
def begin(request,
sreg=None,
extension_args=None,
redirect_to=None,
on_failure=None):
on_failure = on_failure or default_on_failure
if request.GET.get('logo'):
# Makes for a better demo
return logo(request)
extension_args = extension_args or {}
if sreg:
extension_args['sreg.optional'] = sreg
trust_root = getattr(settings, 'OPENID_TRUST_ROOT',
get_url_host(request) + '/')
redirect_to = redirect_to or getattr(
settings,
'OPENID_REDIRECT_TO',
# If not explicitly set, assume current URL with complete/ appended
get_full_url(request).split('?')[0] + 'complete/')
# In case they were lazy...
if not redirect_to.startswith('http://'):
redirect_to = get_url_host(request) + redirect_to
if request.GET.get('next') and is_valid_next_url(request.GET['next']):
if '?' in redirect_to:
join = '&'
else:
join = '?'
redirect_to += join + urllib.urlencode({'next': request.GET['next']})
user_url = request.POST.get('openid_url', None)
if not user_url:
request_path = request.path
if request.GET.get('next'):
request_path += '?' + urllib.urlencode(
{'next': request.GET['next']})
return render(request, 'openid_signin.html', {
'action': request_path,
'logo': request.path + '?logo=1',
})
if xri.identifierScheme(user_url) == 'XRI' and getattr(
settings, 'OPENID_DISALLOW_INAMES', False):
return on_failure(request, _('i-names are not supported'))
consumer = Consumer(request.session, DjangoOpenIDStore())
try:
auth_request = consumer.begin(user_url)
except DiscoveryFailure:
return on_failure(request, _("The OpenID was invalid"))
# Add extension args (for things like simple registration)
for name, value in extension_args.items():
namespace, key = name.split('.', 1)
auth_request.addExtensionArg(namespace, key, value)
redirect_url = auth_request.redirectURL(trust_root, redirect_to)
return redirect(redirect_url)
def begin(request,
redirect_to=None,
on_failure=None,
template_name='openid_signin.html'):
on_failure = on_failure or default_on_failure
trust_root = getattr(settings, 'OPENID_TRUST_ROOT',
get_url_host(request) + '/')
# foo derbis.
redirect_to = redirect_to or getattr(
settings,
'OPENID_REDIRECT_TO',
# If not explicitly set, assume current URL with complete/ appended
get_full_url(request).split('?')[0] + 'complete/')
# In case they were lazy...
if not redirect_to.startswith('http://') or redirect_to.startswith(
'https://'):
redirect_to = get_url_host(request) + redirect_to
if request.GET.get('next') and is_valid_next_url(request,
request.GET['next']):
if '?' in redirect_to:
join = '&'
else:
join = '?'
redirect_to += join + urllib.urlencode({'next': request.GET['next']})
user_url = request.REQUEST.get('openid_url', None)
if not user_url:
request_path = request.path
if request.GET.get('next'):
request_path += '?' + urllib.urlencode(
{'next': request.GET['next']})
return render(template_name, {'action': request_path},
context_instance=RequestContext(request))
if xri.identifierScheme(user_url) == 'XRI' and getattr(
settings, 'OPENID_DISALLOW_INAMES', False):
return on_failure(request, _('i-names are not supported'))
consumer = Consumer(request.session, DjangoOpenIDStore())
try:
auth_request = consumer.begin(user_url)
except DiscoveryFailure:
return on_failure(request, _('The OpenID was invalid'))
sreg = getattr(settings, 'OPENID_SREG', False)
if sreg:
s = oidsreg.SRegRequest()
for sarg in sreg:
if sarg.lower().lstrip() == "policy_url":
s.policy_url = sreg[sarg]
else:
for v in sreg[sarg].split(','):
s.requestField(
field_name=v.lower().lstrip(),
required=(sarg.lower().lstrip() == "required"))
auth_request.addExtension(s)
pape = getattr(settings, 'OPENID_PAPE', False)
if pape:
if openid.__version__ < '2.1.0':
raise ImportError, 'For pape extension you need python-openid 2.1.0 or newer'
p = oidpape.Request()
for parg in pape:
if parg.lower().strip() == 'policy_list':
for v in pape[parg].split(','):
p.addPolicyURI(v)
elif parg.lower().strip() == 'max_auth_age':
p.max_auth_age = pape[parg]
auth_request.addExtension(p)
ax = getattr(settings, 'OPENID_AX', False)
if ax:
if openid.__version__ < '2.1.0':
raise ImportError, 'For ax extension you need python-openid 2.1.0 or newer'
axr = oidax.FetchRequest()
for i in ax:
axr.add(
oidax.AttrInfo(i['type_uri'], i['count'], i['required'],
i['alias']))
auth_request.addExtension(axr)
redirect_url = auth_request.redirectURL(trust_root, redirect_to)
return HttpResponseRedirect(redirect_url)
