def openid_server(request): """ This view is the actual OpenID server - running at the URL pointed to by the <link rel="openid.server"> tag. """ logger.debug('server request %s: %s', request.method, request.POST or request.GET) server = openid_get_server(request) if not request.is_secure(): # if request is not secure allow only encrypted association sessions server.negotiator = encrypted_negotiator # Clear AuthorizationInfo session var, if it is set if request.session.get('AuthorizationInfo', None): del request.session['AuthorizationInfo'] querydict = dict(request.REQUEST.items()) orequest = server.decodeRequest(querydict) if not orequest: orequest = server.decodeRequest(request.session.get('OPENID_REQUEST', None)) if orequest: # remove session stored data: del request.session['OPENID_REQUEST'] else: # not request, render info page: data = { 'host': request.build_absolute_uri('/'), 'xrds_location': request.build_absolute_uri( reverse('openid-provider-xrds')), } logger.debug('invalid request, sending info: %s', data) return render_to_response('openid_provider/server.html', data, context_instance=RequestContext(request)) if orequest.mode in BROWSER_REQUEST_MODES: if not request.user.is_authenticated(): logger.debug('no local authentication, sending landing page') return landing_page(request, orequest) openid = openid_is_authorized(request, orequest.identity, orequest.trust_root) # verify return_to: trust_root_valid = trust_root_validation(orequest) validated = False if conf.FAILED_DISCOVERY_AS_VALID: if trust_root_valid == 'DISCOVERY_FAILED': validated = True else: # if in decide already took place, set as valid: if request.session.get(get_trust_session_key(orequest), False): validated = True if openid is not None and (validated or trust_root_valid == 'Valid'): id_url = request.build_absolute_uri( reverse('openid-provider-identity', args=[openid.openid])) oresponse = orequest.answer(True, identity=id_url) logger.debug('orequest.answer(True, identity="%s")', id_url) elif orequest.immediate: logger.debug('checkid_immediate mode not supported') raise Exception('checkid_immediate mode not supported') else: request.session['OPENID_REQUEST'] = orequest.message.toPostArgs() request.session['OPENID_TRUSTROOT_VALID'] = trust_root_valid logger.debug('redirecting to decide page') return HttpResponseRedirect(reverse('openid-provider-decide')) else: oresponse = server.handleRequest(orequest) if request.user.is_authenticated(): add_sreg_data(request, orequest, oresponse) if conf.AX_EXTENSION: add_ax_data(request, orequest, oresponse) return prep_response(request, orequest, oresponse, server)
elif orequest.immediate: custom_log(request, 'checkid_immediate mode not supported', level="debug") raise Exception('checkid_immediate mode not supported') else: request.session['OPENID_REQUEST'] = orequest.message.toPostArgs() request.session['OPENID_TRUSTROOT_VALID'] = trust_root_valid custom_log(request, "redirecting to decide page", level="debug") return HttpResponseRedirect(reverse('openid-provider-decide')) else: oresponse = server.handleRequest(orequest) if (request.browser and request.browser.user and request.browser.is_authenticated() and request.user.is_authenticated()): add_sreg_data(request, orequest, oresponse) custom_log(request, "Added sreg data", level="debug") if conf.AX_EXTENSION: add_ax_data(request, orequest, oresponse) custom_log(request, "Added AX data", level="debug") if (request.browser and request.browser.user and request.browser.is_authenticated() and request.user.is_authenticated()): # Add/update BrowserLogin object. msg = None if orequest.trust_root.startswith("https://online.planmill.com/futurice/"): msg = "Planmill (futurice)" (browser_login, _) = BrowserLogin.objects.get_or_create(user=request.browser.user, browser=request.browser, sso_provider="openid", signed_out=False, message=msg, remote_service=str(orequest.trust_root), defaults={"auth_timestamp": timezone.now()}) browser_login.auth_timestamp = timezone.now() browser_login.save() # Add entry to user log if msg: add_user_log(request, "Signed in with OpenID to %s" % msg, "share-square-o") else:
def openid_server(request): """ This view is the actual OpenID server - running at the URL pointed to by the <link rel="openid.server"> tag. """ logger.debug('server request %s: %s', request.method, request.POST or request.GET) server = openid_get_server(request) if not request.is_secure(): # if request is not secure allow only encrypted association sessions server.negotiator = encrypted_negotiator # Clear AuthorizationInfo session var, if it is set if request.session.get('AuthorizationInfo', None): del request.session['AuthorizationInfo'] querydict = dict(request.POST.items()) orequest = server.decodeRequest(querydict) if not orequest: orequest = server.decodeRequest( request.session.get('OPENID_REQUEST', None)) if orequest: # remove session stored data: del request.session['OPENID_REQUEST'] else: # not request, render info page: data = { 'host': request.build_absolute_uri('/'), 'xrds_location': request.build_absolute_uri(reverse('openid-provider-xrds')), } logger.debug('invalid request, sending info: %s', data) return render(request, 'openid_provider/server.html', data) if orequest.mode in BROWSER_REQUEST_MODES: if not request.user.is_authenticated(): logger.debug('no local authentication, sending landing page') return landing_page(request, orequest) openid = openid_is_authorized(request, orequest.identity, orequest.trust_root) # verify return_to: trust_root_valid = trust_root_validation(orequest) validated = False if conf.FAILED_DISCOVERY_AS_VALID: if trust_root_valid == 'DISCOVERY_FAILED': validated = True else: # if in decide already took place, set as valid: if request.session.get(get_trust_session_key(orequest), False): validated = True if openid is not None and (validated or trust_root_valid == 'Valid'): id_url = request.build_absolute_uri( reverse('openid-provider-identity', args=[openid.openid])) oresponse = orequest.answer(True, identity=id_url) logger.debug('orequest.answer(True, identity="%s")', id_url) elif orequest.immediate: logger.debug('checkid_immediate mode not supported') raise Exception('checkid_immediate mode not supported') else: request.session['OPENID_REQUEST'] = orequest.message.toPostArgs() request.session['OPENID_TRUSTROOT_VALID'] = trust_root_valid logger.debug('redirecting to decide page') return HttpResponseRedirect(reverse('openid-provider-decide')) else: oresponse = server.handleRequest(orequest) if request.user.is_authenticated(): add_sreg_data(request, orequest, oresponse) if conf.AX_EXTENSION: add_ax_data(request, orequest, oresponse) return prep_response(request, orequest, oresponse, server)
def openid_server(request): """ This view is the actual OpenID server - running at the URL pointed to by the <link rel="openid.server"> tag. """ logger.debug('server request %s: %s', request.method, request.POST or request.GET) server = Server(get_store(request), op_endpoint=request.build_absolute_uri(reverse('openid-provider-root'))) if not request.is_secure(): # if request is not secure allow only encrypted association sessions server.negotiator = encrypted_negotiator # Clear AuthorizationInfo session var, if it is set if request.session.get('AuthorizationInfo', None): del request.session['AuthorizationInfo'] querydict = dict(request.POST.items()) orequest = server.decodeRequest(querydict) if not orequest: orequest = request.session.get('OPENID_REQUEST', None) if orequest: # remove session stored data: del request.session['OPENID_REQUEST'] else: # not request, render info page: data = { 'host': request.build_absolute_uri('/'), 'xrds_location': request.build_absolute_uri( reverse('openid-provider-xrds')), } # Return empty string return HttpResponse("", content_type="text/plain") if orequest.mode in BROWSER_REQUEST_MODES: if not request.user.is_authenticated: logger.debug('no local authentication, sending landing page') return landing_page(request, orequest) openid = openid_is_authorized(request, orequest.identity, orequest.trust_root) if openid is not None: id_url = request.build_absolute_uri( reverse('openid-provider-identity', args=[openid.openid])) oresponse = orequest.answer(True, identity=id_url) logger.debug('orequest.answer(True, identity="%s")', id_url) elif orequest.immediate: logger.debug('checkid_immediate mode not supported') raise Exception('checkid_immediate mode not supported') else: request.session['OPENID_REQUEST'] = orequest logger.debug('redirecting to decide page') return HttpResponseRedirect(reverse('openid-provider-decide')) else: oresponse = server.handleRequest(orequest) if request.user.is_authenticated: add_sreg_data(request, orequest, oresponse) if conf.AX_EXTENSION: add_ax_data(request, orequest, oresponse) # Convert a webresponse from the OpenID library in to a Django HttpResponse webresponse = server.encodeResponse(oresponse) if webresponse.code == 200 and orequest.mode in BROWSER_REQUEST_MODES: response = render(request, 'openid_provider/response.html', { 'body': webresponse.body, }) logger.debug('rendering browser response') else: response = HttpResponse(webresponse.body) response.status_code = webresponse.code for key, value in webresponse.headers.items(): response[key] = value logger.debug('rendering raw response') return response
def openid_server(request): """ This view is the actual OpenID server - running at the URL pointed to by the <link rel="openid.server"> tag. """ logger.debug('server request %s: %s', request.method, request.POST or request.GET) server = Server(get_store(request), op_endpoint=request.build_absolute_uri( reverse('openid-provider-root'))) if not request.is_secure(): # if request is not secure allow only encrypted association sessions server.negotiator = encrypted_negotiator # Clear AuthorizationInfo session var, if it is set if request.session.get('AuthorizationInfo', None): del request.session['AuthorizationInfo'] querydict = dict(request.REQUEST.items()) orequest = server.decodeRequest(querydict) if not orequest: orequest = request.session.get('OPENID_REQUEST', None) if orequest: # remove session stored data: del request.session['OPENID_REQUEST'] else: # not request, render info page: data = { 'host': request.build_absolute_uri('/'), 'xrds_location': request.build_absolute_uri(reverse('openid-provider-xrds')), } logger.debug('invalid request, sending info: %s', data) return render_to_response('openid_provider/server.html', data, context_instance=RequestContext(request)) if orequest.mode in BROWSER_REQUEST_MODES: if not request.user.is_authenticated(): #return HttpResponse(orequest.return_to) logger.debug('no local authentication, sending landing page') return landing_page(request, orequest) openid = openid_is_authorized(request, orequest.identity, orequest.trust_root) if openid is not None: id_url = request.build_absolute_uri( reverse('openid-provider-identity', args=[openid.openid])) oresponse = orequest.answer(True, identity=id_url) logger.debug('orequest.answer(True, identity="%s")', id_url) elif orequest.immediate: logger.debug('checkid_immediate mode not supported') raise Exception('checkid_immediate mode not supported') else: request.session['OPENID_REQUEST'] = orequest logger.debug('redirecting to decide page') return HttpResponseRedirect(reverse('openid-provider-decide')) else: oresponse = server.handleRequest(orequest) if request.user.is_authenticated(): add_sreg_data(request, orequest, oresponse) if conf.AX_EXTENSION: add_ax_data(request, orequest, oresponse) # Convert a webresponse from the OpenID library in to a Django HttpResponse webresponse = server.encodeResponse(oresponse) if webresponse.code == 200 and orequest.mode in BROWSER_REQUEST_MODES: response = render_to_response('openid_provider/response.html', { 'body': webresponse.body, }, context_instance=RequestContext(request)) logger.debug('rendering browser response') else: response = HttpResponse(webresponse.body) response.status_code = webresponse.code for key, value in webresponse.headers.items(): response[key] = value logger.debug('rendering raw response') return response