def openid_server(request):
"""
This view is the actual OpenID server - running at the URL pointed to by
the <link rel="openid.server"> tag.
"""
logger.debug('server request %s: %s',
request.method, request.POST or request.GET)
server = openid_get_server(request)
if not request.is_secure():
# if request is not secure allow only encrypted association sessions
server.negotiator = encrypted_negotiator
# Clear AuthorizationInfo session var, if it is set
if request.session.get('AuthorizationInfo', None):
del request.session['AuthorizationInfo']
querydict = dict(request.REQUEST.items())
orequest = server.decodeRequest(querydict)
if not orequest:
orequest = server.decodeRequest(request.session.get('OPENID_REQUEST', None))
if orequest:
# remove session stored data:
del request.session['OPENID_REQUEST']
else:
# not request, render info page:
data = {
'host': request.build_absolute_uri('/'),
'xrds_location': request.build_absolute_uri(
reverse('openid-provider-xrds')),
}
logger.debug('invalid request, sending info: %s', data)
return render_to_response('openid_provider/server.html',
data,
context_instance=RequestContext(request))
if orequest.mode in BROWSER_REQUEST_MODES:
if not request.user.is_authenticated():
logger.debug('no local authentication, sending landing page')
return landing_page(request, orequest)
openid = openid_is_authorized(request, orequest.identity,
orequest.trust_root)
# verify return_to:
trust_root_valid = trust_root_validation(orequest)
validated = False
if conf.FAILED_DISCOVERY_AS_VALID:
if trust_root_valid == 'DISCOVERY_FAILED':
validated = True
else:
# if in decide already took place, set as valid:
if request.session.get(get_trust_session_key(orequest), False):
validated = True
if openid is not None and (validated or trust_root_valid == 'Valid'):
id_url = request.build_absolute_uri(
reverse('openid-provider-identity', args=[openid.openid]))
oresponse = orequest.answer(True, identity=id_url)
logger.debug('orequest.answer(True, identity="%s")', id_url)
elif orequest.immediate:
logger.debug('checkid_immediate mode not supported')
raise Exception('checkid_immediate mode not supported')
else:
request.session['OPENID_REQUEST'] = orequest.message.toPostArgs()
request.session['OPENID_TRUSTROOT_VALID'] = trust_root_valid
logger.debug('redirecting to decide page')
return HttpResponseRedirect(reverse('openid-provider-decide'))
else:
oresponse = server.handleRequest(orequest)
if request.user.is_authenticated():
add_sreg_data(request, orequest, oresponse)
if conf.AX_EXTENSION:
add_ax_data(request, orequest, oresponse)
return prep_response(request, orequest, oresponse, server)
except ValueError, e:
return render_to_response("openid_provider/error.html", {"title": "Invalid identity URL", "msg": e.message}, context_instance=RequestContext(request))
custom_log(request, 'orequest.answer(True, identity="%s")' % id_url, level="debug")
elif orequest.immediate:
custom_log(request, 'checkid_immediate mode not supported', level="debug")
raise Exception('checkid_immediate mode not supported')
else:
request.session['OPENID_REQUEST'] = orequest.message.toPostArgs()
request.session['OPENID_TRUSTROOT_VALID'] = trust_root_valid
custom_log(request, "redirecting to decide page", level="debug")
return HttpResponseRedirect(reverse('openid-provider-decide'))
else:
oresponse = server.handleRequest(orequest)
if (request.browser and request.browser.user and request.browser.is_authenticated() and request.user.is_authenticated()):
add_sreg_data(request, orequest, oresponse)
custom_log(request, "Added sreg data", level="debug")
if conf.AX_EXTENSION:
add_ax_data(request, orequest, oresponse)
custom_log(request, "Added AX data", level="debug")
if (request.browser and request.browser.user and request.browser.is_authenticated() and request.user.is_authenticated()):
# Add/update BrowserLogin object.
msg = None
if orequest.trust_root.startswith("https://online.planmill.com/futurice/"):
msg = "Planmill (futurice)"
(browser_login, _) = BrowserLogin.objects.get_or_create(user=request.browser.user, browser=request.browser, sso_provider="openid", signed_out=False, message=msg, remote_service=str(orequest.trust_root), defaults={"auth_timestamp": timezone.now()})
browser_login.auth_timestamp = timezone.now()
browser_login.save()
# Add entry to user log
def openid_server(request):
"""
This view is the actual OpenID server - running at the URL pointed to by
the <link rel="openid.server"> tag.
"""
logger.debug('server request %s: %s', request.method, request.POST
or request.GET)
server = openid_get_server(request)
if not request.is_secure():
# if request is not secure allow only encrypted association sessions
server.negotiator = encrypted_negotiator
# Clear AuthorizationInfo session var, if it is set
if request.session.get('AuthorizationInfo', None):
del request.session['AuthorizationInfo']
querydict = dict(request.POST.items())
orequest = server.decodeRequest(querydict)
if not orequest:
orequest = server.decodeRequest(
request.session.get('OPENID_REQUEST', None))
if orequest:
# remove session stored data:
del request.session['OPENID_REQUEST']
else:
# not request, render info page:
data = {
'host':
request.build_absolute_uri('/'),
'xrds_location':
request.build_absolute_uri(reverse('openid-provider-xrds')),
}
logger.debug('invalid request, sending info: %s', data)
return render(request, 'openid_provider/server.html', data)
if orequest.mode in BROWSER_REQUEST_MODES:
if not request.user.is_authenticated():
logger.debug('no local authentication, sending landing page')
return landing_page(request, orequest)
openid = openid_is_authorized(request, orequest.identity,
orequest.trust_root)
# verify return_to:
trust_root_valid = trust_root_validation(orequest)
validated = False
if conf.FAILED_DISCOVERY_AS_VALID:
if trust_root_valid == 'DISCOVERY_FAILED':
validated = True
else:
# if in decide already took place, set as valid:
if request.session.get(get_trust_session_key(orequest), False):
validated = True
if openid is not None and (validated or trust_root_valid == 'Valid'):
id_url = request.build_absolute_uri(
reverse('openid-provider-identity', args=[openid.openid]))
oresponse = orequest.answer(True, identity=id_url)
logger.debug('orequest.answer(True, identity="%s")', id_url)
elif orequest.immediate:
logger.debug('checkid_immediate mode not supported')
raise Exception('checkid_immediate mode not supported')
else:
request.session['OPENID_REQUEST'] = orequest.message.toPostArgs()
request.session['OPENID_TRUSTROOT_VALID'] = trust_root_valid
logger.debug('redirecting to decide page')
return HttpResponseRedirect(reverse('openid-provider-decide'))
else:
oresponse = server.handleRequest(orequest)
if request.user.is_authenticated():
add_sreg_data(request, orequest, oresponse)
if conf.AX_EXTENSION:
add_ax_data(request, orequest, oresponse)
return prep_response(request, orequest, oresponse, server)
def openid_server(request):
"""
This view is the actual OpenID server - running at the URL pointed to by
the <link rel="openid.server"> tag.
"""
logger.debug('server request %s: %s',
request.method, request.POST or request.GET)
server = Server(get_store(request),
op_endpoint=request.build_absolute_uri(reverse('openid-provider-root')))
if not request.is_secure():
# if request is not secure allow only encrypted association sessions
server.negotiator = encrypted_negotiator
# Clear AuthorizationInfo session var, if it is set
if request.session.get('AuthorizationInfo', None):
del request.session['AuthorizationInfo']
querydict = dict(request.POST.items())
orequest = server.decodeRequest(querydict)
if not orequest:
orequest = request.session.get('OPENID_REQUEST', None)
if orequest:
# remove session stored data:
del request.session['OPENID_REQUEST']
else:
# not request, render info page:
data = {
'host': request.build_absolute_uri('/'),
'xrds_location': request.build_absolute_uri(
reverse('openid-provider-xrds')),
}
# Return empty string
return HttpResponse("", content_type="text/plain")
if orequest.mode in BROWSER_REQUEST_MODES:
if not request.user.is_authenticated:
logger.debug('no local authentication, sending landing page')
return landing_page(request, orequest)
openid = openid_is_authorized(request, orequest.identity,
orequest.trust_root)
if openid is not None:
id_url = request.build_absolute_uri(
reverse('openid-provider-identity', args=[openid.openid]))
oresponse = orequest.answer(True, identity=id_url)
logger.debug('orequest.answer(True, identity="%s")', id_url)
elif orequest.immediate:
logger.debug('checkid_immediate mode not supported')
raise Exception('checkid_immediate mode not supported')
else:
request.session['OPENID_REQUEST'] = orequest
logger.debug('redirecting to decide page')
return HttpResponseRedirect(reverse('openid-provider-decide'))
else:
oresponse = server.handleRequest(orequest)
if request.user.is_authenticated:
add_sreg_data(request, orequest, oresponse)
if conf.AX_EXTENSION:
add_ax_data(request, orequest, oresponse)
# Convert a webresponse from the OpenID library in to a Django HttpResponse
webresponse = server.encodeResponse(oresponse)
if webresponse.code == 200 and orequest.mode in BROWSER_REQUEST_MODES:
response = render(request, 'openid_provider/response.html', {
'body': webresponse.body,
})
logger.debug('rendering browser response')
else:
response = HttpResponse(webresponse.body)
response.status_code = webresponse.code
for key, value in webresponse.headers.items():
response[key] = value
logger.debug('rendering raw response')
return response
except ValueError, e:
return render_to_response("openid_provider/error.html", {"title": "Invalid identity URL", "msg": e.message}, context_instance=RequestContext(request))
custom_log(request, 'orequest.answer(True, identity="%s")' % id_url, level="debug")
elif orequest.immediate:
custom_log(request, 'checkid_immediate mode not supported', level="debug")
raise Exception('checkid_immediate mode not supported')
else:
request.session['OPENID_REQUEST'] = orequest.message.toPostArgs()
request.session['OPENID_TRUSTROOT_VALID'] = trust_root_valid
custom_log(request, "redirecting to decide page", level="debug")
return HttpResponseRedirect(reverse('openid-provider-decide'))
else:
oresponse = server.handleRequest(orequest)
if (request.browser and request.browser.user and request.browser.is_authenticated() and request.user.is_authenticated()):
add_sreg_data(request, orequest, oresponse)
custom_log(request, "Added sreg data", level="debug")
if conf.AX_EXTENSION:
add_ax_data(request, orequest, oresponse)
custom_log(request, "Added AX data", level="debug")
if (request.browser and request.browser.user and request.browser.is_authenticated() and request.user.is_authenticated()):
# Add/update BrowserLogin object.
msg = None
if orequest.trust_root.startswith("https://online.planmill.com/futurice/"):
msg = "Planmill (futurice)"
(browser_login, _) = BrowserLogin.objects.get_or_create(user=request.browser.user, browser=request.browser, sso_provider="openid", signed_out=False, message=msg, remote_service=str(orequest.trust_root), defaults={"auth_timestamp": timezone.now()})
browser_login.auth_timestamp = timezone.now()
browser_login.save()
# Add entry to user log
def openid_server(request):
"""
This view is the actual OpenID server - running at the URL pointed to by
the <link rel="openid.server"> tag.
"""
logger.debug('server request %s: %s', request.method, request.POST
or request.GET)
server = Server(get_store(request),
op_endpoint=request.build_absolute_uri(
reverse('openid-provider-root')))
if not request.is_secure():
# if request is not secure allow only encrypted association sessions
server.negotiator = encrypted_negotiator
# Clear AuthorizationInfo session var, if it is set
if request.session.get('AuthorizationInfo', None):
del request.session['AuthorizationInfo']
querydict = dict(request.REQUEST.items())
orequest = server.decodeRequest(querydict)
if not orequest:
orequest = request.session.get('OPENID_REQUEST', None)
if orequest:
# remove session stored data:
del request.session['OPENID_REQUEST']
else:
# not request, render info page:
data = {
'host':
request.build_absolute_uri('/'),
'xrds_location':
request.build_absolute_uri(reverse('openid-provider-xrds')),
}
logger.debug('invalid request, sending info: %s', data)
return render_to_response('openid_provider/server.html',
data,
context_instance=RequestContext(request))
if orequest.mode in BROWSER_REQUEST_MODES:
if not request.user.is_authenticated():
#return HttpResponse(orequest.return_to)
logger.debug('no local authentication, sending landing page')
return landing_page(request, orequest)
openid = openid_is_authorized(request, orequest.identity,
orequest.trust_root)
if openid is not None:
id_url = request.build_absolute_uri(
reverse('openid-provider-identity', args=[openid.openid]))
oresponse = orequest.answer(True, identity=id_url)
logger.debug('orequest.answer(True, identity="%s")', id_url)
elif orequest.immediate:
logger.debug('checkid_immediate mode not supported')
raise Exception('checkid_immediate mode not supported')
else:
request.session['OPENID_REQUEST'] = orequest
logger.debug('redirecting to decide page')
return HttpResponseRedirect(reverse('openid-provider-decide'))
else:
oresponse = server.handleRequest(orequest)
if request.user.is_authenticated():
add_sreg_data(request, orequest, oresponse)
if conf.AX_EXTENSION:
add_ax_data(request, orequest, oresponse)
# Convert a webresponse from the OpenID library in to a Django HttpResponse
webresponse = server.encodeResponse(oresponse)
if webresponse.code == 200 and orequest.mode in BROWSER_REQUEST_MODES:
response = render_to_response('openid_provider/response.html', {
'body': webresponse.body,
},
context_instance=RequestContext(request))
logger.debug('rendering browser response')
else:
response = HttpResponse(webresponse.body)
response.status_code = webresponse.code
for key, value in webresponse.headers.items():
response[key] = value
logger.debug('rendering raw response')
return response
