def set_password(cls,
user=None,
password=None,
provider_name=None
):
"""generic method to change password of
any for any login provider that uses password
and allows the password change function
"""
login_providers = util.get_enabled_login_providers()
if login_providers[provider_name]['type'] != 'password':
raise ImproperlyConfigured('login provider must use password')
if provider_name == 'local':
user.set_password(password)
user.save()
scrambled_password = user.password + str(user.id)
else:
raise NotImplementedError('external passwords not supported')
try:
assoc = UserAssociation.objects.get(
user=user,
provider_name=provider_name
)
except UserAssociation.DoesNotExist:
assoc = UserAssociation(
user=user,
provider_name=provider_name
)
assoc.openid_url = scrambled_password
assoc.last_used_timestamp = datetime.datetime.now()
assoc.save()
def set_password(cls, user=None, password=None, provider_name=None):
"""generic method to change password of
any for any login provider that uses password
and allows the password change function
"""
login_providers = util.get_enabled_login_providers()
if login_providers[provider_name]['type'] != 'password':
raise ImproperlyConfigured('login provider must use password')
if provider_name == 'local':
user.set_password(password)
user.save()
scrambled_password = user.password + str(user.id)
else:
raise NotImplementedError('external passwords not supported')
try:
assoc = UserAssociation.objects.get(user=user,
provider_name=provider_name)
except UserAssociation.DoesNotExist:
assoc = UserAssociation(user=user, provider_name=provider_name)
assoc.openid_url = scrambled_password
assoc.last_used_timestamp = datetime.datetime.now()
assoc.save()
def clean(self, value):
"""make sure that value is name of
one of the known password login providers
"""
value = super(PasswordLoginProviderField, self).clean(value)
providers = util.get_enabled_login_providers()
if providers[value]['type'] != 'password':
raise forms.ValidationError(
'provider %s must accept password' % value
)
return value
def clean(self, value):
"""makes sure that login provider name
exists is in the list of accepted providers
"""
providers = util.get_enabled_login_providers()
if value in providers:
return value
else:
error_message = 'unknown provider name %s' % value
logging.critical(error_message)
raise forms.ValidationError(error_message)
def clean(self):
"""besides input data takes data from the
login provider settings
and stores final digested data into
the cleaned_data
the idea is that cleaned data can be used directly
to enact the signin action, without post-processing
of the data
contents of cleaned_data depends on the type
of login
"""
providers = util.get_enabled_login_providers()
if 'login_provider_name' in self.cleaned_data:
provider_name = self.cleaned_data['login_provider_name']
else:
raise forms.ValidationError('no login provider specified')
provider_data = providers[provider_name]
provider_type = provider_data['type']
if provider_type == 'password':
self.do_clean_password_fields()
self.cleaned_data['login_type'] = 'password'
elif provider_type.startswith('openid'):
self.do_clean_openid_fields(provider_data)
self.cleaned_data['login_type'] = 'openid'
elif provider_type == 'oauth':
self.cleaned_data['login_type'] = 'oauth'
pass
elif provider_type == 'facebook':
self.cleaned_data['login_type'] = 'facebook'
#self.do_clean_oauth_fields()
elif provider_type == 'wordpress_site':
self.cleaned_data['login_type'] = 'wordpress_site'
return self.cleaned_data
def authenticate(
self,
username=None, # for 'password' and 'ldap'
password=None, # for 'password' and 'ldap'
user_id=None, # for 'force'
provider_name=None, # required with all except email_key
openid_url=None,
email_key=None,
oauth_user_id=None, # used with oauth
facebook_user_id=None, # user with facebook
wordpress_url=None, # required for self hosted wordpress
wp_user_id=None, # required for self hosted wordpress
method=None, # requried parameter
):
"""this authentication function supports many login methods
just which method it is going to use it determined
from the signature of the function call
"""
login_providers = util.get_enabled_login_providers()
assoc = None # UserAssociation not needed for ldap
if method == 'password':
if login_providers[provider_name]['type'] != 'password':
raise ImproperlyConfigured('login provider must use password')
if provider_name == 'local':
try:
email_address = username
user = User.objects.get(email=email_address)
if not user.check_password(password):
return None
except User.DoesNotExist:
return None
except User.MultipleObjectsReturned:
LOG.critical(
('have more than one user with email %s ' +
'he/she will not be able to authenticate with ' +
'the email address in the place of user name') % email_address
)
return None
else:
if login_providers[provider_name]['check_password'](username, password):
try:
#if have user associated with this username and provider,
#return the user
assoc = UserAssociation.objects.get(
openid_url=username + '@' + provider_name, # a hack - par name is bad
provider_name=provider_name
)
return assoc.user
except UserAssociation.DoesNotExist:
#race condition here a user with this name may exist
user, created = User.objects.get_or_create(username=username)
if created:
user.set_password(password)
user.save()
user_registered.send(None, user=user)
else:
#have username collision - so make up a more unique user name
#bug: - if user already exists with the new username - we are in trouble
new_username = '******' % (username, provider_name)
user = User.objects.create_user(new_username, '', password)
user_registered.send(None, user=user)
message = _(
'Welcome! Please set email address (important!) in your '
'profile and adjust screen name, if necessary.'
)
user.message_set.create(message=message)
else:
return None
#this is a catch - make login token a little more unique
#for the cases when passwords are the same for two users
#from the same provider
try:
assoc = UserAssociation.objects.get(
user=user,
provider_name=provider_name
)
except UserAssociation.DoesNotExist:
assoc = UserAssociation(
user=user,
provider_name=provider_name
)
assoc.openid_url = username + '@' + provider_name # has to be this way for external pw logins
elif method == 'openid':
try:
assoc = UserAssociation.objects.get(openid_url=openid_url)
user = assoc.user
except UserAssociation.DoesNotExist:
return None
except UserAssociation.MultipleObjectsReturned:
logging.critical(
'duplicate openid url in the database!!! %s' % openid_url
)
return None
elif method == 'email':
#with this method we do no use user association
try:
#todo: add email_key_timestamp field
#and check key age
user = User.objects.get(email_key=email_key)
user.email_key = None # one time key so delete it
user.email_isvalid = True
user.save()
return user
except User.DoesNotExist:
return None
elif method == 'oauth':
if login_providers[provider_name]['type'] == 'oauth':
try:
assoc = UserAssociation.objects.get(
openid_url=oauth_user_id,
provider_name=provider_name
)
user = assoc.user
except UserAssociation.DoesNotExist:
return None
else:
return None
elif method == 'facebook':
try:
#assert(provider_name == 'facebook')
assoc = UserAssociation.objects.get(
openid_url=facebook_user_id,
provider_name='facebook'
)
user = assoc.user
except UserAssociation.DoesNotExist:
return None
elif method == 'wordpress_site':
try:
custom_wp_openid_url = '%s?user_id=%s' % (wordpress_url, wp_user_id)
assoc = UserAssociation.objects.get(
openid_url=custom_wp_openid_url,
provider_name='wordpress_site'
)
user = assoc.user
except UserAssociation.DoesNotExist:
return None
elif method == 'force':
return self.get_user(user_id)
else:
raise TypeError('only openid and password supported')
if assoc:
#update last used time
assoc.last_used_timestamp = datetime.datetime.now()
assoc.save()
return user
def authenticate(
self,
username=None, # for 'password' and 'ldap'
password=None, # for 'password' and 'ldap'
user_id=None, # for 'force'
provider_name=None, # required with all except email_key
openid_url=None,
email_key=None,
oauth_user_id=None, # used with oauth
facebook_user_id=None, # user with facebook
wordpress_url=None, # required for self hosted wordpress
wp_user_id=None, # required for self hosted wordpress
method=None, # requried parameter
):
"""this authentication function supports many login methods
just which method it is going to use it determined
from the signature of the function call
"""
login_providers = util.get_enabled_login_providers()
assoc = None # UserAssociation not needed for ldap
if method == 'password':
if login_providers[provider_name]['type'] != 'password':
raise ImproperlyConfigured('login provider must use password')
if provider_name == 'local':
try:
email_address = username
user = User.objects.get(email=email_address)
if not user.check_password(password):
return None
except User.DoesNotExist:
return None
except User.MultipleObjectsReturned:
LOG.critical(
('have more than one user with email %s ' +
'he/she will not be able to authenticate with ' +
'the email address in the place of user name') %
email_address)
return None
else:
if login_providers[provider_name]['check_password'](username,
password):
try:
#if have user associated with this username and provider,
#return the user
assoc = UserAssociation.objects.get(
openid_url=username + '@' +
provider_name, # a hack - par name is bad
provider_name=provider_name)
return assoc.user
except UserAssociation.DoesNotExist:
#race condition here a user with this name may exist
user, created = User.objects.get_or_create(
username=username)
if created:
user.set_password(password)
user.save()
user_registered.send(None, user=user)
else:
#have username collision - so make up a more unique user name
#bug: - if user already exists with the new username - we are in trouble
new_username = '******' % (username, provider_name)
user = User.objects.create_user(
new_username, '', password)
user_registered.send(None, user=user)
message = _(
'Welcome! Please set email address (important!) in your '
'profile and adjust screen name, if necessary.'
)
user.message_set.create(message=message)
else:
return None
#this is a catch - make login token a little more unique
#for the cases when passwords are the same for two users
#from the same provider
try:
assoc = UserAssociation.objects.get(
user=user, provider_name=provider_name)
except UserAssociation.DoesNotExist:
assoc = UserAssociation(user=user, provider_name=provider_name)
assoc.openid_url = username + '@' + provider_name # has to be this way for external pw logins
elif method == 'openid':
try:
assoc = UserAssociation.objects.get(openid_url=openid_url)
user = assoc.user
except UserAssociation.DoesNotExist:
return None
except UserAssociation.MultipleObjectsReturned:
logging.critical('duplicate openid url in the database!!! %s' %
openid_url)
return None
elif method == 'email':
#with this method we do no use user association
try:
#todo: add email_key_timestamp field
#and check key age
user = User.objects.get(email_key=email_key)
user.email_key = None # one time key so delete it
user.email_isvalid = True
user.save()
return user
except User.DoesNotExist:
return None
elif method == 'oauth':
if login_providers[provider_name]['type'] == 'oauth':
try:
assoc = UserAssociation.objects.get(
openid_url=oauth_user_id, provider_name=provider_name)
user = assoc.user
except UserAssociation.DoesNotExist:
return None
else:
return None
elif method == 'facebook':
try:
#assert(provider_name == 'facebook')
assoc = UserAssociation.objects.get(
openid_url=facebook_user_id, provider_name='facebook')
user = assoc.user
except UserAssociation.DoesNotExist:
return None
elif method == 'wordpress_site':
try:
custom_wp_openid_url = '%s?user_id=%s' % (wordpress_url,
wp_user_id)
assoc = UserAssociation.objects.get(
openid_url=custom_wp_openid_url,
provider_name='wordpress_site')
user = assoc.user
except UserAssociation.DoesNotExist:
return None
elif method == 'force':
return self.get_user(user_id)
else:
raise TypeError('only openid and password supported')
if assoc:
#update last used time
assoc.last_used_timestamp = datetime.datetime.now()
assoc.save()
return user
