def signin_return(self):
"""Handle returned request from OpenID 2.0 IdP."""
session = api_utils.get_user_session()
if pecan.request.GET.get(const.OPENID_ERROR):
api_utils.delete_params_from_user_session([const.CSRF_TOKEN])
self._auth_failure(pecan.request.GET.get(const.OPENID_ERROR))
if pecan.request.GET.get(const.OPENID_MODE) == 'cancel':
api_utils.delete_params_from_user_session([const.CSRF_TOKEN])
self._auth_failure('Authentication canceled.')
session_token = session.get(const.CSRF_TOKEN)
request_token = pecan.request.GET.get(const.CSRF_TOKEN)
if request_token != session_token:
api_utils.delete_params_from_user_session([const.CSRF_TOKEN])
self._auth_failure('Authentication failed. Please try again.')
api_utils.verify_openid_request(pecan.request)
user_info = {
'openid': pecan.request.GET.get(const.OPENID_CLAIMED_ID),
'email': pecan.request.GET.get(const.OPENID_NS_SREG_EMAIL),
'fullname': pecan.request.GET.get(const.OPENID_NS_SREG_FULLNAME)
}
user = db.user_save(user_info)
api_utils.delete_params_from_user_session([const.CSRF_TOKEN])
session[const.USER_OPENID] = user.openid
session.save()
pecan.redirect(CONF.ui_url)
def signin_return(self):
"""Handle returned request from OpenID 2.0 IdP."""
session = api_utils.get_user_session()
if pecan.request.GET.get(const.OPENID_ERROR):
api_utils.delete_params_from_user_session([const.CSRF_TOKEN])
self._auth_failure(pecan.request.GET.get(const.OPENID_ERROR))
if pecan.request.GET.get(const.OPENID_MODE) == 'cancel':
api_utils.delete_params_from_user_session([const.CSRF_TOKEN])
self._auth_failure('Authentication canceled.')
session_token = session.get(const.CSRF_TOKEN)
request_token = pecan.request.GET.get(const.CSRF_TOKEN)
if request_token != session_token:
api_utils.delete_params_from_user_session([const.CSRF_TOKEN])
self._auth_failure('Authentication failed. Please try again.')
api_utils.verify_openid_request(pecan.request)
user_info = {
'openid': pecan.request.GET.get(const.OPENID_CLAIMED_ID),
'email': pecan.request.GET.get(const.OPENID_NS_SREG_EMAIL),
'fullname': pecan.request.GET.get(const.OPENID_NS_SREG_FULLNAME)
}
user = db.user_save(user_info)
api_utils.delete_params_from_user_session([const.CSRF_TOKEN])
session[const.USER_OPENID] = user.openid
session.save()
pecan.redirect(CONF.ui_url)
def test_verify_openid_request(self, mock_abort, mock_post):
mock_response = mock.Mock()
mock_response.content = ('is_valid:true\n'
'ns:http://specs.openid.net/auth/2.0\n')
mock_response.status_code = 200
mock_post.return_value = mock_response
mock_request = mock.Mock()
mock_request.params = {
const.OPENID_NS_SREG_EMAIL: '*****@*****.**',
const.OPENID_NS_SREG_FULLNAME: 'foo'
}
self.assertTrue(api_utils.verify_openid_request(mock_request))
mock_response.content = ('is_valid:false\n'
'ns:http://specs.openid.net/auth/2.0\n')
api_utils.verify_openid_request(mock_request)
mock_abort.assert_called_once_with(
401, 'Authentication is failed. Try again.')
mock_abort.reset_mock()
mock_response.content = ('is_valid:true\n'
'ns:http://specs.openid.net/auth/2.0\n')
mock_request.params = {
const.OPENID_NS_SREG_EMAIL: '*****@*****.**',
}
api_utils.verify_openid_request(mock_request)
mock_abort.assert_called_once_with(
401, 'Authentication is failed. '
'Please permit access to your name.')
def test_verify_openid_request(self, mock_abort, mock_post):
mock_response = mock.Mock()
mock_response.content = ('is_valid:true\n'
'ns:http://specs.openid.net/auth/2.0\n')
mock_response.status_code = 200
mock_post.return_value = mock_response
mock_request = mock.Mock()
mock_request.params = {
const.OPENID_NS_SREG_EMAIL: '*****@*****.**',
const.OPENID_NS_SREG_FULLNAME: 'foo'
}
self.assertTrue(api_utils.verify_openid_request(mock_request))
mock_response.content = ('is_valid:false\n'
'ns:http://specs.openid.net/auth/2.0\n')
api_utils.verify_openid_request(mock_request)
mock_abort.assert_called_once_with(
401, 'Authentication is failed. Try again.'
)
mock_abort.reset_mock()
mock_response.content = ('is_valid:true\n'
'ns:http://specs.openid.net/auth/2.0\n')
mock_request.params = {
const.OPENID_NS_SREG_EMAIL: '*****@*****.**',
}
api_utils.verify_openid_request(mock_request)
mock_abort.assert_called_once_with(
401, 'Authentication is failed. '
'Please permit access to your name.'
)
def test_verify_openid_request(self, mock_abort, mock_post):
mock_response = mock.Mock()
mock_response.content = "is_valid:true\n" "ns:http://specs.openid.net/auth/2.0\n"
mock_response.status_code = 200
mock_post.return_value = mock_response
mock_request = mock.Mock()
mock_request.params = {const.OPENID_NS_SREG_EMAIL: "*****@*****.**", const.OPENID_NS_SREG_FULLNAME: "foo"}
self.assertEqual(True, api_utils.verify_openid_request(mock_request))
mock_response.content = "is_valid:false\n" "ns:http://specs.openid.net/auth/2.0\n"
api_utils.verify_openid_request(mock_request)
mock_abort.assert_called_once_with(401, "Authentication is failed. Try again.")
mock_abort.reset_mock()
mock_response.content = "is_valid:true\n" "ns:http://specs.openid.net/auth/2.0\n"
mock_request.params = {const.OPENID_NS_SREG_EMAIL: "*****@*****.**"}
api_utils.verify_openid_request(mock_request)
mock_abort.assert_called_once_with(401, "Authentication is failed. " "Please permit access to your name.")
