Example #1
0
	def validate(self, requestData, is_smart):
		"""
		Take the hashed "sig" that was passed in the request
		and compare it to one we generate using the key we
		believe belongs to the consumer.
		
		@param requestData: the current request
		@type requestData: L{OpenIDRequest}
		
		@param is_smart: if False, create a new association handle for this response
		
		@return: True if the request is valid.
		"""
		handle = requestData['openid.assoc_handle']
		
		if(is_smart):
			log.msg('Validating smart association')
			bank = self.smart
		else:
			log.msg('Validating dumb association')
			bank = self.dumb
		
		if(handle in bank):
			log.msg('    found handle: %r' % handle)
			association = bank[handle]
			log.msg('    association: %r' % association)
			if(time.time() - association.created > association.expires_in):
				log.msg('    association expired, denying handle')
				del bank[association.handle]
				return False
		else:
			log.msg('    denied handle: %r' % handle)
			return False
		
		token_contents = util.kvstr(mode='id_res',
								identity=requestData['openid.identity'],
								return_to=requestData['openid.return_to'])
		
		valid_sig = base64.b64encode(util.get_hmac(association.secret, token_contents))
		
		log.msg('Comparing %r' % requestData['openid.sig'])
		log.msg('to valid  %r' % valid_sig)
		
		return requestData['openid.sig'] == valid_sig
Example #2
0
def get_login_response(registry, requestData):
	"""
	Convenience function to return a valid login response for the provided request.

	@param registry: the current OpenID registry
	@type registry: L{OpenIDRegistry}
	
	@param requestData: the current request data
	@type requestData: L{OpenIDRequest}
	
	@return: a response URL
	@rtype: str
	"""
	log.msg('[get_login_response] request: %r' % requestData)
	
	association = registry.initiate(requestData, 'openid.assoc_handle' in requestData)
	log.msg('[get_login_response] association: %r' % association)
	
	log.msg('[get_login_response] Using handle: %r' % association.handle)
	token_key = util.secret(association.handle)
	log.msg('[get_login_response] Found key: %r' % token_key)
	token_contents = util.kvstr(
		mode		= 'id_res',
		identity	= requestData['openid.identity'],
		return_to	= requestData['openid.return_to'],
	)
	
	return_dict = {
		'openid.mode'			: 'id_res',
		'openid.identity'		: requestData['openid.identity'],
		'openid.assoc_handle'	: association.handle,
		'openid.return_to'		: requestData['openid.return_to'],
		'openid.signed'			: 'identity,mode,return_to',
		'openid.sig'			: base64.b64encode(util.get_hmac(token_key, token_contents))
	}
	
	if(association.handle != requestData.get('openid.assoc_handle', association.handle)):
		log.msg("[get_login_response] Retrieved association handle doesn't match request: %r" % requestData['openid.assoc_handle'])
		return_dict['openid.invalidate_handle'] = requestData['openid.assoc_handle']
	
	return util.appendQuery(requestData['openid.return_to'], return_dict)
Example #3
0
	def test_validate(self):
		registry = protocol.OpenIDRegistry()
		association = registry.initiate(TestRequest({
			'openid.mode'			: 'associate',
		}), True)
		
		token_contents = util.kvstr(mode='id_res',
								identity='http://www.example.com/test',
								return_to='http://www.example.com/return')
		
		valid_sig = base64.b64encode(util.get_hmac(association.secret, token_contents))
		
		result = registry.validate(TestRequest({
			'openid.mode'			: 'associate',
			'openid.identity'		: 'http://www.example.com/test',
			'openid.return_to'		: 'http://www.example.com/return',
			'openid.assoc_handle'	: association.handle,
			'openid.sig'			: valid_sig,
			'openid.signed'			: 'identity,mode,return_to',
		}), True)
		
		if not(result):
			self.fail('Validation failed when it should have passed.')
Example #4
0
	def test_get_hmac(self):
		key = 'some key'
		message = 'some message'
		expected = '\x01P]/\xc3]\x00\xb3c[\xf7\x92^\xba]\t\x03\x1b3\xf1'
		got = util.get_hmac(key, message)
		self.failUnlessEqual(got, expected, "Got %r when expecting %r" % (got, expected))