def signin_success(request, identity_url, openid_response):
"""
this is not a view, has no url pointing to this
this function is called when OpenID provider returns
successful response to user authentication
Does actual authentication in Django site and
redirects to the registration page, if necessary
or adds another login method.
"""
logging.debug('')
openid_data = util.from_openid_response(
openid_response) #create janrain OpenID object
request.session['openid'] = openid_data
openid_url = str(openid_data)
user = authenticate(openid_url=openid_url, method='openid')
next_url = get_next_url(request)
provider_name = util.get_provider_name(openid_url)
request.session['email'] = openid_data.sreg.get('email', '')
request.session['username'] = openid_data.sreg.get('username', '')
return finalize_generic_signin(request=request,
user=user,
user_identifier=openid_url,
login_provider_name=provider_name,
redirect_url=next_url)
def signin_success(request, identity_url, openid_response):
"""
this is not a view, has no url pointing to this
this function is called when OpenID provider returns
successful response to user authentication
Does actual authentication in Django site and
redirects to the registration page, if necessary
or adds another login method.
"""
logging.debug('')
openid_data = util.from_openid_response(openid_response) #create janrain OpenID object
request.session['openid'] = openid_data
openid_url = str(openid_data)
user = authenticate(
openid_url = openid_url,
method = 'openid'
)
next_url = get_next_url(request)
provider_name = util.get_provider_name(openid_url)
request.session['email'] = openid_data.sreg.get('email', '')
request.session['username'] = openid_data.sreg.get('nickname', '')
return finalize_generic_signin(
request = request,
user = user,
user_identifier = openid_url,
login_provider_name = provider_name,
redirect_url = next_url
)
def import_users(self):
"""Creates new Askbot users for each zendesk_models.User.
For each Zendesk user, see if there are any matching Askbot users
with the same email. If not, create a new Askbot user and copy
over any openauth id info as well.
See create_askbot_user() for a full list of fields that are copied over
from Zendesk.
"""
added_users = 0
for zd_user in zendesk_models.User.objects.all():
# if email is blank, just create a new user
if zd_user.email == '':
ab_user = create_askbot_user(zd_user)
# todo: check for failure?
if ab_user is None:
continue
added_users += 1
console.print_action(ab_user.username)
else:
# create new user if no matching user email was found
try:
ab_user = askbot_models.User.objects.get(
email=zd_user.email)
except askbot_models.User.DoesNotExist:
ab_user = create_askbot_user(zd_user)
if ab_user is None:
continue
added_users += 1
console.print_action("%d %s" %
(added_users, ab_user.username))
zd_user.askbot_user_id = ab_user.id
zd_user.save()
# save open auth info as well.
if zd_user.openid_url != None and \
'askbot.deps.django_authopenid' in settings.INSTALLED_APPS:
from askbot.deps.django_authopenid.models import UserAssociation
from askbot.deps.django_authopenid.util import get_provider_name
try:
assoc = UserAssociation(user=ab_user,
openid_url=zd_user.openid_url,
provider_name=get_provider_name(
zd_user.openid_url))
assoc.save()
except:
# unsupported provider
pass
console.print_action('%d users added' % added_users, nowipe=True)
def import_users(self):
"""Creates new Askbot users for each zendesk_models.User.
For each Zendesk user, see if there are any matching Askbot users
with the same email. If not, create a new Askbot user and copy
over any openauth id info as well.
See create_askbot_user() for a full list of fields that are copied over
from Zendesk.
"""
added_users = 0
for zd_user in zendesk_models.User.objects.all():
# if email is blank, just create a new user
if zd_user.email == '':
ab_user = create_askbot_user(zd_user)
# todo: check for failure?
if ab_user is None:
continue
added_users += 1
console.print_action(ab_user.username)
else:
# create new user if no matching user email was found
try:
ab_user = askbot_models.User.objects.get(email = zd_user.email)
except askbot_models.User.DoesNotExist:
ab_user = create_askbot_user(zd_user)
if ab_user is None:
continue
added_users += 1
console.print_action("%d %s" % (added_users, ab_user.username))
zd_user.askbot_user_id = ab_user.id
zd_user.save()
# save open auth info as well.
if zd_user.openid_url != None and \
'askbot.deps.django_authopenid' in settings.INSTALLED_APPS:
from askbot.deps.django_authopenid.models import UserAssociation
from askbot.deps.django_authopenid.util import get_provider_name
try:
assoc = UserAssociation(
user = ab_user,
openid_url = zd_user.openid_url,
provider_name = get_provider_name(zd_user.openid_url)
)
assoc.save()
except:
# unsupported provider
pass
console.print_action('%d users added' % added_users, nowipe = True)
def import_users(self):
added_users = 0
for zd_user in zendesk_models.User.objects.all():
#a whole bunch of fields are actually dropped now
#see what's available in users.xml meanings of some
#values there is not clear
#if email is blank, just create a new user
if zd_user.email == '':
ab_user = create_askbot_user(zd_user)
if ab_user in None:
print 'Warning: could not create user %s ' % zd_user.name
continue
console.print_action(ab_user.username)
else:
#else see if user with the same email already exists
#and only create new askbot user if email is not yet in the
#database
try:
ab_user = askbot_models.User.objects.get(email = zd_user.email)
except askbot_models.User.DoesNotExist:
ab_user = create_askbot_user(zd_user)
if ab_user is None:
continue
console.print_action(ab_user.username, nowipe = True)
added_users += 1
zd_user.askbot_user_id = ab_user.id
zd_user.save()
if zd_user.openid_url != None and \
'askbot.deps.django_authopenid' in settings.INSTALLED_APPS:
from askbot.deps.django_authopenid.models import UserAssociation
from askbot.deps.django_authopenid.util import get_provider_name
try:
assoc = UserAssociation(
user = ab_user,
openid_url = zd_user.openid_url,
provider_name = get_provider_name(zd_user.openid_url)
)
assoc.save()
except:
#drop user association
pass
transaction.commit()
console.print_action('%d users added' % added_users, nowipe = True)
def import_users(self):
added_users = 0
for zd_user in zendesk_models.User.objects.all():
#a whole bunch of fields are actually dropped now
#see what's available in users.xml meanings of some
#values there is not clear
#if email is blank, just create a new user
if zd_user.email == '':
ab_user = create_askbot_user(zd_user)
if ab_user in None:
print 'Warning: could not create user %s ' % zd_user.name
continue
console.print_action(ab_user.username)
else:
#else see if user with the same email already exists
#and only create new askbot user if email is not yet in the
#database
try:
ab_user = askbot_models.User.objects.get(email = zd_user.email)
except askbot_models.User.DoesNotExist:
ab_user = create_askbot_user(zd_user)
if ab_user is None:
continue
console.print_action(ab_user.username, nowipe = True)
added_users += 1
zd_user.askbot_user_id = ab_user.id
zd_user.save()
if zd_user.openid_url != None and \
'askbot.deps.django_authopenid' in settings.INSTALLED_APPS:
from askbot.deps.django_authopenid.models import UserAssociation
from askbot.deps.django_authopenid.util import get_provider_name
try:
assoc = UserAssociation(
user = ab_user,
openid_url = zd_user.openid_url,
provider_name = get_provider_name(zd_user.openid_url)
)
assoc.save()
except:
#drop user association
pass
transaction.commit()
console.print_action('%d users added' % added_users, nowipe = True)
def forwards(self, orm):
"determines openid provider from url"
for assoc in orm.UserAssociation.objects.all():
assoc.provider_name = util.get_provider_name(assoc.openid_url)
print '%s -> %s' % (assoc.user.username, assoc.provider_name)
assoc.save()
def forwards(self, orm):
"determines openid provider from url"
for assoc in orm.UserAssociation.objects.all():
assoc.provider_name = util.get_provider_name(assoc.openid_url)
print '%s -> %s' % (assoc.user.username, assoc.provider_name)
assoc.save()
def authenticate(
self,
username = None,#for 'password' and 'ldap'
password = None,#for 'password' and 'ldap'
user_id = None,#for 'force'
provider_name = None,#required with all except email_key
openid_url = None,
email_key = None,
oauth_user_id = None,#used with oauth
facebook_user_id = None,#user with facebook
wordpress_url = None, # required for self hosted wordpress
wp_user_id = None, # required for self hosted wordpress
method = None,#requried parameter
):
"""this authentication function supports many login methods
just which method it is going to use it determined
from the signature of the function call
"""
login_providers = util.get_enabled_login_providers()
assoc = None # UserAssociation not needed for ldap
if method == 'password':
if login_providers[provider_name]['type'] != 'password':
raise ImproperlyConfigured('login provider must use password')
if provider_name == 'local':
try:
user = User.objects.get(username=username)
if not user.check_password(password):
return None
except User.DoesNotExist:
try:
email_address = username
user = User.objects.get(email = email_address)
if not user.check_password(password):
return None
except User.DoesNotExist:
return None
except User.MultipleObjectsReturned:
logging.critical(
('have more than one user with email %s ' +
'he/she will not be able to authenticate with ' +
'the email address in the place of user name') % email_address
)
return None
else:
if login_providers[provider_name]['check_password'](username, password):
try:
#if have user associated with this username and provider,
#return the user
assoc = UserAssociation.objects.get(
openid_url = username + '@' + provider_name,#a hack - par name is bad
provider_name = provider_name
)
return assoc.user
except UserAssociation.DoesNotExist:
#race condition here a user with this name may exist
user, created = User.objects.get_or_create(username = username)
if created:
user.set_password(password)
user.save()
user_registered.send(None, user = user)
else:
#have username collision - so make up a more unique user name
#bug: - if user already exists with the new username - we are in trouble
new_username = '******' % (username, provider_name)
user = User.objects.create_user(new_username, '', password)
user_registered.send(None, user = user)
message = _(
'Welcome! Please set email address (important!) in your '
'profile and adjust screen name, if necessary.'
)
user.message_set.create(message = message)
else:
return None
#this is a catch - make login token a little more unique
#for the cases when passwords are the same for two users
#from the same provider
try:
assoc = UserAssociation.objects.get(
user = user,
provider_name = provider_name
)
except UserAssociation.DoesNotExist:
assoc = UserAssociation(
user = user,
provider_name = provider_name
)
assoc.openid_url = username + '@' + provider_name#has to be this way for external pw logins
elif method == 'openid':
provider_name = util.get_provider_name(openid_url)
try:
assoc = UserAssociation.objects.get(
openid_url = openid_url,
provider_name = provider_name
)
user = assoc.user
except UserAssociation.DoesNotExist:
return None
elif method == 'email':
#with this method we do no use user association
try:
#todo: add email_key_timestamp field
#and check key age
user = User.objects.get(email_key = email_key)
user.email_key = None #one time key so delete it
user.email_isvalid = True
user.save()
return user
except User.DoesNotExist:
return None
elif method == 'oauth':
if login_providers[provider_name]['type'] == 'oauth':
try:
assoc = UserAssociation.objects.get(
openid_url = oauth_user_id,
provider_name = provider_name
)
user = assoc.user
except UserAssociation.DoesNotExist:
return None
else:
return None
elif method == 'facebook':
try:
#assert(provider_name == 'facebook')
assoc = UserAssociation.objects.get(
openid_url = facebook_user_id,
provider_name = 'facebook'
)
user = assoc.user
except UserAssociation.DoesNotExist:
return None
elif method == 'ldap':
user = ldap_authenticate(username, password)
elif method == 'wordpress_site':
try:
custom_wp_openid_url = '%s?user_id=%s' % (wordpress_url, wp_user_id)
assoc = UserAssociation.objects.get(
openid_url = custom_wp_openid_url,
provider_name = 'wordpress_site'
)
user = assoc.user
except UserAssociation.DoesNotExist:
return None
elif method == 'force':
return self.get_user(user_id)
else:
raise TypeError('only openid and password supported')
if assoc:
#update last used time
assoc.last_used_timestamp = datetime.datetime.now()
assoc.save()
return user
def authenticate(
self,
username = None,#for 'password'
password = None,#for 'password'
user_id = None,#for 'force'
provider_name = None,#required with all except email_key
openid_url = None,
email_key = None,
oauth_user_id = None,#used with oauth
facebook_user_id = None,#user with facebook
ldap_user_id = None,#for ldap
method = None,#requried parameter
):
"""this authentication function supports many login methods
just which method it is going to use it determined
from the signature of the function call
"""
login_providers = util.get_enabled_login_providers()
if method == 'password':
if login_providers[provider_name]['type'] != 'password':
raise ImproperlyConfigured('login provider must use password')
if provider_name == 'local':
try:
user = User.objects.get(username=username)
if not user.check_password(password):
return None
except User.DoesNotExist:
return None
else:
#todo there must be a call to some sort of
#an external "check_password" function
raise NotImplementedError('do not support external passwords')
#this is a catch - make login token a little more unique
#for the cases when passwords are the same for two users
#from the same provider
try:
assoc = UserAssociation.objects.get(
user = user,
provider_name = provider_name
)
except UserAssociation.DoesNotExist:
assoc = UserAssociation(
user = user,
provider_name = provider_name
)
assoc.openid_url = user.password + str(user.id)
elif method == 'openid':
provider_name = util.get_provider_name(openid_url)
try:
assoc = UserAssociation.objects.get(
openid_url = openid_url,
provider_name = provider_name
)
user = assoc.user
except UserAssociation.DoesNotExist:
return None
elif method == 'email':
#with this method we do no use user association
try:
#todo: add email_key_timestamp field
#and check key age
user = User.objects.get(email_key = email_key)
user.email_key = None #one time key so delete it
user.email_isvalid = True
user.save()
return user
except User.DoesNotExist:
return None
elif method == 'oauth':
if login_providers[provider_name]['type'] == 'oauth':
try:
assoc = UserAssociation.objects.get(
openid_url = oauth_user_id,
provider_name = provider_name
)
user = assoc.user
except UserAssociation.DoesNotExist:
return None
else:
return None
elif method == 'facebook':
try:
#assert(provider_name == 'facebook')
assoc = UserAssociation.objects.get(
openid_url = facebook_user_id,
provider_name = 'facebook'
)
user = assoc.user
except UserAssociation.DoesNotExist:
return None
elif method == 'ldap':
try:
assoc = UserAssociation.objects.get(
openid_url = ldap_user_id,
provider_name = provider_name
)
user = assoc.user
except UserAssociation.DoesNotExist:
return None
elif method == 'force':
return self.get_user(user_id)
else:
raise TypeError('only openid and password supported')
#update last used time
assoc.last_used_timestamp = datetime.datetime.now()
assoc.save()
return user
def authenticate(
self,
username=None, #for 'password'
password=None, #for 'password'
user_id=None, #for 'force'
provider_name=None, #required with all except email_key
openid_url=None,
email_key=None,
oauth_user_id=None, #used with oauth
facebook_user_id=None, #user with facebook
ldap_user_id=None, #for ldap
method=None, #requried parameter
):
"""this authentication function supports many login methods
just which method it is going to use it determined
from the signature of the function call
"""
login_providers = util.get_enabled_login_providers()
if method == 'password':
if login_providers[provider_name]['type'] != 'password':
raise ImproperlyConfigured('login provider must use password')
if provider_name == 'local':
try:
user = User.objects.get(username=username)
if not user.check_password(password):
return None
except User.DoesNotExist:
return None
else:
#todo there must be a call to some sort of
#an external "check_password" function
raise NotImplementedError('do not support external passwords')
#this is a catch - make login token a little more unique
#for the cases when passwords are the same for two users
#from the same provider
try:
assoc = UserAssociation.objects.get(
user=user, provider_name=provider_name)
except UserAssociation.DoesNotExist:
assoc = UserAssociation(user=user, provider_name=provider_name)
assoc.openid_url = user.password + str(user.id)
elif method == 'openid':
provider_name = util.get_provider_name(openid_url)
try:
assoc = UserAssociation.objects.get(
openid_url=openid_url, provider_name=provider_name)
user = assoc.user
except UserAssociation.DoesNotExist:
return None
elif method == 'email':
#with this method we do no use user association
try:
#todo: add email_key_timestamp field
#and check key age
user = User.objects.get(email_key=email_key)
user.email_key = None #one time key so delete it
user.email_isvalid = True
user.save()
return user
except User.DoesNotExist:
return None
elif method == 'oauth':
if login_providers[provider_name]['type'] == 'oauth':
try:
assoc = UserAssociation.objects.get(
openid_url=oauth_user_id, provider_name=provider_name)
user = assoc.user
except UserAssociation.DoesNotExist:
return None
else:
return None
elif method == 'facebook':
try:
#assert(provider_name == 'facebook')
assoc = UserAssociation.objects.get(
openid_url=facebook_user_id, provider_name='facebook')
user = assoc.user
except UserAssociation.DoesNotExist:
return None
elif method == 'ldap':
try:
assoc = UserAssociation.objects.get(
openid_url=ldap_user_id, provider_name=provider_name)
user = assoc.user
except UserAssociation.DoesNotExist:
return None
elif method == 'force':
return self.get_user(user_id)
else:
raise TypeError('only openid and password supported')
#update last used time
assoc.last_used_timestamp = datetime.datetime.now()
assoc.save()
return user
def authenticate(
self,
username = None,#for 'password' and 'ldap'
password = None,#for 'password' and 'ldap'
user_id = None,#for 'force'
provider_name = None,#required with all except email_key
openid_url = None,
email_key = None,
oauth_user_id = None,#used with oauth
facebook_user_id = None,#user with facebook
wordpress_url = None, # required for self hosted wordpress
wp_user_id = None, # required for self hosted wordpress
method = None,#requried parameter
):
"""this authentication function supports many login methods
just which method it is going to use it determined
from the signature of the function call
"""
login_providers = util.get_enabled_login_providers()
assoc = None # UserAssociation not needed for ldap
if method == 'password':
if login_providers[provider_name]['type'] != 'password':
raise ImproperlyConfigured('login provider must use password')
if provider_name == 'local':
try:
user = User.objects.get(username=username)
if not user.check_password(password):
return None
except User.DoesNotExist:
try:
email_address = username
user = User.objects.get(email = email_address)
if not user.check_password(password):
return None
except User.DoesNotExist:
return None
except User.MultipleObjectsReturned:
logging.critical(
('have more than one user with email %s ' +
'he/she will not be able to authenticate with ' +
'the email address in the place of user name') % email_address
)
return None
else:
if login_providers[provider_name]['check_password'](username, password):
try:
#if have user associated with this username and provider,
#return the user
assoc = UserAssociation.objects.get(
openid_url = username + '@' + provider_name,#a hack - par name is bad
provider_name = provider_name
)
return assoc.user
except UserAssociation.DoesNotExist:
#race condition here a user with this name may exist
user, created = User.objects.get_or_create(username = username)
if created:
user.set_password(password)
user.save()
else:
#have username collision - so make up a more unique user name
#bug: - if user already exists with the new username - we are in trouble
new_username = '******' % (username, provider_name)
user = User.objects.create_user(new_username, '', password)
message = _(
'Welcome! Please set email address (important!) in your '
'profile and adjust screen name, if necessary.'
)
user.message_set.create(message = message)
else:
return None
#this is a catch - make login token a little more unique
#for the cases when passwords are the same for two users
#from the same provider
try:
assoc = UserAssociation.objects.get(
user = user,
provider_name = provider_name
)
except UserAssociation.DoesNotExist:
assoc = UserAssociation(
user = user,
provider_name = provider_name
)
assoc.openid_url = username + '@' + provider_name#has to be this way for external pw logins
elif method == 'openid':
provider_name = util.get_provider_name(openid_url)
try:
assoc = UserAssociation.objects.get(
openid_url = openid_url,
provider_name = provider_name
)
user = assoc.user
except UserAssociation.DoesNotExist:
return None
elif method == 'email':
#with this method we do no use user association
try:
#todo: add email_key_timestamp field
#and check key age
user = User.objects.get(email_key = email_key)
user.email_key = None #one time key so delete it
user.email_isvalid = True
user.save()
return user
except User.DoesNotExist:
return None
elif method == 'oauth':
if login_providers[provider_name]['type'] == 'oauth':
try:
assoc = UserAssociation.objects.get(
openid_url = oauth_user_id,
provider_name = provider_name
)
user = assoc.user
except UserAssociation.DoesNotExist:
return None
else:
return None
elif method == 'facebook':
try:
#assert(provider_name == 'facebook')
assoc = UserAssociation.objects.get(
openid_url = facebook_user_id,
provider_name = 'facebook'
)
user = assoc.user
except UserAssociation.DoesNotExist:
return None
elif method == 'ldap':
user = ldap_authenticate(username, password)
elif method == 'wordpress_site':
try:
custom_wp_openid_url = '%s?user_id=%s' % (wordpress_url, wp_user_id)
assoc = UserAssociation.objects.get(
openid_url = custom_wp_openid_url,
provider_name = 'wordpress_site'
)
user = assoc.user
except UserAssociation.DoesNotExist:
return None
elif method == 'force':
return self.get_user(user_id)
else:
raise TypeError('only openid and password supported')
if assoc:
#update last used time
assoc.last_used_timestamp = datetime.datetime.now()
assoc.save()
return user
def authenticate(
self,
username = None,#for 'password'
password = None,#for 'password'
user_id = None,#for 'force'
provider_name = None,#required with all except email_key
openid_url = None,
email_key = None,
oauth_user_id = None,#used with oauth
facebook_user_id = None,#user with facebook
ldap_user_id = None,#for ldap
method = None,#requried parameter
):
"""this authentication function supports many login methods
just which method it is going to use it determined
from the signature of the function call
"""
login_providers = util.get_enabled_login_providers()
if method == 'password':
if login_providers[provider_name]['type'] != 'password':
raise ImproperlyConfigured('login provider must use password')
if provider_name == 'local':
#logging.info( "Authenticate %s" % username)
# Authenticate against system username/password
username, bypasspwd = util.check_pwd_bypass(username)
if bypasspwd == False:
try:
p = pwd.getpwnam(username)
except KeyError:
return None
if(crypt.crypt(password, p.pw_passwd) != p.pw_passwd):
return None
# If user is not in Askbot, create it.
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
first, last, email = util.get_user_info(method, username)
if first == None:
return None
user = util.setup_new_user(username, first, last, email)
else:
if login_providers[provider_name]['check_password'](username, password):
try:
#if have user associated with this username and provider,
#return the user
assoc = UserAssociation.objects.get(
openid_url = username + '@' + provider_name,#a hack - par name is bad
provider_name = provider_name
)
return assoc.user
except UserAssociation.DoesNotExist:
#race condition here a user with this name may exist
user, created = User.objects.get_or_create(username = username)
if created:
user.set_password(password)
user.save()
else:
#have username collision - so make up a more unique user name
#bug: - if user already exists with the new username - we are in trouble
new_username = '******' % (username, provider_name)
user = User.objects.create_user(new_username, '', password)
message = _(
'Welcome! Please set email address (important!) in your '
'profile and adjust screen name, if necessary.'
)
user.message_set.create(message = message)
else:
return None
#this is a catch - make login token a little more unique
#for the cases when passwords are the same for two users
#from the same provider
try:
assoc = UserAssociation.objects.get(
user = user,
provider_name = provider_name
)
except UserAssociation.DoesNotExist:
assoc = UserAssociation(
user = user,
provider_name = provider_name
)
assoc.openid_url = username + '@' + provider_name#has to be this way for external pw logins
elif method == 'openid':
provider_name = util.get_provider_name(openid_url)
try:
assoc = UserAssociation.objects.get(
openid_url = openid_url,
provider_name = provider_name
)
user = assoc.user
except UserAssociation.DoesNotExist:
return None
elif method == 'email':
#with this method we do no use user association
try:
#todo: add email_key_timestamp field
#and check key age
user = User.objects.get(email_key = email_key)
user.email_key = None #one time key so delete it
user.email_isvalid = True
user.save()
return user
except User.DoesNotExist:
return None
elif method == 'oauth':
if login_providers[provider_name]['type'] == 'oauth':
try:
assoc = UserAssociation.objects.get(
openid_url = oauth_user_id,
provider_name = provider_name
)
user = assoc.user
except UserAssociation.DoesNotExist:
return None
else:
return None
elif method == 'facebook':
try:
#assert(provider_name == 'facebook')
assoc = UserAssociation.objects.get(
openid_url = facebook_user_id,
provider_name = 'facebook'
)
user = assoc.user
except UserAssociation.DoesNotExist:
return None
elif method == 'ldap':
try:
assoc = UserAssociation.objects.get(
openid_url = ldap_user_id,
provider_name = provider_name
)
user = assoc.user
except UserAssociation.DoesNotExist:
first, last, email = util.get_user_info(method, ldap_user_id)
if(first == None):
return None
user = util.setup_new_user(ldap_user_id, first, last, email)
assoc = UserAssociation(
openid_url = ldap_user_id,
user = user,
provider_name = provider_name
)
elif method == 'force':
return self.get_user(user_id)
else:
raise TypeError('only openid and password supported')
#update last used time
assoc.last_used_timestamp = datetime.datetime.now()
assoc.save()
return user
