Exemple #1
0
        'SIGNIN_FEDORA_ENABLED',
        default=False,
        description=_('Enable Fedora OpenID login')
    )
)

settings.register(
    livesettings.BooleanValue(
        LOGIN_PROVIDERS,
        'SIGNIN_CUSTOM_OPENID_ENABLED',
        default=False,
        description=_('Enable custom OpenID login')
    )
)

if module_exists('cas'):
    settings.register(
        livesettings.BooleanValue(
            LOGIN_PROVIDERS,
            'SIGNIN_CAS_ENABLED',
            default=False,
            description=_('Enable CAS authentication')
        )
    )
    settings.register(
        livesettings.StringValue(
            LOGIN_PROVIDERS,
            'CAS_SERVER_URL',
            default='',
            description=_('CAS server url')
        )
Exemple #2
0
def get_enabled_major_login_providers():
    """returns a dictionary with data about login providers
    whose icons are to be shown in large format

    disabled providers are excluded

    items of the dictionary are dictionaries with keys:

    * name
    * display_name
    * icon_media_path (relative to /media directory)
    * type (oauth|openid-direct|openid-generic|openid-username|password)

    Fields dependent on type of the login provider type
    ---------------------------------------------------

    Password (type = password) - login provider using login name and password:

    * extra_token_name - a phrase describing what the login name and the
      password are from
    * create_password_prompt - a phrase prompting to create an account
    * change_password_prompt - a phrase prompting to change password

    OpenID (type = openid) - Provider of login using the OpenID protocol

    * openid_endpoint (required for type=openid|openid-username)
      for type openid-username - the string must have %(username)s
      format variable, plain string url otherwise
    * extra_token_name - required for type=openid-username
      describes name of required extra token - e.g. "XYZ user name"

    OAuth2 (type = oauth)

    * request_token_url - url to initiate OAuth2 protocol with the resource
    * access_token_url - url to access users data on the resource via OAuth2
    * authorize_url - url at which user can authorize the app to access a resource
    * authenticate_url - url to authenticate user (lower privilege than authorize)
    * get_user_id_function - a function that returns user id from data dictionary
      containing: response to the access token url & consumer_key
      and consumer secret. The purpose of this function is to hide the differences
      between the ways user id is accessed from the different OAuth providers
    """
    data = SortedDict()

    if use_password_login():
        site_name = askbot_settings.APP_SHORT_NAME
        prompt = _('%(site)s user name and password') % {'site': site_name}
        data['local'] = {
            'name': 'local',
            'display_name': site_name,
            'extra_token_name': prompt,
            'type': 'password',
            'create_password_prompt': _('Create a password-protected account'),
            'change_password_prompt': _('Change your password'),
            'icon_media_path': askbot_settings.LOCAL_LOGIN_ICON,
            'password_changeable': True
        }

    if askbot_settings.SIGNIN_CUSTOM_OPENID_ENABLED:
        context_dict = {
            'login_name': askbot_settings.SIGNIN_CUSTOM_OPENID_NAME
        }
        data['custom_openid'] = {
            'name': 'custom_openid',
            'display_name': askbot_settings.SIGNIN_CUSTOM_OPENID_NAME,
            'type': askbot_settings.SIGNIN_CUSTOM_OPENID_MODE,
            'icon_media_path':
            askbot_settings.SIGNIN_CUSTOM_OPENID_LOGIN_BUTTON,
            'tooltip_text': _('Sign in via %(login_name)s') % context_dict,
            'openid_endpoint': askbot_settings.SIGNIN_CUSTOM_OPENID_ENDPOINT,
            'extra_token_name': _('%(login_name)s username') % context_dict
        }

    def get_facebook_user_id(client):
        """returns facebook user id given the access token"""
        profile = client.request('me')
        return profile['id']

    if askbot_settings.FACEBOOK_KEY and askbot_settings.FACEBOOK_SECRET:
        data['facebook'] = {
            'name': 'facebook',
            'display_name': 'Facebook',
            'type': 'oauth2',
            'auth_endpoint': 'https://www.facebook.com/dialog/oauth/',
            'token_endpoint': 'https://graph.facebook.com/oauth/access_token',
            'resource_endpoint': 'https://graph.facebook.com/',
            'icon_media_path': 'images/jquery-openid/facebook.gif',
            'get_user_id_function': get_facebook_user_id,
            'response_parser': lambda data: dict(urlparse.parse_qsl(data)),
            'scope': [
                'email',
            ],
        }

    if askbot_settings.SIGNIN_FEDORA_ENABLED:
        data['fedora'] = {
            'name': 'fedora',
            'display_name': 'Fedora',
            'type': 'openid-direct',
            'openid_endpoint': 'https://id.fedoraproject.org/openid/',
            'icon_media_path': 'images/jquery-openid/fedora.gif'
        }

    if askbot_settings.TWITTER_KEY and askbot_settings.TWITTER_SECRET:
        data['twitter'] = {
            'name': 'twitter',
            'display_name': 'Twitter',
            'type': 'oauth',
            'request_token_url': 'https://api.twitter.com/oauth/request_token',
            'access_token_url': 'https://api.twitter.com/oauth/access_token',
            'authorize_url': 'https://api.twitter.com/oauth/authorize',
            'authenticate_url': 'https://api.twitter.com/oauth/authenticate',
            'get_user_id_url':
            'https://twitter.com/account/verify_credentials.json',
            'icon_media_path': 'images/jquery-openid/twitter.gif',
            'get_user_id_function': lambda data: data['user_id'],
            'get_username_function': lambda data: data['screen_name'],
        }

    if askbot_settings.MEDIAWIKI_KEY and askbot_settings.MEDIAWIKI_SECRET:
        data['mediawiki'] = providers.mediawiki.Provider()

    if module_exists('cas') and askbot_settings.SIGNIN_CAS_ENABLED \
        and askbot_settings.CAS_SERVER_URL:
        data['cas'] = providers.cas_provider.CASLoginProvider()

    def get_identica_user_id(data):
        consumer = oauth.Consumer(data['consumer_key'],
                                  data['consumer_secret'])
        token = oauth.Token(data['oauth_token'], data['oauth_token_secret'])
        client = oauth.Client(consumer, token=token)
        url = 'https://identi.ca/api/account/verify_credentials.json'
        response, content = client.request(url, 'GET')
        json = simplejson.loads(content)
        return json['id']

    if askbot_settings.IDENTICA_KEY and askbot_settings.IDENTICA_SECRET:
        data['identi.ca'] = {
            'name': 'identi.ca',
            'display_name': 'identi.ca',
            'type': 'oauth',
            'request_token_url': 'https://identi.ca/api/oauth/request_token',
            'access_token_url': 'https://identi.ca/api/oauth/access_token',
            'authorize_url': 'https://identi.ca/api/oauth/authorize',
            'authenticate_url': 'https://identi.ca/api/oauth/authorize',
            'icon_media_path': 'images/jquery-openid/identica.png',
            'get_user_id_function': get_identica_user_id,
        }

    if askbot_settings.SIGNIN_WORDPRESS_SITE_ENABLED and askbot_settings.WORDPRESS_SITE_URL:
        data['wordpress_site'] = {
            'name': 'wordpress_site',
            'display_name':
            'Self hosted wordpress blog',  #need to be added as setting.
            'icon_media_path': askbot_settings.WORDPRESS_SITE_ICON,
            'type': 'wordpress_site',
        }

    def get_linked_in_user_id(data):
        consumer = oauth.Consumer(data['consumer_key'],
                                  data['consumer_secret'])
        token = oauth.Token(data['oauth_token'], data['oauth_token_secret'])
        client = oauth.Client(consumer, token=token)
        url = 'https://api.linkedin.com/v1/people/~:(first-name,last-name,id)'
        response, content = client.request(url, 'GET')
        if response['status'] == '200':
            id_re = re.compile(r'<id>([^<]+)</id>')
            matches = id_re.search(content)
            if matches:
                return matches.group(1)
        raise OAuthError()

    if askbot_settings.LINKEDIN_KEY and askbot_settings.LINKEDIN_SECRET:
        data['linkedin'] = {
            'name': 'linkedin',
            'display_name': 'LinkedIn',
            'type': 'oauth',
            'request_token_url':
            'https://api.linkedin.com/uas/oauth/requestToken',
            'access_token_url':
            'https://api.linkedin.com/uas/oauth/accessToken',
            'authorize_url': 'https://www.linkedin.com/uas/oauth/authorize',
            'authenticate_url':
            'https://www.linkedin.com/uas/oauth/authenticate',
            'icon_media_path': 'images/jquery-openid/linkedin.gif',
            'get_user_id_function': get_linked_in_user_id
        }

    def get_google_user_id(client):
        return client.request('me')['id']

    if askbot_settings.GOOGLE_PLUS_KEY and askbot_settings.GOOGLE_PLUS_SECRET:
        data['google-plus'] = {
            'name': 'google-plus',
            'display_name': 'Google',
            'type': 'oauth2',
            'auth_endpoint': 'https://accounts.google.com/o/oauth2/auth',
            'token_endpoint': 'https://accounts.google.com/o/oauth2/token',
            'resource_endpoint': 'https://www.googleapis.com/plus/v1/people/',
            'icon_media_path': 'images/jquery-openid/google.gif',
            'get_user_id_function': get_google_user_id,
            'extra_auth_params': {
                'scope': ('profile', 'email', 'openid'),
                'openid.realm': askbot_settings.APP_URL
            }
        }

    data['mozilla-persona'] = {
        'name': 'mozilla-persona',
        'display_name': 'Mozilla Persona',
        'type': 'mozilla-persona',
        'icon_media_path': 'images/jquery-openid/mozilla-persona.gif',
    }
    data['yahoo'] = {
        'name': 'yahoo',
        'display_name': 'Yahoo',
        'type': 'openid-direct',
        'icon_media_path': 'images/jquery-openid/yahoo.gif',
        'tooltip_text': _('Sign in with Yahoo'),
        'openid_endpoint': 'https://me.yahoo.com',
    }
    data['aol'] = {
        'name': 'aol',
        'display_name': 'AOL',
        'type': 'openid-direct',
        'extra_token_name': _('AOL screen name'),
        'icon_media_path': 'images/jquery-openid/aol.gif',
        'openid_endpoint': 'http://openid.aol.com'
    }
    data['launchpad'] = {
        'name': 'launchpad',
        'display_name': 'LaunchPad',
        'type': 'openid-direct',
        'icon_media_path': 'images/jquery-openid/launchpad.gif',
        'tooltip_text': _('Sign in with LaunchPad'),
        'openid_endpoint': 'https://login.launchpad.net/'
    }
    data['openid'] = {
        'name': 'openid',
        'display_name': 'OpenID',
        'type': 'openid-generic',
        'extra_token_name': _('OpenID url'),
        'icon_media_path': 'images/jquery-openid/openid.gif',
        'openid_endpoint': None,
    }
    if askbot_settings.SIGNIN_OPENSTACKID_ENABLED and askbot_settings.OPENSTACKID_ENDPOINT_URL:
        data['openstackid'] = {
            'name': 'openstackid',
            'display_name': 'OpenStackID',
            'type': 'openid-direct',
            'openid_endpoint': askbot_settings.OPENSTACKID_ENDPOINT_URL,
            'icon_media_path': 'images/jquery-openid/openstackid.png',
            'sreg_required': True
        }
    return filter_enabled_providers(data)
Exemple #3
0
def get_enabled_major_login_providers():
    """returns a dictionary with data about login providers
    whose icons are to be shown in large format

    disabled providers are excluded

    items of the dictionary are dictionaries with keys:

    * name
    * display_name
    * icon_media_path (relative to /media directory)
    * type (oauth|openid-direct|openid-generic|openid-username|password)

    Fields dependent on type of the login provider type
    ---------------------------------------------------

    Password (type = password) - login provider using login name and password:

    * extra_token_name - a phrase describing what the login name and the
      password are from
    * create_password_prompt - a phrase prompting to create an account
    * change_password_prompt - a phrase prompting to change password

    OpenID (type = openid) - Provider of login using the OpenID protocol

    * openid_endpoint (required for type=openid|openid-username)
      for type openid-username - the string must have %(username)s
      format variable, plain string url otherwise
    * extra_token_name - required for type=openid-username
      describes name of required extra token - e.g. "XYZ user name"

    OAuth2 (type = oauth)

    * request_token_url - url to initiate OAuth2 protocol with the resource
    * access_token_url - url to access users data on the resource via OAuth2
    * authorize_url - url at which user can authorize the app to access a resource
    * authenticate_url - url to authenticate user (lower privilege than authorize)
    * get_user_id_function - a function that returns user id from data dictionary
      containing: response to the access token url & consumer_key
      and consumer secret. The purpose of this function is to hide the differences
      between the ways user id is accessed from the different OAuth providers
    """
    data = SortedDict()

    if use_password_login():
        site_name = askbot_settings.APP_SHORT_NAME
        prompt = _('%(site)s user name and password') % {'site': site_name}
        data['local'] = {
            'name': 'local',
            'display_name': site_name,
            'extra_token_name': prompt,
            'type': 'password',
            'create_password_prompt': _('Create a password-protected account'),
            'change_password_prompt': _('Change your password'),
            'icon_media_path': askbot_settings.LOCAL_LOGIN_ICON,
            'password_changeable': True
        }

    if askbot_settings.SIGNIN_CUSTOM_OPENID_ENABLED:
        context_dict = {'login_name': askbot_settings.SIGNIN_CUSTOM_OPENID_NAME}
        data['custom_openid'] = {
            'name': 'custom_openid',
            'display_name': askbot_settings.SIGNIN_CUSTOM_OPENID_NAME,
            'type': askbot_settings.SIGNIN_CUSTOM_OPENID_MODE,
            'icon_media_path': askbot_settings.SIGNIN_CUSTOM_OPENID_LOGIN_BUTTON,
            'tooltip_text': _('Sign in via %(login_name)s') % context_dict,
            'openid_endpoint': askbot_settings.SIGNIN_CUSTOM_OPENID_ENDPOINT,
            'extra_token_name': _('%(login_name)s username') % context_dict
        }

    def get_facebook_user_id(client):
        """returns facebook user id given the access token"""
        profile = client.request('me')
        return profile['id']

    if askbot_settings.FACEBOOK_KEY and askbot_settings.FACEBOOK_SECRET:
        data['facebook'] = {
            'name': 'facebook',
            'display_name': 'Facebook',
            'type': 'oauth2',
            'auth_endpoint': 'https://www.facebook.com/v2.2/dialog/oauth/',
            'token_endpoint': 'https://graph.facebook.com/v2.2/oauth/access_token',
            'resource_endpoint': 'https://graph.facebook.com/v2.2/',
            'icon_media_path': 'images/jquery-openid/facebook.gif',
            'get_user_id_function': get_facebook_user_id,
            'response_parser': lambda data: dict(urlparse.parse_qsl(data)),
            'scope': ['email',],
        }

    if askbot_settings.SIGNIN_FEDORA_ENABLED:
        data['fedora'] = {
            'name': 'fedora',
            'display_name': 'Fedora',
            'type': 'openid-direct',
            'openid_endpoint': 'https://id.fedoraproject.org/openid/',
            'icon_media_path': 'images/jquery-openid/fedora.gif'
        }

    if askbot_settings.TWITTER_KEY and askbot_settings.TWITTER_SECRET:
        data['twitter'] = {
            'name': 'twitter',
            'display_name': 'Twitter',
            'type': 'oauth',
            'request_token_url': 'https://api.twitter.com/oauth/request_token',
            'access_token_url': 'https://api.twitter.com/oauth/access_token',
            'authorize_url': 'https://api.twitter.com/oauth/authorize',
            'authenticate_url': 'https://api.twitter.com/oauth/authenticate',
            'get_user_id_url': 'https://twitter.com/account/verify_credentials.json',
            'icon_media_path': 'images/jquery-openid/twitter.gif',
            'get_user_id_function': lambda data: data['user_id'],
            'get_username_function': lambda data: data['screen_name'],
        }

    if askbot_settings.MEDIAWIKI_KEY and askbot_settings.MEDIAWIKI_SECRET:
        data['mediawiki'] = providers.mediawiki.Provider()

    if module_exists('cas') and askbot_settings.SIGNIN_CAS_ENABLED \
        and askbot_settings.CAS_SERVER_URL:
            data['cas'] = providers.cas_provider.CASLoginProvider()

    def get_identica_user_id(data):
        consumer = oauth.Consumer(data['consumer_key'], data['consumer_secret'])
        token = oauth.Token(data['oauth_token'], data['oauth_token_secret'])
        client = oauth.Client(consumer, token=token)
        url = 'https://identi.ca/api/account/verify_credentials.json'
        response, content = client.request(url, 'GET')
        json = simplejson.loads(content)
        return json['id']

    if askbot_settings.IDENTICA_KEY and askbot_settings.IDENTICA_SECRET:
        data['identi.ca'] = {
            'name': 'identi.ca',
            'display_name': 'identi.ca',
            'type': 'oauth',
            'request_token_url': 'https://identi.ca/api/oauth/request_token',
            'access_token_url': 'https://identi.ca/api/oauth/access_token',
            'authorize_url': 'https://identi.ca/api/oauth/authorize',
            'authenticate_url': 'https://identi.ca/api/oauth/authorize',
            'icon_media_path': 'images/jquery-openid/identica.png',
            'get_user_id_function': get_identica_user_id,
        }

    if askbot_settings.SIGNIN_WORDPRESS_SITE_ENABLED and askbot_settings.WORDPRESS_SITE_URL:
        data['wordpress_site'] = {
            'name': 'wordpress_site',
            'display_name': 'Self hosted wordpress blog', #need to be added as setting.
            'icon_media_path': askbot_settings.WORDPRESS_SITE_ICON,
            'type': 'wordpress_site',
        }

    def get_linked_in_user_id(data):
        consumer = oauth.Consumer(data['consumer_key'], data['consumer_secret'])
        token = oauth.Token(data['oauth_token'], data['oauth_token_secret'])
        client = oauth.Client(consumer, token=token)
        url = 'https://api.linkedin.com/v1/people/~:(first-name,last-name,id)'
        response, content = client.request(url, 'GET')
        if response['status'] == '200':
            id_re = re.compile(r'<id>([^<]+)</id>')
            matches = id_re.search(content)
            if matches:
                return matches.group(1)
        raise OAuthError()

    if askbot_settings.LINKEDIN_KEY and askbot_settings.LINKEDIN_SECRET:
        data['linkedin'] = {
            'name': 'linkedin',
            'display_name': 'LinkedIn',
            'type': 'oauth',
            'request_token_url': 'https://api.linkedin.com/uas/oauth/requestToken',
            'access_token_url': 'https://api.linkedin.com/uas/oauth/accessToken',
            'authorize_url': 'https://www.linkedin.com/uas/oauth/authorize',
            'authenticate_url': 'https://www.linkedin.com/uas/oauth/authenticate',
            'icon_media_path': 'images/jquery-openid/linkedin.gif',
            'get_user_id_function': get_linked_in_user_id
        }

    def get_google_user_id(client):
        return client.request('me')['id']

    if askbot_settings.GOOGLE_PLUS_KEY and askbot_settings.GOOGLE_PLUS_SECRET:
        data['google-plus'] = {
            'name': 'google-plus',
            'display_name': 'Google',
            'type': 'oauth2',
            'auth_endpoint': 'https://accounts.google.com/o/oauth2/auth',
            'token_endpoint': 'https://accounts.google.com/o/oauth2/token',
            'resource_endpoint': 'https://www.googleapis.com/plus/v1/people/',
            'icon_media_path': 'images/jquery-openid/google.gif',
            'get_user_id_function': get_google_user_id,
            'extra_auth_params': {'scope': ('profile', 'email', 'openid'), 'openid.realm': askbot_settings.APP_URL}
        }

    data['mozilla-persona'] = {
        'name': 'mozilla-persona',
        'display_name': 'Mozilla Persona',
        'type': 'mozilla-persona',
        'icon_media_path': 'images/jquery-openid/mozilla-persona.gif',
    }
    data['yahoo'] = {
        'name': 'yahoo',
        'display_name': 'Yahoo',
        'type': 'openid-direct',
        'icon_media_path': 'images/jquery-openid/yahoo.gif',
        'tooltip_text': _('Sign in with Yahoo'),
        'openid_endpoint': 'https://me.yahoo.com',
    }
    data['aol'] = {
        'name': 'aol',
        'display_name': 'AOL',
        'type': 'openid-direct',
        'extra_token_name': _('AOL screen name'),
        'icon_media_path': 'images/jquery-openid/aol.gif',
        'openid_endpoint': 'http://openid.aol.com'
    }
    data['launchpad'] = {
        'name': 'launchpad',
        'display_name': 'LaunchPad',
        'type': 'openid-direct',
        'icon_media_path': 'images/jquery-openid/launchpad.gif',
        'tooltip_text': _('Sign in with LaunchPad'),
        'openid_endpoint': 'https://login.launchpad.net/'
    }
    data['openid'] = {
        'name': 'openid',
        'display_name': 'OpenID',
        'type': 'openid-generic',
        'extra_token_name': _('OpenID url'),
        'icon_media_path': 'images/jquery-openid/openid.gif',
        'openid_endpoint': None,
    }
    if askbot_settings.SIGNIN_OPENSTACKID_ENABLED and askbot_settings.OPENSTACKID_ENDPOINT_URL:
        data['openstackid'] = {
            'name': 'openstackid',
            'display_name': 'OpenStackID',
            'type': 'openid-direct',
            'openid_endpoint': askbot_settings.OPENSTACKID_ENDPOINT_URL,
            'icon_media_path': 'images/jquery-openid/openstackid.png',
            'sreg_required': True
        }
    return filter_enabled_providers(data)