def verify(request, redirect_field_name=auth.REDIRECT_FIELD_NAME): """ This view exists because the way django_browserid does it automatically is not ideal. TODO: fork django_browserid and use a class based view system so you can sublcass and customize without borking everything Process browserid assertions. """ redirect_to = request.REQUEST.get(redirect_field_name, '') if not redirect_to: redirect_to = getattr(settings, 'LOGIN_REDIRECT_URL', '/') redirect_to_failure = getattr(settings, 'LOGIN_REDIRECT_URL_FAILURE', '/') form = BrowserIDForm(data=request.POST) if form.is_valid(): assertion = form.cleaned_data['assertion'] user = auth.authenticate(assertion=assertion, audience=get_audience(request)) if user and user.is_active: if user.get_profile().is_complete(): auth.login(request, user) return redirect(reverse('profile', args=[user.username])) else: _store_user_in_session(request, assertion, get_audience(request)) return redirect(reverse('register')) return HttpResponseRedirect(redirect_to_failure)
def browserid_verify(request): next = request.REQUEST.get("next") redirect_to = next or getattr(settings, "LOGIN_REDIRECT_URL", "/") redirect_to_failure = getattr(settings, "LOGIN_REDIRECT_URL_FAILURE", "/") form = BrowserIDForm(data=request.POST) if form.is_valid(): result = verify(form.cleaned_data["assertion"], get_audience(request)) if result: if request.user.is_authenticated(): # User is already signed in so they must want an email change request.user.email = result["email"] request.user.save() return redirect(reverse("users.edit_profile")) else: # Verified so log in email = result["email"] user = User.objects.filter(email=email) if len(user) == 0: form = BrowserIDSignupForm() request.session["browserid-email"] = email return render(request, "users/browserid_signup.html", {"email": email, "next": next, "form": form}) else: user = user[0] user.backend = "django_browserid.auth.BrowserIDBackend" auth.login(request, user) return redirect(redirect_to) return redirect(redirect_to_failure)
def verify(request): form = BrowserIDForm(data=request.POST) if form.is_valid(): url = settings.BROWSERID_VERIFICATION_URL audience = get_audience(request) extra_params = {'experimental_forceIssuer': settings.BROWSERID_UNVERIFIED_ISSUER, 'experimental_allowUnverified': 'true'} assertion = form.cleaned_data['assertion'] log.info('verifying Persona assertion. url: %s, audience: %s, ' 'extra_params: %s, assertion: %s' % (url, audience, extra_params, assertion)) result = verify_assertion(assertion, audience, extra_params) if result: log.info('Persona assertion ok: %s' % result) email = result.get('unverified-email', result.get('email')) user_hash = set_user(request, email) redirect_url = check_pin_status(request) return { 'needs_redirect': redirect_url is not None, 'redirect_url': redirect_url, 'user_hash': user_hash } log.error('Persona assertion failed.') request.session.flush() return http.HttpResponseBadRequest()
def reverify(request): form = BrowserIDForm(data=request.POST) if form.is_valid(): url = settings.BROWSERID_VERIFICATION_URL audience = get_audience(request) extra_params = { "experimental_forceIssuer": settings.BROWSERID_UNVERIFIED_ISSUER, "experimental_forceAuthentication": "true", "experimental_allowUnverified": "true", } assertion = form.cleaned_data["assertion"] log.info( "Re-verifying Persona assertion. url: %s, audience: %s, " "extra_params: %s" % (url, audience, extra_params) ) result = verify_assertion(assertion, audience, extra_params) log.info("Reverify got result: %s" % result) if result: email = result.get("unverified-email", result.get("email")) store_mkt_permissions(request, email, assertion, audience) logged_user = request.session.get("uuid") reverified_user = get_uuid(email) if logged_user and logged_user != reverified_user: log.error("User %r tried to reverify as " "new email: %s" % (logged_user, email)) return http.HttpResponseBadRequest() request.session["was_reverified"] = True return {"user_hash": reverified_user} log.error("Persona assertion failed.") request.session.clear() return http.HttpResponseBadRequest()
def mozilla_browserid_verify(request): """Custom BrowserID verifier for mozilla addresses.""" home_url = reverse('crashstats.home', args=(settings.DEFAULT_PRODUCT,)) form = BrowserIDForm(request.POST) if form.is_valid(): assertion = form.cleaned_data['assertion'] audience = get_audience(request) result = verify(assertion, audience) if not settings.ALLOWED_PERSONA_EMAILS: # pragma: no cover raise ValueError( "No emails set up in `settings.ALLOWED_PERSONA_EMAILS`" ) if result: if result['email'] in settings.ALLOWED_PERSONA_EMAILS: user = auth.authenticate(assertion=assertion, audience=audience) auth.login(request, user) messages.success( request, 'You have successfully logged in.' ) else: messages.error( request, "You logged in as %s but you don't have sufficient " "privileges." % result['email'] ) else: messages.error( request, "Login failed" ) return redirect(home_url)
def reverify(request): form = BrowserIDForm(data=request.POST) if form.is_valid(): url = settings.BROWSERID_VERIFICATION_URL audience = get_audience(request) extra_params = { 'experimental_forceIssuer': settings.BROWSERID_UNVERIFIED_ISSUER, 'experimental_forceAuthentication': 'true', 'experimental_allowUnverified': 'true' } assertion = form.cleaned_data['assertion'] log.info('Re-verifying Persona assertion. url: %s, audience: %s, ' 'extra_params: %s' % (url, audience, extra_params)) result = verify_assertion(assertion, audience, extra_params) log.info('Reverify got result: %s' % result) if result: email = result.get('unverified-email', result.get('email')) store_mkt_permissions(request, email, assertion, audience) logged_user = request.session.get('uuid') reverified_user = get_uuid(email) if logged_user and logged_user != reverified_user: log.error('User %r tried to reverify as ' 'new email: %s' % (logged_user, email)) return http.HttpResponseBadRequest() request.session['was_reverified'] = True return {'user_hash': reverified_user} log.error('Persona assertion failed.') request.session.clear() return http.HttpResponseBadRequest()
def verify(request): form = BrowserIDForm(data=request.POST) if form.is_valid(): url = settings.BROWSERID_VERIFICATION_URL audience = get_audience(request) extra_params = { 'experimental_forceIssuer': settings.BROWSERID_UNVERIFIED_ISSUER, 'experimental_allowUnverified': 'true' } assertion = form.cleaned_data['assertion'] log.info('verifying Persona assertion. url: %s, audience: %s, ' 'extra_params: %s, assertion: %s' % (url, audience, extra_params, assertion)) result = verify_assertion(assertion, audience, extra_params) if result: log.info('Persona assertion ok: %s' % result) email = result.get('unverified-email', result.get('email')) store_mkt_permissions(request, email, assertion, audience) user_uuid = set_user(request, email) redirect_url = check_pin_status(request) return { 'needs_redirect': redirect_url is not None, 'redirect_url': redirect_url, 'user_hash': user_uuid } log.error('Persona assertion failed.') request.session.flush() return http.HttpResponseBadRequest()
def verify(request): form = BrowserIDForm(data=request.POST) if form.is_valid(): url = settings.BROWSERID_VERIFICATION_URL audience = get_audience(request) extra_params = {'forceIssuer': settings.BROWSERID_UNVERIFIED_ISSUER, 'allowUnverified': 'true'} assertion = form.cleaned_data['assertion'] log.info('verifying Persona assertion. url: %s, audience: %s, ' 'extra_params: %s, assertion: %s' % (url, audience, extra_params, assertion)) result = verify_assertion(assertion, audience, extra_params) if result: log.info('Persona assertion ok: %s' % result) email = result.get('unverified-email', result.get('email')) user_hash = set_user(request, email) return {'has_pin': request.session.get('uuid_has_pin'), 'pin_create': reverse('pin.create'), 'user_hash': user_hash} log.error('Persona assertion failed.') request.session.clear() return http.HttpResponseBadRequest()
def browserid_verify(request): next = request.REQUEST.get('next') redirect_to = next or getattr(settings, 'LOGIN_REDIRECT_URL', '/') redirect_to_failure = getattr(settings, 'LOGIN_REDIRECT_URL_FAILURE', '/') form = BrowserIDForm(data=request.POST) if form.is_valid(): result = verify(form.cleaned_data['assertion'], get_audience(request)) if result: if request.user.is_authenticated(): # User is already signed in so they must want an email change request.user.email = result['email'] request.user.save() return redirect(reverse('users.edit_profile')) else: # Verified so log in email = result['email'] user = User.objects.filter(email=email) if len(user) == 0: form = BrowserIDSignupForm() request.session['browserid-email'] = email return render(request, 'users/browserid_signup.html', {'email': email, 'next': next, 'form': form}) else: user = user[0] user.backend = 'django_browserid.auth.BrowserIDBackend' auth.login(request, user) return redirect(redirect_to) return redirect(redirect_to_failure)
def mozilla_browserid_verify(request): """Custom BrowserID verifier for mozilla addresses.""" form = BrowserIDForm(request.POST) if form.is_valid(): assertion = form.cleaned_data['assertion'] audience = get_audience(request) result = verify(assertion, audience) try: _ok_assertion = False _is_contributor = False if result: _domain = result['email'].split('@')[-1] if _domain in settings.ALLOWED_BID: _ok_assertion = True elif is_vouched(result['email']): _ok_assertion = True _is_contributor = True if _ok_assertion: user = auth.authenticate( assertion=assertion, audience=audience ) auth.login(request, user) # if _is_contributor: # try: # profile = user.get_profile() # if not profile.contributor: # profile.contributor = True # profile.save() # except UserProfile.DoesNotExist: # profile = UserProfile.objects.create( # user=user, # contributor=True # ) if auth.models.User.objects.count() == 1: auth.models.User.objects.update(is_superuser=True, is_staff=True); return redirect(request.POST.get('next', settings.LOGIN_REDIRECT_URL)) elif result: messages.error( request, 'Hmmm. Are you sure you\'re a vouched mozillian?' ) except BadStatusCodeError: logging.error('Unable to call out to mozillians', exc_info=True) messages.error( request, 'Email (%s) authenticated but unable to connect to ' 'Mozillians to see if are vouched. ' % result['email'] ) return redirect(settings.LOGIN_REDIRECT_URL_FAILURE)
def verify(request): form = BrowserIDForm(data=request.POST) if form.is_valid(): log.info("verifying assertion") result = verify_assertion(form.cleaned_data["assertion"], get_audience(request)) if result: log.info("assertion ok: %s" % result) return http.HttpResponse("ok") return http.HttpResponseBadRequest()
def mozilla_browserid_verify(request): """Custom BrowserID verifier for mozilla addresses.""" home_url = reverse('crashstats.home', args=(settings.DEFAULT_PRODUCT,)) goto_url = request.POST.get('goto', None) or home_url form = BrowserIDForm(request.POST) if form.is_valid(): assertion = form.cleaned_data['assertion'] audience = get_audience(request) result = verify(assertion, audience) for name in ('LDAP_BIND_DN', 'LDAP_BIND_PASSWORD', 'LDAP_GROUP_NAMES'): if not getattr(settings, name, None): # pragma: no cover raise ValueError( "Not configured `settings.%s`" % name ) if result: allowed = in_allowed_group(result['email']) debug_email_addresses = getattr( settings, 'DEBUG_LDAP_EMAIL_ADDRESSES', [] ) if debug_email_addresses and not settings.DEBUG: raise SuspiciousOperation( "Can't debug login when NOT in DEBUG mode" ) if allowed or result['email'] in debug_email_addresses: if allowed: logging.info('%r is in an allowed group', result['email']) else: logging.info('%r allowed for debugging', result['email']) user = auth.authenticate(assertion=assertion, audience=audience) auth.login(request, user) messages.success( request, 'You have successfully logged in.' ) else: if not allowed: logging.info('%r NOT in an allowed group', result['email']) messages.error( request, "You logged in as %s but you don't have sufficient " "privileges." % result['email'] ) else: messages.error( request, "Login failed" ) return redirect(goto_url)
def mozilla_browserid_verify(request): """Custom BrowserID verifier for mozilla addresses.""" form = BrowserIDForm(request.POST) if form.is_valid(): assertion = form.cleaned_data['assertion'] audience = get_audience(request) result = verify(assertion, audience) if result and result['email'].split('@')[-1] in settings.ALLOWED_BID: user = auth.authenticate(assertion=assertion, audience=audience) auth.login(request, user) return redirect(settings.LOGIN_REDIRECT_URL) return redirect(settings.LOGIN_REDIRECT_URL_FAILURE)
def verify(request): form = BrowserIDForm(data=request.POST) if form.is_valid(): log.info('verifying assertion') result = verify_assertion(form.cleaned_data['assertion'], get_audience(request)) if result: log.info('assertion ok: %s' % result) set_user(request, result['email']) return {'has_pin': request.session['uuid_has_pin'], 'pin_create': reverse('pin.create')} request.session.clear() return http.HttpResponseBadRequest()
def browserid_verify(request): """Process a submitted BrowserID assertion. If valid, try to find either a Django or MindTouch user that matches the verified email address. If neither is found, we bounce to a profile creation page (ie. browserid_register).""" redirect_to = (_clean_next_url(request) or getattr(settings, 'LOGIN_REDIRECT_URL', reverse('home'))) redirect_to_failure = (_clean_next_url(request) or getattr(settings, 'LOGIN_REDIRECT_URL_FAILURE', reverse('home'))) failure_resp = set_browserid_explained( HttpResponseRedirect(redirect_to_failure)) # If the form's not valid, then this is a failure. form = BrowserIDForm(data=request.POST) if not form.is_valid(): return failure_resp # If the BrowserID assersion is not valid, then this is a failure. result = _verify_browserid(form, request) if not result: return failure_resp # So far, so good: We have a verified email address. But, no user, yet. email = result['email'] user = None # Look for first most recently used Django account, use if found. user = _get_latest_user_with_email(email) # If no Django account, look for a MindTouch account by email. But, only if # there's a MindTouch API available. If found, auto-create the user. if not user and settings.DEKIWIKI_ENDPOINT: deki_user = DekiUserBackend.get_deki_user_by_email(email) if deki_user: user = DekiUserBackend.get_or_create_user(deki_user) # If we got a user from either the Django or MT paths, complete login for # Django and MT and redirect. if user: user.backend = 'django_browserid.auth.BrowserIDBackend' auth.login(request, user) return set_browserid_explained( _redirect_with_mindtouch_login(redirect_to, user.username)) # Retain the verified email in a session, redirect to registration page. request.session[SESSION_VERIFIED_EMAIL] = email request.session[SESSION_REDIRECT_TO] = redirect_to return set_browserid_explained( HttpResponseRedirect(reverse('users.browserid_register')))
def mozilla_browserid_verify(request): """Custom BrowserID verifier for mozilla addresses.""" form = BrowserIDForm(request.POST) if form.is_valid(): assertion = form.cleaned_data['assertion'] audience = get_audience(request) result = verify(assertion, audience) try: _ok_assertion = False _is_contributor = False if result: _domain = result['email'].split('@')[-1] if _domain in settings.ALLOWED_BID: _ok_assertion = True elif is_vouched(result['email']): _ok_assertion = True _is_contributor = True if _ok_assertion: user = auth.authenticate(assertion=assertion, audience=audience) auth.login(request, user) # if _is_contributor: # try: # profile = user.get_profile() # if not profile.contributor: # profile.contributor = True # profile.save() # except UserProfile.DoesNotExist: # profile = UserProfile.objects.create( # user=user, # contributor=True # ) if auth.models.User.objects.count() == 1: auth.models.User.objects.update(is_superuser=True, is_staff=True) return redirect( request.POST.get('next', settings.LOGIN_REDIRECT_URL)) elif result: messages.error( request, 'Hmmm. Are you sure you\'re a vouched mozillian?') except BadStatusCodeError: logging.error('Unable to call out to mozillians', exc_info=True) messages.error( request, 'Email (%s) authenticated but unable to connect to ' 'Mozillians to see if are vouched. ' % result['email']) return redirect(settings.LOGIN_REDIRECT_URL_FAILURE)
def verify(request, redirect_field_name=auth.REDIRECT_FIELD_NAME): """Process browserid assertions.""" redirect_to = request.REQUEST.get(redirect_field_name, '') if not redirect_to: redirect_to = getattr(settings, 'LOGIN_REDIRECT_URL', '/') redirect_to_failure = getattr(settings, 'LOGIN_REDIRECT_URL_FAILURE', '/') form = BrowserIDForm(data=request.POST) if form.is_valid(): assertion = form.cleaned_data['assertion'] user = auth.authenticate(assertion=assertion, audience=get_audience(request)) if user is not None and user.is_active: auth.login(request, user) return HttpResponseRedirect(redirect_to) return HttpResponseRedirect(redirect_to_failure)
def verify(request, redirect_field_name=auth.REDIRECT_FIELD_NAME): """Process browserid assertions.""" redirect_to = request.REQUEST.get(redirect_field_name, '') if not redirect_to: redirect_to = getattr(settings, 'LOGIN_REDIRECT_URL', '/') redirect_to_failure = getattr(settings, 'LOGIN_REDIRECT_URL_FAILURE', '/') form = BrowserIDForm(data=request.POST) if form.is_valid(): assertion = form.cleaned_data['assertion'] host, port = _get_host_and_port(request) user = auth.authenticate(assertion=assertion, host=host, port=port) if user is not None and user.is_active: auth.login(request, user) return HttpResponseRedirect(redirect_to) return HttpResponseRedirect(redirect_to_failure)
def browserid_info(request): """ Output the HTML for the login form and the info tag. Should be called once at the top of the page just below the <body> tag. """ form = BrowserIDForm(auto_id=False) # Force request_args to be a dictionary, in case it is lazily generated. request_args = dict(getattr(settings, 'BROWSERID_REQUEST_ARGS', {})) # Only pass an email to the JavaScript if the current user was authed with # our auth backend. backend = getattr(request.user, 'backend', None) if backend == 'django_browserid.auth.BrowserIDBackend': email = getattr(request.user, 'email', '') else: email = '' return render_to_string( 'browserid/info.html', { 'email': email, 'login_url': reverse('browserid_login'), 'request_args': json.dumps(request_args, cls=LazyEncoder), 'form': form, }, RequestContext(request))
def browserid_change_email(request): """Process a submitted BrowserID assertion to change email.""" form = BrowserIDForm(data=request.POST) if not form.is_valid(): messages.error(request, form.errors) return HttpResponseRedirect(reverse("users.change_email")) result = _verify_browserid(form, request) email = result["email"] user = _get_latest_user_with_email(email) if user and user != request.user: messages.error(request, "That email already belongs to another " "user.") return HttpResponseRedirect(reverse("users.change_email")) else: user = request.user user.email = email user.save() return HttpResponseRedirect(reverse("devmo_profile_edit", args=[user.username]))
def mozilla_browserid_verify(request): """ Custom BrowserID verifier for ReMo users and vouched mozillians. """ form = BrowserIDForm(request.POST) if form.is_valid(): assertion = form.cleaned_data['assertion'] audience = get_audience(request) result = verify(assertion, audience) try: _is_valid_login = False if result: if User.objects.filter(email=result['email']).exists(): _is_valid_login = True else: data = is_vouched(result['email']) if data and data['is_vouched']: _is_valid_login = True user = User.objects.create_user( username=USERNAME_ALGO(data['email']), email=data['email']) first_name, last_name = ( data['full_name'].split(' ', 1) if ' ' in data['full_name'] else ('', data['full_name'])) user.first_name = first_name user.last_name = last_name user.save() user.groups.add(Group.objects.get(name='Mozillians')) if _is_valid_login: user = auth.authenticate(assertion=assertion, audience=audience) auth.login(request, user) return redirect('dashboard') except BadStatusCodeError: message = ('Email (%s) authenticated but unable to ' 'connect to Mozillians to see if you are vouched' % result['email']) return login_failed(request, message) return redirect(settings.LOGIN_REDIRECT_URL_FAILURE)
def browserid_form(request): """ A context processor that adds a BrowserID form to the request when the user is not authenticated """ if request.user.is_authenticated(): return {} else: return {'browserid_form': BrowserIDForm()}
def verify(request): """Process login.""" form = BrowserIDForm(request.POST) if form.is_valid(): assertion = form.cleaned_data['assertion'] user = auth.authenticate(assertion=assertion, audience=get_audience(request)) if user is not None and user.is_active: auth.login(request, user) # Redirect to edit profile page if user has no profile. if UserProfile.objects.filter(pk=user.pk).exists(): return redirect(settings.LOGIN_REDIRECT) else: return redirect('flicks.users.edit_profile') # TODO: Determine how to convey login failure. return redirect(settings.LOGIN_REDIRECT_FAILURE)
def mozilla_browserid_verify(request): """ Custom BrowserID verifier for ReMo users and vouched mozillians. """ form = BrowserIDForm(request.POST) if form.is_valid(): assertion = form.cleaned_data['assertion'] audience = get_audience(request) result = verify(assertion, audience) try: _is_valid_login = False if result: if User.objects.filter(email=result['email']).exists(): _is_valid_login = True else: data = is_vouched(result['email']) if data and data['is_vouched']: _is_valid_login = True user = User.objects.create_user(username=USERNAME_ALGO( data['email']), email=data['email']) first_name, last_name = (data['full_name'].split( ' ', 1) if ' ' in data['full_name'] else ('', data['full_name'])) user.first_name = first_name user.last_name = last_name user.save() user.groups.add(Group.objects.get(name='Mozillians')) if _is_valid_login: user = auth.authenticate(assertion=assertion, audience=audience) auth.login(request, user) return redirect('dashboard') except BadStatusCodeError: message = ('Email (%s) authenticated but unable to ' 'connect to Mozillians to see if you are vouched' % result['email']) return login_failed(request, message) return redirect(settings.LOGIN_REDIRECT_URL_FAILURE)
def personaregister(request): if request.method == "POST": form = BrowserIDForm(data=request.POST) user = request.user # I've taken the - not - from the docs out of the next line if form.is_valid(): result = verify(form.cleaned_data['assertion'], get_audience(request)) if result: if is_lazy_user(user): if User.objects.filter(email=result[u'email']): existinguser = User.objects.get(email=result[u'email']) existinguser.backend = 'django_browserid.auth.BrowserIDBackend' login(request, existinguser) else: foo = LazyUser.objects.get(user=user) foo.delete() user.email = result[u'email'] user.save() return redirect('/')
def browserid_change_email(request): """Process a submitted BrowserID assertion to change email.""" form = BrowserIDForm(data=request.POST) if not form.is_valid(): messages.error(request, form.errors) return HttpResponseRedirect(reverse('users.change_email')) result = _verify_browserid(form, request) email = result['email'] user = _get_latest_user_with_email(email) if user and user != request.user: messages.error(request, 'That email already belongs to another ' 'user.') return HttpResponseRedirect(reverse('users.change_email')) else: user = request.user user.email = email user.save() return HttpResponseRedirect(reverse('devmo_profile_edit', args=[user.username, ]))
def browserid_verify(request): next = request.REQUEST.get('next') redirect_to = next or getattr(settings, 'LOGIN_REDIRECT_URL', '/') redirect_to_failure = getattr(settings, 'LOGIN_REDIRECT_URL_FAILURE', '/') form = BrowserIDForm(data=request.POST) if form.is_valid(): verifier = BrowserIDBackend().get_verifier() result = verifier.verify(form.cleaned_data['assertion'], get_audience(request)) if result: if (request.user.is_authenticated() and request.user.email != result.email): # User is already signed and wants to change their email. request.user.email = result.email request.user.save() return redirect(reverse('users.edit_profile')) else: # Verified so log in email = result.email user = User.objects.filter(email=email) contributor = 'contributor' in request.POST if len(user) == 0: # Add the email to the session and redirect to signup request.session['browserid-email'] = email signup_url = reverse('users.browserid_signup') return redirect('%s?%s' % (signup_url, urlencode({'next': next}))) else: user = user[0] user.backend = 'django_browserid.auth.BrowserIDBackend' if contributor: add_to_contributors(request, user) auth.login(request, user) return redirect(redirect_to) return redirect(redirect_to_failure)
def verify(request): form = BrowserIDForm(data=request.POST) if form.is_valid(): url = settings.BROWSERID_VERIFICATION_URL audience = get_audience(request) extra_params = { 'experimental_forceIssuer': settings.BROWSERID_UNVERIFIED_ISSUER, 'experimental_allowUnverified': 'true' } assertion = form.cleaned_data['assertion'] log.info('verifying Persona assertion. url: %s, audience: %s, ' 'extra_params: %s, assertion: %s' % (url, audience, extra_params, assertion)) result = verify_assertion(assertion, audience, extra_params) if result: log.info('Persona assertion ok: %s' % result) email = result.get('unverified-email', result.get('email')) store_mkt_permissions(request, email, assertion, audience) user_uuid = set_user(request, email) redirect_url = check_pin_status(request) # Before we verify the user's PIN let's save some # time and get the transaction configured via Bango in the # background. log.info('configuring transaction {0} from auth' .format(request.session.get('trans_id'))) if not pay_tasks.configure_transaction(request): log.error('Configuring transaction failed.') return { 'needs_redirect': redirect_url is not None, 'redirect_url': redirect_url, 'user_hash': user_uuid } log.error('Persona assertion failed.') request.session.flush() return http.HttpResponseBadRequest()
def verify(request): form = BrowserIDForm(data=request.POST) if form.is_valid(): url = settings.BROWSERID_VERIFICATION_URL audience = get_audience(request) extra_params = { 'experimental_forceIssuer': settings.BROWSERID_UNVERIFIED_ISSUER, 'experimental_allowUnverified': 'true' } assertion = form.cleaned_data['assertion'] log.info('verifying Persona assertion. url: %s, audience: %s, ' 'extra_params: %s, assertion: %s' % (url, audience, extra_params, assertion)) result = verify_assertion(assertion, audience, extra_params) if result: log.info('Persona assertion ok: %s' % result) email = result.get('unverified-email', result.get('email')) store_mkt_permissions(request, email, assertion, audience) user_uuid = set_user(request, email) redirect_url = check_pin_status(request) # Before we verify the user's PIN let's save some # time and get the transaction configured via Bango in the # background. log.info('configuring transaction {0} from auth'.format( request.session.get('trans_id'))) pay_tasks.configure_transaction(request) return { 'needs_redirect': redirect_url is not None, 'redirect_url': redirect_url, 'user_hash': user_uuid } log.error('Persona assertion failed.') request.session.flush() return http.HttpResponseBadRequest()
def browserid(request): """ Context processor that adds django-browserid helpers to the template context. """ form = BrowserIDForm(auto_id=False) return { 'browserid_form': form, # For custom buttons. 'browserid_info': partial(helpers.browserid_info, request), 'browserid_login': helpers.browserid_login, 'browserid_logout': helpers.browserid_logout, 'browserid_js': helpers.browserid_js }
def mozilla_browserid_verify(request): """Custom BrowserID verifier for mozilla addresses.""" home_url = reverse('crashstats.home', args=(settings.DEFAULT_PRODUCT, )) form = BrowserIDForm(request.POST) if form.is_valid(): assertion = form.cleaned_data['assertion'] audience = get_audience(request) result = verify(assertion, audience) for name in ('LDAP_BIND_DN', 'LDAP_BIND_PASSWORD', 'LDAP_GROUP_NAMES'): if not getattr(settings, name, None): # pragma: no cover raise ValueError("Not configured `settings.%s`" % name) if result: allowed = in_allowed_group(result['email']) debug_email_addresses = getattr(settings, 'DEBUG_LDAP_EMAIL_ADDRESSES', []) if debug_email_addresses and not settings.DEBUG: raise SuspiciousOperation( "Can't debug login when NOT in DEBUG mode") if allowed or result['email'] in debug_email_addresses: if allowed: logging.info('%r is in an allowed group', result['email']) else: logging.info('%r allowed for debugging', result['email']) user = auth.authenticate(assertion=assertion, audience=audience) auth.login(request, user) messages.success(request, 'You have successfully logged in.') else: if not allowed: logging.info('%r NOT in an allowed group', result['email']) messages.error( request, "You logged in as %s but you don't have sufficient " "privileges." % result['email']) else: messages.error(request, "Login failed") return redirect(home_url)
def reverify(request): form = BrowserIDForm(data=request.POST) if form.is_valid(): url = settings.BROWSERID_VERIFICATION_URL audience = get_audience(request) # TODO: when we want to require a forced-auth login across the # entire site then how do we do it? # See bug 836060. extra_params = { 'experimental_forceIssuer': settings.BROWSERID_UNVERIFIED_ISSUER, # TODO: how do we make sure this is a proper forced # auth assertion? # This can also be addressed in bug 836060 'experimental_forceAuthentication': 'true', 'experimental_allowUnverified': 'true' } log.info('Re-verifying Persona assertion. url: %s, audience: %s, ' 'extra_params: %s' % (url, audience, extra_params)) result = verify_assertion(form.cleaned_data['assertion'], audience, extra_params) log.info('Reverify got result: %s') if result: logged_user = request.session.get('uuid') email = result.get('unverified-email', result.get('email')) reverified_user = get_uuid(email) if logged_user and logged_user != reverified_user: # TODO: Should we try to support this? raise ValueError('A user tried to reverify herself with a ' 'new email: %s' % email) return {'user_hash': reverified_user} log.error('Persona assertion failed.') request.session.clear() return http.HttpResponseBadRequest()
def browserid_info(request): """ Output the HTML for the login form and the info tag. Should be called once at the top of the page just below the <body> tag. """ form = BrowserIDForm(auto_id=False) request_args = getattr(settings, 'BROWSERID_REQUEST_ARGS', {}) return render_to_string( 'browserid/info.html', { 'email': getattr(request.user, 'email', ''), 'login_url': reverse('browserid_login'), 'request_args': json.dumps(request_args), 'form': form, }, RequestContext(request))
def browserid_verify(request): next = request.REQUEST.get("next") redirect_to = next or getattr(settings, "LOGIN_REDIRECT_URL", "/") redirect_to_failure = getattr(settings, "LOGIN_REDIRECT_URL_FAILURE", "/") form = BrowserIDForm(data=request.POST) if form.is_valid(): result = verify(form.cleaned_data["assertion"], get_audience(request)) if result: if request.user.is_authenticated(): # User is already signed in so they must want an email change request.user.email = result["email"] request.user.save() return redirect(reverse("users.edit_profile")) else: # Verified so log in email = result["email"] user = User.objects.filter(email=email) contributor = "contributor" in request.POST if len(user) == 0: # Add the email to the session and redirect to signup request.session["browserid-email"] = email signup_url = reverse("users.browserid_signup") return redirect("%s?%s" % (signup_url, urlencode({"next": next}))) else: user = user[0] user.backend = "django_browserid.auth.BrowserIDBackend" if contributor: add_to_contributors(request, user) auth.login(request, user) return redirect(redirect_to) return redirect(redirect_to_failure)
def browserid(request): """ A context processor necessary for BrowserID auth Similar to django_browserid.context_processors, but in addition to the BrowserID form, we include whether a user has been logged on via the BrowserID authentication backend. """ auth_backend = request.session.get('_auth_user_backend', None) return { 'browserid_form': BrowserIDForm(), 'browserid_authenticated': auth_backend == 'django_browserid.auth.BrowserIDBackend' }
def reverify(request): form = BrowserIDForm(data=request.POST) if form.is_valid(): url = settings.BROWSERID_VERIFICATION_URL audience = get_audience(request) # TODO: when we want to require a forced-auth login across the # entire site then how do we do it? # See bug 836060. extra_params = {'forceIssuer': settings.BROWSERID_UNVERIFIED_ISSUER, # TODO: how do we make sure this is a proper forced # auth assertion? # This can also be addressed in bug 836060 'forceAuthentication': 'true', 'allowUnverified': 'true'} log.info('Re-verifying Persona assertion. url: %s, audience: %s, ' 'extra_params: %s' % (url, audience, extra_params)) result = verify_assertion(form.cleaned_data['assertion'], audience, extra_params) log.info('Reverify got result: %s') if result: logged_user = request.session.get('uuid') email = result.get('unverified-email', result.get('email')) reverified_user = get_uuid(email) if logged_user and logged_user != reverified_user: # TODO: Should we try to support this? raise ValueError('A user tried to reverify herself with a ' 'new email: %s' % email) return {'user_hash': reverified_user} log.error('Persona assertion failed.') request.session.clear() return http.HttpResponseBadRequest()
def verify(request): form = BrowserIDForm(data=request.POST) if form.is_valid(): url = settings.BROWSERID_VERIFICATION_URL audience = get_audience(request) extra_params = { "experimental_forceIssuer": settings.BROWSERID_UNVERIFIED_ISSUER, "experimental_allowUnverified": "true", } assertion = form.cleaned_data["assertion"] log.info( "verifying Persona assertion. url: %s, audience: %s, " "extra_params: %s, assertion: %s" % (url, audience, extra_params, assertion) ) result = verify_assertion(assertion, audience, extra_params) if result: log.info("Persona assertion ok: %s" % result) email = result.get("unverified-email", result.get("email")) store_mkt_permissions(request, email, assertion, audience) user_uuid = set_user(request, email) redirect_url = check_pin_status(request) # Before we verify the user's PIN let's save some # time and get the transaction configured via Bango in the # background. log.info("configuring transaction {0} from auth".format(request.session.get("trans_id"))) if not pay_tasks.configure_transaction(request): log.error("Configuring transaction failed.") return {"needs_redirect": redirect_url is not None, "redirect_url": redirect_url, "user_hash": user_uuid} log.error("Persona assertion failed.") request.session.flush() return http.HttpResponseBadRequest()
def browserid_info(request): """ Output the HTML for the login form and the info tag. Should be called once at the top of the page just below the <body> tag. """ form = BrowserIDForm(auto_id=False) # Force request_args to be a dictionary, in case it is lazily generated. request_args = dict(getattr(settings, 'BROWSERID_REQUEST_ARGS', {})) return render_to_string( 'browserid/info.html', { 'email': getattr(request.user, 'email', ''), 'login_url': reverse('browserid_login'), 'request_args': json.dumps(request_args, cls=LazyEncoder), 'form': form, }, RequestContext(request))
def test_valid_assertion(): form = BrowserIDForm({"assertion": "xxx"}) assert form.is_valid()
def browserid_form(request): """ A context processor that adds a BrowserID form to the request """ return {'browserid_form': BrowserIDForm()}
def test_invalid_assertion(): form = BrowserIDForm({'assertion': u'\xe3'}) assert not form.is_valid()
def test_valid_assertion(): form = BrowserIDForm({'assertion': b'xxx'}) assert form.is_valid()
def test_invalid_assertion(): form = BrowserIDForm({"assertion": u"\xe3"}) assert not form.is_valid()
def browserid_verify(request): """Process a submitted BrowserID assertion. If valid, try to find either a Django or MindTouch user that matches the verified email address. If neither is found, we bounce to a profile creation page (ie. browserid_register).""" redirect_to = (_clean_next_url(request) or getattr(settings, 'LOGIN_REDIRECT_URL', reverse('home'))) redirect_to_failure = (_clean_next_url(request) or getattr(settings, 'LOGIN_REDIRECT_URL_FAILURE', reverse('home'))) failure_resp = set_browserid_explained( HttpResponseRedirect(redirect_to_failure)) # If the form's not valid, then this is a failure. form = BrowserIDForm(data=request.POST) if not form.is_valid(): return failure_resp # If the BrowserID assersion is not valid, then this is a failure. result = _verify_browserid(form, request) if not result: return failure_resp # So far, so good: We have a verified email address. But, no user, yet. email = result['email'] user = None # TODO: This user lookup and create stuff probably belongs in the model: # If user is authenticated, change their email if request.user.is_authenticated(): user = _get_latest_user_with_email(email) # If a user with the email already exists, don't change if user and user != request.user: messages.error(request, 'That email already belongs to another ' 'user.') return set_browserid_explained( HttpResponseRedirect(reverse('users.change_email'))) else: user = request.user user.email = email user.save() redirect_to = reverse('devmo_profile_edit', args=[user.username, ]) else: # Look for first most recently used Django account, use if found. user = _get_latest_user_with_email(email) # If no Django account, look for a MindTouch account by email. # If found, auto-create the user. if not user: deki_user = DekiUserBackend.get_deki_user_by_email(email) if deki_user: user = DekiUserBackend.get_or_create_user(deki_user) # If we got a user from either the Django or MT paths, complete login for # Django and MT and redirect. if user: user.backend = 'django_browserid.auth.BrowserIDBackend' auth.login(request, user) return set_browserid_explained( _redirect_with_mindtouch_login(redirect_to, user.username)) # Retain the verified email in a session, redirect to registration page. request.session[SESSION_VERIFIED_EMAIL] = email request.session[SESSION_REDIRECT_TO] = redirect_to return set_browserid_explained( HttpResponseRedirect(reverse('users.browserid_register')))