def useNonce(self, server_url, timestamp, salt):
if abs(timestamp - time.time()) > SKEW:
return False
try:
ononce = Nonce.objects.get(server_url__exact=server_url,
timestamp__exact=timestamp,
salt__exact=salt)
except Nonce.DoesNotExist:
ononce = Nonce(server_url=server_url,
timestamp=timestamp,
salt=salt)
ononce.save()
return True
return False
def useNonce(self, server_url, timestamp, salt):
if abs(timestamp - time.time()) > SKEW:
return False
try:
ononce = Nonce.objects.get(
server_url__exact=server_url,
timestamp__exact=timestamp,
salt__exact=salt)
except Nonce.DoesNotExist:
ononce = Nonce(
server_url=server_url,
timestamp=timestamp,
salt=salt)
ononce.save()
return True
return False
def registration(request, attribute_set='default',
template_name='openid/registration_form.html',
form_class=OpenIDLoginForm):
""" Try to submit all the registration attributes for mojeID registration"""
registration_url = getattr(settings, 'MOJEID_REGISTRATION_URL',
MOJEID_REGISTRATION_URL)
# Realm should be always something like 'https://example.org/openid/'
realm = getattr(settings, 'MOJEID_REALM',
request.build_absolute_uri(reverse(top)))
user = OpenIDBackend.get_user_from_request(request)
user_id = user.pk if user else None
# Create Nonce
nonce = Nonce(server_url=realm, user_id=user_id)
nonce.save()
fields = []
attributes = [x for x in get_attributes(attribute_set) if x.type == 'attribute']
# Append attributes to creation request if user is valid
if user:
for attribute in attributes:
form_attr = attribute.registration_form_attrs_html(user_id)
if form_attr:
fields.append(form_attr)
# Render the redirection template
return render_to_response(
template_name,
{
'fields': fields,
'action': registration_url,
'realm': realm,
'nonce': nonce.registration_nonce,
},
context_instance=RequestContext(request)
)
def registration(request, attribute_set='default',
template_name='openid/registration_form.html'):
""" Try to submit all the registration attributes for mojeID registration"""
# Realm should be always something like 'https://example.org/openid/'
realm = getattr(settings, 'MOJEID_REALM',
request.build_absolute_uri(reverse(top)))
user = OpenIDBackend.get_user_from_request(request)
user_id = user.pk if user else None
# Create Nonce
nonce = Nonce(server_url=realm, user_id=user_id,
timestamp=time.time(), salt=randomString(35, NONCE_CHARS))
nonce.save()
fields = []
attributes = [x for x in get_attributes(attribute_set) if x.type == 'attribute']
# Append attributes to creation request if user is valid
if user:
for attribute in attributes:
form_attr = attribute.registration_form_attrs_html(user_id)
if form_attr:
fields.append(form_attr)
# Render the redirection template
return render_to_response(
template_name,
{
'fields': fields,
'action': get_registration_url(),
'realm': realm,
'nonce': nonce.registration_nonce,
},
context_instance=RequestContext(request)
)
def assertion(request):
"""
mojeID server connects here to propagate a response to the registration
"""
def _reject(request, error):
""" Reject response """
return HttpResponse(dictToKV({'mode': 'reject', 'reason': error}))
def _accept(request):
""" Accept response """
return HttpResponse(dictToKV({'mode': 'accept'}))
# Accept only post
if not request.method == 'POST':
return _reject(request, Assertion.ErrorString.BAD_REQUEST)
# Accept only valid status
status = request.POST.get('status', None)
if not status:
return _reject(request, Assertion.ErrorString.MISSING_STATUS)
if not status in Assertion.StatusCodes:
return _reject(request, Assertion.ErrorString.INVALID_STATUS)
# TODO check whether this request is from mojeID server and uses https with a proper certificate
# Test calimed ID
claimed_id = request.POST.get('claimed_id')
if not claimed_id:
return _reject(request, Assertion.ErrorString.MISSING_CLAIMED_ID)
# The user was registered for mojeID
if status == Assertion.StatusCodes.REGISTERED:
registration_nonce = request.POST.get('registration_nonce')
if registration_nonce is None:
return _reject(request, Assertion.ErrorString.MISSING_NONCE)
# check nonce
try:
nonce = Nonce.get_registration_nonce(registration_nonce)
except Nonce.DoesNotExist:
return _reject(request, Assertion.ErrorString.INVALID_NONCE)
user_id = nonce.user_id
nonce.delete()
# Fetch the user
user_model = get_user_model()
try:
user = user_model.objects.get(pk=user_id)
# Create association
OpenIDBackend.associate_openid(user, claimed_id)
except (user_model.DoesNotExist, IdentityAlreadyClaimed):
# Don't associte the user when the user doesn't exist or is already claimed
# And assume that server sent us a valid claimed_id
#
# Note that user might been deleted before this assertion is triggered
# Or the newly created mojeID account might been already associated
# with a local account by the client
#
# Both of these cases are not considered as errors
pass
return _accept(request)
def assertion(request):
"""
mojeID server connects here to propagate a response to the registration
"""
def _reject(request, error):
""" Reject response """
return HttpResponse(dictToKV({'mode': 'reject', 'reason': error}))
def _accept(request):
""" Accept response """
return HttpResponse(dictToKV({'mode': 'accept'}))
# Accept only post
if not request.method == 'POST':
return _reject(request, Assertion.ErrorString.BAD_REQUEST)
# Accept only valid status
status = request.POST.get('status', None)
if not status:
return _reject(request, Assertion.ErrorString.MISSING_STATUS)
if status not in Assertion.StatusCodes:
return _reject(request, Assertion.ErrorString.INVALID_STATUS)
# TODO check whether this request is from mojeID server and uses https with a proper certificate
# Test calimed ID
claimed_id = request.POST.get('claimed_id')
if not claimed_id:
return _reject(request, Assertion.ErrorString.MISSING_CLAIMED_ID)
# The user was registered for mojeID
if status == Assertion.StatusCodes.REGISTERED:
registration_nonce = request.POST.get('registration_nonce')
if registration_nonce is None:
return _reject(request, Assertion.ErrorString.MISSING_NONCE)
# check nonce
try:
nonce = Nonce.get_registration_nonce(registration_nonce)
except Nonce.DoesNotExist:
return _reject(request, Assertion.ErrorString.INVALID_NONCE)
user_id = nonce.user_id
nonce.delete()
# Try to associate the user with mojeID
if user_id:
# Fetch the user
user_model = get_user_model()
try:
user = user_model.objects.get(pk=user_id)
# Create association
OpenIDBackend.associate_openid(user, claimed_id)
except (user_model.DoesNotExist, IdentityAlreadyClaimed):
# Don't associte the user when the user doesn't exist or is already claimed
# And assume that server sent us a valid claimed_id
#
# Note that user might been deleted before this assertion is triggered
# Or the newly created mojeID account might been already associated
# with a local account by the client
#
# Both of these cases are not considered as errors
pass
return _accept(request)