return message ret = openid_consumer_views.begin(request, redirect_to=reverse('openid_complete'), on_failure=openid_failure) if isinstance(ret, (str, unicode)) or isinstance(ret,unicode): messages.add_message(request, messages.ERROR, ret) else: return ret try: fb_association = FBAssociation.objects.get(user=request.user) except FBAssociation.DoesNotExist, e: fb_association = None used = [o.openid for o in request.openids] remove_openid = request.POST.get('remove_openid') if remove_openid and remove_openid not in used: unassociate_openid(request.user, remove_openid) return HttpResponseRedirect(reverse(associations)) openids = list(UserOpenID.objects.filter(user=request.user).order_by('created_at')) for o in openids: o.is_used = o.openid in used class Association(object): def __init__(self, service): self.service = service def is_associated(self): return bool(self.service.get_user_id(request.user)) def is_logged_in(self): return getattr(backend, 'service_class', None) == self.service.__class__
def associations(request, template_name='openid_associations.html', post_login_redirect='/openid/complete/'): """ A view for managing the OpenIDs associated with a user account. """ if 'openid_url' in request.POST: # They entered a new OpenID and need to authenticate it - kick off the # process and make sure they are redirected back here afterwards return consumer_views.begin(request, redirect_to=post_login_redirect) messages = [] associated_openids = [ rec.openid for rec in UserOpenID.objects.filter(user__id = request.user.id) ] # OpenIDs are associated and de-associated based on their key - which is a # hash of the OpenID, user ID and SECRET_KEY - this gives us a nice key for # submit button names or checkbox values and provides CSRF protection at # the same time. We need to pre-calculate the hashes for the user's OpenIDs # in advance. add_hashes = dict([ (_make_hash('add', request.user, openid), str(openid)) for openid in request.openids if str(openid) not in associated_openids ]) del_hashes = dict([ (_make_hash('del', request.user, openid), openid) for openid in associated_openids ]) # We can now cycle through the keys in POST, looking for stuff to add or # delete. First though we check for the ?direct=1 argument and directly add # any OpenIDs that were authenticated in the last 5 seconds - this supports # the case where a user has entered an OpenID in the form on this page, # authenticated it and been directed straight back here. # TODO: Reconsider this technique now that it's easier to create custom # behaviour when an OpenID authentication is successful. if request.GET.get('direct') and request.openids and \ request.openids[-1].issued > int(time.time()) - 5 and \ str(request.openids[-1]) not in associated_openids: new_openid = str(request.openids[-1]) associate_openid(request.user, new_openid) associated_openids.append(new_openid) messages.append('%s has been associated with your account' % escape( new_openid )) # Now cycle through POST.keys() looking for OpenIDs to add or remove for key in request.POST.keys(): if key in add_hashes: openid = add_hashes[key] if openid not in associated_openids: associate_openid(request.user, openid) associated_openids.append(openid) messages.append('%s has been associated with your account' % \ escape(openid) ) if key in del_hashes: openid = del_hashes[key] if openid in associated_openids: unassociate_openid(request.user, openid) associated_openids.remove(openid) messages.append('%s has been removed from your account' % \ escape(openid) ) # At this point associated_openids represents the current set of associated # OpenIDs, and messages contains any messages that should be displayed. The # final step is to work out which OpenIDs they have that are currently # logged in BUT are not associated - these are the ones that should be # displayed with an "associate this?" buttons. potential_openids = [ str(openid) for openid in request.openids if str(openid) not in associated_openids ] # Finally, calculate the button hashes we are going to need for the form. add_buttons = [ {'openid': openid, 'hash': _make_hash('add', request.user, openid)} for openid in potential_openids ] del_buttons = [ {'openid': openid, 'hash': _make_hash('del', request.user, openid)} for openid in associated_openids ] return render(template_name, { 'user': request.user, 'messages': messages, 'action': request.path, 'add_buttons': add_buttons, 'del_buttons': del_buttons, # This is also used to generate the list of # of associated OpenIDs }, context_instance=RequestContext(request))
redirect_to=reverse('openid_complete'), on_failure=openid_failure) if isinstance(ret, (str, unicode)) or isinstance(ret, unicode): messages.add_message(request, messages.ERROR, ret) else: return ret try: fb_association = FBAssociation.objects.get(user=request.user) except FBAssociation.DoesNotExist, e: fb_association = None used = [o.openid for o in request.openids] remove_openid = request.POST.get('remove_openid') if remove_openid and remove_openid not in used: unassociate_openid(request.user, remove_openid) return HttpResponseRedirect(reverse(associations)) openids = list( UserOpenID.objects.filter(user=request.user).order_by('created_at')) for o in openids: o.is_used = o.openid in used class Association(object): def __init__(self, service): self.service = service def is_associated(self): return bool(self.service.get_user_id(request.user)) def is_logged_in(self):