def process_trust_result(request):
"""
Handle the result of a trust decision and respond to the RP
accordingly.
"""
# Get the request from the session so we can construct the
# appropriate response.
openid_request = get_request(request)
# The identifier that this server can vouch for
response_identity = get_view_url(request, profile_detail,
{request.user.username})
# If the decision was to allow the verification, respond
# accordingly.
allowed = 'allow' in request.POST
# Generate a response with the appropriate answer.
openid_response = openid_request.answer(allowed,
identity=response_identity)
if request.POST.has_key('remember') and request.POST['remember'] == 'yes':
url = TrustedRoot.objects.get(url=openid_response.request.trust_root)
request.user.userprofile.trusted_roots.add(url)
# Send Simple Registration data in the response, if appropriate.
if allowed:
add_user_data(request, openid_response)
return display_response(request, openid_response)
def user_xrds(request, username):
"""
Respond to requests for a specific user identity XRDS Document
"""
return util.render_xrds(
request, [OPENID_2_0_TYPE, sreg.ns_uri, ax.AXMessage.ns_uri],
[get_view_url(request, endpoint)], username)
def op_xrds(request):
"""
Respond to requests for the OpenID Provider XRDS document, which is used in
IDP-driven identifier selection.
"""
return util.render_xrds(
request, [OPENID_IDP_2_0_TYPE, sreg.ns_uri, ax.AXMessage.ns_uri], [get_view_url(request, endpoint)])
def show_decide_page(request, openid_request):
"""
Render a page to the user so a trust decision can be made.
@type openid_request: openid.server.server.CheckIDRequest
"""
trust_root = openid_request.trust_root
return_to = openid_request.return_to
try:
# Stringify because template's ifequal can only compare to strings.
trust_root_valid = verifyReturnTo(trust_root, return_to) \
and "Valid" or "Invalid"
except DiscoveryFailure:
# suporta consumers que não implementam a relying party verification
#trust_root_valid = "DISCOVERY_FAILED"
trust_root_valid = 'Valid'
except HTTPFetchingError:
trust_root_valid = "Unreachable"
return direct_to_template(
request, 'provider/trust.html', {
'trust_root': trust_root,
'trust_handler_url': get_view_url(request, process_trust_result),
'trust_root_valid': trust_root_valid,
})
def process_trust_result(request):
"""
Handle the result of a trust decision and respond to the RP
accordingly.
"""
# Get the request from the session so we can construct the
# appropriate response.
openid_request = get_request(request)
# The identifier that this server can vouch for
response_identity = get_view_url(request, profile_detail, {request.user.username})
# If the decision was to allow the verification, respond
# accordingly.
allowed = 'allow' in request.POST
# Generate a response with the appropriate answer.
openid_response = openid_request.answer(allowed,
identity=response_identity)
if request.POST.has_key('remember') and request.POST['remember'] == 'yes':
url = TrustedRoot.objects.get(url = openid_response.request.trust_root)
request.user.userprofile.trusted_roots.add(url)
# Send Simple Registration data in the response, if appropriate.
if allowed:
add_user_data(request, openid_response)
return display_response(request, openid_response)
def show_decide_page(request, openid_request):
"""
Render a page to the user so a trust decision can be made.
@type openid_request: openid.server.server.CheckIDRequest
"""
trust_root = openid_request.trust_root
return_to = openid_request.return_to
try:
# Stringify because template's ifequal can only compare to strings.
trust_root_valid = verifyReturnTo(trust_root, return_to) \
and "Valid" or "Invalid"
except DiscoveryFailure:
# suporta consumers que não implementam a relying party verification
#trust_root_valid = "DISCOVERY_FAILED"
trust_root_valid = 'Valid'
except HTTPFetchingError:
trust_root_valid = "Unreachable"
return direct_to_template(
request,
'provider/trust.html',
{'trust_root': trust_root,
'trust_handler_url':get_view_url(request, process_trust_result),
'trust_root_valid': trust_root_valid,
})
def trust_page(request):
"""
Display the trust page template, which allows the user to decide
whether to approve the OpenID verification.
"""
return direct_to_template(
request, 'provider/trust.html',
{'trust_handler_url': get_view_url(request, process_trust_result)})
def op_xrds(request):
"""
Respond to requests for the OpenID Provider XRDS document, which is used in
IDP-driven identifier selection.
"""
return util.render_xrds(
request, [OPENID_IDP_2_0_TYPE, sreg.ns_uri, ax.AXMessage.ns_uri],
[get_view_url(request, endpoint)])
def trust_page(request):
"""
Display the trust page template, which allows the user to decide
whether to approve the OpenID verification.
"""
return direct_to_template(
request,
'provider/trust.html',
{'trust_handler_url':get_view_url(request, process_trust_result)})
def handle_check_id_request(request, openid_request):
"""
Handle checkid_* requests. Get input from the user to find out
whether she trusts the RP involved. Possibly, get intput about
what Simple Registration information, if any, to send in the
response.
"""
id_url = get_view_url(request, profile_detail, {request.user.username})
# If the request was an IDP-driven identifier selection request
# (i.e., the IDP URL was entered at the RP), then return the
# default identity URL for this server. In a full-featured
# provider, there could be interaction with the user to determine
# what URL should be sent.
if not openid_request.idSelect():
# Confirm that this server can actually vouch for that
# identifier
if id_url != openid_request.identity:
# Return an error response
error_response = ProtocolError(
openid_request.message,
"This server cannot verify the URL %r" %
(openid_request.identity, ))
return display_response(request, error_response)
if request.user.userprofile.trusted_url(openid_request.trust_root):
openid_response = openid_request.answer(True, identity=id_url)
add_user_data(request, openid_response)
return display_response(request, openid_response)
if openid_request.immediate:
# Always respond with 'cancel' to immediate mode requests
# because we don't track information about a logged-in user.
# If we did, then the answer would depend on whether that user
# had trusted the request's trust root and whether the user is
# even logged in.
openid_response = openid_request.answer(False)
return display_response(request, openid_response)
else:
# Store the incoming request object in the session so we can
# get to it later.
set_request(request, openid_request)
return show_decide_page(request, openid_request)
def handle_check_id_request(request, openid_request):
"""
Handle checkid_* requests. Get input from the user to find out
whether she trusts the RP involved. Possibly, get intput about
what Simple Registration information, if any, to send in the
response.
"""
id_url = get_view_url(request, profile_detail, {request.user.username})
# If the request was an IDP-driven identifier selection request
# (i.e., the IDP URL was entered at the RP), then return the
# default identity URL for this server. In a full-featured
# provider, there could be interaction with the user to determine
# what URL should be sent.
if not openid_request.idSelect():
# Confirm that this server can actually vouch for that
# identifier
if id_url != openid_request.identity:
# Return an error response
error_response = ProtocolError(
openid_request.message,
"This server cannot verify the URL %r" %
(openid_request.identity,))
return display_response(request, error_response)
if request.user.userprofile.trusted_url(openid_request.trust_root):
openid_response = openid_request.answer(True, identity = id_url)
add_user_data(request, openid_response)
return display_response(request, openid_response)
if openid_request.immediate:
# Always respond with 'cancel' to immediate mode requests
# because we don't track information about a logged-in user.
# If we did, then the answer would depend on whether that user
# had trusted the request's trust root and whether the user is
# even logged in.
openid_response = openid_request.answer(False)
return display_response(request, openid_response)
else:
# Store the incoming request object in the session so we can
# get to it later.
set_request(request, openid_request)
return show_decide_page(request, openid_request)
def get_server(request):
"""
Get a Server object to perform OpenID authentication.
"""
return Server(get_openid_store(), get_view_url(request, endpoint))
def user_xrds(request, username):
"""
Respond to requests for a specific user identity XRDS Document
"""
return util.render_xrds(
request, [OPENID_2_0_TYPE, sreg.ns_uri, ax.AXMessage.ns_uri], [get_view_url(request, endpoint)], username)
def get_server(request):
"""
Get a Server object to perform OpenID authentication.
"""
return Server(get_openid_store(), get_view_url(request, endpoint))
