def openid_process(self, request, token): """ Process a callback from an identity provider. """ oid_consumer = consumer.Consumer(self.get_openid_session(request), self.store) query = urlparse.parse_qsl(urlparse.urlparse(request.uri).query) queries = {} for key, val in query: queries[key] = val.decode('UTF-8') logging.debug("Queries: {0}".format(queries)) info = oid_consumer.complete( queries, self.webserver.server_url + "/" + self.base_path + "/openid_process") display_identifier = info.getDisplayIdentifier() if info.status == consumer.FAILURE and display_identifier: logging.error("Verification of {0} failed: {1}".format( display_identifier, info.message)) self._send_openid_redirect(request, { "status": 401, "message": "Unauthorized" }) return elif info.status == consumer.SUCCESS: sreg_resp = sreg.SRegResponse.fromSuccessResponse(info) sreg_data = {} if sreg_resp is not None: sreg_data = sreg_resp.data pape_resp = pape.Response.fromSuccessResponse(info) ax_resp = ax.FetchResponse.fromSuccessResponse(info) ax_data = {} if ax_resp is not None: for uri in self.AX_URIS: ax_data[uri] = ax_resp.get(uri) logging.debug( "openid_process: Success of {0}, sreg_resp: {1} (sreg_data: {2}), pape_resp: {3}, ax_resp: {4}, ax_data: {5}" .format(display_identifier, sreg_resp, sreg_data, pape_resp, ax_resp, ax_data)) if len(ax_data.keys()) > 0: user_metadata = { "name": ax_data['http://schema.openid.net/namePerson/first'][0] + " " + ax_data['http://schema.openid.net/namePerson/last'][0], "email": ax_data['http://schema.openid.net/contact/email'][0], } elif len(sreg_data.keys()) > 0: user_metadata = { "name": sreg_data['fullname'], "nickname": sreg_data['nickname'], "email": sreg_data['email'], } else: user_metadata = {} if info.endpoint.canonicalID: logging.debug( "openid_process, additional: ...This is an i-name and its persistent ID is: {0}" .format(info.endpoint.canonicalID)) # Success - User is now INDX authenticated - they can request a token now. wbSession = self.get_session(request) wbSession.setAuthenticated(True) wbSession.setUserType("openid") # TODO FIXME standardise wbSession.setUser( display_identifier) # namespace this as a openid or something? wbSession.setPassword("") # XXX # Initialise the OpenID user now: ix_openid = IndxOpenID(self.database, display_identifier) def err_cb(err): logging.error("Error in IndxOpenID: {0}".format(err)) self._send_openid_redirect(request, { "status": 401, "message": "Unauthorized" }) return def cb(user_info): user_info['status'] = 200 user_info['message'] = "OK" self._send_openid_redirect(request, user_info) return ix_openid.init_user(user_metadata).addCallbacks(cb, err_cb) return elif info.status == consumer.CANCEL: logging.error("Error in openid_process: Verification cancelled.") self._send_openid_redirect(request, { "status": 401, "message": "Unauthorized" }) return elif info.status == consumer.SETUP_NEEDED: logging.error( "Error in openid_process: Setup needed at URL: {0}".format( info.setup_url)) self._send_openid_redirect(request, { "status": 401, "message": "Unauthorized" }) return else: logging.error("Error in openid_process: Verification Failed.") self._send_openid_redirect(request, { "status": 401, "message": "Unauthorized" }) return
def openid_process(self, request, token): """ Process a callback from an identity provider. """ oid_consumer = consumer.Consumer(self.get_openid_session(request), self.store) query = urlparse.parse_qsl(urlparse.urlparse(request.uri).query) queries = {} for key, val in query: queries[key] = val.decode('UTF-8') logging.debug("Queries: {0}".format(queries)) info = oid_consumer.complete(queries, self.webserver.server_url + "/" + self.base_path + "/openid_process") display_identifier = info.getDisplayIdentifier() if info.status == consumer.FAILURE and display_identifier: logging.error("Verification of {0} failed: {1}".format(display_identifier, info.message)) self._send_openid_redirect(request, {"status": 401, "message": "Unauthorized"}) return elif info.status == consumer.SUCCESS: sreg_resp = sreg.SRegResponse.fromSuccessResponse(info) sreg_data = {} if sreg_resp is not None: sreg_data = sreg_resp.data pape_resp = pape.Response.fromSuccessResponse(info) ax_resp = ax.FetchResponse.fromSuccessResponse(info) ax_data = {} if ax_resp is not None: for uri in self.AX_URIS: ax_data[uri] = ax_resp.get(uri) logging.debug("openid_process: Success of {0}, sreg_resp: {1} (sreg_data: {2}), pape_resp: {3}, ax_resp: {4}, ax_data: {5}".format(display_identifier, sreg_resp, sreg_data, pape_resp, ax_resp, ax_data)) if len(ax_data.keys()) > 0: user_metadata = { "name": ax_data['http://schema.openid.net/namePerson/first'][0] + " " + ax_data['http://schema.openid.net/namePerson/last'][0], "email": ax_data['http://schema.openid.net/contact/email'][0], } elif len(sreg_data.keys()) > 0: user_metadata = { "name": sreg_data['fullname'], "nickname": sreg_data['nickname'], "email": sreg_data['email'], } else: user_metadata = {} if info.endpoint.canonicalID: logging.debug("openid_process, additional: ...This is an i-name and its persistent ID is: {0}".format(info.endpoint.canonicalID)) # Success - User is now INDX authenticated - they can request a token now. wbSession = self.get_session(request) wbSession.setAuthenticated(True) wbSession.setUserType("openid") # TODO FIXME standardise wbSession.setUser(display_identifier) # namespace this as a openid or something? wbSession.setPassword("") # XXX # Initialise the OpenID user now: ix_openid = IndxOpenID(self.database, display_identifier) def err_cb(err): logging.error("Error in IndxOpenID: {0}".format(err)) self._send_openid_redirect(request, {"status": 401, "message": "Unauthorized"}) return def cb(user_info): user_info['status'] = 200 user_info['message'] = "OK" self._send_openid_redirect(request, user_info) return ix_openid.init_user(user_metadata).addCallbacks(cb, err_cb) return elif info.status == consumer.CANCEL: logging.error("Error in openid_process: Verification cancelled.") self._send_openid_redirect(request, {"status": 401, "message": "Unauthorized"}) return elif info.status == consumer.SETUP_NEEDED: logging.error("Error in openid_process: Setup needed at URL: {0}".format(info.setup_url)) self._send_openid_redirect(request, {"status": 401, "message": "Unauthorized"}) return else: logging.error("Error in openid_process: Verification Failed.") self._send_openid_redirect(request, {"status": 401, "message": "Unauthorized"}) return
def openid_process(self, request): """ Process a callback from an identity provider. """ oid_consumer = consumer.Consumer(self.get_openid_session(request), self.store) query = urlparse.parse_qsl(urlparse.urlparse(request.uri).query) queries = {} for key, val in query: queries[key] = val logging.debug("Queries: {0}".format(queries)) info = oid_consumer.complete(queries, self.webserver.server_url + "/" + self.base_path + "/openid_process") display_identifier = info.getDisplayIdentifier() if info.status == consumer.FAILURE and display_identifier: #request.setResponseCode(200, "OK") logging.error("Verification of {0} failed: {1}".format(display_identifier, info.message)) #request.finish() return self.return_unauthorized(request) elif info.status == consumer.SUCCESS: sreg_resp = sreg.SRegResponse.fromSuccessResponse(info) sreg_data = {} if sreg_resp is not None: sreg_data = sreg_resp.data pape_resp = pape.Response.fromSuccessResponse(info) ax_resp = ax.FetchResponse.fromSuccessResponse(info) ax_data = {} if ax_resp is not None: for uri in self.AX_URIS: ax_data[uri] = ax_resp.get(uri) logging.debug("openid_process: Success of {0}, sreg_resp: {1} (sreg_data: {2}), pape_resp: {3}, ax_resp: {4}, ax_data: {5}".format(display_identifier, sreg_resp, sreg_data, pape_resp, ax_resp, ax_data)) if info.endpoint.canonicalID: logging.debug("openid_process, additional: ...This is an i-name and its persistent ID is: {0}".format(info.endpoint.canonicalID)) # Success - User is now INDX authenticated - they can request a token now. wbSession = self.get_session(request) wbSession.setAuthenticated(True) wbSession.setUserType("openid") # TODO FIXME standardise wbSession.setUser(display_identifier) # namespace this as a openid or something? wbSession.setPassword("") # XXX # Initialise the OpenID user now: ix_openid = IndxOpenID(self.database, display_identifier) def err_cb(err): logging.error("Error in IndxOpenID: {0}".format(err)) return self.return_unauthorized(request) def cb(user_info): password_hash = user_info['password_hash'] if password_hash == "": # user should be prompted for a password by the UI now, because they never have set one (new OpenID user) # TODO do this... return self.return_ok(request) else: return self.return_ok(request) ix_openid.init_user().addCallbacks(cb, err_cb) return #return self.return_ok(request) elif info.status == consumer.CANCEL: #request.setResponseCode(200, "OK") logging.error("Error in openid_process: Verification cancelled.") #request.finish() return self.return_unauthorized(request) elif info.status == consumer.SETUP_NEEDED: #request.setResponseCode(200, "OK") logging.error("Error in openid_process: Setup needed at URL: {0}".format(info.setup_url)) #request.finish() return self.return_unauthorized(request) else: #request.setResponseCode(200, "OK") logging.error("Error in openid_process: Verification Failed.") #request.finish() return self.return_unauthorized(request)