def _do_gs_login(form, request):
xrd_location = form.cleaned_data['xrd_provider']
request.session[S_LOCATION] = xrd_location
# Now, if we provide a store
# store = memstore.MemoryStore()
# we get errors:
# ERROR:root:Missing required parameter in response from ...
# ('http://openid.net/signon/1.0', 'assoc_type')
# https://github.com/jbufu/openid4java/issues/192
# gives a clue: perhaps the Genomespace operates in stateless mode?
# If we construct our consumer with None for the store it will
# operate only in stateless mode - and there are no errors
oid_consumer = consumer.Consumer(request.session, None)
try:
xrd_url = AgrfFeedConfig.get_openid_server(xrd_location)
oid_request = oid_consumer.begin(xrd_url)
if oid_request is None:
error_message = 'No OpenId Services found for %s' % xrd_location
logging.error(error_message)
messages.add_message(request, messages.ERROR, error_message)
return HttpResponseRedirect('/')
return redirect(oid_request.redirectURL(TRUST_ROOT, RETURN_TO_URL))
except consumer.DiscoveryFailure as exc:
error_message = 'Error in discovery: %s' % (html.escape(str(exc)))
logging.error(error_message)
messages.add_message(request, messages.ERROR, error_message)
return HttpResponseRedirect('/')
def verify_core(req):
"""This is the first phase of the OpenID login. We check the
provided identifier, try to work out who we should ask about it,
and redirect the user to the provider's site for their login
process."""
# Set up the OpenID library
session = Session.Session(req, timeout=60)
global store
if store is None:
Logger.log.debug("Creating new store")
server_options = req.get_options()
store_path = os.path.join(server_options['wor.root_path'], "oid_store")
store = filestore.FileOpenIDStore(store_path)
oid_consumer = consumer.Consumer(session, store)
# Get the user's account details that they provided
if getattr(req, "form", None) is None:
req.form = util.FieldStorage(req, True)
account = req.form.getfirst("openid_identifier")
# Look up the OAuth provider for this account
try:
request = oid_consumer.begin(account)
except consumer.DiscoveryFailure, ex:
raise
def render_GET(self, request):
session = {}
oidconsumer = consumer.Consumer(session, None)
request = oidconsumer.begin(self.provider)
request.addExtension(sreg.SRegRequest(
required=['nickname', 'fullname', 'email', 'timezone']))
request.addExtension(teams.TeamsRequest(requested=self.groups))
request.addExtension(cla.CLARequest(
requested=[cla.CLA_URI_FEDORA_DONE]))
trust_root = self.root_url
return_to = self.root_url + '_openid_handle/'
if request.shouldSendRedirect():
redirect_url = request.redirectURL(trust_root, return_to, False)
request.redirect(redirect_url)
else:
return request.htmlMarkup(
trust_root, return_to,
form_tag_attrs={'id': 'openid_message'}, immediate=False)
try:
request.finish()
except RuntimeError:
# this occurs when the client has already disconnected; ignore
# it (see #2027)
log.msg("http client disconnected before results were sent")
def _get_consumer(self, req, db):
s = self._get_oidsession(req)
if 'id' not in s:
s['id'] = req.session.sid
store = self._getStore(db)
return consumer.Consumer(s, store), s
def startLogin():
c = consumer.Consumer({}, None)
error = None
try:
auth_request = c.begin("https://www.google.com/accounts/o8/id")
except DiscoveryFailure, e:
error = "OpenID discovery error: %s" % (str(e), )
def get_openid_consumer(request, session):
"""Initialize an OpenID store for authenticating comments.
@param request: Pyblosxom request object
@param session: session
@type session: instance of C{Session}
@return: An instance of OpenIDConsumer
@rtype: OpenID consumer store or C{None}
"""
config = request.getConfiguration()
logger = tools.getLogger()
store_dir = config.get('openid_store_dir')
if store_dir is None:
logger.error('You must define openid_store_dir in your '
'config to enable OpenID comments.')
return None
try:
store = filestore.FileOpenIDStore(store_dir)
return openid.Consumer(session, store)
except Exception:
trace = traceback.format_exception(*sys.exc_info())
logger.error('Error initializing OpenID server:\n' + '\n'.join(trace))
return None
def login(self,
username=None,
password=None,
return_url=None,
cancel_url=None,
groups=['_FAS_ALL_GROUPS_']):
"""Tries to log in a user.
Sets the user information on :attr:`flask.g.fas_user`.
Will set 0 to :attr:`flask.g.fas_session_id, for compatibility
with flask_fas.
:arg username: Not used, but accepted for compatibility with the
flask_fas module
:arg password: Not used, but accepted for compatibility with the
flask_fas module
:arg return_url: The URL to forward the user to after login
:arg groups: A string or a list of group the user should belong to
to be authentified.
:returns: True if the user was succesfully authenticated.
:raises: Might raise an redirect to the OpenID endpoint
"""
if return_url is None:
if 'next' in flask.request.args.values():
return_url = flask.request.args.values['next']
else:
return_url = flask.request.url
oidconsumer = consumer.Consumer(flask.session, None)
try:
request = oidconsumer.begin(self.app.config['FAS_OPENID_ENDPOINT'])
except consumer.DiscoveryFailure, exc:
# VERY strange, as this means it could not discover an OpenID endpoint at FAS_OPENID_ENDPOINT
return 'discoveryfailure'
def begin(self, request, data):
try:
openid_url = data['openid_url'].strip()
except KeyError:
messages.error(request, lang.FILL_OPENID_URL)
raise Redirect('publicauth-login')
# allow user to type openid provider without http:// prefix
if not openid_url.startswith("http"):
openid_url = "http://%s" % openid_url
return_url = request.build_absolute_uri(
reverse('publicauth-complete', args=[self.provider]))
request.session['openid_return_to'] = return_url
client = consumer.Consumer(request.session, None)
try:
openid_request = client.begin(openid_url)
sreg_extra = [i for i in self.PROFILE_MAPPING]
sreg = SRegRequest(required=sreg_extra)
openid_request.addExtension(sreg)
ax_msg = FetchRequest()
for detail in self.PROFILE_MAPPING:
ax_msg.add(AttrInfo(settings.AX_URIS[detail], required=True))
openid_request.addExtension(ax_msg)
redirect_url = openid_request.redirectURL(realm='http://' +
request.get_host(),
return_to=return_url)
raise Redirect(redirect_url)
except discover.DiscoveryFailure:
messages.error(request, _('Could not find OpenID server'))
raise Redirect('publicauth-login')
def _handle_oidreturn(self):
request = self.request
_ = request.getText
oidconsumer = consumer.Consumer(request.session,
MoinOpenIDStore(request))
query = {}
for key in request.values:
query[key] = request.values[key]
qstr = {'action': 'userprefs',
'handler': 'oid',
'oid.return': '1'}
return_to = request.getQualifiedURL(request.page.url(request, qstr))
info = oidconsumer.complete(query, return_to)
if info.status == consumer.FAILURE:
return 'error', _('OpenID error: %s.') % info.message
elif info.status == consumer.CANCEL:
return 'info', _('Verification canceled.')
elif info.status == consumer.SUCCESS:
if not hasattr(self.request.user, 'openids'):
request.user.openids = []
if info.identity_url in request.user.openids:
return 'error', _("OpenID is already present.")
if user.getUserIdByOpenId(request, info.identity_url):
return 'error', _("This OpenID is already used for another account.")
# all fine
request.user.openids.append(info.identity_url)
request.user.save()
return 'info', _("OpenID added successfully.")
else:
return 'error', _('OpenID failure.')
def handle_openid_login_response():
conn = db.session.connection()
consumer = openid.Consumer(session, None)
info = consumer.complete(request.args, request.url)
if info.status == openid.SUCCESS:
openid_url = info.identity_url
values = {}
ax_resp = ax.FetchResponse.fromSuccessResponse(info)
if ax_resp:
attrs = {
'email': 'http://schema.openid.net/contact/email',
'name': 'http://schema.openid.net/namePerson/friendly',
}
for name, uri in attrs.items():
try:
value = ax_resp.getSingle(uri)
if value:
values[name] = value
except KeyError:
pass
account_id = lookup_account_id_by_openid(conn, openid_url)
if not account_id:
account_id, account_api_key = insert_account(conn, {
'name': 'OpenID User',
'openid': openid_url,
})
logger.info("Successfuly identified OpenID user %s (%d) with email '%s' and nickname '%s'",
openid_url, account_id, values.get('email', ''), values.get('name', ''))
return login_user_and_redirect(account_id)
elif info.status == openid.CANCEL:
raise Exception('OpenID login has been canceled')
else:
raise Exception('OpenID login failed')
def request_access(self):
log_debug = self.log_debug
if log_debug:
log.debug('Handling OpenID login')
# Load default parameters that all Auth Responders take
session['end_point_success'] = request.POST.get(
'end_point_success', self.config.get('oauth_success'))
fail_uri = session['end_point_auth_failure'] = request.POST.get(
'end_point_auth_failure', self.config.get('oauth_failure'))
openid_url = request.POST.get('openid_identifier')
# Let inherited consumers alter the openid identifier if desired
openid_url = self._lookup_identifier(openid_url)
if not openid_url or (self.endpoint_regex and
not re.match(self.endpoint_regex, end_point)):
return redirect(fail_uri)
openid_session = {}
oidconsumer = consumer.Consumer(openid_session, self.openid_store,
self.consumer_class)
try:
authrequest = oidconsumer.begin(openid_url)
except consumer.DiscoveryFailure, exc:
log.error("openid discovery failure: %s", exc)
return redirect(fail_uri)
def _finish_verification(request):
"""
Complete OpenID Verification Process.
If the verification failed, will return false, otherwise, will return
the response
"""
c = consumer.Consumer(request.session, SQLAlchemyOpenIDStore())
# Check the response from the provider
response = c.complete(request.args, request.base_url)
if response.status == consumer.FAILURE:
messages.add_message(
request, messages.WARNING,
_('Verification of %s failed: %s' %
(response.getDisplayIdentifier(), response.message)))
elif response.status == consumer.SUCCESS:
# Verification was successfull
return response
elif response.status == consumer.CANCEL:
# Verification canceled
messages.add_message(request, messages.WARNING,
_('Verification cancelled'))
return False
def start(request, identifier):
if not openid:
return {}
oidconsumer = consumer.Consumer(request.session, __get_store())
try:
auth_request = oidconsumer.begin(identifier)
except consumer.DiscoveryFailure as exc:
return {'msg': _('OpenID authentication failed')}
else:
if auth_request is None:
return {'msg': _('No OpenID services found for %s') % identifier}
else:
trust_root = settings.BASE_URL + '/'
if request.is_secure():
trust_root = trust_root.replace('http://', 'https://')
return_to = request.build_absolute_uri()
if auth_request.shouldSendRedirect():
redirect_url = auth_request.redirectURL(trust_root,
return_to,
immediate=False)
return {'res': HttpResponseRedirect(redirect_url)}
else:
form_html = auth_request.htmlMarkup(
trust_root,
return_to,
form_tag_attrs={'id': 'openid_message'},
immediate=False)
return {'res': HttpResponse(form_html)}
def _handle_openid_login_response(self, req, errors):
consumer = openid.Consumer(self.session, None)
info = consumer.complete(req.args, self.login_url)
if info.status == openid.SUCCESS:
openid_url = info.identity_url
values = {}
ax_resp = ax.FetchResponse.fromSuccessResponse(info)
if ax_resp:
attrs = {
'email': 'http://schema.openid.net/contact/email',
'name': 'http://schema.openid.net/namePerson/friendly',
}
for name, uri in attrs.iteritems():
try:
value = ax_resp.getSingle(uri)
if value:
values[name] = value
except KeyError:
pass
account_id = lookup_account_id_by_openid(self.conn, openid_url)
if not account_id:
account_id = insert_account(self.conn, {
'name': 'OpenID User',
'openid': openid_url,
})
logger.info("Successfuly identified OpenID user %s (%d) with email '%s' and nickname '%s'",
openid_url, account_id, values.get('email', ''), values.get('name', ''))
self.session['id'] = account_id
elif info.status == openid.CANCEL:
errors.append('OpenID verification has been canceled')
else:
errors.append('OpenID verification failed')
def _handle_openid_request(self):
return_url = flask.session['FLASK_FAS_OPENID_RETURN_URL']
cancel_url = flask.session['FLASK_FAS_OPENID_CANCEL_URL']
oidconsumer = consumer.Consumer(flask.session, None)
info = oidconsumer.complete(flask.request.values,
flask.request.base_url)
display_identifier = info.getDisplayIdentifier()
if info.status == consumer.FAILURE and display_identifier:
return 'FAILURE. display_identifier: %s' % display_identifier
elif info.status == consumer.CANCEL:
if cancel_url:
return flask.redirect(cancel_url)
return 'OpenID request was cancelled'
elif info.status == consumer.SUCCESS:
sreg_resp = sreg.SRegResponse.fromSuccessResponse(info)
pape_resp = pape.Response.fromSuccessResponse(info)
teams_resp = teams.TeamsResponse.fromSuccessResponse(info)
cla_resp = cla.CLAResponse.fromSuccessResponse(info)
user = dict()
user['username'] = sreg_resp.get('nickname')
user['fullname'] = sreg_resp.get('fullname')
user['email'] = sreg_resp.get('email')
user['timezone'] = sreg_resp.get('timezone')
#user['locale'] = sreg_resp.get('LOCALE')
user['cla_done'] = cla.CLA_URI_FEDORA_DONE in cla_resp.clas
user[
'groups'] = teams_resp.teams # The groups do not contain the cla_ groups
flask.session['FLASK_FAS_OPENID_USER'] = user
flask.session.modified = True
return flask.redirect(return_url)
else:
return 'Strange state: %s' % info.status
def _get_response(req):
"""
Constructs the response returned from the OpenID provider
@param req: request
@type req: invenio.webinterface_handler_wsgi.SimulatedModPythonRequest
"""
from invenio.webinterface_handler import wash_urlargd
from openid.consumer import consumer
content = {}
for key in req.form.keys():
content[key] = (str, '')
args = wash_urlargd(req.form, content)
if args.has_key('ln'):
del args['ln']
if args.has_key('referer'):
if not args['referer']:
del args['referer']
oidconsumer = consumer.Consumer({"id": get_session(req)}, None)
url = CFG_SITE_SECURE_URL + "/youraccount/login"
req.g['openid_provider_name'] = args['provider']
req.g['openid_response'] = oidconsumer.complete(args, url)
def _get_consumer(self, environ):
session = environ[self.session_middleware]
session['id'] = session.id
oidconsumer = consumer.Consumer(session, self.store)
oidconsumer.consumer.openid1_nonce_query_arg_name = 'passurl_nonce'
session.save()
return oidconsumer
def finish(self, **args):
oidconsumer = consumer.Consumer(dict(), None)
info = oidconsumer.complete(cherrypy.request.params, cherrypy.url())
display_identifier = info.getDisplayIdentifier()
if info.status == consumer.FAILURE and display_identifier:
return 'ERROR:Verification of %s failed: %s' % (
display_identifier, info.message)
elif info.status == consumer.CANCEL:
return 'ERROR: Cancelled'
elif info.status == consumer.SUCCESS:
username = pwd.getpwuid(os.getuid())[0]
expected_identifier = 'https://127.0.0.10:45080/idp1/openid/' + \
'id/%s/' % username
if expected_identifier != display_identifier:
return 'ERROR: Wrong id returned: %s != %s' % (
expected_identifier,
display_identifier)
if self.extensions:
sreg_resp = sreg.SRegResponse.fromSuccessResponse(info)
teams_resp = teams.TeamsResponse.fromSuccessResponse(info)
ax_resp = ax.FetchResponse.fromSuccessResponse(info)
if sreg_resp is None:
return 'ERROR: No sreg!'
elif teams_resp is None:
return 'ERROR: No teams!'
elif ax_resp is None:
return 'ERROR: No AX!'
# Check values
expected_name = 'Test User %s' % username
expected_email = '*****@*****.**' % username
ax_name = ax_resp.data[
'http://schema.openid.net/namePerson'][0]
sreg_email = sreg_resp.data['email']
if ax_name != expected_name:
return 'ERROR: Wrong name returned: %s != %s' % (
expected_name,
ax_name)
if sreg_email != expected_email:
return 'ERROR: Wrong email returned: %s != %s' % (
expected_email,
sreg_email)
if username not in teams_resp.teams:
return 'ERROR: User not in self-named group (%s not ' + \
'in %s)' %\
(username, teams_resp.teams)
if self.extensions:
return 'SUCCESS, WITH EXTENSIONS'
else:
return 'SUCCESS, WITHOUT EXTENSIONS'
else:
return 'ERROR: Strange error: %s' % info.message
def index(self, extensions):
self.extensions = extensions == 'YES'
oidconsumer = consumer.Consumer(dict(), None)
try:
request = oidconsumer.begin('https://127.0.0.10:45080/idp1/')
except Exception as ex:
return 'ERROR: %s' % ex
if request is None:
return 'ERROR: No request'
# Attach extensions here
if self.extensions:
request.addExtension(sreg.SRegRequest(
required=['nickname', 'email', 'timezone']))
ax_req = ax.FetchRequest()
ax_req_name = ax.AttrInfo('http://schema.openid.net/namePerson')
ax_req.add(ax_req_name)
request.addExtension(ax_req)
username = pwd.getpwuid(os.getuid())[0]
request.addExtension(teams.TeamsRequest(requested=[username]))
# Build and send final request
trust_root = cherrypy.url()
return_to = trust_root + 'finish'
if request.shouldSendRedirect():
redirect_url = request.redirectURL(
trust_root, return_to)
raise cherrypy.HTTPRedirect(redirect_url)
else:
return request.htmlMarkup(
trust_root, return_to)
def handle_openid_login_request():
openid_url = request.form['openid_identifier']
try:
consumer = openid.Consumer(session, None)
openid_req = consumer.begin(openid_url)
except openid.DiscoveryFailure:
logger.exception('Error in OpenID discovery')
raise
else:
if openid_req is None:
raise Exception('No OpenID services found for the given URL')
else:
ax_req = ax.FetchRequest()
ax_req.add(
ax.AttrInfo('http://schema.openid.net/contact/email',
alias='email'))
ax_req.add(
ax.AttrInfo('http://axschema.org/namePerson/friendly',
alias='nickname'))
openid_req.addExtension(ax_req)
url = openid_req.redirectURL(
get_openid_realm(),
url_for('.openid_login',
return_url=request.values.get('return_url'),
_external=True))
return redirect(url)
raise Exception('OpenID login failed')
def _handle_openid_request(self):
""" Code actually handling the openid requests. """
return_url = flask.session.get('FLASK_FAS_OPENID_RETURN_URL', None)
cancel_url = flask.session.get('FLASK_FAS_OPENID_CANCEL_URL', None)
base_url = self.normalize_url(flask.request.base_url)
oidconsumer = consumer.Consumer(flask.session, None)
info = oidconsumer.complete(flask.request.values, base_url)
display_identifier = info.getDisplayIdentifier()
if info.status == consumer.FAILURE and display_identifier:
return 'FAILURE. display_identifier: %s' % display_identifier
elif info.status == consumer.CANCEL:
if cancel_url:
return flask.redirect(cancel_url)
return 'OpenID request was cancelled'
elif info.status == consumer.SUCCESS:
sreg_resp = sreg.SRegResponse.fromSuccessResponse(info)
teams_resp = teams.TeamsResponse.fromSuccessResponse(info)
cla_resp = cla.CLAResponse.fromSuccessResponse(info)
ax_resp = ax.FetchResponse.fromSuccessResponse(info)
user = {
'fullname': '',
'username': '',
'email': '',
'timezone': '',
'cla_done': False,
'groups': []
}
if not sreg_resp:
# If we have no basic info, be gone with them!
return flask.redirect(cancel_url)
user['username'] = sreg_resp.get('nickname')
user['fullname'] = sreg_resp.get('fullname')
user['email'] = sreg_resp.get('email')
user['timezone'] = sreg_resp.get('timezone')
user['login_time'] = datetime.datetime.utcnow()
if cla_resp:
user['cla_done'] = cla.CLA_URI_FEDORA_DONE in cla_resp.clas
if teams_resp:
# The groups do not contain the cla_ groups
user['groups'] = frozenset(teams_resp.teams)
if ax_resp:
ssh_keys = ax_resp.get(
'http://fedoauth.org/openid/schema/SSH/key')
if isinstance(ssh_keys, (list, tuple)):
ssh_keys = '\n'.join(ssh_key for ssh_key in ssh_keys
if ssh_key.strip())
if ssh_keys:
user['ssh_key'] = ssh_keys
flask.session['FLASK_FAS_OPENID_USER'] = user
flask.session.modified = True
if self.postlogin_func is not None:
self._check_session()
return self.postlogin_func(return_url)
else:
return flask.redirect(return_url)
else:
return 'Strange state: %s' % info.status
def login(self, return_url=None, cancel_url=None, groups=None):
"""Tries to log in a user.
Sets the user information on :attr:`flask.g.fas_user`.
Will set 0 to :attr:`flask.g.fas_session_id, for compatibility
with flask_fas.
:kwarg username: Not used, but accepted for compatibility with the
flask_fas module
:kwarg password: Not used, but accepted for compatibility with the
flask_fas module
:kwarg return_url: The URL to forward the user to after login
:kwarg groups: A string or a list of group the user should belong
to to be authentified.
:returns: True if the user was succesfully authenticated.
:raises: Might raise an redirect to the OpenID endpoint
"""
if groups is None:
groups = ['_FAS_ALL_GROUPS_']
if return_url is None:
return_url = flask.request.args.get('next', flask.request.url)
session = {}
oidconsumer = consumer.Consumer(session, None)
try:
request = oidconsumer.begin(self.app.config['FAS_OPENID_ENDPOINT'])
except consumer.DiscoveryFailure:
# VERY strange, as this means it could not discover an OpenID
# endpoint at FAS_OPENID_ENDPOINT
return 'discoveryfailure'
if request is None:
# Also very strange, as this means the discovered OpenID
# endpoint is no OpenID endpoint
return 'no-request'
if isinstance(groups, basestring):
groups = [groups]
request.addExtension(
sreg.SRegRequest(
required=['nickname', 'fullname', 'email', 'timezone']))
request.addExtension(pape.Request([]))
request.addExtension(teams.TeamsRequest(requested=groups))
request.addExtension(
cla.CLARequest(requested=[cla.CLA_URI_FEDORA_DONE]))
trust_root = self.normalize_url(flask.request.url_root)
return_to = trust_root + '_flask_fas_openid_handler/'
flask.session['FLASK_FAS_OPENID_RETURN_URL'] = return_url
flask.session['FLASK_FAS_OPENID_CANCEL_URL'] = cancel_url
if request.shouldSendRedirect():
redirect_url = request.redirectURL(trust_root, return_to, False)
return flask.redirect(redirect_url)
else:
return request.htmlMarkup(trust_root,
return_to,
form_tag_attrs={'id': 'openid_message'},
immediate=False)
def main():
#create a base consumer object
oidconsumer = consumer.Consumer({}, None)
#create return to url
url = "http://%s/complete.py" % (os.environ['HTTP_HOST'])
#print page content type
print 'Content-Type: text/plain'
print ''
#parse query string parameters into dictionary
params = {}
string_split = [s for s in os.environ['QUERY_STRING'].split('&') if s]
for item in string_split:
key, value = item.split('=')
params[key] = urllib.unquote(value)
#complete OpenID authentication and get identifier
info = oidconsumer.complete(params, url)
display_identifier = info.getDisplayIdentifier()
#get simple registration and pape extension responses
sreg_resp = sreg.SRegResponse.fromSuccessResponse(info)
pape_resp = pape.Response.fromSuccessResponse(info)
#build attribute exchange response object
ax_response = ax.FetchResponse.fromSuccessResponse(info)
if ax_response:
ax_items = {
'email': ax_response.get('http://axschema.org/contact/email'),
'fullname': ax_response.get('http://axschema.org/namePerson'),
'gender': ax_response.get('http://axschema.org/person/gender'),
'picture':
ax_response.get('http://axschema.org/media/image/default')
}
print ax_items
#print all OpenID responses
print display_identifier
if sreg_resp is not None:
print sreg_resp
if pape_resp is not None:
print pape_resp
if info.status == consumer.FAILURE and display_identifier:
message = "Verification failed"
elif info.status == consumer.SUCCESS:
message = 'Success'
elif info.status == consumer.CANCEL:
message = 'Verification cancelled'
elif info.status == consumer.SETUP_NEEDED:
message = 'Setup needed'
else:
message = 'Verification failed.'
print message
def get_openid_request(openid_url):
"""
リダイレクト先URLとconsumerオブジェクトを返す
"""
# consumerオブジェクトを作ってリダイレクト先を取得
c = consumer.Consumer({}, FileOpenIDStore(settings.OPENID_STORE_DIR))
req = c.begin(openid_url)
return req.redirectURL(get_openid_realm(), get_openid_verify_url()), c
def _get_consumer(self, req):
s = self._get_session(req)
if 'id' not in s:
s['id'] = req.session.sid
db = self.env.get_db_cnx()
store = self._getStore(db)
return consumer.Consumer(s, store), s
def confirm_openid(request, openid_id):
session = {'id': request.session.session_key}
current_url = settings.SITE_URL + request.path
oidutil.log = openid_logging
openid_consumer = consumer.Consumer(session, DjangoOpenIDStore())
if request.method == 'POST':
info = openid_consumer.complete(request.POST, current_url)
else:
info = openid_consumer.complete(request.GET, current_url)
if info.status == consumer.FAILURE:
return render_to_response('account/openid_confirmationfailed.html',
{'message': info.message},
context_instance=RequestContext(request))
elif info.status == consumer.CANCEL:
return render_to_response('account/openid_confirmationfailed.html',
{'message': '(cancelled by user)'},
context_instance=RequestContext(request))
elif info.status != consumer.SUCCESS:
return render_to_response('account/openid_confirmationfailed.html',
{'message': '(unknown verification error)'},
context_instance=RequestContext(request))
try:
unconfirmed = UnconfirmedOpenId.objects.get(id=openid_id,
user=request.user)
except UnconfirmedOpenId.DoesNotExist:
return render_to_response(
'account/openid_confirmationfailed.html',
{'message': 'ID %s not found in the database.' % openid_id},
context_instance=RequestContext(request))
# TODO: check for a reasonable expiration time
confirmed = ConfirmedOpenId()
confirmed.user = unconfirmed.user
confirmed.ip_address = request.META['REMOTE_ADDR']
confirmed.openid = unconfirmed.openid
confirmed.save()
unconfirmed.delete()
# if there's a single image in this user's profile, assign it to the new email
photos = confirmed.user.photos
if photos.count() == 1:
confirmed.set_photo(photos.get())
# Also allow user to login using this OpenID (if not taken already)
if not UserOpenID.objects.filter(claimed_id=confirmed.openid).exists():
user_openid = UserOpenID()
user_openid.user = request.user
user_openid.claimed_id = confirmed.openid
user_openid.display_id = confirmed.openid
user_openid.save()
return HttpResponseRedirect(reverse('libravatar.account.views.profile'))
def start_openid_auth(provider):
oid_consumer = consumer.Consumer(session, None)
oid_request = oid_consumer.begin(provider)
user_data_request = sreg.SRegRequest(required=['email', 'fullname'])
oid_request.addExtension(user_data_request)
return_to = url_for('auth.signed_in', _external=True)
return oid_request.redirectURL(request.url_root, return_to=return_to)
def handleOpenIdResponse(self, args):
c = consumer.Consumer({}, AppEngineOpenIDStore())
result = c.complete(args, self.server_url(self.requestPath()))
if result.status == consumer.SUCCESS:
ax_response = ax.FetchResponse.fromSuccessResponse(result)
self.handleSuccess(result.identity_url, ax_response)
else: # NOTE(mzero): generally result.status == consumer.FAILURE
self.handleFailure(result.message)
def login(self, request):
log_debug = self.log_debug
if log_debug:
log.debug('Handling OpenID login')
# Load default parameters that all Auth Responders take
openid_url = request.params.get('openid_identifier')
# Let inherited consumers alter the openid identifier if desired
openid_url = self._lookup_identifier(request, openid_url)
if not openid_url:
log.error('Velruse: no openid_url')
raise MissingParameter('No openid_identifier was found')
openid_session = {}
oidconsumer = consumer.Consumer(openid_session, self.openid_store)
try:
if log_debug:
log.debug('About to try OpenID begin')
authrequest = oidconsumer.begin(openid_url)
except consumer.DiscoveryFailure:
if log_debug:
log.debug('OpenID begin DiscoveryFailure')
raise
if authrequest is None:
if log_debug:
log.debug('OpenID begin returned empty')
raise ThirdPartyFailure("OpenID begin returned nothing")
if log_debug:
log.debug('Updating authrequest')
# Update the authrequest
self._update_authrequest(request, authrequest)
return_to = request.route_url(self.process_url)
# OpenID 2.0 lets Providers request POST instead of redirect, this
# checks for such a request.
if authrequest.shouldSendRedirect():
if log_debug:
log.debug('About to initiate OpenID redirect')
redirect_url = authrequest.redirectURL(realm=self.realm,
return_to=return_to,
immediate=False)
request.session['openid_session'] = openid_session
return HTTPFound(location=redirect_url)
else:
if log_debug:
log.debug('About to initiate OpenID POST')
html = authrequest.htmlMarkup(
realm=self.realm, return_to=return_to, immediate=False)
request.session['openid_session'] = openid_session
return Response(body=html)
def auth_login(request):
oidconsumer = consumer.Consumer(dict(request.session), None)
openid_request = oidconsumer.begin(u'http://ru.wargaming.net/id/openid/')
trust_root = 'http://%s' % request.META['HTTP_HOST']
return_to = '%s%s' % (trust_root, reverse('auth_callback'))
redirect_to = openid_request.redirectURL(trust_root,
return_to,
immediate=False)
return HttpResponseRedirect(redirect_to)
