def perform_openid_auth(self, form):
if not form.is_valid():
return form
request = self.request
provider = self.provider(request)
endpoint = form.cleaned_data["openid"]
client = self.get_client(provider, endpoint)
realm = self.get_realm(provider)
auth_request = client.begin(endpoint)
if QUERY_EMAIL:
sreg = SRegRequest()
for name in SRegFields:
sreg.requestField(field_name=name, required=True)
auth_request.addExtension(sreg)
ax = FetchRequest()
for name in AXAttributes:
ax.add(AttrInfo(name, required=True))
provider = OpenIDProvider(request)
server_settings = provider.get_server_settings(
request.GET.get("openid"))
extra_attributes = server_settings.get("extra_attributes", [])
for _, name, required in extra_attributes:
ax.add(AttrInfo(name, required=required))
auth_request.addExtension(ax)
SocialLogin.stash_state(request)
# Fix for issues 1523 and 2072 (github django-allauth)
if "next" in form.cleaned_data and form.cleaned_data["next"]:
auth_request.return_to_args["next"] = form.cleaned_data["next"]
redirect_url = auth_request.redirectURL(
realm, request.build_absolute_uri(self.get_callback_url()))
return HttpResponseRedirect(redirect_url)
def dispatch(self, request):
if 'openid' in request.GET or request.method == 'POST':
form = LoginForm(
dict(list(request.GET.items()) + list(request.POST.items())))
if form.is_valid():
client = _openid_consumer(request)
try:
auth_request = client.begin(form.cleaned_data['openid'])
provider = self.provider
app = provider.get_app(request)
if QUERY_EMAIL:
sreg = SRegRequest()
for name in SRegFields:
sreg.requestField(field_name=name, required=True)
auth_request.addExtension(sreg)
ax = FetchRequest()
for name in AXAttributes:
ax.add(AttrInfo(name, required=True))
server_settings = provider.get_server_settings(
request.GET.get('openid'))
extra_attributes = server_settings.get(
'extra_attributes', [])
for _, name, required in extra_attributes:
ax.add(AttrInfo(name, required=required))
auth_request.addExtension(ax)
callback_url = provider.get_callback_url(request, app)
SocialLogin.stash_state(request)
# https://github.com/pennersr/django-allauth/issues/1523
auth_request.return_to_args['next'] = \
form.cleaned_data.get('next', '/')
redirect_url = auth_request.redirectURL(
request.build_absolute_uri('/'),
request.build_absolute_uri(callback_url))
return HttpResponseRedirect(redirect_url)
# UnicodeDecodeError:
# see https://github.com/necaris/python3-openid/issues/1
except (UnicodeDecodeError, DiscoveryFailure) as e:
if request.method == 'POST':
form._errors["openid"] = form.error_class([e])
else:
return render_authentication_error(request,
self.provider.id,
exception=e)
else:
form = LoginForm(
initial={
'next': request.GET.get('next'),
'process': request.GET.get('process')
})
d = dict(form=form)
return render(request, "openid/login.html", d)
def prepare_authentication_request(self, request, redirect_to):
if not redirect_to.startswith('http://') or redirect_to.startswith(
'https://'):
redirect_to = get_url_host(request) + redirect_to
user_url = self.get_user_url(request)
if xri.identifierScheme(user_url) == 'XRI' and getattr(
settings, 'OPENID_DISALLOW_INAMES', False):
raise InvalidAuthentication('i-names are not supported')
consumer = Consumer(request.session, OsqaOpenIDStore())
try:
auth_request = consumer.begin(user_url)
except DiscoveryFailure:
raise InvalidAuthentication(
_('Sorry, but your input is not a valid OpenId'))
sreg = getattr(self, 'sreg_attributes', False)
if sreg:
s = SRegRequest()
for k, attr_dic in sreg.items():
if k == "policy_url":
s.policy_url = attr_dic
continue
for attr_name in attr_dic.keys():
s.requestField(field_name=attr_name,
required=(k == "required"))
auth_request.addExtension(s)
ax_schema = getattr(self, 'dataype2ax_schema', False)
if ax_schema and request.session.get('force_email_request', True):
axr = AXFetchRequest()
for data_type, schema in ax_schema.items():
if isinstance(schema, tuple):
axr.add(AttrInfo(schema[0], required=True,
alias=schema[1]))
else:
axr.add(AttrInfo(schema, required=True, alias=data_type))
auth_request.addExtension(axr)
trust_root = getattr(settings, 'OPENID_TRUST_ROOT',
get_url_host(request) + '/')
return auth_request.redirectURL(trust_root, redirect_to)
def begin(request, openid_url):
request.session['request_referer'] = urlparse.urljoin(request.META.get('HTTP_REFERER', ''), '/')
consumer = Consumer(request.session, DjangoOpenIDStore())
try:
auth_request = consumer.begin(openid_url)
except DiscoveryFailure:
return on_failure(request, _('The OpenID was invalid'))
s = SRegRequest()
for sarg in OPENID_SREG:
if sarg.lower().lstrip() == "policy_url":
s.policy_url = OPENID_SREG[sarg]
else:
for v in OPENID_SREG[sarg].split(','):
s.requestField(field_name=v.lower().lstrip(), required=(sarg.lower().lstrip() == "required"))
auth_request.addExtension(s)
axr = AXFetchRequest()
for i in OPENID_AX:
axr.add(AttrInfo(i['type_uri'], i['count'], i['required'], i['alias']))
auth_request.addExtension(axr)
redirect_url = auth_request.redirectURL(get_trusted_root(request),
request.build_absolute_uri(reverse("openid_complete")))
return HttpResponseRedirect(redirect_url)
def login(request):
if 'openid' in request.GET or request.method == 'POST':
form = LoginForm(request.REQUEST)
if form.is_valid():
client = _openid_consumer(request)
try:
auth_request = client.begin(form.cleaned_data['openid'])
if QUERY_EMAIL:
sreg = SRegRequest()
sreg.requestField(field_name=SRegField.EMAIL,
required=True)
auth_request.addExtension(sreg)
ax = FetchRequest()
ax.add(AttrInfo(AXAttribute.CONTACT_EMAIL, required=True))
auth_request.addExtension(ax)
callback_url = reverse(callback)
SocialLogin.stash_state(request)
redirect_url = auth_request.redirectURL(
request.build_absolute_uri('/'),
request.build_absolute_uri(callback_url))
return HttpResponseRedirect(redirect_url)
# UnicodeDecodeError:
# see https://github.com/necaris/python3-openid/issues/1
except (UnicodeDecodeError, DiscoveryFailure) as e:
if request.method == 'POST':
form._errors["openid"] = form.error_class([e])
else:
return render_authentication_error(request)
else:
form = LoginForm()
d = dict(form=form)
return render_to_response('openid/login.html',
d,
context_instance=RequestContext(request))
def login(request):
if 'openid' in request.GET or request.method == 'POST':
form = LoginForm(request.REQUEST)
if form.is_valid():
client = _openid_consumer(request)
try:
auth_request = client.begin(form.cleaned_data['openid'])
if QUERY_EMAIL:
sreg = SRegRequest()
sreg.requestField(field_name=SRegField.EMAIL, required=True)
auth_request.addExtension(sreg)
ax = FetchRequest()
ax.add(AttrInfo(AXAttribute.CONTACT_EMAIL,
required=True))
auth_request.addExtension(ax)
callback_url = reverse(callback)
state = SocialLogin.marshall_state(request)
callback_url = callback_url + '?' + urlencode(dict(state=state))
redirect_url = auth_request.redirectURL(
request.build_absolute_uri('/'),
request.build_absolute_uri(callback_url))
return HttpResponseRedirect(redirect_url)
except DiscoveryFailure, e:
if request.method == 'POST':
form._errors["openid"] = form.error_class([e])
else:
return render_authentication_error(request)
def post(self, request, *args, **kwargs):
data = dict(list(request.GET.items()) + list(request.POST.items()))
if self.provider.endpoint:
data['openid'] = self.provider.endpoint
form = LoginForm(data)
if form.is_valid():
client = _openid_consumer(request)
try:
auth_request = client.begin(form.cleaned_data['openid'])
if QUERY_EMAIL:
sreg = SRegRequest()
for name in SRegFields:
sreg.requestField(field_name=name, required=True)
auth_request.addExtension(sreg)
ax = FetchRequest()
for name in AXAttributes:
ax.add(AttrInfo(name, required=True))
auth_request.addExtension(ax)
callback_url = reverse(self.callback_view)
SocialLogin.stash_state(request)
redirect_url = auth_request.redirectURL(
request.build_absolute_uri('/'),
request.build_absolute_uri(callback_url))
return HttpResponseRedirect(redirect_url)
# UnicodeDecodeError:
# see https://github.com/necaris/python3-openid/issues/1
except (UnicodeDecodeError, DiscoveryFailure) as e:
if request.method == 'POST':
form._errors["openid"] = form.error_class([e])
else:
return render_authentication_error(request,
self.provider.id,
exception=e)
return render(request, self.template_name, {'form': form})
def begin(self, request, data):
try:
openid_url = data['openid_url'].strip()
except KeyError:
messages.error(request, lang.FILL_OPENID_URL)
raise Redirect('publicauth-login')
# allow user to type openid provider without http:// prefix
if not openid_url.startswith("http"):
openid_url = "http://%s" % openid_url
return_url = request.build_absolute_uri(
reverse('publicauth-complete', args=[self.provider]))
request.session['openid_return_to'] = return_url
client = consumer.Consumer(request.session, None)
try:
openid_request = client.begin(openid_url)
sreg_extra = [i for i in self.PROFILE_MAPPING]
sreg = SRegRequest(required=sreg_extra)
openid_request.addExtension(sreg)
ax_msg = FetchRequest()
for detail in self.PROFILE_MAPPING:
ax_msg.add(AttrInfo(settings.AX_URIS[detail], required=True))
openid_request.addExtension(ax_msg)
redirect_url = openid_request.redirectURL(realm='http://' +
request.get_host(),
return_to=return_url)
raise Redirect(redirect_url)
except discover.DiscoveryFailure:
messages.error(request, _('Could not find OpenID server'))
raise Redirect('publicauth-login')
def test02(self):
interface = SQLAlchemyAXInterface()
interface.connectionString = \
SQLAlchemyAXInterfaceTestCase.DB_CONNECTION_STR
interface.attributeNames = ('firstName', 'lastName', 'emailAddress')
interface.sqlQuery = ("select firstname, lastname, emailAddress from "
"users where username = '******'")
axReq = FetchRequest()
for typeURI in interface.attributeNames:
axReq.add(AttrInfo(typeURI, required=True))
axResp = FetchResponse()
authnCtx = {
SQLAlchemyAXInterface.USERNAME_SESSION_KEYNAME:
SQLAlchemyAXInterfaceTestCase.USERNAME
}
interface(axReq, axResp, None, authnCtx)
axData = axResp.getExtensionArgs()
self.assert_(len(axData.keys()) > 0)
print(axData)
def prepare_authentication_request(self, request, redirect_to):
if not redirect_to.startswith('http://') or redirect_to.startswith(
'https://'):
redirect_to = get_url_host(request) + redirect_to
user_url = self.get_user_url(request)
if xri.identifierScheme(user_url) == 'XRI' and getattr(
settings, 'OPENID_DISALLOW_INAMES', False):
raise InvalidAuthentication('i-names are not supported')
consumer = Consumer(request.session, OsqaOpenIDStore())
try:
auth_request = consumer.begin(user_url)
except DiscoveryFailure:
raise InvalidAuthentication(
_('Sorry, but your input is not a valid OpenId'))
#sreg = getattr(settings, 'OPENID_SREG', False)
#if sreg:
# s = SRegRequest()
# for sarg in sreg:
# if sarg.lower().lstrip() == "policy_url":
# s.policy_url = sreg[sarg]
# else:
# for v in sreg[sarg].split(','):
# s.requestField(field_name=v.lower().lstrip(), required=(sarg.lower().lstrip() == "required"))
# auth_request.addExtension(s)
#auth_request.addExtension(SRegRequest(required=['email']))
if request.session.get('force_email_request', True):
axr = AXFetchRequest()
for data_type, schema in self.dataype2ax_schema.items():
if isinstance(schema, tuple):
axr.add(AttrInfo(schema[0], 1, True, schema[1]))
else:
axr.add(AttrInfo(schema, 1, True, data_type))
auth_request.addExtension(axr)
trust_root = getattr(settings, 'OPENID_TRUST_ROOT',
get_url_host(request) + '/')
return auth_request.redirectURL(trust_root, redirect_to)
def login(request):
if 'openid' in request.GET or request.method == 'POST':
form = LoginForm(
dict(list(request.GET.items()) + list(request.POST.items())))
if form.is_valid():
client = _openid_consumer(request)
try:
auth_request = client.begin(form.cleaned_data['openid'])
if QUERY_EMAIL:
sreg = SRegRequest()
for name in SRegFields:
sreg.requestField(field_name=name, required=True)
auth_request.addExtension(sreg)
ax = FetchRequest()
for name in AXAttributes:
ax.add(AttrInfo(name, required=True))
auth_request.addExtension(ax)
callback_url = reverse(callback)
SocialLogin.stash_state(request)
redirect_url = auth_request.redirectURL(
request.build_absolute_uri('/'),
request.build_absolute_uri(callback_url))
return HttpResponseRedirect(redirect_url)
# UnicodeDecodeError:
# see https://github.com/necaris/python3-openid/issues/1
except (UnicodeDecodeError, DiscoveryFailure) as e:
if request.method == 'POST':
form._errors["openid"] = form.error_class([e])
else:
return render_authentication_error(request,
OpenIDProvider.id,
exception=e)
else:
form = LoginForm(initial={
'next': request.GET.get('next'),
'process': request.GET.get('process')
})
d = dict(form=form)
return render_to_response('openid/login.html',
d,
context_instance=RequestContext(request))
def begin(request,
confirmed=True,
redirect_to=None,
on_failure=None,
user_url=None,
template_name='openid_consumer/signin.html'):
on_failure = on_failure or default_on_failure
trust_root = getattr(settings, 'OPENID_TRUST_ROOT',
get_url_host(request) + '/')
# foo derbis.
redirect_to = redirect_to or getattr(
settings,
'OPENID_REDIRECT_TO',
# If not explicitly set, assume current URL with complete/ appended
get_full_url(request).split('?')[0] + 'complete/')
# In case they were lazy...
if not redirect_to.startswith('http://') or redirect_to.startswith(
'https://'):
redirect_to = get_url_host(request) + redirect_to
if request.GET.get('next') and is_valid_next_url(request.GET['next']):
if '?' in redirect_to:
join = '&'
else:
join = '?'
redirect_to += join + urlencode({'next': request.GET['next']})
if not user_url:
user_url = request.REQUEST.get('openid_url', None)
if not user_url:
request_path = request.path
if request.GET.get('next'):
request_path += '?' + urlencode({'next': request.GET['next']})
return render(template_name, {
'action': request_path,
}, RequestContext(request))
if xri.identifierScheme(user_url) == 'XRI' and getattr(
settings, 'OPENID_DISALLOW_INAMES', False):
return on_failure(request, _('i-names are not supported'))
consumer = Consumer(request.session, DjangoOpenIDStore())
try:
auth_request = consumer.begin(user_url)
except DiscoveryFailure:
return on_failure(request, _('The OpenID was invalid'))
sreg = getattr(settings, 'OPENID_SREG', False)
if sreg:
s = SRegRequest()
for sarg in sreg:
if sarg.lower().lstrip() == "policy_url":
s.policy_url = sreg[sarg]
else:
for v in sreg[sarg].split(','):
s.requestField(
field_name=v.lower().lstrip(),
required=(sarg.lower().lstrip() == "required"))
auth_request.addExtension(s)
pape = getattr(settings, 'OPENID_PAPE', False)
if pape:
if openid.__version__ <= '2.0.0' and openid.__version__ >= '2.1.0':
raise ImportError, 'For pape extension you need python-openid 2.1.0 or newer'
p = PapeRequest()
for parg in pape:
if parg.lower().strip() == 'policy_list':
for v in pape[parg].split(','):
p.addPolicyURI(v)
elif parg.lower().strip() == 'max_auth_age':
p.max_auth_age = pape[parg]
auth_request.addExtension(p)
ax = getattr(settings, 'OPENID_AX', [])
if ax:
axr = AXFetchRequest()
for i in ax:
axr.add(
AttrInfo(i['type_uri'], i['count'], i['required'], i['alias']))
auth_request.addExtension(axr)
redirect_url = auth_request.redirectURL(trust_root, redirect_to)
return HttpResponseRedirect(redirect_url)
