Exemple #1
0
def auto_register(request, backend=None, error_msgs=''):
    """
  <Purpose>
  Part of the SOCIAL_AUTH_PIPELINE whose order is mapped in settings.py.  If
  a user logs in with a OpenID/OAuth account and that account is not yet linked
  with a Clearinghouse account, he gets redirected here.
  If a valid username is entered then a new Seattle Clearinghouse user is created.

  <Arguments>
    request:
      An HTTP request object.
    backend:
      An OpenID/OAuth backend ex google,facebook etc.
  <Exceptions>

  <Side Effects>
    A new Seattle Clearinghouse user is created.
  <Returns>
    If a user passes in a valid username he continues the pipeline and moves
    forward in the auto register process.
  """
    # Check if a username is provided
    username_form = forms.AutoRegisterForm()
    if request.method == 'POST' and request.POST.get('username'):
        name = setting('SOCIAL_AUTH_PARTIAL_PIPELINE_KEY', 'partial_pipeline')
        username_form = forms.AutoRegisterForm(request.POST)
        if username_form.is_valid():
            username = username_form.cleaned_data['username']
            try:
                interface.get_user_without_password(username)
                error_msgs = 'That username is already in use.'
            except DoesNotExistError:
                request.session['saved_username'] = request.POST['username']
                backend = request.session[name]['backend']
                return redirect('socialauth_complete', backend=backend)
    name = setting('SOCIAL_AUTH_PARTIAL_PIPELINE_KEY', 'partial_pipeline')
    backend = request.session[name]['backend']
    return render_to_response(
        'accounts/auto_register.html', {
            'backend': backend,
            'error_msgs': error_msgs,
            'username_form': username_form
        }, RequestContext(request))
Exemple #2
0
def auto_register(request,backend=None,error_msgs=''):
  """
  <Purpose>
  Part of the SOCIAL_AUTH_PIPELINE whose order is mapped in settings.py.  If
  a user logs in with a OpenID/OAuth account and that account is not yet linked
  with a Clearinghouse account, he gets redirected here.
  If a valid username is entered then a new Seattle Clearinghouse user is created.

  <Arguments>
    request:
      An HTTP request object.
    backend:
      An OpenID/OAuth backend ex google,facebook etc.
  <Exceptions>

  <Side Effects>
    A new Seattle Clearinghouse user is created.
  <Returns>
    If a user passes in a valid username he continues the pipeline and moves
    forward in the auto register process.
  """
  # Check if a username is provided 
  username_form = forms.AutoRegisterForm()
  if request.method == 'POST' and request.POST.get('username'):
    name = setting('SOCIAL_AUTH_PARTIAL_PIPELINE_KEY', 'partial_pipeline')
    username_form = forms.AutoRegisterForm(request.POST)
    if username_form.is_valid():
      username = username_form.cleaned_data['username']
      try:
        interface.get_user_without_password(username)
        error_msgs ='That username is already in use.'
      except DoesNotExistError:
        request.session['saved_username'] = request.POST['username']
        backend = request.session[name]['backend']
        return redirect('socialauth_complete', backend=backend)  
  name = setting('SOCIAL_AUTH_PARTIAL_PIPELINE_KEY', 'partial_pipeline')
  backend=request.session[name]['backend']
  return render_to_response('accounts/auto_register.html', {'backend' : backend, 'error_msgs' : error_msgs, 'username_form' : username_form}, RequestContext(request))
Exemple #3
0
    def get_encrypted_api_key(username):
        """
    <Purpose>
      Retrieve the account's API key encrypted with the account's public key.
      This provides the holder of an account's private key a means of obtaining
      the SeattleGENI API key for the account. A side effect is that this also
      provide a means of determining whether an account exists on seattlegeni.
      However, we do not protect against such querying here because the same
      can be determined in a handful of other ways through the html interface.
      
      This approach of obtaining the encrypted api key can be removed later if
      we implement a way to sign requests.
    <Arguments>
      username
        The username of the account whose encrypted API key we want.
    <Exceptions>
      Raises xmlrpclib Fault objects with fault codes:
        FAULTCODE_INVALIDREQUEST if a the provided username is not a string
          specifying a valid (existing) account username.
    <Returns>
      An string that represents DATA encrypted by (seattlelib) rsa.r2py's
      rsa_encrypt() function. DATA is a string that is the concatenation of
      a random string of 0-9a-fA-F of fixed length, an exclamation mark, and
      the API key.
      
      For example, DATA may be the following string:
        l28yDKLQGqhqdfDquDq0433!AD98OF2308Q9RYFHDHKJAC
      where
        AD98OF2308Q9RYFHDHKJAC
      is the API key.
      
      Note that this random data being prepended is just a dirty workaround for
      the lack of random padding being used by the encryption format offered by
      rsa.r2py or other repy libraries. This should be changed after a repy
      implementation of PKCS#1 is available.
    """
        try:
            assertions.assert_str(username)
        except AssertionError:
            raise xmlrpclib.Fault(FAULTCODE_INVALIDREQUEST, "Username must be a string.")

        try:
            geniuser = interface.get_user_without_password(username)
        except DoesNotExistError:
            raise xmlrpclib.Fault(FAULTCODE_INVALIDREQUEST, "Username does not exist.")

        # Don't change the number of bytes of random data without changing the API
        # spec and the xmlrpc client.
        randstring = "".join(random.sample(string.letters + string.digits, ENCRYPTED_API_KEY_PADDING_BYTES))
        data = randstring + "!" + geniuser.api_key
        data = str(data)  # make sure it's type str, not unicode, as required by rsa_encrypt
        user_pubkey_dict = rsa_string_to_publickey(geniuser.user_pubkey)
        encrypted_data = rsa_encrypt(data, user_pubkey_dict)
        # rsa_encrypt returns returns a string with an extra space in the front.
        encrypted_data = encrypted_data.strip()
        # If the encrypted_data is more than one "block" long, something odd is
        # going on and there may be no padding applied to one or more encrypted
        # blocks.
        if " " in encrypted_data:
            raise InternalError(
                "The encrypted_data to be returned by get_encrypted_api_key() "
                + "was more than one block long. user: "******" encrypted_data: "
                + encrypted_data
            )
        return encrypted_data
Exemple #4
0
 def get_encrypted_api_key(username):
   """
   <Purpose>
     Retrieve the account's API key encrypted with the account's public key.
     This provides the holder of an account's private key a means of obtaining
     the SeattleGENI API key for the account. A side effect is that this also
     provide a means of determining whether an account exists on seattlegeni.
     However, we do not protect against such querying here because the same
     can be determined in a handful of other ways through the html interface.
     
     This approach of obtaining the encrypted api key can be removed later if
     we implement a way to sign requests.
   <Arguments>
     username
       The username of the account whose encrypted API key we want.
   <Exceptions>
     Raises xmlrpclib Fault objects with fault codes:
       FAULTCODE_INVALIDREQUEST if a the provided username is not a string
         specifying a valid (existing) account username.
   <Returns>
     An string that represents DATA encrypted by (seattlelib) rsa.repy's
     rsa_encrypt() function. DATA is a string that is the concatenation of
     a random string of 0-9a-fA-F of fixed length, an exclamation mark, and
     the API key.
     
     For example, DATA may be the following string:
       l28yDKLQGqhqdfDquDq0433!AD98OF2308Q9RYFHDHKJAC
     where
       AD98OF2308Q9RYFHDHKJAC
     is the API key.
     
     Note that this random data being prepended is just a dirty workaround for
     the lack of random padding being used by the encryption format offered by
     rsa.repy or other repy libraries. This should be changed after a repy
     implementation of PKCS#1 is available.
   """
   try:
     assertions.assert_str(username)
   except AssertionError:
     raise xmlrpclib.Fault(FAULTCODE_INVALIDREQUEST, "Username must be a string.")
   
   try:
     geniuser = interface.get_user_without_password(username)
   except DoesNotExistError:
     raise xmlrpclib.Fault(FAULTCODE_INVALIDREQUEST, "Username does not exist.")
     
   # Don't change the number of bytes of random data without changing the API
   # spec and the xmlrpc client.
   randstring = ''.join(random.sample(string.letters + string.digits,
                                      ENCRYPTED_API_KEY_PADDING_BYTES)) 
   data = randstring + "!" + geniuser.api_key
   data = str(data) # make sure it's type str, not unicode, as required by rsa_encrypt
   user_pubkey_dict = rsa_string_to_publickey(geniuser.user_pubkey)
   encrypted_data = rsa_encrypt(data, user_pubkey_dict)
   # rsa_encrypt returns returns a string with an extra space in the front.
   encrypted_data = encrypted_data.strip() 
   # If the encrypted_data is more than one "block" long, something odd is
   # going on and there may be no padding applied to one or more encrypted
   # blocks.
   if ' ' in encrypted_data:
     raise InternalError("The encrypted_data to be returned by get_encrypted_api_key() " +
                         "was more than one block long. user: "******" encrypted_data: "+ encrypted_data)
   return encrypted_data