Exemple #1
0
def consolidate_google_complete(request):
    """ Verifies params to the current User
        Completes the Google merge
        Adds the identifier from the collaborating service
    """

    username = request.GET.get('username', '')
    email = request.GET.get('email', '')
    openid_key = request.GET.get('openid_key', '')
    signature = request.GET.get('signature', '')
    verify_signature = helpers.sign(username + email + openid_key,
                                    settings.CONSOLIDATE_GOOGLE_SECRET)

    try:
        openid_profile = OpenidProfile.objects.get(user=request.user)
    except OpenidProfile.DoesNotExist:
        logger.error('OpenID profile for user does not exist!')
    else:
        if verify_signature == signature:
            if openid_profile.email == email and openid_profile.openid_key == openid_key:
                signals.consolidate_google_complete_add_identifer.send(sender=consolidate_google_complete,
                                                                       identifier=username, user=request.user)
                openid_profile.needs_google_crossdomain_merge = False
                openid_profile.save()
                logger.info('Service is %s'% request.session.get('service_name'))
                return HttpResponseRedirect(reverse('cas_socialauth_login'))
            else:
                logger.error('OpenID emails or keys did not match! %s/%s -- %s/%s' % (openid_profile.email, email,
                                                                                      openid_profile.openid_key, openid_key))
        else:
            logger.error('Signatures did not match! \n%s---\n%s\n%s\n---\n%s\n%s\n---\n%s\n%s\n---%s' % (
                username,
                email, openid_profile.email,
                openid_key, openid_profile.openid_key,
                signature, verify_signature,
                settings.CONSOLIDATE_GOOGLE_SECRET,
                ))

    logger.error('Failed to consolidate Google OpenID.')
    return HttpResponseRedirect(reverse('socialauth_consolidate_google_failed'))
Exemple #2
0
def openid_done(request, provider=None):
    """
    When the request reaches here, the user has completed the Openid
    authentication flow. He has authorised us to login via Openid, so
    request.openid is populated.
    After coming here, we want to check if we are seeing this openid first time.
    If we are, we will create a new Django user for this Openid, else login the
    existing openid.
    """
    if not provider:
        provider = request.session.get('openid_provider', '')
    if hasattr(request,'openid') and request.openid:
        #check for already existing associations
        openid_key = str(request.openid)
        if request.user and request.user.is_authenticated():

            res = authenticate(openid_key=openid_key, request=request, provider = provider, user=request.user)
            if res:
                return HttpResponseRedirect(settings.ADD_LOGIN_REDIRECT_URL + '?add_login=true')
            else:
                return HttpResponseRedirect(settings.ADD_LOGIN_REDIRECT_URL + '?add_login=false')
        else:
            #authenticate and login
            user = authenticate(openid_key=openid_key, request=request, provider = provider)
            openid_profile = OpenidProfile.objects.get(openid_key=openid_key)

            # From Apocalypse
            if user and request.session.get('consolidating_google', False):
                if request.session['google_email'] == openid_profile.email:
                    federation_openid_key = request.session['google_openid_key']
                    del request.session['consolidating_google']
                    del request.session['google_email']
                    del request.session['google_openid_key']

                    #FIXME:  Is this secure?
                    data = {'username': user.username,
                            'email': openid_profile.email,
                            'openid_key': federation_openid_key,
                            }
                    data['signature'] = helpers.sign(data['username'] + data['email'] + data['openid_key'],
                                                     settings.CONSOLIDATE_GOOGLE_SECRET)

                    logger.info(settings.CONSOLIDATE_GOOGLE_SECRET)

                    return HttpResponseRedirect(settings.CONSOLIDATE_GOOGLE_COMPLETE \
                            + '?' + urllib.urlencode(data))

                else:
                    logger.error('Google OpenID emails did not match. \n---\n%s\n%s\n---' % (request.session['google_email'], openid_profile.email))
                    return HttpResponseRedirect(settings.CONSOLIDATE_GOOGLE_FAILED)

            # From Federation
            if user and OpenidProfile.objects.needs_google_crossdomain_merge(openid_key):
                session = dict(request.session)
                login(request, user)
                restore_session(request, session)
                return HttpResponseRedirect(reverse('socialauth_consolidate_google_confirm'))

            # if user is authenticated then login user through CAS
            elif user:
                # Restore unique session keys from old session
                session = dict(request.session)
                login(request, user)
                restore_session(request, session)
                return HttpResponseRedirect(settings.SOCIALAUTH_CAS_LOGIN_URL)
            else:
                return HttpResponseRedirect(settings.LOGIN_URL)
    else:
        return HttpResponseRedirect(settings.LOGIN_URL)