def consolidate_google_complete(request):
""" Verifies params to the current User
Completes the Google merge
Adds the identifier from the collaborating service
"""
username = request.GET.get('username', '')
email = request.GET.get('email', '')
openid_key = request.GET.get('openid_key', '')
signature = request.GET.get('signature', '')
verify_signature = helpers.sign(username + email + openid_key,
settings.CONSOLIDATE_GOOGLE_SECRET)
try:
openid_profile = OpenidProfile.objects.get(user=request.user)
except OpenidProfile.DoesNotExist:
logger.error('OpenID profile for user does not exist!')
else:
if verify_signature == signature:
if openid_profile.email == email and openid_profile.openid_key == openid_key:
signals.consolidate_google_complete_add_identifer.send(sender=consolidate_google_complete,
identifier=username, user=request.user)
openid_profile.needs_google_crossdomain_merge = False
openid_profile.save()
logger.info('Service is %s'% request.session.get('service_name'))
return HttpResponseRedirect(reverse('cas_socialauth_login'))
else:
logger.error('OpenID emails or keys did not match! %s/%s -- %s/%s' % (openid_profile.email, email,
openid_profile.openid_key, openid_key))
else:
logger.error('Signatures did not match! \n%s---\n%s\n%s\n---\n%s\n%s\n---\n%s\n%s\n---%s' % (
username,
email, openid_profile.email,
openid_key, openid_profile.openid_key,
signature, verify_signature,
settings.CONSOLIDATE_GOOGLE_SECRET,
))
logger.error('Failed to consolidate Google OpenID.')
return HttpResponseRedirect(reverse('socialauth_consolidate_google_failed'))
def openid_done(request, provider=None):
"""
When the request reaches here, the user has completed the Openid
authentication flow. He has authorised us to login via Openid, so
request.openid is populated.
After coming here, we want to check if we are seeing this openid first time.
If we are, we will create a new Django user for this Openid, else login the
existing openid.
"""
if not provider:
provider = request.session.get('openid_provider', '')
if hasattr(request,'openid') and request.openid:
#check for already existing associations
openid_key = str(request.openid)
if request.user and request.user.is_authenticated():
res = authenticate(openid_key=openid_key, request=request, provider = provider, user=request.user)
if res:
return HttpResponseRedirect(settings.ADD_LOGIN_REDIRECT_URL + '?add_login=true')
else:
return HttpResponseRedirect(settings.ADD_LOGIN_REDIRECT_URL + '?add_login=false')
else:
#authenticate and login
user = authenticate(openid_key=openid_key, request=request, provider = provider)
openid_profile = OpenidProfile.objects.get(openid_key=openid_key)
# From Apocalypse
if user and request.session.get('consolidating_google', False):
if request.session['google_email'] == openid_profile.email:
federation_openid_key = request.session['google_openid_key']
del request.session['consolidating_google']
del request.session['google_email']
del request.session['google_openid_key']
#FIXME: Is this secure?
data = {'username': user.username,
'email': openid_profile.email,
'openid_key': federation_openid_key,
}
data['signature'] = helpers.sign(data['username'] + data['email'] + data['openid_key'],
settings.CONSOLIDATE_GOOGLE_SECRET)
logger.info(settings.CONSOLIDATE_GOOGLE_SECRET)
return HttpResponseRedirect(settings.CONSOLIDATE_GOOGLE_COMPLETE \
+ '?' + urllib.urlencode(data))
else:
logger.error('Google OpenID emails did not match. \n---\n%s\n%s\n---' % (request.session['google_email'], openid_profile.email))
return HttpResponseRedirect(settings.CONSOLIDATE_GOOGLE_FAILED)
# From Federation
if user and OpenidProfile.objects.needs_google_crossdomain_merge(openid_key):
session = dict(request.session)
login(request, user)
restore_session(request, session)
return HttpResponseRedirect(reverse('socialauth_consolidate_google_confirm'))
# if user is authenticated then login user through CAS
elif user:
# Restore unique session keys from old session
session = dict(request.session)
login(request, user)
restore_session(request, session)
return HttpResponseRedirect(settings.SOCIALAUTH_CAS_LOGIN_URL)
else:
return HttpResponseRedirect(settings.LOGIN_URL)
else:
return HttpResponseRedirect(settings.LOGIN_URL)
