def consolidate_google_complete(request): """ Verifies params to the current User Completes the Google merge Adds the identifier from the collaborating service """ username = request.GET.get('username', '') email = request.GET.get('email', '') openid_key = request.GET.get('openid_key', '') signature = request.GET.get('signature', '') verify_signature = helpers.sign(username + email + openid_key, settings.CONSOLIDATE_GOOGLE_SECRET) try: openid_profile = OpenidProfile.objects.get(user=request.user) except OpenidProfile.DoesNotExist: logger.error('OpenID profile for user does not exist!') else: if verify_signature == signature: if openid_profile.email == email and openid_profile.openid_key == openid_key: signals.consolidate_google_complete_add_identifer.send(sender=consolidate_google_complete, identifier=username, user=request.user) openid_profile.needs_google_crossdomain_merge = False openid_profile.save() logger.info('Service is %s'% request.session.get('service_name')) return HttpResponseRedirect(reverse('cas_socialauth_login')) else: logger.error('OpenID emails or keys did not match! %s/%s -- %s/%s' % (openid_profile.email, email, openid_profile.openid_key, openid_key)) else: logger.error('Signatures did not match! \n%s---\n%s\n%s\n---\n%s\n%s\n---\n%s\n%s\n---%s' % ( username, email, openid_profile.email, openid_key, openid_profile.openid_key, signature, verify_signature, settings.CONSOLIDATE_GOOGLE_SECRET, )) logger.error('Failed to consolidate Google OpenID.') return HttpResponseRedirect(reverse('socialauth_consolidate_google_failed'))
def openid_done(request, provider=None): """ When the request reaches here, the user has completed the Openid authentication flow. He has authorised us to login via Openid, so request.openid is populated. After coming here, we want to check if we are seeing this openid first time. If we are, we will create a new Django user for this Openid, else login the existing openid. """ if not provider: provider = request.session.get('openid_provider', '') if hasattr(request,'openid') and request.openid: #check for already existing associations openid_key = str(request.openid) if request.user and request.user.is_authenticated(): res = authenticate(openid_key=openid_key, request=request, provider = provider, user=request.user) if res: return HttpResponseRedirect(settings.ADD_LOGIN_REDIRECT_URL + '?add_login=true') else: return HttpResponseRedirect(settings.ADD_LOGIN_REDIRECT_URL + '?add_login=false') else: #authenticate and login user = authenticate(openid_key=openid_key, request=request, provider = provider) openid_profile = OpenidProfile.objects.get(openid_key=openid_key) # From Apocalypse if user and request.session.get('consolidating_google', False): if request.session['google_email'] == openid_profile.email: federation_openid_key = request.session['google_openid_key'] del request.session['consolidating_google'] del request.session['google_email'] del request.session['google_openid_key'] #FIXME: Is this secure? data = {'username': user.username, 'email': openid_profile.email, 'openid_key': federation_openid_key, } data['signature'] = helpers.sign(data['username'] + data['email'] + data['openid_key'], settings.CONSOLIDATE_GOOGLE_SECRET) logger.info(settings.CONSOLIDATE_GOOGLE_SECRET) return HttpResponseRedirect(settings.CONSOLIDATE_GOOGLE_COMPLETE \ + '?' + urllib.urlencode(data)) else: logger.error('Google OpenID emails did not match. \n---\n%s\n%s\n---' % (request.session['google_email'], openid_profile.email)) return HttpResponseRedirect(settings.CONSOLIDATE_GOOGLE_FAILED) # From Federation if user and OpenidProfile.objects.needs_google_crossdomain_merge(openid_key): session = dict(request.session) login(request, user) restore_session(request, session) return HttpResponseRedirect(reverse('socialauth_consolidate_google_confirm')) # if user is authenticated then login user through CAS elif user: # Restore unique session keys from old session session = dict(request.session) login(request, user) restore_session(request, session) return HttpResponseRedirect(settings.SOCIALAUTH_CAS_LOGIN_URL) else: return HttpResponseRedirect(settings.LOGIN_URL) else: return HttpResponseRedirect(settings.LOGIN_URL)