def checkid_setup(registry, requestData, user=None):
"""
This method will validate and redirect a successful request to its
return_to param. If the user isn't logged in, or doesn't have an account,
we'll redirect to an internal page.
@param registry: the current OpenID registry
@type registry: L{OpenIDRegistry}
@param requestData: the current request data
@type requestData: L{OpenIDRequest}
@param user: the current user
@type user: L{txopenid.user.User}
@return: association response
@rtype: L{nevow.url.URL}
"""
if(user is not None):
def _identity_state():
return user.hasIdentity(requestData['openid.identity'])
def _trust_state():
return user.trustsRoot(requestData['openid.trust_root'])
if not(yield maybeDeferred(_identity_state)):
return_to = util.appendQuery(OPENID_IDENTITY_URL, requestData)
elif not(yield maybeDeferred(_trust_state)):
return_to = util.appendQuery(OPENID_TRUST_URL, requestData)
else:
return_to = get_login_response(registry, requestData)
else:
return_to = util.appendQuery(OPENID_LOGIN_URL, requestData)
returnValue(URL.fromString(return_to))
def approveIdent(self, requestData):
"""
Form support to approve specified identity.
"""
identity = requestData['openid.identity']
existing_user_id = yield self.pool.getUserIdForIdentity(identity)
if(existing_user_id):
if(existing_user_id == self.user['id']):
raise ValueError('You have already registered that identity.')
else:
raise ValueError('Another user has already registered that identity.')
result = yield self.pool.saveUserIdentity(self.user, identity)
if(requestData.get('openid.mode') not in (None, 'checkid_immediate')):
for k, v in requestData.items():
if not(k.startswith('openid.')):
del requestData[k]
return_to = util.appendQuery(protocol.OPENID_PROVIDER_URL, requestData)
requestData.request.redirect(return_to)
returnValue('')
else:
returnValue(None)
def renderHTTP(self, ctx):
"""
Login form processing, logged-in user and OpenID flow redirect.
@see: L{nevow.inevow.IResource}
"""
request = inevow.IRequest(ctx)
requestData = protocol.OpenIDRequest(request)
log.msg('UserPage request: %r' % requestData)
if(requestData.get('submit') == 'cancel'):
return_to = requestData.get('openid.return_to', protocol.OPENID_LOGIN_URL)
redirect = util.appendQuery(return_to, {'openid.mode':'cancel'})
request.redirect(redirect)
returnValue('')
elif(requestData.get('submit') == 'login'):
creds = credentials.UsernamePassword(requestData.get('username', ''),
requestData.get('password', ''))
else:
creds = session.getSessionCredentials(ctx)
iface, user, logout = yield self.portal.login(creds, None, inevow.IResource)
for k, v in requestData.items():
if not(k.startswith('openid.')):
del requestData[k]
yield session.updateSession(self.pool, request, user)
if(user):
if('openid.mode' in requestData):
redirect = util.appendQuery(protocol.OPENID_PROVIDER_URL, requestData)
request.redirect(redirect)
returnValue('')
else:
# This will happen if someone logs in directly, or is already logged in.
request.redirect(protocol.OPENID_INFO_URL)
returnValue('')
result = yield maybeDeferred(super(LoginPage, self).renderHTTP, ctx)
returnValue(result)
def approveRoot(self, requestData):
"""
Form support to approve specified root.
"""
root = requestData['openid.trust_root']
result = yield self.pool.saveUserRoot(self.user, root)
if(requestData.get('openid.mode') not in (None, 'checkid_immediate')):
for k, v in requestData.items():
if not(k.startswith('openid.')):
del requestData[k]
return_to = util.appendQuery(protocol.OPENID_PROVIDER_URL, requestData)
requestData.request.redirect(return_to)
returnValue('')
else:
returnValue(None)
def get_login_response(registry, requestData):
"""
Convenience function to return a valid login response for the provided request.
@param registry: the current OpenID registry
@type registry: L{OpenIDRegistry}
@param requestData: the current request data
@type requestData: L{OpenIDRequest}
@return: a response URL
@rtype: str
"""
log.msg('[get_login_response] request: %r' % requestData)
association = registry.initiate(requestData, 'openid.assoc_handle' in requestData)
log.msg('[get_login_response] association: %r' % association)
log.msg('[get_login_response] Using handle: %r' % association.handle)
token_key = util.secret(association.handle)
log.msg('[get_login_response] Found key: %r' % token_key)
token_contents = util.kvstr(
mode = 'id_res',
identity = requestData['openid.identity'],
return_to = requestData['openid.return_to'],
)
return_dict = {
'openid.mode' : 'id_res',
'openid.identity' : requestData['openid.identity'],
'openid.assoc_handle' : association.handle,
'openid.return_to' : requestData['openid.return_to'],
'openid.signed' : 'identity,mode,return_to',
'openid.sig' : base64.b64encode(util.get_hmac(token_key, token_contents))
}
if(association.handle != requestData.get('openid.assoc_handle', association.handle)):
log.msg("[get_login_response] Retrieved association handle doesn't match request: %r" % requestData['openid.assoc_handle'])
return_dict['openid.invalidate_handle'] = requestData['openid.assoc_handle']
return util.appendQuery(requestData['openid.return_to'], return_dict)
def _test_checkid_setup(self, setup_url, user):
registry = TestRegistry(test_handle)
result = yield protocol.checkid_setup(registry, TestRequest({
'openid.mode' : 'checkid_setup',
'openid.identity' : 'http://www.example.com/test',
'openid.assoc_handle' : test_handle,
'openid.return_to' : 'http://www.example.com/return',
'openid.trust_root' : 'http://www.example.com/trust',
}), user=user)
expecting_dict = {
'openid.mode' : 'checkid_setup',
'openid.identity' : 'http://www.example.com/test',
'openid.assoc_handle' : test_handle,
'openid.return_to' : 'http://www.example.com/return',
'openid.trust_root' : 'http://www.example.com/trust',
}
expecting = util.appendQuery(setup_url, expecting_dict)
self.failUnless(isinstance(result, url.URL))
self.failUnlessEqual(str(result), expecting)
def checkid_immediate(registry, requestData, user=None):
"""
Validate the provided request.
@param registry: the current OpenID registry
@type registry: L{OpenIDRegistry}
@param requestData: the current request data
@type requestData: L{OpenIDRequest}
@param user: the current user
@type user: L{txopenid.user.User}
@return: checkid response
@rtype: L{nevow.url.URL}
"""
if(user is not None):
def _identity_state():
return user.hasIdentity(requestData['openid.identity'])
def _trust_state():
return user.trustsRoot(requestData['openid.trust_root'])
if not(yield maybeDeferred(_identity_state)):
return_to = util.appendQuery(requestData['openid.return_to'], {
'openid.mode':'id_res',
'openid.user_setup_url':util.appendQuery(OPENID_IDENTITY_URL, requestData),
})
elif not(yield maybeDeferred(_trust_state)):
return_to = util.appendQuery(requestData['openid.return_to'], {
'openid.mode':'id_res',
'openid.user_setup_url':util.appendQuery(OPENID_TRUST_URL, requestData),
})
else:
return_to = get_login_response(registry, requestData)
else:
return_to = util.appendQuery(requestData['openid.return_to'], {
'openid.mode':'id_res',
'openid.user_setup_url':util.appendQuery(OPENID_LOGIN_URL, requestData),
})
returnValue(URL.fromString(return_to))
def test_appendQuery_slash(self): return_to = 'http://www.example.com/some/path/' error = dict(error='some error occurred') expected = 'http://www.example.com/some/path/?error=some+error+occurred' got = util.appendQuery(return_to, error) self.failUnlessEqual(got, expected, "Got %r when expecting %r" % (got, expected))
