Esempio n. 1
0
def req_any(request, vender, action, mode, *args, **kwargs):
    form = AuthReqForm(vender=__package__, data=request.POST or None)

    if request.method == "POST" and form.is_valid():
        rp = form.cleaned_data["rp"]
        conf = rp.authority.auth_metadata_object

        ruri = request.build_absolute_uri(reverse("rp_auth", kwargs=dict(vender="azure", action="res", mode="code")))
        authreq = AuthReq(
            response_type="code",
            client_id=rp.identifier,
            redirect_uri=ruri,
            scope="openid profile email",
            prompt="admin_consent",
        )
        authreq["resource"] = "https://graph.windows.net"

        signon = SignOn.create(request.user, rp, authreq)
        authreq["session_state"] = signon.state
        request.session["state"] = signon.state

        if conf.authorization_endpoint.find("?") > 0:
            sep = "&"
        else:
            sep = "?"

        location = conf.authorization_endpoint + sep + authreq.to_qs()
        res = HttpResponse(location, status=302)
        res["Location"] = location
        return res

    return TemplateResponse(request, "venders/azure/req_any.html", dict(request=request, form=form))
Esempio n. 2
0
    def test_create(self):
        from connect.rp.models import RelyingParty
        r = RelyingParty.get_selfissued('http://hoge.com/')

        from connect.messages.auth import AuthReq
        authreq = AuthReq(
            redirect_uri=r.identifier
        )

        from connect.rp.models import SignOn
        s = SignOn.create(r, authreq)
        print s.nonce, s.state, s.request
        print authreq.to_qs()
Esempio n. 3
0
def req_any(request, vender, action, mode):
    form = AuthReqForm(
        vender=__package__,
        data=request.POST or None)

    if request.method == "POST" and form.is_valid():
        rp = form.cleaned_data['rp']
        conf = rp.authority.auth_metadata_object

        ruri = request.build_absolute_uri(
            reverse('rp_auth', kwargs=dict(
                vender='google', action='res', mode='code',
            ))
        )
        # https://developers.google.com/accounts/docs/OAuth2Login#authenticationuriparameters

        authreq = AuthReq(
            response_type="code",
            client_id=rp.identifier,
            redirect_uri=ruri,
            scope="openid profile email",
            prompt=PROMPT[1],
        )
        authreq['include_granted_scopes'] = 'false'

        signon = SignOn.create(request.user, rp, authreq)
        request.session['state'] = signon.state
        authreq.nonce = None            #: TODO: nonce not supported ?

        if conf.authorization_endpoint.find('?') > 0:
            sep = "&"
        else:
            sep = "?"

        location = conf.authorization_endpoint + sep + authreq.to_qs()
        res = HttpResponse(location, status=302)
        res['Location'] = location
        return res

    ctx = dict(
        request=request, 
        vender=vender,
        form=form)

    return TemplateResponse(
        request,
        'venders/google/req_any.html', ctx)
Esempio n. 4
0
def req_any(request, vender, action, mode):
    # redirect_uri == client_id (7.2)
    ruri = request.build_absolute_uri(reverse("rp_auth", kwargs=dict(vender="self", action="res", mode="implicit")))

    # TODO: create the Authority(=SIOP) if not created yet.
    authority = create_authority()

    # TODO: create the RP for SIOP if not created yet.
    rp = create_relyingparty(authority, ruri)

    form = AuthReqForm(vender=__package__, data=request.POST or None)

    if request.method == "POST" and form.is_valid():
        rp = form.cleaned_data["rp"]
        conf = rp.authority.auth_metadata_object

        # AuthReq (7.3)
        scopes = ["openid", "profile", "email", "address", "phone"]
        authreq = AuthReq(
            scope=" ".join(scopes),  # TODO: Selection
            response_type="id_token",  # ID Token in implicit
            client_id=ruri,  # redirect_uri == client_id (7.2)
            id_token_hint=None,
            claims=None,
            registration=None,  # Client Meta
            request=None,  # Request Object
        )

        signon = SignOn.create(request.user, rp, authreq, request.session.session_key)
        request.session["state"] = signon.state

        if conf.authorization_endpoint.find("?") > 0:
            sep = "&"
        else:
            sep = "?"

        location = conf.authorization_endpoint + sep + authreq.to_qs()
        res = HttpResponse(location, status=302)
        res["Location"] = location
        return res

    ctx = dict(request=request, vender=vender, form=form)

    return TemplateResponse(request, "venders/%s/req_any.html" % vender, ctx)