def renderIndexPage(request, **template_args): template_args['consumer_url'] = util.getViewURL(request, startOpenID) template_args['pape_policies'] = POLICY_PAIRS response = direct_to_template( request, 'consumer/index.html', template_args) response[YADIS_HEADER_NAME] = util.getViewURL(request, rpXRDS) return response
def server(request): """ Respond to requests for the server's primary web page. """ return direct_to_template( request, 'server/index.html', {'user_url': getViewURL(request, idPage), 'server_xrds_url': getViewURL(request, idpXrds), })
def idpXrds(request): """ Respond to requests for the IDP's XRDS document, which is used in IDP-driven identifier selection. """ return util.renderXRDS( request, [OPENID_IDP_2_0_TYPE], [getViewURL(request, endpoint)])
def idPage(request): """ Serve the identity page for OpenID URLs. """ return direct_to_template( request, 'server/idPage.html', {'server_url': getViewURL(request, endpoint)})
def rpXRDS(request): """ Return a relying party verification XRDS document """ return util.renderXRDS( request, [RP_RETURN_TO_URL_TYPE], [util.getViewURL(request, finishOpenID)])
def trustPage(request): """ Display the trust page template, which allows the user to decide whether to approve the OpenID verification. """ return direct_to_template( request, 'server/trust.html', {'trust_handler_url':getViewURL(request, processTrustResult)})
def processTrustResult(request): """ Handle the result of a trust decision and respond to the RP accordingly. """ # Get the request from the session so we can construct the # appropriate response. openid_request = getRequest(request) # The identifier that this server can vouch for response_identity = getViewURL(request, idPage) # If the decision was to allow the verification, respond # accordingly. allowed = 'allow' in request.POST # Generate a response with the appropriate answer. openid_response = openid_request.answer(allowed, identity=response_identity) # Send Simple Registration data in the response, if appropriate. if allowed: sreg_data = { 'fullname': 'Example User', 'nickname': 'example', 'dob': '1970-01-01', 'email': '*****@*****.**', 'gender': 'F', 'postcode': '12345', 'country': 'ES', 'language': 'eu', 'timezone': 'America/New_York', } sreg_req = sreg.SRegRequest.fromOpenIDRequest(openid_request) sreg_resp = sreg.SRegResponse.extractResponse(sreg_req, sreg_data) openid_response.addExtension(sreg_resp) pape_response = pape.Response() pape_response.setAuthLevel(pape.LEVELS_NIST, 0) openid_response.addExtension(pape_response) return displayResponse(request, openid_response)
def handleCheckIDRequest(request, openid_request): """ Handle checkid_* requests. Get input from the user to find out whether she trusts the RP involved. Possibly, get intput about what Simple Registration information, if any, to send in the response. """ # If the request was an IDP-driven identifier selection request # (i.e., the IDP URL was entered at the RP), then return the # default identity URL for this server. In a full-featured # provider, there could be interaction with the user to determine # what URL should be sent. if not openid_request.idSelect(): id_url = getViewURL(request, idPage) # Confirm that this server can actually vouch for that # identifier if id_url != openid_request.identity: # Return an error response error_response = ProtocolError( openid_request.message, "This server cannot verify the URL %r" % (openid_request.identity,)) return displayResponse(request, error_response) if openid_request.immediate: # Always respond with 'cancel' to immediate mode requests # because we don't track information about a logged-in user. # If we did, then the answer would depend on whether that user # had trusted the request's trust root and whether the user is # even logged in. openid_response = openid_request.answer(False) return displayResponse(request, openid_response) else: # Store the incoming request object in the session so we can # get to it later. setRequest(request, openid_request) return showDecidePage(request, openid_request)
def getServer(request): """ Get a Server object to perform OpenID authentication. """ return Server(getOpenIDStore(), getViewURL(request, endpoint))
try: # Stringify because template's ifequal can only compare to strings. trust_root_valid = verifyReturnTo(trust_root, return_to) \ and "Valid" or "Invalid" except DiscoveryFailure, err: trust_root_valid = "DISCOVERY_FAILED" except HTTPFetchingError, err: trust_root_valid = "Unreachable" pape_request = pape.Request.fromOpenIDRequest(openid_request) return direct_to_template( request, 'server/trust.html', {'trust_root': trust_root, 'trust_handler_url':getViewURL(request, processTrustResult), 'trust_root_valid': trust_root_valid, 'pape_request': pape_request, }) def processTrustResult(request): """ Handle the result of a trust decision and respond to the RP accordingly. """ # Get the request from the session so we can construct the # appropriate response. openid_request = getRequest(request) # The identifier that this server can vouch for response_identity = getViewURL(request, idPage)
def finishOpenID(request, target='mobile'): """ Finish the OpenID authentication process. Invoke the OpenID library with the response from the OpenID server and render a page detailing the result. """ result = {} # Because the object containing the query parameters is a # MultiValueDict and the OpenID library doesn't allow that, we'll # convert it to a normal dict. # OpenID 2 can send arguments as either POST body or GET query # parameters. errors = [] request_args = request.GET if request.method == 'POST': request_args.update(util.normalDict(request.POST)) if request_args: c = getConsumer(request) # Get a response object indicating the result of the OpenID # protocol. return_to = util.getViewURL(request, 'finish-OpenID', kwargs={'target':target}) response = c.complete(request_args, return_to) # Get a Simple Registration response object if response # information was included in the OpenID response. sreg_response = {} ax_items = {} if response.status == consumer.SUCCESS: sreg_response = sreg.SRegResponse.fromSuccessResponse(response) ax_response = ax.FetchResponse.fromSuccessResponse(response) if ax_response: ax_items = { 'fullname': ax_response.get( 'http://schema.openid.net/namePerson'), 'web': ax_response.get( 'http://schema.openid.net/contact/web/default'), } # Get a PAPE response object if response information was # included in the OpenID response. pape_response = None if response.status == consumer.SUCCESS: pape_response = pape.Response.fromSuccessResponse(response) if not pape_response.auth_policies: pape_response = None # Map different consumer status codes to template contexts. results = { consumer.CANCEL: {'message': 'OpenID authentication cancelled.'}, consumer.FAILURE: {'error': 'OpenID authentication failed.'}, consumer.SUCCESS: {'url': response.getDisplayIdentifier(), 'sreg': sreg_response and sreg_response.items(), 'ax': ax_items.items(), 'pape': pape_response} } result = results[response.status] if isinstance(response, consumer.FailureResponse): # In a real application, this information should be # written to a log for debugging/tracking OpenID # authentication failures. In general, the messages are # not user-friendly, but intended for developers. result['failure_reason'] = response.message if 'openid.claimed_id' in request_args.keys(): steamid = request_args.get('openid.claimed_id').split('/')[-1] request.session['steam_id'] = steamid else: errors.append('OPENID_FAILURE') if target == 'mobile': response = {'response': json.dumps({'errors':errors, 'steamid':steamid})} return shortcuts.render_to_response('json.html', response, context_instance = RequestContext(request), mimetype = "application/json") else: return HttpResponseRedirect(reverse('trade-home'))
# the response. requested_policies = [] policy_prefix = 'policy_' for k, v in request.POST.iteritems(): if k.startswith(policy_prefix): policy_attr = k[len(policy_prefix):] if policy_attr in PAPE_POLICIES: requested_policies.append(getattr(pape, policy_attr)) if requested_policies: pape_request = pape.Request(requested_policies) auth_request.addExtension(pape_request) # Compute the trust root and return URL values to build the # redirect information. trust_root = util.getViewURL(request, startOpenID) return_to = util.getViewURL(request, 'finish-OpenID', kwargs={'target':target}) # Send the browser to the server either by sending a redirect # URL or by generating a POST form. url = auth_request.redirectURL(trust_root, return_to) return HttpResponseRedirect(url) else: response = {'response': json.dumps({'errors':errors, 'steamid':''})} return shortcuts.render_to_response('json.html', response, context_instance = RequestContext(request), mimetype = "application/json") def startOpenID(request):