def renderIndexPage(request, **template_args):
template_args['consumer_url'] = util.getViewURL(request, startOpenID)
template_args['pape_policies'] = POLICY_PAIRS
response = direct_to_template(
request, 'consumer/index.html', template_args)
response[YADIS_HEADER_NAME] = util.getViewURL(request, rpXRDS)
return response
def server(request):
"""
Respond to requests for the server's primary web page.
"""
return direct_to_template(
request,
'server/index.html',
{'user_url': getViewURL(request, idPage),
'server_xrds_url': getViewURL(request, idpXrds),
})
def idpXrds(request):
"""
Respond to requests for the IDP's XRDS document, which is used in
IDP-driven identifier selection.
"""
return util.renderXRDS(
request, [OPENID_IDP_2_0_TYPE], [getViewURL(request, endpoint)])
def idPage(request):
"""
Serve the identity page for OpenID URLs.
"""
return direct_to_template(
request,
'server/idPage.html',
{'server_url': getViewURL(request, endpoint)})
def rpXRDS(request):
"""
Return a relying party verification XRDS document
"""
return util.renderXRDS(
request,
[RP_RETURN_TO_URL_TYPE],
[util.getViewURL(request, finishOpenID)])
def trustPage(request):
"""
Display the trust page template, which allows the user to decide
whether to approve the OpenID verification.
"""
return direct_to_template(
request,
'server/trust.html',
{'trust_handler_url':getViewURL(request, processTrustResult)})
def processTrustResult(request):
"""
Handle the result of a trust decision and respond to the RP
accordingly.
"""
# Get the request from the session so we can construct the
# appropriate response.
openid_request = getRequest(request)
# The identifier that this server can vouch for
response_identity = getViewURL(request, idPage)
# If the decision was to allow the verification, respond
# accordingly.
allowed = 'allow' in request.POST
# Generate a response with the appropriate answer.
openid_response = openid_request.answer(allowed,
identity=response_identity)
# Send Simple Registration data in the response, if appropriate.
if allowed:
sreg_data = {
'fullname': 'Example User',
'nickname': 'example',
'dob': '1970-01-01',
'email': '*****@*****.**',
'gender': 'F',
'postcode': '12345',
'country': 'ES',
'language': 'eu',
'timezone': 'America/New_York',
}
sreg_req = sreg.SRegRequest.fromOpenIDRequest(openid_request)
sreg_resp = sreg.SRegResponse.extractResponse(sreg_req, sreg_data)
openid_response.addExtension(sreg_resp)
pape_response = pape.Response()
pape_response.setAuthLevel(pape.LEVELS_NIST, 0)
openid_response.addExtension(pape_response)
return displayResponse(request, openid_response)
def handleCheckIDRequest(request, openid_request):
"""
Handle checkid_* requests. Get input from the user to find out
whether she trusts the RP involved. Possibly, get intput about
what Simple Registration information, if any, to send in the
response.
"""
# If the request was an IDP-driven identifier selection request
# (i.e., the IDP URL was entered at the RP), then return the
# default identity URL for this server. In a full-featured
# provider, there could be interaction with the user to determine
# what URL should be sent.
if not openid_request.idSelect():
id_url = getViewURL(request, idPage)
# Confirm that this server can actually vouch for that
# identifier
if id_url != openid_request.identity:
# Return an error response
error_response = ProtocolError(
openid_request.message,
"This server cannot verify the URL %r" %
(openid_request.identity,))
return displayResponse(request, error_response)
if openid_request.immediate:
# Always respond with 'cancel' to immediate mode requests
# because we don't track information about a logged-in user.
# If we did, then the answer would depend on whether that user
# had trusted the request's trust root and whether the user is
# even logged in.
openid_response = openid_request.answer(False)
return displayResponse(request, openid_response)
else:
# Store the incoming request object in the session so we can
# get to it later.
setRequest(request, openid_request)
return showDecidePage(request, openid_request)
def getServer(request):
"""
Get a Server object to perform OpenID authentication.
"""
return Server(getOpenIDStore(), getViewURL(request, endpoint))
try:
# Stringify because template's ifequal can only compare to strings.
trust_root_valid = verifyReturnTo(trust_root, return_to) \
and "Valid" or "Invalid"
except DiscoveryFailure, err:
trust_root_valid = "DISCOVERY_FAILED"
except HTTPFetchingError, err:
trust_root_valid = "Unreachable"
pape_request = pape.Request.fromOpenIDRequest(openid_request)
return direct_to_template(
request,
'server/trust.html',
{'trust_root': trust_root,
'trust_handler_url':getViewURL(request, processTrustResult),
'trust_root_valid': trust_root_valid,
'pape_request': pape_request,
})
def processTrustResult(request):
"""
Handle the result of a trust decision and respond to the RP
accordingly.
"""
# Get the request from the session so we can construct the
# appropriate response.
openid_request = getRequest(request)
# The identifier that this server can vouch for
response_identity = getViewURL(request, idPage)
def finishOpenID(request, target='mobile'):
"""
Finish the OpenID authentication process. Invoke the OpenID
library with the response from the OpenID server and render a page
detailing the result.
"""
result = {}
# Because the object containing the query parameters is a
# MultiValueDict and the OpenID library doesn't allow that, we'll
# convert it to a normal dict.
# OpenID 2 can send arguments as either POST body or GET query
# parameters.
errors = []
request_args = request.GET
if request.method == 'POST':
request_args.update(util.normalDict(request.POST))
if request_args:
c = getConsumer(request)
# Get a response object indicating the result of the OpenID
# protocol.
return_to = util.getViewURL(request, 'finish-OpenID', kwargs={'target':target})
response = c.complete(request_args, return_to)
# Get a Simple Registration response object if response
# information was included in the OpenID response.
sreg_response = {}
ax_items = {}
if response.status == consumer.SUCCESS:
sreg_response = sreg.SRegResponse.fromSuccessResponse(response)
ax_response = ax.FetchResponse.fromSuccessResponse(response)
if ax_response:
ax_items = {
'fullname': ax_response.get(
'http://schema.openid.net/namePerson'),
'web': ax_response.get(
'http://schema.openid.net/contact/web/default'),
}
# Get a PAPE response object if response information was
# included in the OpenID response.
pape_response = None
if response.status == consumer.SUCCESS:
pape_response = pape.Response.fromSuccessResponse(response)
if not pape_response.auth_policies:
pape_response = None
# Map different consumer status codes to template contexts.
results = {
consumer.CANCEL:
{'message': 'OpenID authentication cancelled.'},
consumer.FAILURE:
{'error': 'OpenID authentication failed.'},
consumer.SUCCESS:
{'url': response.getDisplayIdentifier(),
'sreg': sreg_response and sreg_response.items(),
'ax': ax_items.items(),
'pape': pape_response}
}
result = results[response.status]
if isinstance(response, consumer.FailureResponse):
# In a real application, this information should be
# written to a log for debugging/tracking OpenID
# authentication failures. In general, the messages are
# not user-friendly, but intended for developers.
result['failure_reason'] = response.message
if 'openid.claimed_id' in request_args.keys():
steamid = request_args.get('openid.claimed_id').split('/')[-1]
request.session['steam_id'] = steamid
else:
errors.append('OPENID_FAILURE')
if target == 'mobile':
response = {'response': json.dumps({'errors':errors, 'steamid':steamid})}
return shortcuts.render_to_response('json.html',
response,
context_instance = RequestContext(request),
mimetype = "application/json")
else:
return HttpResponseRedirect(reverse('trade-home'))
# the response.
requested_policies = []
policy_prefix = 'policy_'
for k, v in request.POST.iteritems():
if k.startswith(policy_prefix):
policy_attr = k[len(policy_prefix):]
if policy_attr in PAPE_POLICIES:
requested_policies.append(getattr(pape, policy_attr))
if requested_policies:
pape_request = pape.Request(requested_policies)
auth_request.addExtension(pape_request)
# Compute the trust root and return URL values to build the
# redirect information.
trust_root = util.getViewURL(request, startOpenID)
return_to = util.getViewURL(request, 'finish-OpenID', kwargs={'target':target})
# Send the browser to the server either by sending a redirect
# URL or by generating a POST form.
url = auth_request.redirectURL(trust_root, return_to)
return HttpResponseRedirect(url)
else:
response = {'response': json.dumps({'errors':errors, 'steamid':''})}
return shortcuts.render_to_response('json.html',
response,
context_instance = RequestContext(request),
mimetype = "application/json")
def startOpenID(request):
