class OpenIDKeystoneBackend(KeystoneBackend):
def __init__(self):
self.openid_backend = OpenIDBackend()
def authenticate(self, **kwargs):
"""Authenticate the user based on an OpenID response."""
# Require that the OpenID response be passed in as a keyword
# argument, to make sure we don't match the username/password
# calling conventions of authenticate.
openid_response = kwargs.get('openid_response')
if openid_response is None:
return None
if openid_response.status != SUCCESS:
return None
user = None
try:
user_openid = UserOpenID.objects.get(
claimed_id__exact=openid_response.identity_url)
except UserOpenID.DoesNotExist:
if getattr(settings, 'OPENID_CREATE_USERS', False):
user = self.create_user_from_openid(openid_response)
else:
user = user_openid.user
if user is None:
return None
#if getattr(settings, 'OPENID_UPDATE_DETAILS_FROM_SREG', False):
details = self._extract_user_details(openid_response)
self.update_user_details(user, details, openid_response)
if getattr(settings, 'OPENID_PHYSICAL_MULTIFACTOR_REQUIRED', False):
pape_response = pape.Response.fromSuccessResponse(openid_response)
if pape_response is None or \
pape.AUTH_MULTI_FACTOR_PHYSICAL not in pape_response.auth_policies:
raise MissingPhysicalMultiFactor()
teams_response = teams.TeamsResponse.fromSuccessResponse(
openid_response)
if teams_response:
self.update_groups_from_teams(user, teams_response)
self.update_staff_status_from_teams(user, teams_response)
LOG.debug("email %s:", details['email'])
try:
user = super(OpenIDKeystoneBackend, self).authenticate(
password='******',
username=details['email'],
auth_url=settings.OPENSTACK_KEYSTONE_URL,
request=kwargs.get('request'))
except KeystoneAuthException:
LOG.debug("KeystoneAuth exception returning UnregisteredUser")
return UnregisteredUser('OpenID', details['email'])
LOG.debug("USER: %s", user)
LOG.debug("user.id: %s", user.id)
LOG.debug("user token: %s", user.token)
LOG.debug("endpoint %s", user.endpoint)
LOG.debug(" %s", dir(self))
return user
def _extract_user_details(self, openid_response):
return self.openid_backend._extract_user_details(openid_response)
def _get_available_username(self, nickname, identity_url):
return self.openid_backend._get_available_username(
nickname, identity_url)
def create_user_from_openid(self, openid_response):
return self.openid_backend.create_user_from_openid(openid_response)
def associate_openid(self, user, openid_response):
return self.openid_backedn.associate_openid(user, openid_response)
def update_user_details(self, user, details, openid_response):
return self.openid_backend.update_user_details(user, details,
openid_response)
def update_groups_from_teams(self, user, teams_response):
return self.openid_backend.update_groups_from_teams(
user, teams_response)
def update_staff_status_from_teams(self, user, teams_response):
return self.openid_backend.update_staff_status_from_teams(
user, teams_response)
class OpenIDKeystoneBackend(KeystoneBackend):
def __init__(self):
self.openid_backend = OpenIDBackend()
def authenticate(self, **kwargs):
"""Authenticate the user based on an OpenID response."""
# Require that the OpenID response be passed in as a keyword
# argument, to make sure we don't match the username/password
# calling conventions of authenticate.
openid_response = kwargs.get('openid_response')
if openid_response is None:
return None
if openid_response.status != SUCCESS:
return None
user = None
try:
user_openid = UserOpenID.objects.get(
claimed_id__exact=openid_response.identity_url)
except UserOpenID.DoesNotExist:
if getattr(settings, 'OPENID_CREATE_USERS', False):
user = self.create_user_from_openid(openid_response)
else:
user = user_openid.user
if user is None:
return None
#if getattr(settings, 'OPENID_UPDATE_DETAILS_FROM_SREG', False):
details = self._extract_user_details(openid_response)
self.update_user_details(user, details, openid_response)
if getattr(settings, 'OPENID_PHYSICAL_MULTIFACTOR_REQUIRED', False):
pape_response = pape.Response.fromSuccessResponse(openid_response)
if pape_response is None or \
pape.AUTH_MULTI_FACTOR_PHYSICAL not in pape_response.auth_policies:
raise MissingPhysicalMultiFactor()
teams_response = teams.TeamsResponse.fromSuccessResponse(
openid_response)
if teams_response:
self.update_groups_from_teams(user, teams_response)
self.update_staff_status_from_teams(user, teams_response)
LOG.debug("email %s:", details['email'])
try:
user = super(OpenIDKeystoneBackend, self).authenticate(password='******',
username=details['email'], auth_url=settings.OPENSTACK_KEYSTONE_URL,
request=kwargs.get('request'))
except KeystoneAuthException:
LOG.debug("KeystoneAuth exception returning UnregisteredUser")
return UnregisteredUser('OpenID', details['email'])
LOG.debug("USER: %s", user)
LOG.debug("user.id: %s", user.id)
LOG.debug("user token: %s", user.token)
LOG.debug("endpoint %s", user.endpoint)
LOG.debug(" %s", dir(self))
return user
def _extract_user_details(self, openid_response):
return self.openid_backend._extract_user_details(openid_response)
def _get_available_username(self, nickname, identity_url):
return self.openid_backend._get_available_username(nickname, identity_url)
def create_user_from_openid(self, openid_response):
return self.openid_backend.create_user_from_openid(openid_response)
def associate_openid(self, user, openid_response):
return self.openid_backedn.associate_openid(user, openid_response)
def update_user_details(self, user, details, openid_response):
return self.openid_backend.update_user_details(user, details,
openid_response)
def update_groups_from_teams(self, user, teams_response):
return self.openid_backend.update_groups_from_teams(user, teams_response)
def update_staff_status_from_teams(self, user, teams_response):
return self.openid_backend.update_staff_status_from_teams(user,
teams_response)
