class OpenIDKeystoneBackend(KeystoneBackend): def __init__(self): self.openid_backend = OpenIDBackend() def authenticate(self, **kwargs): """Authenticate the user based on an OpenID response.""" # Require that the OpenID response be passed in as a keyword # argument, to make sure we don't match the username/password # calling conventions of authenticate. openid_response = kwargs.get('openid_response') if openid_response is None: return None if openid_response.status != SUCCESS: return None user = None try: user_openid = UserOpenID.objects.get( claimed_id__exact=openid_response.identity_url) except UserOpenID.DoesNotExist: if getattr(settings, 'OPENID_CREATE_USERS', False): user = self.openid_backend.create_user_from_openid( openid_response) else: user = user_openid.user if user is None: return None #if getattr(settings, 'OPENID_UPDATE_DETAILS_FROM_SREG', False): details = self.openid_backend._extract_user_details(openid_response) self.openid_backend.update_user_details(user, details, openid_response) if getattr(settings, 'OPENID_PHYSICAL_MULTIFACTOR_REQUIRED', False): pape_response = pape.Response.fromSuccessResponse(openid_response) if pape_response is None or \ pape.AUTH_MULTI_FACTOR_PHYSICAL not in pape_response.auth_policies: raise MissingPhysicalMultiFactor() teams_response = teams.TeamsResponse.fromSuccessResponse( openid_response) if teams_response: self.openid_backend.update_groups_from_teams(user, teams_response) self.openid_backend.update_staff_status_from_teams( user, teams_response) LOG.debug("email %s:", details['email']) try: user = super(OpenIDKeystoneBackend, self).authenticate( password=settings.TUKEY_PASSWORD, username='******' % details['email'], auth_url=settings.OPENSTACK_KEYSTONE_URL, request=kwargs.get('request')) user.identifier = details['email'] except KeystoneAuthException: return UnregisteredUser('OpenID', details['email']) return user
class OpenIDKeystoneBackend(KeystoneBackend): def __init__(self): self.openid_backend = OpenIDBackend() def authenticate(self, **kwargs): """Authenticate the user based on an OpenID response.""" # Require that the OpenID response be passed in as a keyword # argument, to make sure we don't match the username/password # calling conventions of authenticate. openid_response = kwargs.get('openid_response') if openid_response is None: return None if openid_response.status != SUCCESS: return None user = None try: user_openid = UserOpenID.objects.get( claimed_id__exact=openid_response.identity_url) except UserOpenID.DoesNotExist: if getattr(settings, 'OPENID_CREATE_USERS', False): user = self.openid_backend.create_user_from_openid( openid_response) else: user = user_openid.user if user is None: return None #if getattr(settings, 'OPENID_UPDATE_DETAILS_FROM_SREG', False): details = self.openid_backend._extract_user_details(openid_response) self.openid_backend.update_user_details(user, details, openid_response) if getattr(settings, 'OPENID_PHYSICAL_MULTIFACTOR_REQUIRED', False): pape_response = pape.Response.fromSuccessResponse(openid_response) if pape_response is None or \ pape.AUTH_MULTI_FACTOR_PHYSICAL not in pape_response.auth_policies: raise MissingPhysicalMultiFactor() teams_response = teams.TeamsResponse.fromSuccessResponse( openid_response) if teams_response: self.openid_backend.update_groups_from_teams(user, teams_response) self.openid_backend.update_staff_status_from_teams(user, teams_response) LOG.debug("email %s:", details['email']) try: user = super(OpenIDKeystoneBackend, self).authenticate( password=settings.TUKEY_PASSWORD, username='******' % details['email'], auth_url=settings.OPENSTACK_KEYSTONE_URL, request=kwargs.get('request')) user.identifier = details['email'] except KeystoneAuthException: return UnregisteredUser('OpenID', details['email']) return user