def login(self, environ, start_response):
req = Request(environ)
set_template(environ, 'login.xslt')
sess = environ['beaker.session']
params = {'base_uri': self.base_url}
if not sess.get(self.ekey):
sess[self.ekey] = {}
sess.save()
headers = [('Content-Type', 'application/xml')]
if not (req.params.get('uname') or req.params.get('return_location')):
message ='There must be a uname and return_location in the query string'
raise HTTPBadRequest(detail=message)
openid_url = req.params['uname']
sess[self.ekey]['return_location'] = req.params['return_location']
if not openid_url:
# this seems better ...
# raise HTTPBadRequest("need openid_url")
params['message'] = "Don't leave your name blank."
params['status'] = 'failure'
set_params(environ, params)
start_response('200 OK', headers)
return []
consumer = self.get_consumer(sess[self.ekey])
try:
request = consumer.begin(openid_url)
except Exception, exc:
params['message'] = 'Error in discovery: %s' % (cgi.escape(str(exc[0])))
params['status'] = 'failure'
set_params(environ, params)
start_response('200 OK', headers)
return []
def verify(self):
form_openid = unicode(request.params.get('openid_url'))
consumer = openid.consumer.consumer.Consumer(session, None)
try:
oid_request = consumer.begin(form_openid)
except openid.consumer.consumer.DiscoveryFailure, exception:
c.errors.append(exception[0])
return render('/auth/login.mako')
def beginLogin(self):
"""Begins the login process."""
openid_url = self.request.get('openid')
if not openid_url:
self.openidError('Please enter an OpenID URL.')
return
try:
consumer = self.get_consumer()
auth_request = consumer.begin(openid_url)
except discover.DiscoveryFailure, e:
raise
def POST_auth(self):
if getattr(c.user, "f2p", None) != "participated":
abort(403)
session = {}
consumer = openid.consumer.consumer.Consumer(session, store=None)
auth_request = consumer.begin(STEAM_AUTH_URL)
post_login_url = self.make_post_login_url()
url = auth_request.redirectURL(realm=g.origin,
return_to=post_login_url)
g.f2pcache.set("steam_session_%d" % c.user._id, session)
g.log.debug("started steam auth for %s", c.user.name)
return redirect_to(url)
def POST_auth(self):
if getattr(c.user, "f2p", None) != "participated":
abort(403)
session = {}
consumer = openid.consumer.consumer.Consumer(session, store=None)
auth_request = consumer.begin(STEAM_AUTH_URL)
post_login_url = self.make_post_login_url()
url = auth_request.redirectURL(realm=g.origin,
return_to=post_login_url)
g.f2pcache.set("steam_session_%d" % c.user._id, session)
g.log.debug("started steam auth for %s", c.user.name)
return redirect_to(url)
def type_login_html(self):
redirect = self.request.GET['redirect']
try:
import openid.consumer.consumer
except ImportError:
return self.render_error("OpenID Error", "OpenID is not supported in this installation")
trust_root = self.request.build_absolute_uri('/')
full_redirect_path = '%s?redirect=%s' % (reverse('item_type_url', kwargs={'viewer': self.viewer_name, 'action': 'logincomplete'}), urlquote(redirect))
full_redirect_url = self.request.build_absolute_uri(full_redirect_path)
user_url = self.request.POST['openid_url']
consumer = openid.consumer.consumer.Consumer(self.request.session, None)
try:
auth_request = consumer.begin(user_url)
except openid.consumer.consumer.DiscoveryFailure:
return self.render_error("OpenID Error", "Invalid OpenID URL")
auth_request.addExtensionArg('sreg', 'optional', 'nickname,email,fullname')
return HttpResponseRedirect(auth_request.redirectURL(trust_root, full_redirect_url))
def verify_path(self, environ, start_response):
"""Opid expects the OpenID identity url via a query string
with key 'url'. You can optionally specify sucess and failure
redirect paths with keys 'success' and 'failure'. Opid's
return path will generate a redirect to the supplied success
path on authentication, and the failure path if it encounters
any problems. The default path for both is /
Finally, Opid unauthenticates before authentication
attempts. If you wish to disable this behavior, you can pass
it a query of no_unauth=1."""
realm = self.realm or "%s://%s" % (environ['wsgi.url_scheme'],
environ['HTTP_HOST'])
openid_url = _enforce_single_q(environ, 'url')
success_url = _enforce_single_q(environ, 'success', default='/')
failure_url = _enforce_single_q(environ, 'failure', default='/')
no_unauth = _enforce_single_q(environ, 'no_unauth', default=None)
if no_unauth == '1':
self.unauth(environ)
with self.session_context(environ) as session:
session['opid.realm'] = realm
session['opid.openid_url'] = openid_url
session['opid.success_url'] = success_url
session['opid.failure_url'] = failure_url
session['opid.session'] = {}
consumer = openid.consumer.consumer.Consumer(session['opid.session'],
self.store)
authreq = consumer.begin(openid_url)
if authreq.shouldSendRedirect():
redirect_url = authreq.redirectURL(realm,
self._return_to(environ))
environ['opid.redirect_url'] = redirect_url
return self.redirect_app(environ, start_response)
else:
return_form = authreq.formMarkup(realm,
self._return_to(environ),
form_tag_attrs={'id': 'opid_post'})
environ['opid.form_html'] = return_form
return self.post_app(environ, start_response)
def getGoogleRequest(cls, consumer):
"""
URL provided by Google's federated login docs -
http://code.google.com/apis/accounts/docs/OpenID.html#endpoint
"""
return consumer.begin("https://www.google.com/accounts/o8/id")
