def begin(request, confirmed=True, redirect_to=None, on_failure=None, user_url=None, template_name='openid_consumer/signin.html'): on_failure = on_failure or default_on_failure trust_root = getattr(settings, 'OPENID_TRUST_ROOT', get_url_host(request) + '/') # foo derbis. redirect_to = redirect_to or getattr( settings, 'OPENID_REDIRECT_TO', # If not explicitly set, assume current URL with complete/ appended get_full_url(request).split('?')[0] + 'complete/') # In case they were lazy... if not redirect_to.startswith('http://') or redirect_to.startswith( 'https://'): redirect_to = get_url_host(request) + redirect_to if request.GET.get('next') and is_valid_next_url(request.GET['next']): if '?' in redirect_to: join = '&' else: join = '?' redirect_to += join + urlencode({'next': request.GET['next']}) if not user_url: user_url = request.REQUEST.get('openid_url', None) if not user_url: request_path = request.path if request.GET.get('next'): request_path += '?' + urlencode({'next': request.GET['next']}) return render(template_name, { 'action': request_path, }, RequestContext(request)) if xri.identifierScheme(user_url) == 'XRI' and getattr( settings, 'OPENID_DISALLOW_INAMES', False): return on_failure(request, _('i-names are not supported')) consumer = Consumer(request.session, DjangoOpenIDStore()) try: auth_request = consumer.begin(user_url) except DiscoveryFailure: return on_failure(request, _('The OpenID was invalid')) sreg = getattr(settings, 'OPENID_SREG', False) if sreg: s = SRegRequest() for sarg in sreg: if sarg.lower().lstrip() == "policy_url": s.policy_url = sreg[sarg] else: for v in sreg[sarg].split(','): s.requestField( field_name=v.lower().lstrip(), required=(sarg.lower().lstrip() == "required")) auth_request.addExtension(s) pape = getattr(settings, 'OPENID_PAPE', False) if pape: if openid.__version__ <= '2.0.0' and openid.__version__ >= '2.1.0': raise ImportError, 'For pape extension you need python-openid 2.1.0 or newer' p = PapeRequest() for parg in pape: if parg.lower().strip() == 'policy_list': for v in pape[parg].split(','): p.addPolicyURI(v) elif parg.lower().strip() == 'max_auth_age': p.max_auth_age = pape[parg] auth_request.addExtension(p) ax = getattr(settings, 'OPENID_AX', []) if ax: axr = AXFetchRequest() for i in ax: axr.add( AttrInfo(i['type_uri'], i['count'], i['required'], i['alias'])) auth_request.addExtension(axr) redirect_url = auth_request.redirectURL(trust_root, redirect_to) return HttpResponseRedirect(redirect_url)
def begin(request, redirect_to=None, on_failure=None, user_url=None, template_name='openid_consumer/signin.html'): on_failure = on_failure or default_on_failure trust_root = getattr( settings, 'OPENID_TRUST_ROOT', get_url_host(request) + '/' ) # foo derbis. redirect_to = redirect_to or getattr( settings, 'OPENID_REDIRECT_TO', # If not explicitly set, assume current URL with complete/ appended get_full_url(request).split('?')[0] + 'complete/' ) # In case they were lazy... if not redirect_to.startswith('http://') or redirect_to.startswith('https://'): redirect_to = get_url_host(request) + redirect_to if request.GET.get('next') and is_valid_next_url(request.GET['next']): if '?' in redirect_to: join = '&' else: join = '?' redirect_to += join + urllib.urlencode({ 'next': request.GET['next'] }) if not user_url: user_url = request.REQUEST.get('openid_url', None) if not user_url: request_path = request.path if request.GET.get('next'): request_path += '?' + urllib.urlencode({ 'next': request.GET['next'] }) return render(template_name, { 'action': request_path, }, RequestContext(request)) if xri.identifierScheme(user_url) == 'XRI' and getattr( settings, 'OPENID_DISALLOW_INAMES', False ): return on_failure(request, _('i-names are not supported')) consumer = Consumer(request.session, DjangoOpenIDStore()) try: auth_request = consumer.begin(user_url) except DiscoveryFailure: return on_failure(request, _('The OpenID was invalid')) sreg = getattr(settings, 'OPENID_SREG', False) if sreg: s = SRegRequest() for sarg in sreg: if sarg.lower().lstrip() == "policy_url": s.policy_url = sreg[sarg] else: for v in sreg[sarg].split(','): s.requestField(field_name=v.lower().lstrip(), required=(sarg.lower().lstrip() == "required")) auth_request.addExtension(s) pape = getattr(settings, 'OPENID_PAPE', False) if pape: if openid.__version__ <= '2.0.0' and openid.__version__ >= '2.1.0': raise ImportError, 'For pape extension you need python-openid 2.1.0 or newer' p = PapeRequest() for parg in pape: if parg.lower().strip() == 'policy_list': for v in pape[parg].split(','): p.addPolicyURI(v) elif parg.lower().strip() == 'max_auth_age': p.max_auth_age = pape[parg] auth_request.addExtension(p) ax = getattr(settings, 'OPENID_AX', []) if ax: axr = AXFetchRequest() for i in ax: axr.add(AttrInfo(i['type_uri'], i['count'], i['required'], i['alias'])) auth_request.addExtension(axr) redirect_url = auth_request.redirectURL(trust_root, redirect_to) return HttpResponseRedirect(redirect_url)
def begin(request, redirect_to=None, on_failure=None, user_url=None, template_name="openid_consumer/signin.html"): on_failure = on_failure or default_on_failure trust_root = getattr(settings, "OPENID_TRUST_ROOT", get_url_host(request) + "/") # foo derbis. redirect_to = redirect_to or getattr( settings, "OPENID_REDIRECT_TO", # If not explicitly set, assume current URL with complete/ appended get_full_url(request).split("?")[0] + "complete/", ) # In case they were lazy... if not (redirect_to.startswith("http://") or redirect_to.startswith("https://")): redirect_to = get_url_host(request) + redirect_to if request.GET.get("next") and is_valid_next_url(request.GET["next"]): if "?" in redirect_to: join = "&" else: join = "?" redirect_to += join + urllib.urlencode({"next": request.GET["next"]}) if not user_url: user_url = request.REQUEST.get("openid_url", None) if not user_url: request_path = request.path if request.GET.get("next"): request_path += "?" + urllib.urlencode({"next": request.GET["next"]}) return render(template_name, {"action": request_path}, RequestContext(request)) if xri.identifierScheme(user_url) == "XRI" and getattr(settings, "OPENID_DISALLOW_INAMES", False): return on_failure(request, _("i-names are not supported")) consumer = Consumer(request.session, DjangoOpenIDStore()) try: auth_request = consumer.begin(user_url) except DiscoveryFailure: return on_failure(request, _("The OpenID was invalid")) sreg = getattr(settings, "OPENID_SREG", False) if sreg: s = SRegRequest() for sarg in sreg: if sarg.lower().lstrip() == "policy_url": s.policy_url = sreg[sarg] else: for v in sreg[sarg].split(","): s.requestField(field_name=v.lower().lstrip(), required=(sarg.lower().lstrip() == "required")) auth_request.addExtension(s) pape = getattr(settings, "OPENID_PAPE", False) if pape: if openid.__version__ <= "2.0.0" and openid.__version__ >= "2.1.0": raise (ImportError, "For pape extension you need python-openid 2.1.0 or newer") p = PapeRequest() for parg in pape: if parg.lower().strip() == "policy_list": for v in pape[parg].split(","): p.addPolicyURI(v) elif parg.lower().strip() == "max_auth_age": p.max_auth_age = pape[parg] auth_request.addExtension(p) OPENID_AX_PROVIDER_MAP = getattr(settings, "OPENID_AX_PROVIDER_MAP", {}) openid_provider = "Google" if "google" in request.session.get("openid_provider", "") else "Default" ax = OPENID_AX_PROVIDER_MAP.get(openid_provider) if ax: axr = AXFetchRequest() for attr_name, attr_url in ax.items(): # axr.add(AttrInfo(i['type_uri'], # i['count'], i['required'], # i['alias'])) # setting all as required attrs axr.add(AttrInfo(attr_url, required=True)) auth_request.addExtension(axr) redirect_url = auth_request.redirectURL(trust_root, redirect_to) return HttpResponseRedirect(redirect_url)