def login(request):
if 'openid' in request.GET or request.method == 'POST':
form = LoginForm(request.REQUEST)
if form.is_valid():
client = _openid_consumer(request)
try:
auth_request = client.begin(form.cleaned_data['openid'])
if QUERY_EMAIL:
sreg = SRegRequest()
sreg.requestField(field_name=SRegField.EMAIL, required=True)
auth_request.addExtension(sreg)
ax = FetchRequest()
ax.add(AttrInfo(AXAttribute.CONTACT_EMAIL,
required=True))
auth_request.addExtension(ax)
callback_url = reverse(callback)
state = SocialLogin.marshall_state(request)
callback_url = callback_url + '?' + urlencode(dict(state=state))
redirect_url = auth_request.redirectURL(
request.build_absolute_uri('/'),
request.build_absolute_uri(callback_url))
return HttpResponseRedirect(redirect_url)
except DiscoveryFailure, e:
if request.method == 'POST':
form._errors["openid"] = form.error_class([e])
else:
return render_authentication_error(request)
def begin(request, openid_url):
request.session['request_referer'] = urlparse.urljoin(request.META.get('HTTP_REFERER', ''), '/')
consumer = Consumer(request.session, DjangoOpenIDStore())
try:
auth_request = consumer.begin(openid_url)
except DiscoveryFailure:
return on_failure(request, _('The OpenID was invalid'))
s = SRegRequest()
for sarg in OPENID_SREG:
if sarg.lower().lstrip() == "policy_url":
s.policy_url = OPENID_SREG[sarg]
else:
for v in OPENID_SREG[sarg].split(','):
s.requestField(field_name=v.lower().lstrip(), required=(sarg.lower().lstrip() == "required"))
auth_request.addExtension(s)
axr = AXFetchRequest()
for i in OPENID_AX:
axr.add(AttrInfo(i['type_uri'], i['count'], i['required'], i['alias']))
auth_request.addExtension(axr)
redirect_url = auth_request.redirectURL(get_trusted_root(request),
request.build_absolute_uri(reverse("openid_complete")))
return HttpResponseRedirect(redirect_url)
def login(request):
if 'openid' in request.GET or request.method == 'POST':
form = LoginForm(request.REQUEST)
if form.is_valid():
client = _openid_consumer(request)
try:
auth_request = client.begin(form.cleaned_data['openid'])
if QUERY_EMAIL:
sreg = SRegRequest()
sreg.requestField(field_name=SRegField.EMAIL,
required=True)
auth_request.addExtension(sreg)
ax = FetchRequest()
ax.add(AttrInfo(AXAttribute.CONTACT_EMAIL, required=True))
auth_request.addExtension(ax)
callback_url = reverse(callback)
SocialLogin.stash_state(request)
redirect_url = auth_request.redirectURL(
request.build_absolute_uri('/'),
request.build_absolute_uri(callback_url))
return HttpResponseRedirect(redirect_url)
# UnicodeDecodeError:
# see https://github.com/necaris/python3-openid/issues/1
except (UnicodeDecodeError, DiscoveryFailure) as e:
if request.method == 'POST':
form._errors["openid"] = form.error_class([e])
else:
return render_authentication_error(request)
else:
form = LoginForm()
d = dict(form=form)
return render_to_response('openid/login.html',
d,
context_instance=RequestContext(request))
class AccountController(BaseController):
geoip = GeoIP(os.path.join(config['pylons.paths']['data'], 'geoip.dat'))
openid_store = FileOpenIDStore('/var/tmp')
@require('guest')
def login(self):
login = render('account/login.tpl', slacks=True)
if request.environ['REQUEST_METHOD'] != 'POST':
return login
try:
form = LoginForm().to_python(request.POST)
except validators.Invalid, e:
return h.htmlfill(e, form=login)
try:
cons = Consumer(session=session, store=self.openid_store)
auth_request = cons.begin(form['openid_identifier'])
auth_request.addExtension(
SRegRequest(optional=['nickname', 'email']))
except DiscoveryFailure:
h.flash(_('The specified URL is not a valid OpenID end-point.'),
'error')
redirect(url(controller='account', action='login'))
host = request.headers['host']
realm = '%s://%s' % (request_config().protocol, host)
return_url = url(host=host,
controller='account',
action='login_complete')
new_url = auth_request.redirectURL(return_to=return_url, realm=realm)
redirect(new_url)
def login_begin(self):
"""Step one of logging in with OpenID; we redirect to the provider"""
cons = Consumer(session=session, store=self.openid_store)
try:
openid_url = request.params['openid_identifier']
except KeyError:
return self._bail("Gotta enter an OpenID to log in.")
try:
auth_request = cons.begin(openid_url)
except DiscoveryFailure:
return self._bail(
"Can't connect to '{0}'. You sure it's an OpenID?".format(
openid_url))
sreg_req = SRegRequest(optional=[
'nickname', 'email', 'dob', 'gender', 'country', 'language',
'timezone'
])
auth_request.addExtension(sreg_req)
host = request.headers['host']
protocol = request_config().protocol
return_url = url(host=host,
controller='accounts',
action='login_finish')
new_url = auth_request.redirectURL(return_to=return_url,
realm=protocol + '://' + host)
redirect(new_url)
def perform_openid_auth(self, form):
if not form.is_valid():
return form
request = self.request
provider = self.provider(request)
endpoint = form.cleaned_data["openid"]
client = self.get_client(provider, endpoint)
realm = self.get_realm(provider)
auth_request = client.begin(endpoint)
if QUERY_EMAIL:
sreg = SRegRequest()
for name in SRegFields:
sreg.requestField(field_name=name, required=True)
auth_request.addExtension(sreg)
ax = FetchRequest()
for name in AXAttributes:
ax.add(AttrInfo(name, required=True))
provider = OpenIDProvider(request)
server_settings = provider.get_server_settings(
request.GET.get("openid"))
extra_attributes = server_settings.get("extra_attributes", [])
for _, name, required in extra_attributes:
ax.add(AttrInfo(name, required=required))
auth_request.addExtension(ax)
SocialLogin.stash_state(request)
# Fix for issues 1523 and 2072 (github django-allauth)
if "next" in form.cleaned_data and form.cleaned_data["next"]:
auth_request.return_to_args["next"] = form.cleaned_data["next"]
redirect_url = auth_request.redirectURL(
realm, request.build_absolute_uri(self.get_callback_url()))
return HttpResponseRedirect(redirect_url)
def __init__(self, status, identity_url):
self.status = status
self.identity_url = identity_url
self.message = message.Message()
sig_ext = SignatureVerification(consumer_key='CKEY',
secret_key='SKEY',
request_token='token',
hmac=None,
timestamp=None)
sig_ext.toMessage(self.message)
sreg_ext = SRegRequest(
required=['nickname', 'email'],
optional=['fullname'],
policy_url=None,
sreg_ns_uri='http://openid.net/extensions/sreg/1.1')
sreg_ext.toMessage(self.message)
self.signed_fields = [
'openid.sreg.nickname', 'openid.sreg.email',
'openid.sreg.required', 'openid.sreg.optional',
'openid.sreg.fullname'
]
self.endpoint = OpenIDServiceEndpoint()
self.endpoint.claimed_id = identity_url
def post(self, request, *args, **kwargs):
data = dict(list(request.GET.items()) + list(request.POST.items()))
if self.provider.endpoint:
data['openid'] = self.provider.endpoint
form = LoginForm(data)
if form.is_valid():
client = _openid_consumer(request)
try:
auth_request = client.begin(form.cleaned_data['openid'])
if QUERY_EMAIL:
sreg = SRegRequest()
for name in SRegFields:
sreg.requestField(field_name=name, required=True)
auth_request.addExtension(sreg)
ax = FetchRequest()
for name in AXAttributes:
ax.add(AttrInfo(name, required=True))
auth_request.addExtension(ax)
callback_url = reverse(self.callback_view)
SocialLogin.stash_state(request)
redirect_url = auth_request.redirectURL(
request.build_absolute_uri('/'),
request.build_absolute_uri(callback_url))
return HttpResponseRedirect(redirect_url)
# UnicodeDecodeError:
# see https://github.com/necaris/python3-openid/issues/1
except (UnicodeDecodeError, DiscoveryFailure) as e:
if request.method == 'POST':
form._errors["openid"] = form.error_class([e])
else:
return render_authentication_error(request,
self.provider.id,
exception=e)
return render(request, self.template_name, {'form': form})
def begin(self, request, data):
try:
openid_url = data['openid_url'].strip()
except KeyError:
messages.error(request, lang.FILL_OPENID_URL)
raise Redirect('publicauth-login')
# allow user to type openid provider without http:// prefix
if not openid_url.startswith("http"):
openid_url = "http://%s" % openid_url
return_url = request.build_absolute_uri(
reverse('publicauth-complete', args=[self.provider]))
request.session['openid_return_to'] = return_url
client = consumer.Consumer(request.session, None)
try:
openid_request = client.begin(openid_url)
sreg_extra = [i for i in self.PROFILE_MAPPING]
sreg = SRegRequest(required=sreg_extra)
openid_request.addExtension(sreg)
ax_msg = FetchRequest()
for detail in self.PROFILE_MAPPING:
ax_msg.add(AttrInfo(settings.AX_URIS[detail], required=True))
openid_request.addExtension(ax_msg)
redirect_url = openid_request.redirectURL(realm='http://' +
request.get_host(),
return_to=return_url)
raise Redirect(redirect_url)
except discover.DiscoveryFailure:
messages.error(request, _('Could not find OpenID server'))
raise Redirect('publicauth-login')
def _start_verification(request, form, return_to, sreg=True):
"""
Start OpenID Verification.
Returns False if verification fails, otherwise, will return either a
redirect or render_to_response object
"""
openid_url = form.openid.data
c = consumer.Consumer(request.session, SQLAlchemyOpenIDStore())
# Try to discover provider
try:
auth_request = c.begin(openid_url)
except DiscoveryFailure:
# Discovery failed, return to login page
form.openid.errors.append(
_('Sorry, the OpenID server could not be found'))
return False
host = 'http://' + request.host
if sreg:
# Ask provider for email and nickname
auth_request.addExtension(SRegRequest(required=['email', 'nickname']))
# Do we even need this?
if auth_request is None:
form.openid.errors.append(
_('No OpenID service was found for %s' % openid_url))
elif auth_request.shouldSendRedirect():
# Begin the authentication process as a HTTP redirect
redirect_url = auth_request.redirectURL(
host, return_to)
return redirect(
request, location=redirect_url)
else:
# Send request as POST
form_html = auth_request.htmlMarkup(
host, host + return_to,
# Is this necessary?
form_tag_attrs={'id': 'openid_message'})
# Beware: this renders a template whose content is a form
# and some javascript to submit it upon page load. Non-JS
# users will have to click the form submit button to
# initiate OpenID authentication.
return render_to_response(
request,
'mediagoblin/plugins/openid/request_form.html',
{'html': form_html})
return False
def begin(self, oid, realm, return_to_url):
"""
Begin the OpenID authentication
"""
w2popenid = self.session.w2popenid
w2popenid.oid = oid
auth_req = self.consumer.begin(oid)
auth_req.addExtension(SRegRequest(required=['email', 'nickname']))
url = auth_req.redirectURL(return_to=return_to_url, realm=realm)
return url
def dispatch(self, request):
if 'openid' in request.GET or request.method == 'POST':
form = LoginForm(
dict(list(request.GET.items()) + list(request.POST.items())))
if form.is_valid():
client = _openid_consumer(request)
try:
auth_request = client.begin(form.cleaned_data['openid'])
provider = self.provider
app = provider.get_app(request)
if QUERY_EMAIL:
sreg = SRegRequest()
for name in SRegFields:
sreg.requestField(field_name=name, required=True)
auth_request.addExtension(sreg)
ax = FetchRequest()
for name in AXAttributes:
ax.add(AttrInfo(name, required=True))
server_settings = provider.get_server_settings(
request.GET.get('openid'))
extra_attributes = server_settings.get(
'extra_attributes', [])
for _, name, required in extra_attributes:
ax.add(AttrInfo(name, required=required))
auth_request.addExtension(ax)
callback_url = provider.get_callback_url(request, app)
SocialLogin.stash_state(request)
# https://github.com/pennersr/django-allauth/issues/1523
auth_request.return_to_args['next'] = \
form.cleaned_data.get('next', '/')
redirect_url = auth_request.redirectURL(
request.build_absolute_uri('/'),
request.build_absolute_uri(callback_url))
return HttpResponseRedirect(redirect_url)
# UnicodeDecodeError:
# see https://github.com/necaris/python3-openid/issues/1
except (UnicodeDecodeError, DiscoveryFailure) as e:
if request.method == 'POST':
form._errors["openid"] = form.error_class([e])
else:
return render_authentication_error(request,
self.provider.id,
exception=e)
else:
form = LoginForm(
initial={
'next': request.GET.get('next'),
'process': request.GET.get('process')
})
d = dict(form=form)
return render(request, "openid/login.html", d)
def prepare_authentication_request(self, request, redirect_to):
if not redirect_to.startswith('http://') or redirect_to.startswith(
'https://'):
redirect_to = get_url_host(request) + redirect_to
user_url = self.get_user_url(request)
if xri.identifierScheme(user_url) == 'XRI' and getattr(
settings, 'OPENID_DISALLOW_INAMES', False):
raise InvalidAuthentication('i-names are not supported')
consumer = Consumer(request.session, OsqaOpenIDStore())
try:
auth_request = consumer.begin(user_url)
except DiscoveryFailure:
raise InvalidAuthentication(
_('Sorry, but your input is not a valid OpenId'))
sreg = getattr(self, 'sreg_attributes', False)
if sreg:
s = SRegRequest()
for k, attr_dic in sreg.items():
if k == "policy_url":
s.policy_url = attr_dic
continue
for attr_name in attr_dic.keys():
s.requestField(field_name=attr_name,
required=(k == "required"))
auth_request.addExtension(s)
ax_schema = getattr(self, 'dataype2ax_schema', False)
if ax_schema and request.session.get('force_email_request', True):
axr = AXFetchRequest()
for data_type, schema in ax_schema.items():
if isinstance(schema, tuple):
axr.add(AttrInfo(schema[0], required=True,
alias=schema[1]))
else:
axr.add(AttrInfo(schema, required=True, alias=data_type))
auth_request.addExtension(axr)
trust_root = getattr(settings, 'OPENID_TRUST_ROOT',
get_url_host(request) + '/')
return auth_request.redirectURL(trust_root, redirect_to)
def attach_reg_info(self, auth_request, keys):
"""Attaches sreg and ax requests to the auth request.
:internal:
"""
keys = set(keys)
sreg_keys = list(SREG_KEYS & keys)
auth_request.addExtension(SRegRequest(required=sreg_keys))
ax_req = ax.FetchRequest()
for key in keys:
for uri in AX_MAPPING.get(key, ()):
ax_req.add(ax.AttrInfo(uri, required=key in REQUIRED_KEYS))
auth_request.addExtension(ax_req)
def openid_begin(identifier, return_url, request, max_auth_age=False, sreg=False):
"""Step one of logging in with OpenID; we resolve a webfinger,
if present, then redirect to the provider.
Set sreg to True to attempt to retrieve Simple Registration
information.
Set max_auth_age to a number of seconds to request the OP to
ensure that the user authenticated within that many seconds prior
to the request, or else force immediate re-authentication."""
session = request.session
openid_url = identifier
# Does it look like an email address?
# If so, try finding an OpenID URL via Webfinger.
webfinger_openid = resolve_webfinger(identifier)
if webfinger_openid:
openid_url = webfinger_openid
session['pending_identity_webfinger'] = identifier
session.save()
cons = Consumer(session=session, store=openid_store)
print 1
try:
auth_request = cons.begin(openid_url)
except DiscoveryFailure:
# XXX this error blows
raise OpenIDError(
"Can't connect to '{0}'. It might not support OpenID.".format(openid_url))
print 2
if sreg:
sreg_req = SRegRequest(optional=['nickname', 'email', 'timezone'])
auth_request.addExtension(sreg_req)
if max_auth_age is not False and max_auth_age >= 0:
auth_age_req = PAPERequest(max_auth_age=max_auth_age)
auth_request.addExtension(auth_age_req)
print 3
# XXX is this realm stuff correct
# ^^^ AFAICT, yes, as long as we don't need the assertion to be valid for
# sub-domains
new_url = auth_request.redirectURL(
return_to=return_url,
realm=request.host_url,
)
print new_url
return new_url
def create_request(openid_url, session):
errors = []
try:
consumer = get_consumer(session)
request = consumer.begin(openid_url)
if request is None:
errors.append(_('OpenID service is not found'))
except Exception as e:
errors.append(str(e))
if errors:
raise OpenIdError(errors)
sreg_request = SRegRequest(optional=['nickname', 'fullname'])
request.addExtension(sreg_request)
return request
def begin_openid_login(request):
request.session["openid_login"] = True
consumer = get_consumer(request)
auth_request = consumer.begin('https://openid.intuit.com/openid/xrds')
auth_request.addExtension(SRegRequest(
required=['fullname', 'email']
))
trust_root = get_base_url(request)
return_to = urljoin(get_base_url(request), request.path)
url = auth_request.redirectURL(trust_root, return_to)
return HttpResponseRedirect(url)
def _begin_login(self, environ, start_response):
"""Start the process of authenticating with OpenID.
We redirect the user to Launchpad to identify themselves, asking to be
sent their nickname. Launchpad will then redirect them to our +login
page with enough information that we can then redirect them again to
the page they were looking at, with a cookie that gives us the
username.
"""
openid_request = self._make_consumer(environ).begin(
config.launchpad.openid_provider_root)
openid_request.addExtension(SRegRequest(required=['nickname']))
back_to = construct_url(environ)
raise HTTPMovedPermanently(
openid_request.redirectURL(
config.codehosting.secure_codebrowse_root,
config.codehosting.secure_codebrowse_root + '+login/?' +
urllib.urlencode({'back_to': back_to})))
def login(request):
if 'openid' in request.GET or request.method == 'POST':
form = LoginForm(
dict(list(request.GET.items()) + list(request.POST.items())))
if form.is_valid():
client = _openid_consumer(request)
try:
auth_request = client.begin(form.cleaned_data['openid'])
if QUERY_EMAIL:
sreg = SRegRequest()
for name in SRegFields:
sreg.requestField(field_name=name, required=True)
auth_request.addExtension(sreg)
ax = FetchRequest()
for name in AXAttributes:
ax.add(AttrInfo(name, required=True))
auth_request.addExtension(ax)
callback_url = reverse(callback)
SocialLogin.stash_state(request)
redirect_url = auth_request.redirectURL(
request.build_absolute_uri('/'),
request.build_absolute_uri(callback_url))
return HttpResponseRedirect(redirect_url)
# UnicodeDecodeError:
# see https://github.com/necaris/python3-openid/issues/1
except (UnicodeDecodeError, DiscoveryFailure) as e:
if request.method == 'POST':
form._errors["openid"] = form.error_class([e])
else:
return render_authentication_error(request,
OpenIDProvider.id,
exception=e)
else:
form = LoginForm(initial={
'next': request.GET.get('next'),
'process': request.GET.get('process')
})
d = dict(form=form)
return render_to_response('openid/login.html',
d,
context_instance=RequestContext(request))
try:
return User.objects.get(pk=user_id)
except User.DoesNotExist:
return None
class OpenIdSetupError(Exception):
pass
class OpenIdError(Exception):
pass
def get_consumer(session):
if not settings.SCIPIO_STORE_ROOT:
raise OpenIdSetupError('SCIPIO_STORE_ROOT is not set')
return Consumer(session, FileOpenIDStore(settings.SCIPIO_STORE_ROOT))
def create_request(openid_url, session):
errors = []
try:
consumer = get_consumer(session)
request = consumer.begin(openid_url)
if request is None:
errors.append(_('OpenID service is not found'))
except (DiscoveryFailure, OpenIdSetupError, ValueError), e:
errors.append(str(e[0]))
if errors:
raise OpenIdError(errors)
sreg_request = SRegRequest(optional=['nickname', 'fullname'])
request.addExtension(sreg_request)
return request
