def test_delete_params_from_user_session(self, mock_get_user_session):
mock_session = mock.MagicMock(**{"foo": "bar", "answer": 42})
mock_get_user_session.return_value = mock_session
api_utils.delete_params_from_user_session(("foo", "answer"))
self.assertNotIn("foo", mock_session.__dir__)
self.assertNotIn("answer", mock_session.__dir__)
mock_session.save.called_once_with()
def signin(self):
"""Handle signin request."""
session = api_utils.get_user_session()
if api_utils.is_authenticated():
pecan.redirect(CONF.ui_url)
else:
api_utils.delete_params_from_user_session([const.USER_OPENID])
csrf_token = api_utils.get_token()
session[const.CSRF_TOKEN] = csrf_token
session.save()
return_endpoint = parse.urljoin(CONF.api.api_url,
CONF.osid.openid_return_to)
return_to = api_utils.set_query_params(return_endpoint,
{const.CSRF_TOKEN: csrf_token})
params = {
const.OPENID_MODE: CONF.osid.openid_mode,
const.OPENID_NS: CONF.osid.openid_ns,
const.OPENID_RETURN_TO: return_to,
const.OPENID_CLAIMED_ID: CONF.osid.openid_claimed_id,
const.OPENID_IDENTITY: CONF.osid.openid_identity,
const.OPENID_REALM: CONF.api.api_url,
const.OPENID_NS_SREG: CONF.osid.openid_ns_sreg,
const.OPENID_NS_SREG_REQUIRED: CONF.osid.openid_sreg_required,
}
url = CONF.osid.openstack_openid_endpoint
url = api_utils.set_query_params(url, params)
pecan.redirect(location=url)
def signin(self):
"""Handle signin request."""
session = api_utils.get_user_session()
if api_utils.is_authenticated():
pecan.redirect(CONF.ui_url)
else:
api_utils.delete_params_from_user_session([const.USER_OPENID])
csrf_token = api_utils.get_token()
session[const.CSRF_TOKEN] = csrf_token
session.save()
return_endpoint = parse.urljoin(CONF.api.api_url,
CONF.osid.openid_return_to)
return_to = api_utils.set_query_params(return_endpoint,
{const.CSRF_TOKEN: csrf_token})
params = {
const.OPENID_MODE: CONF.osid.openid_mode,
const.OPENID_NS: CONF.osid.openid_ns,
const.OPENID_RETURN_TO: return_to,
const.OPENID_CLAIMED_ID: CONF.osid.openid_claimed_id,
const.OPENID_IDENTITY: CONF.osid.openid_identity,
const.OPENID_REALM: CONF.api.api_url,
const.OPENID_NS_SREG: CONF.osid.openid_ns_sreg,
const.OPENID_NS_SREG_REQUIRED: CONF.osid.openid_sreg_required,
}
url = CONF.osid.openstack_openid_endpoint
url = api_utils.set_query_params(url, params)
pecan.redirect(location=url)
def test_delete_params_from_user_session(self, mock_get_user_session):
mock_session = mock.MagicMock(**{'foo': 'bar', 'answer': 42})
mock_get_user_session.return_value = mock_session
api_utils.delete_params_from_user_session(('foo', 'answer'))
self.assertNotIn('foo', mock_session.__dir__)
self.assertNotIn('answer', mock_session.__dir__)
mock_session.save.called_once_with()
def test_delete_params_from_user_session(self, mock_get_user_session):
mock_session = mock.MagicMock(**{'foo': 'bar', 'answer': 42})
mock_get_user_session.return_value = mock_session
api_utils.delete_params_from_user_session(('foo', 'answer'))
self.assertNotIn('foo', mock_session.__dir__)
self.assertNotIn('answer', mock_session.__dir__)
mock_session.save.called_once_with()
def signin_return(self):
"""Handle returned request from OpenID 2.0 IdP."""
session = api_utils.get_user_session()
#if pecan.request.GET.get(const.OPENID_ERROR):
# api_utils.delete_params_from_user_session([const.CSRF_TOKEN])
# self._auth_failure(pecan.request.GET.get(const.OPENID_ERROR))
#if pecan.request.GET.get(const.OPENID_MODE) == 'cancel':
# api_utils.delete_params_from_user_session([const.CSRF_TOKEN])
# self._auth_failure('Authentication canceled.')
session_token = session.get(const.CSRF_TOKEN)
request_token = pecan.request.GET.get(const.CSRF_TOKEN)
if request_token != session_token:
api_utils.delete_params_from_user_session([const.CSRF_TOKEN])
self._auth_failure('Authentication failed. Please try again.')
api_utils.verify_openid_request(pecan.request)
user_info = {
'openid': '0', #pecan.request.GET.get(const.OPENID_CLAIMED_ID),
'email': '*****@*****.**', #pecan.request.GET.get(const.OPENID_NS_SREG_EMAIL),
'fullname': 'A B' #pecan.request.GET.get(const.OPENID_NS_SREG_FULLNAME)
}
user = db.user_save(user_info)
api_utils.delete_params_from_user_session([const.CSRF_TOKEN])
session[const.USER_OPENID] = user.openid
session.save()
pecan.redirect(CONF.ui_url)
def signout(self):
"""Handle signout request."""
if api_utils.is_authenticated():
api_utils.delete_params_from_user_session([const.USER_OPENID])
params = {'openid_logout': CONF.osid.openid_logout_endpoint}
url = parse.urljoin(CONF.ui_url,
'/#/logout?' + parse.urlencode(params))
pecan.redirect(url)
def signout(self):
"""Handle signout request."""
if api_utils.is_authenticated():
api_utils.delete_params_from_user_session([const.USER_OPENID])
params = {
'openid_logout': CONF.osid.openid_logout_endpoint
}
url = parse.urljoin(CONF.ui_url,
'/#/logout?' + parse.urlencode(params))
pecan.redirect(url)
def signin_return(self):
"""Handle returned request from OpenID 2.0 IdP."""
session = api_utils.get_user_session()
if pecan.request.GET.get(const.OPENID_ERROR):
api_utils.delete_params_from_user_session([const.CSRF_TOKEN])
self._auth_failure(pecan.request.GET.get(const.OPENID_ERROR))
if pecan.request.GET.get(const.OPENID_MODE) == 'cancel':
api_utils.delete_params_from_user_session([const.CSRF_TOKEN])
self._auth_failure('Authentication canceled.')
session_token = session.get(const.CSRF_TOKEN)
request_token = pecan.request.GET.get(const.CSRF_TOKEN)
if request_token != session_token:
api_utils.delete_params_from_user_session([const.CSRF_TOKEN])
self._auth_failure('Authentication failed. Please try again.')
api_utils.verify_openid_request(pecan.request)
user_info = {
'openid': pecan.request.GET.get(const.OPENID_CLAIMED_ID),
'email': pecan.request.GET.get(const.OPENID_NS_SREG_EMAIL),
'fullname': pecan.request.GET.get(const.OPENID_NS_SREG_FULLNAME)
}
user = db.user_save(user_info)
api_utils.delete_params_from_user_session([const.CSRF_TOKEN])
session[const.USER_OPENID] = user.openid
session.save()
pecan.redirect(CONF.ui_url)
def signout(self):
"""Handle signout request."""
if api_utils.is_authenticated():
api_utils.delete_params_from_user_session([const.USER_OPENID])
pecan.redirect(CONF.ui_url)
