def openid_server(request): """ This view is the actual OpenID server - running at the URL pointed to by the <link rel="openid.server"> tag. """ server = Server(get_store(request), op_endpoint=request.build_absolute_uri( reverse('openid-provider-root'))) # Cancellation if 'cancel' in request.REQUEST: if 'OPENID_REQUEST' in request.session: return oresponse_to_response(server, request.session['OPENID_REQUEST'].answer(False)) else: return HttpResponseRedirect('/') # Clear AuthorizationInfo session var, if it is set if request.session.get('AuthorizationInfo', None): del request.session['AuthorizationInfo'] querydict = dict(request.REQUEST.items()) try: orequest = server.decodeRequest(querydict) except ProtocolError, why: logger.error('Invalid OpenID message %s' % querydict) return oresponse_to_response(server, why)
else: logger.info('No OpenID request redirecting to homepage') return HttpResponseRedirect('/') else: logger.info('Received OpenID request: %s' % querydict) sreg_request = SRegRequest.fromOpenIDRequest(orequest) logger.debug('SREG request: %s' % sreg_request.__dict__) if orequest.mode in ("checkid_immediate", "checkid_setup"): # User is not logged if not request.user.is_authenticated(): # Site does not want interaction if orequest.immediate: logger.debug('User not logged and checkid immediate request, \ returning OpenID failure') return oresponse_to_response(server, orequest.answer(False)) else: # Try to login request.session['OPENID_REQUEST'] = orequest logger.debug('User not logged and checkid request, \ redirecting to login page') return redirect_to_login(request, nonce='1') else: identity = orequest.identity if identity != IDENTIFIER_SELECT: exploded = urlparse.urlparse(identity) # Allows only /openid/<user_id> if check_exploded(exploded, request): # We only support directed identity logger.debug('Invalid OpenID identity %s' % identity) return oresponse_to_response(server, orequest.answer(False))