def handle_response(self, positive, username, identity):
request = self.request
form = request.values
# check form submission nonce, use None for stored value default
# since it cannot be sent from the user
session_nonce = self.request.session.get('openidserver.nonce')
if session_nonce is not None:
del self.request.session['openidserver.nonce']
# use empty string if nothing was sent
form_nonce = form.get('nonce', '')
if session_nonce != form_nonce:
self.request.makeForbidden(403, 'invalid nonce')
return None
openidreq = request.session.get('openidserver.request')
if not openidreq:
request.makeForbidden(403, 'no response request')
return None
del request.session['openidserver.request']
if (not positive or
not request.user.valid or
request.user.name != username):
return openidreq.answer(False)
if form.get('remember', 'no') == 'yes':
if not hasattr(request.user, 'openid_trusted_roots'):
request.user.openid_trusted_roots = []
request.user.openid_trusted_roots.append(strbase64(openidreq.trust_root))
request.user.save()
dummyidentity, server_url = self._make_identity()
return self.approved(identity, openidreq, server_url=server_url)
def user_trusts_url(self, trustroot):
user = self.request.user
if hasattr(user, 'openid_trusted_roots'):
return strbase64(trustroot) in user.openid_trusted_roots
return False
