def handle_response(self, positive, username, identity): request = self.request form = request.values # check form submission nonce, use None for stored value default # since it cannot be sent from the user session_nonce = self.request.session.get('openidserver.nonce') if session_nonce is not None: del self.request.session['openidserver.nonce'] # use empty string if nothing was sent form_nonce = form.get('nonce', '') if session_nonce != form_nonce: self.request.makeForbidden(403, 'invalid nonce') return None openidreq = request.session.get('openidserver.request') if not openidreq: request.makeForbidden(403, 'no response request') return None del request.session['openidserver.request'] if (not positive or not request.user.valid or request.user.name != username): return openidreq.answer(False) if form.get('remember', 'no') == 'yes': if not hasattr(request.user, 'openid_trusted_roots'): request.user.openid_trusted_roots = [] request.user.openid_trusted_roots.append(strbase64(openidreq.trust_root)) request.user.save() dummyidentity, server_url = self._make_identity() return self.approved(identity, openidreq, server_url=server_url)
def user_trusts_url(self, trustroot): user = self.request.user if hasattr(user, 'openid_trusted_roots'): return strbase64(trustroot) in user.openid_trusted_roots return False