def authenticate_user(**kwargs): """ Display user forms prefilled with data from mojeID """ request = kwargs['request'] openid_response = kwargs['openid_response'] redirect_to = kwargs['redirect'] user_model = get_user_model() # Get the user try: # Authenticate user user_openid = UserOpenID.objects.get( claimed_id__exact=openid_response.identity_url) try: user = user_model.objects.get(pk=user_openid.user_id) if OpenIDBackend.is_user_authenticated(user): OpenIDBackend.associate_user_with_session(request, user) except user_model.DoesNotExist: pass # Update all updatable attributes #attrs = OpenIDBackend.update_user_from_openid(user_id, openid_response) # Or Just display the updatable attributes to be updated attrs = OpenIDBackend.get_model_changes(openid_response, only_updatable=True) # Set url path path = reverse(display_user) except UserOpenID.DoesNotExist: # Create user # Get attributes for the new User model attrs = OpenIDBackend.get_model_changes(openid_response) # Set url path path = reverse(new_user) # set the params for redirect qd = QueryDict('').copy() params = attrs.get(get_user_model(), {}) params['next'] = redirect_to if 'user_id_field_name' in params: del params['user_id_field_name'] qd.update(params) # TODO claimed_id as a param! url = "%s?%s" % (path, qd.urlencode()) return redirect(url)
def login_complete(request): # Get addres where to redirect after the login redirect_to = sanitise_redirect_url(OpenIDBackend.get_redirect_to(request)) # Get OpenID response and test whether it is valid attribute_set, lang, openid_response = parse_openid_response(request) # Set language activate_lang(lang) if not openid_response: return render_failure(request, errors.EndpointError()) # Check whether the user is already logged in user_orig = OpenIDBackend.get_user_from_request(request) user_model = get_user_model() if openid_response.status == SUCCESS: try: if user_orig: # Send a signal to obtain HttpResponse resp = associate_user.send(sender=__name__, request=request, openid_response=openid_response, attribute_set=attribute_set, redirect=redirect_to) resp = [r[1] for r in resp if isinstance(r[1], HttpResponse)] if resp: # Return first valid response return resp[0] # Create association with currently logged in user OpenIDBackend.associate_openid_response(user_orig, openid_response) else: # Authenticate mojeID user. # Send a signal to obtain HttpResponse resp = authenticate_user.send(sender=__name__, request=request, openid_response=openid_response, attribute_set=attribute_set, redirect=redirect_to) resp = [r[1] for r in resp if isinstance(r[1], HttpResponse)] if resp: # Return first valid response return resp[0] # Perform a default action user_new = OpenIDBackend.authenticate_using_all_backends( openid_response=openid_response, attribute_set=attribute_set) if not user_new: # Failed to create a user return render_failure(request, errors.UnknownUser()) if not OpenIDBackend.is_user_active(user_new): # user is deactivated return render_failure(request, errors.DisabledAccount(user_new)) # Create an association with the new user OpenIDBackend.associate_user_with_session(request, user_new) except DjangoOpenIDException as e: # Something went wrong user_id = None try: # Try to get user id user_id = UserOpenID.objects.get(claimed_id=openid_response.identity_url).user_id except (UserOpenID.DoesNotExist, user_model.DoesNotExist): # Report an error with identity_url user_login_report.send(sender=__name__, request=request, username=openid_response.identity_url, method='openid', success=False) # Report an error with the username user_login_report.send(sender=__name__, request=request, username=openid_response.identity_url, user_id=user_id, method='openid', success=False) # Render the failure page return render_failure(request, errors.AuthenticationFailed(e)) response = HttpResponseRedirect(redirect_to) # Send signal to log the successful login attempt user_login_report.send(sender=__name__, request=request, user_id=user_orig.id if user_orig else user_new.id, method='openid', success=True) return response # Render other failures elif openid_response.status == FAILURE: user_login_report.send(sender=__name__, request=request, username=openid_response.identity_url, method='openid', success=False) return render_failure(request, errors.OpenIDAuthenticationFailed(openid_response)) elif openid_response.status == CANCEL: user_login_report.send(sender=__name__, request=request, username=openid_response.identity_url, method='openid', success=False) return render_failure(request, errors.OpenIDAuthenticationCanceled()) else: user_login_report.send(sender=__name__, request=request, username=openid_response.identity_url, method='openid', success=False) return render_failure(request, errors.OpenIDUnknownResponseType(openid_response))
def login_complete(request): # Get addres where to redirect after the login redirect_to = sanitise_redirect_url( request.session.get(mojeid_settings.MOJEID_SESSION_NEXT_PAGE_ATTR)) attribute_set = request.session.get(SESSION_ATTR_SET_KEY, 'default') # clean the session if mojeid_settings.MOJEID_SESSION_NEXT_PAGE_ATTR in request.session: del request.session[mojeid_settings.MOJEID_SESSION_NEXT_PAGE_ATTR] if SESSION_ATTR_SET_KEY in request.session: del request.session[SESSION_ATTR_SET_KEY] # Get OpenID response and test whether it is valid endpoint = create_service() message = Message.fromPostArgs(request.REQUEST) consumer = MojeIDConsumer(DjangoOpenIDStore()) try: openid_response = consumer.complete( message, endpoint, request.build_absolute_uri()) except HTTPFetchingError: # if not using association and can't contact MojeID server return render_failure(request, errors.EndpointError()) # Check whether the user is already logged in user_orig = OpenIDBackend.get_user_from_request(request) user_model = get_user_model() if openid_response.status == SUCCESS: try: if user_orig: # Send a signal to obtain HttpResponse resp = associate_user.send( sender=__name__, request=request, openid_response=openid_response, attribute_set=attribute_set, redirect=redirect_to ) resp = [r[1] for r in resp if isinstance(r[1], HttpResponse)] if resp: # Return first valid response return resp[0] # Create association with currently logged in user OpenIDBackend.associate_openid_response(user_orig, openid_response) else: # Authenticate mojeID user. # Send a signal to obtain HttpResponse resp = authenticate_user.send( sender=__name__, request=request, openid_response=openid_response, attribute_set=attribute_set, redirect=redirect_to ) resp = [r[1] for r in resp if isinstance(r[1], HttpResponse)] if resp: # Return first valid response return resp[0] # Perform a default action user_new = OpenIDBackend.authenticate_using_all_backends( openid_response=openid_response, attribute_set=attribute_set) if not user_new: # Failed to create a user return render_failure(request, errors.UnknownUser()) if not OpenIDBackend.is_user_active(user_new): # user is deactivated return render_failure(request, errors.DisabledAccount(user_new)) # Create an association with the new user OpenIDBackend.associate_user_with_session(request, user_new) except DjangoOpenIDException as e: # Something went wrong user_id = None try: # Try to get user id user_id = UserOpenID.objects.get(claimed_id=openid_response.identity_url).user_id except (UserOpenID.DoesNotExist, user_model.DoesNotExist): # Report an error with identity_url user_login_report.send( sender=__name__, request=request, username=openid_response.identity_url, method='openid', success=False ) # Report an error with the username user_login_report.send( sender=__name__, request=request, username=openid_response.identity_url, user_id=user_id, method='openid', success=False ) # Render the failure page return render_failure(request, errors.AuthenticationFailed(e)) response = HttpResponseRedirect(redirect_to) # Send signal to log the successful login attempt user_login_report.send( sender=__name__, request=request, user_id=user_orig.id if user_orig else user_new.id, method='openid', success=True ) return response # Render other failures elif openid_response.status == FAILURE: user_login_report.send( sender=__name__, request=request, username=openid_response.identity_url, method='openid', success=False ) return render_failure(request, errors.OpenIDAuthenticationFailed(openid_response)) elif openid_response.status == CANCEL: user_login_report.send( sender=__name__, request=request, username=openid_response.identity_url, method='openid', success=False ) return render_failure(request, errors.OpenIDAuthenticationCanceled()) else: user_login_report.send( sender=__name__, request=request, username=openid_response.identity_url, method='openid', success=False ) return render_failure(request, errors.OpenIDUnknownResponseType(openid_response))