def registration(request, attribute_set='default', template_name='openid/registration_form.html', form_class=OpenIDLoginForm): """ Try to submit all the registration attributes for mojeID registration""" registration_url = getattr(settings, 'MOJEID_REGISTRATION_URL', MOJEID_REGISTRATION_URL) # Realm should be always something like 'https://example.org/openid/' realm = getattr(settings, 'MOJEID_REALM', request.build_absolute_uri(reverse(top))) user = OpenIDBackend.get_user_from_request(request) user_id = user.pk if user else None # Create Nonce nonce = Nonce(server_url=realm, user_id=user_id) nonce.save() fields = [] attributes = [x for x in get_attributes(attribute_set) if x.type == 'attribute'] # Append attributes to creation request if user is valid if user: for attribute in attributes: form_attr = attribute.registration_form_attrs_html(user_id) if form_attr: fields.append(form_attr) # Render the redirection template return render_to_response( template_name, { 'fields': fields, 'action': registration_url, 'realm': realm, 'nonce': nonce.registration_nonce, }, context_instance=RequestContext(request) )
def disassociate(request): """ Disassociate current user with OpenID """ # Get the User user = OpenIDBackend.get_user_from_request(request) if not user: raise Http404 # Get OpenID association association = OpenIDBackend.get_user_association(user) if not association: raise Http404 # Remove the association association.delete() # Redirect back redirect = OpenIDBackend.get_redirect_to(request) redirect = redirect if redirect else getattr(settings, 'LOGIN_REDIRECT_URL', '/') return HttpResponseRedirect(sanitise_redirect_url(redirect))
def login_show(request, login_template='openid/login.html', associate_template='openid/associate.html', form_class=OpenIDLoginForm): """ Render a template to show the login/associate form form. """ redirect_to = OpenIDBackend.get_redirect_to(request) login_form = form_class(request.POST or None) user = OpenIDBackend.get_user_from_request(request) template_name = associate_template if user else login_template return render_to_response( template_name, { 'form': login_form, 'action': reverse('openid-init'), OpenIDBackend.get_redirect_field_name(): redirect_to }, context_instance=RequestContext(request) )
def registration(request, attribute_set='default', template_name='openid/registration_form.html'): """ Try to submit all the registration attributes for mojeID registration""" # Realm should be always something like 'https://example.org/openid/' realm = getattr(settings, 'MOJEID_REALM', request.build_absolute_uri(reverse(top))) user = OpenIDBackend.get_user_from_request(request) user_id = user.pk if user else None # Create Nonce nonce = Nonce(server_url=realm, user_id=user_id, timestamp=time.time(), salt=randomString(35, NONCE_CHARS)) nonce.save() fields = [] attributes = [x for x in get_attributes(attribute_set) if x.type == 'attribute'] # Append attributes to creation request if user is valid if user: for attribute in attributes: form_attr = attribute.registration_form_attrs_html(user_id) if form_attr: fields.append(form_attr) # Render the redirection template return render_to_response( template_name, { 'fields': fields, 'action': get_registration_url(), 'realm': realm, 'nonce': nonce.registration_nonce, }, context_instance=RequestContext(request) )
def login_complete(request): # Get addres where to redirect after the login redirect_to = sanitise_redirect_url(OpenIDBackend.get_redirect_to(request)) # Get OpenID response and test whether it is valid attribute_set, lang, openid_response = parse_openid_response(request) # Set language activate_lang(lang) if not openid_response: return render_failure(request, errors.EndpointError()) # Check whether the user is already logged in user_orig = OpenIDBackend.get_user_from_request(request) user_model = get_user_model() if openid_response.status == SUCCESS: try: if user_orig: # Send a signal to obtain HttpResponse resp = associate_user.send(sender=__name__, request=request, openid_response=openid_response, attribute_set=attribute_set, redirect=redirect_to) resp = [r[1] for r in resp if isinstance(r[1], HttpResponse)] if resp: # Return first valid response return resp[0] # Create association with currently logged in user OpenIDBackend.associate_openid_response(user_orig, openid_response) else: # Authenticate mojeID user. # Send a signal to obtain HttpResponse resp = authenticate_user.send(sender=__name__, request=request, openid_response=openid_response, attribute_set=attribute_set, redirect=redirect_to) resp = [r[1] for r in resp if isinstance(r[1], HttpResponse)] if resp: # Return first valid response return resp[0] # Perform a default action user_new = OpenIDBackend.authenticate_using_all_backends( openid_response=openid_response, attribute_set=attribute_set) if not user_new: # Failed to create a user return render_failure(request, errors.UnknownUser()) if not OpenIDBackend.is_user_active(user_new): # user is deactivated return render_failure(request, errors.DisabledAccount(user_new)) # Create an association with the new user OpenIDBackend.associate_user_with_session(request, user_new) except DjangoOpenIDException as e: # Something went wrong user_id = None try: # Try to get user id user_id = UserOpenID.objects.get(claimed_id=openid_response.identity_url).user_id except (UserOpenID.DoesNotExist, user_model.DoesNotExist): # Report an error with identity_url user_login_report.send(sender=__name__, request=request, username=openid_response.identity_url, method='openid', success=False) # Report an error with the username user_login_report.send(sender=__name__, request=request, username=openid_response.identity_url, user_id=user_id, method='openid', success=False) # Render the failure page return render_failure(request, errors.AuthenticationFailed(e)) response = HttpResponseRedirect(redirect_to) # Send signal to log the successful login attempt user_login_report.send(sender=__name__, request=request, user_id=user_orig.id if user_orig else user_new.id, method='openid', success=True) return response # Render other failures elif openid_response.status == FAILURE: user_login_report.send(sender=__name__, request=request, username=openid_response.identity_url, method='openid', success=False) return render_failure(request, errors.OpenIDAuthenticationFailed(openid_response)) elif openid_response.status == CANCEL: user_login_report.send(sender=__name__, request=request, username=openid_response.identity_url, method='openid', success=False) return render_failure(request, errors.OpenIDAuthenticationCanceled()) else: user_login_report.send(sender=__name__, request=request, username=openid_response.identity_url, method='openid', success=False) return render_failure(request, errors.OpenIDUnknownResponseType(openid_response))
def login_complete(request): # Get addres where to redirect after the login redirect_to = sanitise_redirect_url( request.session.get(mojeid_settings.MOJEID_SESSION_NEXT_PAGE_ATTR)) attribute_set = request.session.get(SESSION_ATTR_SET_KEY, 'default') # clean the session if mojeid_settings.MOJEID_SESSION_NEXT_PAGE_ATTR in request.session: del request.session[mojeid_settings.MOJEID_SESSION_NEXT_PAGE_ATTR] if SESSION_ATTR_SET_KEY in request.session: del request.session[SESSION_ATTR_SET_KEY] # Get OpenID response and test whether it is valid endpoint = create_service() message = Message.fromPostArgs(request.REQUEST) consumer = MojeIDConsumer(DjangoOpenIDStore()) try: openid_response = consumer.complete( message, endpoint, request.build_absolute_uri()) except HTTPFetchingError: # if not using association and can't contact MojeID server return render_failure(request, errors.EndpointError()) # Check whether the user is already logged in user_orig = OpenIDBackend.get_user_from_request(request) user_model = get_user_model() if openid_response.status == SUCCESS: try: if user_orig: # Send a signal to obtain HttpResponse resp = associate_user.send( sender=__name__, request=request, openid_response=openid_response, attribute_set=attribute_set, redirect=redirect_to ) resp = [r[1] for r in resp if isinstance(r[1], HttpResponse)] if resp: # Return first valid response return resp[0] # Create association with currently logged in user OpenIDBackend.associate_openid_response(user_orig, openid_response) else: # Authenticate mojeID user. # Send a signal to obtain HttpResponse resp = authenticate_user.send( sender=__name__, request=request, openid_response=openid_response, attribute_set=attribute_set, redirect=redirect_to ) resp = [r[1] for r in resp if isinstance(r[1], HttpResponse)] if resp: # Return first valid response return resp[0] # Perform a default action user_new = OpenIDBackend.authenticate_using_all_backends( openid_response=openid_response, attribute_set=attribute_set) if not user_new: # Failed to create a user return render_failure(request, errors.UnknownUser()) if not OpenIDBackend.is_user_active(user_new): # user is deactivated return render_failure(request, errors.DisabledAccount(user_new)) # Create an association with the new user OpenIDBackend.associate_user_with_session(request, user_new) except DjangoOpenIDException as e: # Something went wrong user_id = None try: # Try to get user id user_id = UserOpenID.objects.get(claimed_id=openid_response.identity_url).user_id except (UserOpenID.DoesNotExist, user_model.DoesNotExist): # Report an error with identity_url user_login_report.send( sender=__name__, request=request, username=openid_response.identity_url, method='openid', success=False ) # Report an error with the username user_login_report.send( sender=__name__, request=request, username=openid_response.identity_url, user_id=user_id, method='openid', success=False ) # Render the failure page return render_failure(request, errors.AuthenticationFailed(e)) response = HttpResponseRedirect(redirect_to) # Send signal to log the successful login attempt user_login_report.send( sender=__name__, request=request, user_id=user_orig.id if user_orig else user_new.id, method='openid', success=True ) return response # Render other failures elif openid_response.status == FAILURE: user_login_report.send( sender=__name__, request=request, username=openid_response.identity_url, method='openid', success=False ) return render_failure(request, errors.OpenIDAuthenticationFailed(openid_response)) elif openid_response.status == CANCEL: user_login_report.send( sender=__name__, request=request, username=openid_response.identity_url, method='openid', success=False ) return render_failure(request, errors.OpenIDAuthenticationCanceled()) else: user_login_report.send( sender=__name__, request=request, username=openid_response.identity_url, method='openid', success=False ) return render_failure(request, errors.OpenIDUnknownResponseType(openid_response))