def cleanup_associations(self, request, queryset): store = DjangoOpenIDStore() count = store.cleanupAssociations() self.message_user(request, "%d expired associations removed" % count)
def handle_noargs(self, **options): store = DjangoOpenIDStore() store.cleanup()
def cleanup_nonces(self, request, queryset): store = DjangoOpenIDStore() count = store.cleanupNonces() self.message_user(request, "%d expired nonces removed" % count)
def setUp(self): super(OpenIDStoreTests, self).setUp() self.store = DjangoOpenIDStore()
def make_consumer(request): """Create an OpenID Consumer object for the given Django request.""" # Give the OpenID library its own space in the session object. session = request.session.setdefault('OPENID', {}) store = DjangoOpenIDStore() return Consumer(session, store)
class OpenIDStoreTests(TestCase): def setUp(self): super(OpenIDStoreTests, self).setUp() self.store = DjangoOpenIDStore() def test_storeAssociation(self): assoc = OIDAssociation('handle', 'secret', 42, 600, 'HMAC-SHA1') self.store.storeAssociation('server-url', assoc) dbassoc = Association.objects.get(server_url='server-url', handle='handle') self.assertEquals(dbassoc.server_url, 'server-url') self.assertEquals(dbassoc.handle, 'handle') self.assertEquals(dbassoc.secret, base64.encodestring(b'secret').decode('utf-8')) self.assertEquals(dbassoc.issued, 42) self.assertEquals(dbassoc.lifetime, 600) self.assertEquals(dbassoc.assoc_type, 'HMAC-SHA1') def test_storeAssociation_update_existing(self): assoc = OIDAssociation('handle', 'secret', 42, 600, 'HMAC-SHA1') self.store.storeAssociation('server-url', assoc) # Now update the association with new information. assoc = OIDAssociation('handle', 'secret2', 420, 900, 'HMAC-SHA256') self.store.storeAssociation('server-url', assoc) dbassoc = Association.objects.get(server_url='server-url', handle='handle') self.assertEqual(dbassoc.secret, base64.encodestring(b'secret2').decode('utf-8')) self.assertEqual(dbassoc.issued, 420) self.assertEqual(dbassoc.lifetime, 900) self.assertEqual(dbassoc.assoc_type, 'HMAC-SHA256') def test_getAssociation(self): timestamp = int(time.time()) self.store.storeAssociation( 'server-url', OIDAssociation('handle', 'secret', timestamp, 600, 'HMAC-SHA1')) assoc = self.store.getAssociation('server-url', 'handle') self.assertTrue(isinstance(assoc, OIDAssociation)) self.assertEquals(assoc.handle, 'handle') self.assertEquals(assoc.secret, b'secret') self.assertEquals(assoc.issued, timestamp) self.assertEquals(assoc.lifetime, 600) self.assertEquals(assoc.assoc_type, 'HMAC-SHA1') def test_getAssociation_unknown(self): assoc = self.store.getAssociation('server-url', 'unknown') self.assertEquals(assoc, None) def test_getAssociation_expired(self): lifetime = 600 timestamp = int(time.time()) - 2 * lifetime self.store.storeAssociation( 'server-url', OIDAssociation('handle', 'secret', timestamp, lifetime, 'HMAC-SHA1')) # The association is not returned, and is removed from the database. assoc = self.store.getAssociation('server-url', 'handle') self.assertEquals(assoc, None) self.assertRaises(Association.DoesNotExist, Association.objects.get, server_url='server-url', handle='handle') def test_getAssociation_no_handle(self): timestamp = int(time.time()) self.store.storeAssociation( 'server-url', OIDAssociation('handle1', 'secret', timestamp + 1, 600, 'HMAC-SHA1')) self.store.storeAssociation( 'server-url', OIDAssociation('handle2', 'secret', timestamp, 600, 'HMAC-SHA1')) # The newest handle is returned. assoc = self.store.getAssociation('server-url', None) self.assertNotEquals(assoc, None) self.assertEquals(assoc.handle, 'handle1') self.assertEquals(assoc.issued, timestamp + 1) def test_removeAssociation(self): timestamp = int(time.time()) self.store.storeAssociation( 'server-url', OIDAssociation('handle', 'secret', timestamp, 600, 'HMAC-SHA1')) self.assertEquals(self.store.removeAssociation('server-url', 'handle'), True) self.assertEquals(self.store.getAssociation('server-url', 'handle'), None) def test_removeAssociation_unknown(self): self.assertEquals( self.store.removeAssociation('server-url', 'unknown'), False) def test_useNonce(self): timestamp = time.time() # The nonce can only be used once. self.assertEqual(self.store.useNonce('server-url', timestamp, 'salt'), True) self.assertEqual(self.store.useNonce('server-url', timestamp, 'salt'), False) self.assertEqual(self.store.useNonce('server-url', timestamp, 'salt'), False) def test_useNonce_expired(self): timestamp = time.time() - 2 * SKEW self.assertEqual(self.store.useNonce('server-url', timestamp, 'salt'), False) def test_useNonce_future(self): timestamp = time.time() + 2 * SKEW self.assertEqual(self.store.useNonce('server-url', timestamp, 'salt'), False) def test_cleanupNonces(self): timestamp = time.time() self.assertEqual(self.store.useNonce('server1', timestamp, 'salt1'), True) self.assertEqual(self.store.useNonce('server2', timestamp, 'salt2'), True) self.assertEqual(self.store.useNonce('server3', timestamp, 'salt3'), True) self.assertEqual(Nonce.objects.count(), 3) self.assertEqual(self.store.cleanupNonces(_now=timestamp + 2 * SKEW), 3) self.assertEqual(Nonce.objects.count(), 0) # The nonces have now been cleared: self.assertEqual(self.store.useNonce('server1', timestamp, 'salt1'), True) self.assertEqual(self.store.cleanupNonces(_now=timestamp + 2 * SKEW), 1) self.assertEqual(self.store.cleanupNonces(_now=timestamp + 2 * SKEW), 0) def test_cleanupAssociations(self): timestamp = int(time.time()) - 100 self.store.storeAssociation( 'server-url', OIDAssociation('handle1', 'secret', timestamp, 50, 'HMAC-SHA1')) self.store.storeAssociation( 'server-url', OIDAssociation('handle2', 'secret', timestamp, 200, 'HMAC-SHA1')) self.assertEquals(self.store.cleanupAssociations(), 1) # The second (non-expired) association is left behind. self.assertNotEqual(self.store.getAssociation('server-url', 'handle2'), None)
def openid_server(req): """ This view is the actual OpenID server - running at the URL pointed to by the <link rel="openid.server"> tag. """ host = get_base_uri(req) try: # if we have django_openid_auth in applications directory # then we can use DjangoOpenIDStore from django_openid_auth.store import DjangoOpenIDStore store = DjangoOpenIDStore() except: # otherwise use FileOpenIDStore OPENID_FILESTORE = '/tmp/openid-filestore' from openid.store.filestore import FileOpenIDStore store = FileOpenIDStore(OPENID_FILESTORE) server = Server(store, op_endpoint="%s%s" % (host, reverse('openid-provider-root'))) # Clear AuthorizationInfo session var, if it is set if req.session.get('AuthorizationInfo', None): del req.session['AuthorizationInfo'] querydict = dict(req.REQUEST.items()) try: orequest = server.decodeRequest(querydict) except: L.exception("Request decode failed") orequest = None if not orequest: orequest = req.session.get('OPENID_REQUEST', None) if not orequest: # not request, render info page: return render_to_response('openid_provider/server.html', { 'host': host, }, context_instance=RequestContext(req)) else: # remove session stored data: del req.session['OPENID_REQUEST'] if orequest.mode in ("checkid_immediate", "checkid_setup"): if not req.user.is_authenticated(): return landing_page(req, orequest) openid = openid_is_authorized(req, orequest.identity, orequest.trust_root) if openid is not None: oresponse = orequest.answer( True, identity="%s%s" % (host, reverse('openid-provider-identity', args=[openid.openid]))) sreg_data = {'nickname': req.user.username} sreg_req = sreg.SRegRequest.fromOpenIDRequest(orequest) sreg_resp = sreg.SRegResponse.extractResponse(sreg_req, sreg_data) oresponse.addExtension(sreg_resp) elif orequest.immediate: raise Exception('checkid_immediate mode not supported') else: req.session['OPENID_REQUEST'] = orequest return HttpResponseRedirect(reverse('openid-provider-decide')) else: oresponse = server.handleRequest(orequest) webresponse = server.encodeResponse(oresponse) return django_response(webresponse)
class OpenIDStoreTests(TestCase): def setUp(self): super(OpenIDStoreTests, self).setUp() self.store = DjangoOpenIDStore() def test_storeAssociation(self): assoc = OIDAssociation('handle', 'secret', 42, 600, 'HMAC-SHA1') self.store.storeAssociation('server-url', assoc) dbassoc = Association.objects.get( server_url='server-url', handle='handle') self.assertEquals(dbassoc.server_url, 'server-url') self.assertEquals(dbassoc.handle, 'handle') self.assertEquals(dbassoc.secret, 'secret'.encode('base-64')) self.assertEquals(dbassoc.issued, 42) self.assertEquals(dbassoc.lifetime, 600) self.assertEquals(dbassoc.assoc_type, 'HMAC-SHA1') def test_storeAssociation_update_existing(self): assoc = OIDAssociation('handle', 'secret', 42, 600, 'HMAC-SHA1') self.store.storeAssociation('server-url', assoc) # Now update the association with new information. assoc = OIDAssociation('handle', 'secret2', 420, 900, 'HMAC-SHA256') self.store.storeAssociation('server-url', assoc) dbassoc = Association.objects.get( server_url='server-url', handle='handle') self.assertEqual(dbassoc.secret, 'secret2'.encode('base-64')) self.assertEqual(dbassoc.issued, 420) self.assertEqual(dbassoc.lifetime, 900) self.assertEqual(dbassoc.assoc_type, 'HMAC-SHA256') def test_getAssociation(self): timestamp = int(time.time()) self.store.storeAssociation( 'server-url', OIDAssociation('handle', 'secret', timestamp, 600, 'HMAC-SHA1')) assoc = self.store.getAssociation('server-url', 'handle') self.assertTrue(isinstance(assoc, OIDAssociation)) self.assertEquals(assoc.handle, 'handle') self.assertEquals(assoc.secret, 'secret') self.assertEquals(assoc.issued, timestamp) self.assertEquals(assoc.lifetime, 600) self.assertEquals(assoc.assoc_type, 'HMAC-SHA1') def test_getAssociation_unknown(self): assoc = self.store.getAssociation('server-url', 'unknown') self.assertEquals(assoc, None) def test_getAssociation_expired(self): lifetime = 600 timestamp = int(time.time()) - 2 * lifetime self.store.storeAssociation( 'server-url', OIDAssociation('handle', 'secret', timestamp, lifetime, 'HMAC-SHA1')) # The association is not returned, and is removed from the database. assoc = self.store.getAssociation('server-url', 'handle') self.assertEquals(assoc, None) self.assertRaises(Association.DoesNotExist, Association.objects.get, server_url='server-url', handle='handle') def test_getAssociation_no_handle(self): timestamp = int(time.time()) self.store.storeAssociation( 'server-url', OIDAssociation('handle1', 'secret', timestamp + 1, 600, 'HMAC-SHA1')) self.store.storeAssociation( 'server-url', OIDAssociation('handle2', 'secret', timestamp, 600, 'HMAC-SHA1')) # The newest handle is returned. assoc = self.store.getAssociation('server-url', None) self.assertNotEquals(assoc, None) self.assertEquals(assoc.handle, 'handle1') self.assertEquals(assoc.issued, timestamp + 1) def test_removeAssociation(self): timestamp = int(time.time()) self.store.storeAssociation( 'server-url', OIDAssociation('handle', 'secret', timestamp, 600, 'HMAC-SHA1')) self.assertEquals( self.store.removeAssociation('server-url', 'handle'), True) self.assertEquals( self.store.getAssociation('server-url', 'handle'), None) def test_removeAssociation_unknown(self): self.assertEquals( self.store.removeAssociation('server-url', 'unknown'), False) def test_useNonce(self): timestamp = time.time() # The nonce can only be used once. self.assertEqual( self.store.useNonce('server-url', timestamp, 'salt'), True) self.assertEqual( self.store.useNonce('server-url', timestamp, 'salt'), False) self.assertEqual( self.store.useNonce('server-url', timestamp, 'salt'), False) def test_useNonce_expired(self): timestamp = time.time() - 2 * SKEW self.assertEqual( self.store.useNonce('server-url', timestamp, 'salt'), False) def test_useNonce_future(self): timestamp = time.time() + 2 * SKEW self.assertEqual( self.store.useNonce('server-url', timestamp, 'salt'), False) def test_cleanupNonces(self): timestamp = time.time() self.assertEqual( self.store.useNonce('server1', timestamp, 'salt1'), True) self.assertEqual( self.store.useNonce('server2', timestamp, 'salt2'), True) self.assertEqual( self.store.useNonce('server3', timestamp, 'salt3'), True) self.assertEqual(Nonce.objects.count(), 3) self.assertEqual( self.store.cleanupNonces(_now=timestamp + 2 * SKEW), 3) self.assertEqual(Nonce.objects.count(), 0) # The nonces have now been cleared: self.assertEqual( self.store.useNonce('server1', timestamp, 'salt1'), True) self.assertEqual( self.store.cleanupNonces(_now=timestamp + 2 * SKEW), 1) self.assertEqual( self.store.cleanupNonces(_now=timestamp + 2 * SKEW), 0) def test_cleanupAssociations(self): timestamp = int(time.time()) - 100 self.store.storeAssociation( 'server-url', OIDAssociation('handle1', 'secret', timestamp, 50, 'HMAC-SHA1')) self.store.storeAssociation( 'server-url', OIDAssociation('handle2', 'secret', timestamp, 200, 'HMAC-SHA1')) self.assertEquals(self.store.cleanupAssociations(), 1) # The second (non-expired) association is left behind. self.assertNotEqual(self.store.getAssociation('server-url', 'handle2'), None)