def login_complete(request, redirect_field_name=REDIRECT_FIELD_NAME, render_failure=None): redirect_to = request.REQUEST.get(redirect_field_name, '') render_failure = render_failure or \ getattr(settings, 'OPENID_RENDER_FAILURE', None) or \ default_render_failure openid_response = parse_openid_response(request) if not openid_response: return HttpResponseRedirect(sanitise_redirect_url(redirect_to)) if openid_response.status == SUCCESS: try: user = authenticate(openid_response=openid_response) except DjangoOpenIDException, e: return HttpResponseRedirect(sanitise_redirect_url(redirect_to)) if user is not None: if user.is_active: auth_login(request, user) response = HttpResponseRedirect( sanitise_redirect_url(redirect_to)) # Notify any listeners that we successfully logged in. openid_login_complete.send(sender=UserOpenID, request=request, user=user, openid_response=openid_response) return response
def login_complete(request, redirect_field_name=REDIRECT_FIELD_NAME, render_failure=None): redirect_to = request.REQUEST.get(redirect_field_name, '') render_failure = render_failure or \ getattr(settings, 'OPENID_RENDER_FAILURE', None) or \ default_render_failure openid_response = parse_openid_response(request) if not openid_response: return HttpResponseRedirect(sanitise_redirect_url(redirect_to)) if openid_response.status == SUCCESS: try: user = authenticate(openid_response=openid_response) except DjangoOpenIDException, e: return HttpResponseRedirect(sanitise_redirect_url(redirect_to)) if user is not None: if user.is_active: auth_login(request, user) response = HttpResponseRedirect(sanitise_redirect_url(redirect_to)) # Notify any listeners that we successfully logged in. openid_login_complete.send(sender=UserOpenID, request=request, user=user, openid_response=openid_response) return response
def test_sanitise_redirect_url(self): settings.ALLOWED_EXTERNAL_OPENID_REDIRECT_DOMAINS = [ "example.com", "example.org" ] # list of URLs and whether they should be passed or not urls = [ ("http://example.com", True), ("http://example.org/", True), ("http://example.org/foo/bar", True), ("http://example.org/foo/bar?baz=quux", True), ("http://example.org:9999/foo/bar?baz=quux", True), ("http://www.example.org/", False), ("http://example.net/foo/bar?baz=quux", False), ("/somewhere/local", True), ("/somewhere/local?url=http://fail.com/bar", True), # An empty path, as seen when no "next" parameter is passed. ("", False), ("/path with spaces", False), ] for url, returns_self in urls: sanitised = sanitise_redirect_url(url) if returns_self: self.assertEqual(url, sanitised) else: self.assertEqual(settings.LOGIN_REDIRECT_URL, sanitised)
def login_complete(request, redirect_field_name=REDIRECT_FIELD_NAME, render_failure=None): redirect_to = request.REQUEST.get(redirect_field_name, '') render_failure = render_failure or \ getattr(settings, 'OPENID_RENDER_FAILURE', None) or \ default_render_failure openid_response = parse_openid_response(request) if not openid_response: return HttpResponseRedirect(sanitise_redirect_url(redirect_to)) if openid_response.status == SUCCESS: try: user = authenticate(openid_response=openid_response) except DjangoOpenIDException: return HttpResponseRedirect(sanitise_redirect_url(redirect_to)) if user is not None: if user.is_active: auth_login(request, user) response = HttpResponseRedirect( sanitise_redirect_url(redirect_to)) # Notify any listeners that we successfully logged in. openid_login_complete.send(sender=UserOpenID, request=request, user=user, openid_response=openid_response) return response else: if "next" in request.POST: return HttpResponseRedirect( "/Shibboleth.sso/Login?%s" % urlencode({ "entityID": request.POST.get("entityid", ""), "target": request.POST.get("next", default="/project/") })) from tukey.webforms.views import osdc_apply return osdc_apply(request, user) return HttpResponseRedirect(sanitise_redirect_url(redirect_to))
def login_complete(request, redirect_field_name=REDIRECT_FIELD_NAME, render_failure=None): redirect_to = request.REQUEST.get(redirect_field_name, '') render_failure = render_failure or \ getattr(settings, 'OPENID_RENDER_FAILURE', None) or \ default_render_failure openid_response = parse_openid_response(request) if not openid_response: return HttpResponseRedirect(sanitise_redirect_url(redirect_to)) if openid_response.status == SUCCESS: try: user = authenticate(openid_response=openid_response) except DjangoOpenIDException: return HttpResponseRedirect(sanitise_redirect_url(redirect_to)) if user is not None: if user.is_active: auth_login(request, user) response = HttpResponseRedirect(sanitise_redirect_url(redirect_to)) # Notify any listeners that we successfully logged in. openid_login_complete.send(sender=UserOpenID, request=request, user=user, openid_response=openid_response) return response else: if "next" in request.POST: return HttpResponseRedirect( "/Shibboleth.sso/Login?%s" % urlencode( {"entityID": request.POST.get("entityid", ""), "target": request.POST.get("next", default="/project/")} ) ) from tukey.webforms.views import osdc_apply return osdc_apply(request, user) return HttpResponseRedirect(sanitise_redirect_url(redirect_to))
def test_sanitise_redirect_url(self): settings.ALLOWED_EXTERNAL_OPENID_REDIRECT_DOMAINS = [ "example.com", "example.org"] # list of URLs and whether they should be passed or not urls = [ ("http://example.com", True), ("http://example.org/", True), ("http://example.org/foo/bar", True), ("http://example.org/foo/bar?baz=quux", True), ("http://example.org:9999/foo/bar?baz=quux", True), ("http://www.example.org/", False), ("http://example.net/foo/bar?baz=quux", False), ("/somewhere/local", True), ("/somewhere/local?url=http://fail.com/bar", True), # An empty path, as seen when no "next" parameter is passed. ("", False), ("/path with spaces", False), ] for url, returns_self in urls: sanitised = sanitise_redirect_url(url) if returns_self: self.assertEqual(url, sanitised) else: self.assertEqual(settings.LOGIN_REDIRECT_URL, sanitised)
redirect_to = request.REQUEST.get(redirect_field_name, '') render_failure = render_failure or \ getattr(settings, 'OPENID_RENDER_FAILURE', None) or \ default_render_failure openid_response = parse_openid_response(request) if not openid_response: return HttpResponseRedirect(sanitise_redirect_url(redirect_to)) if openid_response.status == SUCCESS: try: user = authenticate(openid_response=openid_response) except DjangoOpenIDException, e: return HttpResponseRedirect(sanitise_redirect_url(redirect_to)) if user is not None: if user.is_active: auth_login(request, user) response = HttpResponseRedirect( sanitise_redirect_url(redirect_to)) # Notify any listeners that we successfully logged in. openid_login_complete.send(sender=UserOpenID, request=request, user=user, openid_response=openid_response) return response return HttpResponseRedirect(sanitise_redirect_url(redirect_to))
def login_complete(request, redirect_field_name=REDIRECT_FIELD_NAME, render_failure=None): redirect_to = request.REQUEST.get(redirect_field_name, '') render_failure = render_failure or \ getattr(settings, 'OPENID_RENDER_FAILURE', None) or \ default_render_failure openid_response = parse_openid_response(request) if not openid_response: return HttpResponseRedirect(sanitise_redirect_url(redirect_to)) if openid_response.status == SUCCESS: try: user = authenticate(openid_response=openid_response) except DjangoOpenIDException, e: return HttpResponseRedirect(sanitise_redirect_url(redirect_to)) if user is not None: if user.is_active: auth_login(request, user) response = HttpResponseRedirect(sanitise_redirect_url(redirect_to)) # Notify any listeners that we successfully logged in. openid_login_complete.send(sender=UserOpenID, request=request, user=user, openid_response=openid_response) return response return HttpResponseRedirect(sanitise_redirect_url(redirect_to))