def login_complete(request,
redirect_field_name=REDIRECT_FIELD_NAME,
render_failure=None):
redirect_to = request.REQUEST.get(redirect_field_name, '')
render_failure = render_failure or \
getattr(settings, 'OPENID_RENDER_FAILURE', None) or \
default_render_failure
openid_response = parse_openid_response(request)
if not openid_response:
return HttpResponseRedirect(sanitise_redirect_url(redirect_to))
if openid_response.status == SUCCESS:
try:
user = authenticate(openid_response=openid_response)
except DjangoOpenIDException, e:
return HttpResponseRedirect(sanitise_redirect_url(redirect_to))
if user is not None:
if user.is_active:
auth_login(request, user)
response = HttpResponseRedirect(
sanitise_redirect_url(redirect_to))
# Notify any listeners that we successfully logged in.
openid_login_complete.send(sender=UserOpenID,
request=request,
user=user,
openid_response=openid_response)
return response
def login_complete(request, redirect_field_name=REDIRECT_FIELD_NAME,
render_failure=None):
redirect_to = request.REQUEST.get(redirect_field_name, '')
render_failure = render_failure or \
getattr(settings, 'OPENID_RENDER_FAILURE', None) or \
default_render_failure
openid_response = parse_openid_response(request)
if not openid_response:
return HttpResponseRedirect(sanitise_redirect_url(redirect_to))
if openid_response.status == SUCCESS:
try:
user = authenticate(openid_response=openid_response)
except DjangoOpenIDException, e:
return HttpResponseRedirect(sanitise_redirect_url(redirect_to))
if user is not None:
if user.is_active:
auth_login(request, user)
response = HttpResponseRedirect(sanitise_redirect_url(redirect_to))
# Notify any listeners that we successfully logged in.
openid_login_complete.send(sender=UserOpenID, request=request,
user=user,
openid_response=openid_response)
return response
def test_sanitise_redirect_url(self):
settings.ALLOWED_EXTERNAL_OPENID_REDIRECT_DOMAINS = [
"example.com", "example.org"
]
# list of URLs and whether they should be passed or not
urls = [
("http://example.com", True),
("http://example.org/", True),
("http://example.org/foo/bar", True),
("http://example.org/foo/bar?baz=quux", True),
("http://example.org:9999/foo/bar?baz=quux", True),
("http://www.example.org/", False),
("http://example.net/foo/bar?baz=quux", False),
("/somewhere/local", True),
("/somewhere/local?url=http://fail.com/bar", True),
# An empty path, as seen when no "next" parameter is passed.
("", False),
("/path with spaces", False),
]
for url, returns_self in urls:
sanitised = sanitise_redirect_url(url)
if returns_self:
self.assertEqual(url, sanitised)
else:
self.assertEqual(settings.LOGIN_REDIRECT_URL, sanitised)
def login_complete(request,
redirect_field_name=REDIRECT_FIELD_NAME,
render_failure=None):
redirect_to = request.REQUEST.get(redirect_field_name, '')
render_failure = render_failure or \
getattr(settings, 'OPENID_RENDER_FAILURE', None) or \
default_render_failure
openid_response = parse_openid_response(request)
if not openid_response:
return HttpResponseRedirect(sanitise_redirect_url(redirect_to))
if openid_response.status == SUCCESS:
try:
user = authenticate(openid_response=openid_response)
except DjangoOpenIDException:
return HttpResponseRedirect(sanitise_redirect_url(redirect_to))
if user is not None:
if user.is_active:
auth_login(request, user)
response = HttpResponseRedirect(
sanitise_redirect_url(redirect_to))
# Notify any listeners that we successfully logged in.
openid_login_complete.send(sender=UserOpenID,
request=request,
user=user,
openid_response=openid_response)
return response
else:
if "next" in request.POST:
return HttpResponseRedirect(
"/Shibboleth.sso/Login?%s" % urlencode({
"entityID":
request.POST.get("entityid", ""),
"target":
request.POST.get("next", default="/project/")
}))
from tukey.webforms.views import osdc_apply
return osdc_apply(request, user)
return HttpResponseRedirect(sanitise_redirect_url(redirect_to))
def login_complete(request, redirect_field_name=REDIRECT_FIELD_NAME,
render_failure=None):
redirect_to = request.REQUEST.get(redirect_field_name, '')
render_failure = render_failure or \
getattr(settings, 'OPENID_RENDER_FAILURE', None) or \
default_render_failure
openid_response = parse_openid_response(request)
if not openid_response:
return HttpResponseRedirect(sanitise_redirect_url(redirect_to))
if openid_response.status == SUCCESS:
try:
user = authenticate(openid_response=openid_response)
except DjangoOpenIDException:
return HttpResponseRedirect(sanitise_redirect_url(redirect_to))
if user is not None:
if user.is_active:
auth_login(request, user)
response = HttpResponseRedirect(sanitise_redirect_url(redirect_to))
# Notify any listeners that we successfully logged in.
openid_login_complete.send(sender=UserOpenID, request=request,
user=user, openid_response=openid_response)
return response
else:
if "next" in request.POST:
return HttpResponseRedirect(
"/Shibboleth.sso/Login?%s" % urlencode(
{"entityID": request.POST.get("entityid", ""),
"target": request.POST.get("next", default="/project/")}
)
)
from tukey.webforms.views import osdc_apply
return osdc_apply(request, user)
return HttpResponseRedirect(sanitise_redirect_url(redirect_to))
def test_sanitise_redirect_url(self):
settings.ALLOWED_EXTERNAL_OPENID_REDIRECT_DOMAINS = [
"example.com", "example.org"]
# list of URLs and whether they should be passed or not
urls = [
("http://example.com", True),
("http://example.org/", True),
("http://example.org/foo/bar", True),
("http://example.org/foo/bar?baz=quux", True),
("http://example.org:9999/foo/bar?baz=quux", True),
("http://www.example.org/", False),
("http://example.net/foo/bar?baz=quux", False),
("/somewhere/local", True),
("/somewhere/local?url=http://fail.com/bar", True),
# An empty path, as seen when no "next" parameter is passed.
("", False),
("/path with spaces", False),
]
for url, returns_self in urls:
sanitised = sanitise_redirect_url(url)
if returns_self:
self.assertEqual(url, sanitised)
else:
self.assertEqual(settings.LOGIN_REDIRECT_URL, sanitised)
redirect_to = request.REQUEST.get(redirect_field_name, '')
render_failure = render_failure or \
getattr(settings, 'OPENID_RENDER_FAILURE', None) or \
default_render_failure
openid_response = parse_openid_response(request)
if not openid_response:
return HttpResponseRedirect(sanitise_redirect_url(redirect_to))
if openid_response.status == SUCCESS:
try:
user = authenticate(openid_response=openid_response)
except DjangoOpenIDException, e:
return HttpResponseRedirect(sanitise_redirect_url(redirect_to))
if user is not None:
if user.is_active:
auth_login(request, user)
response = HttpResponseRedirect(
sanitise_redirect_url(redirect_to))
# Notify any listeners that we successfully logged in.
openid_login_complete.send(sender=UserOpenID,
request=request,
user=user,
openid_response=openid_response)
return response
return HttpResponseRedirect(sanitise_redirect_url(redirect_to))
def login_complete(request, redirect_field_name=REDIRECT_FIELD_NAME,
render_failure=None):
redirect_to = request.REQUEST.get(redirect_field_name, '')
render_failure = render_failure or \
getattr(settings, 'OPENID_RENDER_FAILURE', None) or \
default_render_failure
openid_response = parse_openid_response(request)
if not openid_response:
return HttpResponseRedirect(sanitise_redirect_url(redirect_to))
if openid_response.status == SUCCESS:
try:
user = authenticate(openid_response=openid_response)
except DjangoOpenIDException, e:
return HttpResponseRedirect(sanitise_redirect_url(redirect_to))
if user is not None:
if user.is_active:
auth_login(request, user)
response = HttpResponseRedirect(sanitise_redirect_url(redirect_to))
# Notify any listeners that we successfully logged in.
openid_login_complete.send(sender=UserOpenID, request=request,
user=user,
openid_response=openid_response)
return response
return HttpResponseRedirect(sanitise_redirect_url(redirect_to))
