def assertion(request): """ mojeID server connects here to propagate a response to the registration """ def _reject(request, error): """ Reject response """ return HttpResponse(dictToKV({'mode': 'reject', 'reason': error})) def _accept(request): """ Accept response """ return HttpResponse(dictToKV({'mode': 'accept'})) # Accept only post if not request.method == 'POST': return _reject(request, Assertion.ErrorString.BAD_REQUEST) # Accept only valid status status = request.POST.get('status', None) if not status: return _reject(request, Assertion.ErrorString.MISSING_STATUS) if not status in Assertion.StatusCodes: return _reject(request, Assertion.ErrorString.INVALID_STATUS) # TODO check whether this request is from mojeID server and uses https with a proper certificate # Test calimed ID claimed_id = request.POST.get('claimed_id') if not claimed_id: return _reject(request, Assertion.ErrorString.MISSING_CLAIMED_ID) # The user was registered for mojeID if status == Assertion.StatusCodes.REGISTERED: registration_nonce = request.POST.get('registration_nonce') if registration_nonce is None: return _reject(request, Assertion.ErrorString.MISSING_NONCE) # check nonce try: nonce = Nonce.get_registration_nonce(registration_nonce) except Nonce.DoesNotExist: return _reject(request, Assertion.ErrorString.INVALID_NONCE) user_id = nonce.user_id nonce.delete() # Fetch the user user_model = get_user_model() try: user = user_model.objects.get(pk=user_id) # Create association OpenIDBackend.associate_openid(user, claimed_id) except (user_model.DoesNotExist, IdentityAlreadyClaimed): # Don't associte the user when the user doesn't exist or is already claimed # And assume that server sent us a valid claimed_id # # Note that user might been deleted before this assertion is triggered # Or the newly created mojeID account might been already associated # with a local account by the client # # Both of these cases are not considered as errors pass return _accept(request)