def type_logincomplete_html(self):
redirect = self.request.GET['redirect']
try:
import openid.consumer.consumer
except ImportError:
return self.render_error("OpenID Error", "OpenID is not supported in this installation")
consumer = openid.consumer.consumer.Consumer(self.request.session, None)
query_dict = dict((k,v) for k,v in self.request.GET.items())
current_url = self.request.build_absolute_uri().split('?')[0]
openid_response = consumer.complete(query_dict, current_url)
if openid_response.status == openid.consumer.consumer.SUCCESS:
identity_url = openid_response.identity_url
identity_url_without_fragment = identity_url.split('#')[0]
# If we want to use display_identifier, we need to have python-openid >=2.1, which isn't in Ubuntu Hardy
#display_identifier = openid_response.getDisplayIdentifier()
sreg = openid_response.extensionResponse('sreg', False)
try:
openid_authentication_method = OpenidAccount.objects.get(Q(openid_url=identity_url_without_fragment) |
Q(openid_url__startswith=identity_url_without_fragment + '#'),
active=True, agent__active=True)
except ObjectDoesNotExist:
# No active OpenidAccount has this openid_url.
return self.render_error("OpenID Error", "There is no active agent with that OpenID")
self.request.session['cur_agent_id'] = openid_authentication_method.agent.pk
full_redirect = '%s?redirect=%s' % (reverse('item_type_url', kwargs={'viewer': self.viewer_name, 'action': 'loggedinorout'}), urlquote(redirect))
return HttpResponseRedirect(full_redirect)
elif openid_response.status == openid.consumer.consumer.CANCEL:
return self.render_error("OpenID Error", "OpenID request was cancelled")
elif openid_response.status == openid.consumer.consumer.FAILURE:
return self.render_error("OpenID Error", "OpenID error: %s" % escape(openid_response.message))
elif openid_response.status == openid.consumer.consumer.SETUP_NEEDED:
return self.render_error("OpenID Error", "OpenID setup needed")
else:
return self.render_error("OpenID Error", "Invalid OpenID status: %s" % escape(openid_response.status))
def process(self):
consumer = openid.consumer.consumer.Consumer(session, None)
return_to = request.url
info = consumer.complete(request.params, return_to)
display_identifier = info.getDisplayIdentifier()
if info.status == openid.consumer.consumer.FAILURE and display_identifier:
c.errors.append(display_identifier + ' : ' + info.message)
return render('/auth/login.mako')
elif info.status == openid.consumer.consumer.SUCCESS:
session['user'] = display_identifier
session['messages'].append('Logged in as ' + display_identifier)
target = session.get('post_login_redirect', '/')
if target:
session['post_login_redirect'] = ''
session.save()
redirect(target)
elif info.status == openid.consumer.consumer.CANCEL:
c.errors.append('Cancelled.')
return render('/auth/login.mako')
elif info.status == openid.consumer.consumer.SETUP_NEEDED:
c.errors.append('Setup needed: ' + info.setup_url)
return render('/auth/login.mako')
else:
c.errors.append('Verification failed.')
return render('/auth/login.mako')
def complete(request):
data = dict(request.REQUEST.items())
consumer = get_consumer(request.session)
trust_url, return_to = get_auth_urls(request)
response = consumer.complete(data, return_to)
return consumer, response
def get(self):
args = self.args_to_dict()
consumer = self.get_consumer()
response = consumer.complete(args, self.request.uri)
if response.status == 'success':
self.success(response)
elif response.status == 'failure':
self.failure(response)
elif response.status == 'cancel':
self.cancelled(response)
else:
assert False, "Response status must be in ('success', 'failure', 'cancel')"
def return_path(self, environ, start_response):
"""After a call to verify_path, Opid instructs the OpenID
provider to redirect to return_path, which then examines the
result of the authentication and determines whether a redirect
to the success or failure paths are necessary.
Opid places a few pieces of information in the session:
opid.auth_status: contains the success or failure strings, as
returned by the python-openid module.
opid.identity_url: the identity returned by the OpenID provider
opid.auth_time: the time of authentication, set by Opid
"""
with self.session_context(environ) as session:
consumer = openid.consumer.consumer.Consumer(session['opid.session'],
self.store)
# Consumer.complete expects a dictionary, whereas a query
# string represents a multidict. We flatten it here.
qdict = {}
for k,v in _parse_qsl(environ['QUERY_STRING']):
qdict[k] = v
resp = consumer.complete(qdict, self._return_to(environ))
environ['opid.auth_status'] = resp.status
# fixme: we could theoretically make success and failure user
# definable apps. In this case, it'd be better to generalize
# handling of success/failure urls. Ie, we might not want them
# at all. Rather, when opid gets a hit at /verify, store the
# query string in the session. We can then pass it on to the
# success and failure apps, so that they can determine what to
# do next.
if resp.status == 'success':
session['opid.identity_url'] = resp.identity_url
session['opid.auth_time'] = time.time()
environ['opid.redirect_url'] = session['opid.success_url']
return self.redirect_app(environ, start_response)
else:
environ['opid.redirect_url'] = session['opid.failure_url']
return self.redirect_app(environ, start_response)
def complete(self, environ, start_response):
req = Request(environ)
sess = environ['beaker.session']
set_template(environ, 'login.xslt')
# params = {'base_uri': self.base_url}
params = {'base_uri': 'http://dev.amp.fm/'}
headers = [('Content-Type', 'application/xml')]
consumer = self.get_consumer(sess[self.ekey])
info = consumer.complete(req.GET)
cookies = []
if info.status == 'success':
req.cookies['openid'] = req.params['identity']
guid = req.cookies.get('guid', str(uuid.uuid1()))
headers.append(make_cookie_header('openid.session', guid, expires=0))
headers.append(make_cookie_header('openid', req.params['identity']))
params['status'] = 'complete'
params['return_location'] = sess[self.ekey]['return_location']
params['message'] = 'Logged in as %s' % req.params['identity']
elif info.status == 'failure':
# Sylvain: I explicitely remove any existing cookie in case of a failure
headers.append(make_cookie_header('openid.session', expires=0))
headers.append(make_cookie_header('openid', expires=0))
params['status']= 'failure'
if info.identity_url:
fmt = "Verification of %s failed: %s"
params['message'] = fmt % (cgi.escape(info.identity_url),
info.message)
else:
params['message'] = "Verification failed"
elif info.status == 'cancel':
params['status'] = 'failure'
params['message'] = 'Verfication cancelled'
set_params(environ, params)
start_response('200 OK', headers)
return []
def GET_postlogin(self):
if getattr(c.user, "f2p", None) != "participated":
return redirect_to("/f2p/steam")
session = g.f2pcache.get("steam_session_%d" % c.user._id)
if not session:
return redirect_to("/f2p/steam?error=no_session")
consumer = openid.consumer.consumer.Consumer(session, store=None)
auth_response = consumer.complete(request.params, request.url)
if auth_response.status == openid.consumer.consumer.CANCEL:
return redirect_to("/f2p/steam?error=cancel")
if auth_response.status != openid.consumer.consumer.SUCCESS:
return redirect_to("/f2p/steam?error=not_success")
steamid_match = STEAMID_EXTRACTOR.search(auth_response.identity_url)
if not steamid_match:
return redirect_to("/f2p/steam?error=id_mismatch")
steamid = steamid_match.group(1)
g.log.debug("successful steam auth for %r", steamid)
with g.make_lock("f2p", "steam_claim_%d" % c.user._id):
c.user._sync_latest()
if c.user.f2p != "participated":
return redirect_to("/f2p/steam")
c.user.f2p = "claiming"
c.user._commit()
message = json.dumps({
"user-id": c.user._id,
"steam-id": steamid,
})
amqp.add_item(QNAME, message)
return redirect_to("/f2p/steam")
def GET_postlogin(self):
if getattr(c.user, "f2p", None) != "participated":
return redirect_to("/f2p/steam")
session = g.f2pcache.get("steam_session_%d" % c.user._id)
if not session:
return redirect_to("/f2p/steam?error=no_session")
consumer = openid.consumer.consumer.Consumer(session, store=None)
auth_response = consumer.complete(request.params, request.url)
if auth_response.status == openid.consumer.consumer.CANCEL:
return redirect_to("/f2p/steam?error=cancel")
if auth_response.status != openid.consumer.consumer.SUCCESS:
return redirect_to("/f2p/steam?error=not_success")
steamid_match = STEAMID_EXTRACTOR.search(auth_response.identity_url)
if not steamid_match:
return redirect_to("/f2p/steam?error=id_mismatch")
steamid = steamid_match.group(1)
g.log.debug("successful steam auth for %r", steamid)
with g.make_lock("f2p", "steam_claim_%d" % c.user._id):
c.user._sync_latest()
if c.user.f2p != "participated":
return redirect_to("/f2p/steam")
c.user.f2p = "claiming"
c.user._commit()
message = json.dumps({
"user-id": c.user._id,
"steam-id": steamid,
})
amqp.add_item(QNAME, message)
return redirect_to("/f2p/steam")
