def type_logincomplete_html(self): redirect = self.request.GET['redirect'] try: import openid.consumer.consumer except ImportError: return self.render_error("OpenID Error", "OpenID is not supported in this installation") consumer = openid.consumer.consumer.Consumer(self.request.session, None) query_dict = dict((k,v) for k,v in self.request.GET.items()) current_url = self.request.build_absolute_uri().split('?')[0] openid_response = consumer.complete(query_dict, current_url) if openid_response.status == openid.consumer.consumer.SUCCESS: identity_url = openid_response.identity_url identity_url_without_fragment = identity_url.split('#')[0] # If we want to use display_identifier, we need to have python-openid >=2.1, which isn't in Ubuntu Hardy #display_identifier = openid_response.getDisplayIdentifier() sreg = openid_response.extensionResponse('sreg', False) try: openid_authentication_method = OpenidAccount.objects.get(Q(openid_url=identity_url_without_fragment) | Q(openid_url__startswith=identity_url_without_fragment + '#'), active=True, agent__active=True) except ObjectDoesNotExist: # No active OpenidAccount has this openid_url. return self.render_error("OpenID Error", "There is no active agent with that OpenID") self.request.session['cur_agent_id'] = openid_authentication_method.agent.pk full_redirect = '%s?redirect=%s' % (reverse('item_type_url', kwargs={'viewer': self.viewer_name, 'action': 'loggedinorout'}), urlquote(redirect)) return HttpResponseRedirect(full_redirect) elif openid_response.status == openid.consumer.consumer.CANCEL: return self.render_error("OpenID Error", "OpenID request was cancelled") elif openid_response.status == openid.consumer.consumer.FAILURE: return self.render_error("OpenID Error", "OpenID error: %s" % escape(openid_response.message)) elif openid_response.status == openid.consumer.consumer.SETUP_NEEDED: return self.render_error("OpenID Error", "OpenID setup needed") else: return self.render_error("OpenID Error", "Invalid OpenID status: %s" % escape(openid_response.status))
def process(self): consumer = openid.consumer.consumer.Consumer(session, None) return_to = request.url info = consumer.complete(request.params, return_to) display_identifier = info.getDisplayIdentifier() if info.status == openid.consumer.consumer.FAILURE and display_identifier: c.errors.append(display_identifier + ' : ' + info.message) return render('/auth/login.mako') elif info.status == openid.consumer.consumer.SUCCESS: session['user'] = display_identifier session['messages'].append('Logged in as ' + display_identifier) target = session.get('post_login_redirect', '/') if target: session['post_login_redirect'] = '' session.save() redirect(target) elif info.status == openid.consumer.consumer.CANCEL: c.errors.append('Cancelled.') return render('/auth/login.mako') elif info.status == openid.consumer.consumer.SETUP_NEEDED: c.errors.append('Setup needed: ' + info.setup_url) return render('/auth/login.mako') else: c.errors.append('Verification failed.') return render('/auth/login.mako')
def complete(request): data = dict(request.REQUEST.items()) consumer = get_consumer(request.session) trust_url, return_to = get_auth_urls(request) response = consumer.complete(data, return_to) return consumer, response
def get(self): args = self.args_to_dict() consumer = self.get_consumer() response = consumer.complete(args, self.request.uri) if response.status == 'success': self.success(response) elif response.status == 'failure': self.failure(response) elif response.status == 'cancel': self.cancelled(response) else: assert False, "Response status must be in ('success', 'failure', 'cancel')"
def return_path(self, environ, start_response): """After a call to verify_path, Opid instructs the OpenID provider to redirect to return_path, which then examines the result of the authentication and determines whether a redirect to the success or failure paths are necessary. Opid places a few pieces of information in the session: opid.auth_status: contains the success or failure strings, as returned by the python-openid module. opid.identity_url: the identity returned by the OpenID provider opid.auth_time: the time of authentication, set by Opid """ with self.session_context(environ) as session: consumer = openid.consumer.consumer.Consumer(session['opid.session'], self.store) # Consumer.complete expects a dictionary, whereas a query # string represents a multidict. We flatten it here. qdict = {} for k,v in _parse_qsl(environ['QUERY_STRING']): qdict[k] = v resp = consumer.complete(qdict, self._return_to(environ)) environ['opid.auth_status'] = resp.status # fixme: we could theoretically make success and failure user # definable apps. In this case, it'd be better to generalize # handling of success/failure urls. Ie, we might not want them # at all. Rather, when opid gets a hit at /verify, store the # query string in the session. We can then pass it on to the # success and failure apps, so that they can determine what to # do next. if resp.status == 'success': session['opid.identity_url'] = resp.identity_url session['opid.auth_time'] = time.time() environ['opid.redirect_url'] = session['opid.success_url'] return self.redirect_app(environ, start_response) else: environ['opid.redirect_url'] = session['opid.failure_url'] return self.redirect_app(environ, start_response)
def complete(self, environ, start_response): req = Request(environ) sess = environ['beaker.session'] set_template(environ, 'login.xslt') # params = {'base_uri': self.base_url} params = {'base_uri': 'http://dev.amp.fm/'} headers = [('Content-Type', 'application/xml')] consumer = self.get_consumer(sess[self.ekey]) info = consumer.complete(req.GET) cookies = [] if info.status == 'success': req.cookies['openid'] = req.params['identity'] guid = req.cookies.get('guid', str(uuid.uuid1())) headers.append(make_cookie_header('openid.session', guid, expires=0)) headers.append(make_cookie_header('openid', req.params['identity'])) params['status'] = 'complete' params['return_location'] = sess[self.ekey]['return_location'] params['message'] = 'Logged in as %s' % req.params['identity'] elif info.status == 'failure': # Sylvain: I explicitely remove any existing cookie in case of a failure headers.append(make_cookie_header('openid.session', expires=0)) headers.append(make_cookie_header('openid', expires=0)) params['status']= 'failure' if info.identity_url: fmt = "Verification of %s failed: %s" params['message'] = fmt % (cgi.escape(info.identity_url), info.message) else: params['message'] = "Verification failed" elif info.status == 'cancel': params['status'] = 'failure' params['message'] = 'Verfication cancelled' set_params(environ, params) start_response('200 OK', headers) return []
def GET_postlogin(self): if getattr(c.user, "f2p", None) != "participated": return redirect_to("/f2p/steam") session = g.f2pcache.get("steam_session_%d" % c.user._id) if not session: return redirect_to("/f2p/steam?error=no_session") consumer = openid.consumer.consumer.Consumer(session, store=None) auth_response = consumer.complete(request.params, request.url) if auth_response.status == openid.consumer.consumer.CANCEL: return redirect_to("/f2p/steam?error=cancel") if auth_response.status != openid.consumer.consumer.SUCCESS: return redirect_to("/f2p/steam?error=not_success") steamid_match = STEAMID_EXTRACTOR.search(auth_response.identity_url) if not steamid_match: return redirect_to("/f2p/steam?error=id_mismatch") steamid = steamid_match.group(1) g.log.debug("successful steam auth for %r", steamid) with g.make_lock("f2p", "steam_claim_%d" % c.user._id): c.user._sync_latest() if c.user.f2p != "participated": return redirect_to("/f2p/steam") c.user.f2p = "claiming" c.user._commit() message = json.dumps({ "user-id": c.user._id, "steam-id": steamid, }) amqp.add_item(QNAME, message) return redirect_to("/f2p/steam")