def showDecidePage(request, openid_request):
"""
Render a page to the user so a trust decision can be made.
@type openid_request: openid.server.server.CheckIDRequest
"""
trust_root = openid_request.trust_root
return_to = openid_request.return_to
try:
# Stringify because template's ifequal can only compare to strings.
trust_root_valid = verifyReturnTo(trust_root, return_to) \
and "Valid" or "Invalid"
except DiscoveryFailure as err:
trust_root_valid = "DISCOVERY_FAILED"
except HTTPFetchingError as err:
trust_root_valid = "Unreachable"
pape_request = pape.Request.fromOpenIDRequest(openid_request)
return direct_to_template(
request,
'server/trust.html',
{'trust_root': trust_root,
'trust_handler_url':getViewURL(request, processTrustResult),
'trust_root_valid': trust_root_valid,
'pape_request': pape_request,
})
def show_decide_page(request, openid_request):
"""
Render a page to the user so a trust decision can be made.
@type openid_request: openid.server.server.CheckIDRequest
"""
trust_root = openid_request.trust_root
return_to = openid_request.return_to
try:
# Stringify because template's ifequal can only compare to strings.
trust_root_valid = verifyReturnTo(trust_root, return_to) \
and "Valid" or "Invalid"
except DiscoveryFailure:
# suporta consumers que não implementam a relying party verification
#trust_root_valid = "DISCOVERY_FAILED"
trust_root_valid = 'Valid'
except HTTPFetchingError:
trust_root_valid = "Unreachable"
return direct_to_template(
request, 'provider/trust.html', {
'trust_root': trust_root,
'trust_handler_url': get_view_url(request, process_trust_result),
'trust_root_valid': trust_root_valid,
})
def showDecidePage(request, openid_request):
"""
Render a page to the user so a trust decision can be made.
@type openid_request: openid.server.server.CheckIDRequest
"""
trust_root = openid_request.trust_root
return_to = openid_request.return_to
try:
# Stringify because template's ifequal can only compare to strings.
trust_root_valid = verifyReturnTo(trust_root,
return_to) and "Valid" or "Invalid"
except DiscoveryFailure:
trust_root_valid = "DISCOVERY_FAILED"
except HTTPFetchingError:
trust_root_valid = "Unreachable"
pape_request = pape.Request.fromOpenIDRequest(openid_request)
context = {
'trust_root': trust_root,
'trust_root_valid': trust_root_valid,
'pape_request': pape_request
}
return render(request, 'server/trust.html', context)
def openid_decide(request):
"""
The page that asks the user if they really want to sign in to the site, and
lets them add the consumer to their trusted whitelist.
# If user is logged in, ask if they want to trust this trust_root
# If they are NOT logged in, show the landing page
"""
orequest = request.session.get('OPENID_REQUEST')
if not request.user.is_authenticated():
return landing_page(request, orequest)
openid = openid_get_identity(request, orequest.identity)
if openid is None:
return error_page(request, "You are signed in but you don't have OpenID here!")
if request.method == 'POST' and request.POST.get('decide_page', False):
openid.trustedroot_set.create(trust_root=orequest.trust_root)
return HttpResponseRedirect(reverse('openid-provider-root'))
# verify return_to of trust_root
try:
trust_root_valid = verifyReturnTo(orequest.trust_root, orequest.return_to) and "Valid" or "Invalid"
except HTTPFetchingError:
trust_root_valid = "Unreachable"
except DiscoveryFailure:
trust_root_valid = "DISCOVERY_FAILED"
return render_to_response('openid_provider/decide.html', {
'title': _('Trust this site?'),
'trust_root': orequest.trust_root,
'trust_root_valid': trust_root_valid,
'identity': orequest.identity,
}, context_instance=RequestContext(request))
def show_decide_page(request, openid_request):
"""
Render a page to the user so a trust decision can be made.
@type openid_request: openid.server.server.CheckIDRequest
"""
trust_root = openid_request.trust_root
return_to = openid_request.return_to
try:
# Stringify because template's ifequal can only compare to strings.
trust_root_valid = verifyReturnTo(trust_root, return_to) \
and "Valid" or "Invalid"
except DiscoveryFailure:
# suporta consumers que não implementam a relying party verification
#trust_root_valid = "DISCOVERY_FAILED"
trust_root_valid = 'Valid'
except HTTPFetchingError:
trust_root_valid = "Unreachable"
return direct_to_template(
request,
'provider/trust.html',
{'trust_root': trust_root,
'trust_handler_url':get_view_url(request, process_trust_result),
'trust_root_valid': trust_root_valid,
})
def showDecidePage(request, openid_request):
"""
Render a page to the user so a trust decision can be made.
@type openid_request: openid.server.server.CheckIDRequest
"""
trust_root = openid_request.trust_root
return_to = openid_request.return_to
try:
# Stringify because template's ifequal can only compare to strings.
trust_root_valid = verifyReturnTo(trust_root, return_to) \
and "Valid" or "Invalid"
except DiscoveryFailure as err:
trust_root_valid = "DISCOVERY_FAILED"
except HTTPFetchingError as err:
trust_root_valid = "Unreachable"
pape_request = pape.Request.fromOpenIDRequest(openid_request)
return render_to_response(
'server/trust.html', {
'trust_root': trust_root,
'trust_handler_url': getViewURL(request, processTrustResult),
'trust_root_valid': trust_root_valid,
'pape_request': pape_request,
},
context_instance=RequestContext(request))
def openid_decide(request):
"""
The page that asks the user if they really want to sign in to the site, and
lets them add the consumer to their trusted whitelist.
# If user is logged in, ask if they want to trust this trust_root
# If they are NOT logged in, show the landing page
"""
orequest = request.session.get('OPENID_REQUEST')
# No request ? Failure..
if not orequest:
logger.warning('OpenID decide view failed, \
because no OpenID request is saved')
return HttpResponseRedirect('/')
sreg_request = SRegRequest.fromOpenIDRequest(orequest)
logger.debug('SREG request: %s' % sreg_request.__dict__)
if not request.user.is_authenticated():
# Not authenticated ? Authenticate and go back to the server endpoint
return redirect_to_login(request, next=reverse(openid_server),
nonce='1')
if request.method == 'POST':
if 'cancel' in request.POST:
# User refused
logger.info('OpenID decide canceled')
return HttpResponseRedirect('%s?cancel' % reverse(openid_server))
else:
form = DecideForm(sreg_request=sreg_request, data=request.POST)
if form.is_valid():
data = form.cleaned_data
# Remember the choice
t, created = models.TrustedRoot.objects.get_or_create(
user=request.user.id, trust_root=orequest.trust_root)
t.choices = sreg_request.required \
+ [ field for field in data if data[field] ]
t.save()
logger.debug('OpenID decide, user choice:%s' % data)
return HttpResponseRedirect(reverse('openid-provider-root'))
else:
form = DecideForm(sreg_request=sreg_request)
logger.info('OpenID device view, orequest:%s' % orequest)
# verify return_to of trust_root
try:
trust_root_valid = verifyReturnTo(orequest.trust_root,
orequest.return_to) and "Valid" or "Invalid"
except HTTPFetchingError:
trust_root_valid = "Unreachable"
except DiscoveryFailure:
trust_root_valid = "DISCOVERY_FAILED"
return render_to_response('idp/openid/decide.html', {
'title': _('Trust this site?'),
'required': sreg_request.required,
'optional': sreg_request.optional,
'trust_root_valid': trust_root_valid,
'form': form,
}, context_instance=RequestContext(request))
def openid_decide(request):
"""
The page that asks the user if they really want to sign in to the site, and
lets them add the consumer to their trusted whitelist.
# If user is logged in, ask if they want to trust this trust_root
# If they are NOT logged in, show the landing page
"""
orequest = request.session.get('OPENID_REQUEST')
# No request ? Failure..
if not orequest:
logger.warning('OpenID decide view failed, \
because no OpenID request is saved')
return HttpResponseRedirect('/')
sreg_request = SRegRequest.fromOpenIDRequest(orequest)
logger.debug('SREG request: %s' % sreg_request.__dict__)
if not request.user.is_authenticated():
# Not authenticated ? Authenticate and go back to the server endpoint
return redirect_to_login(request, next=reverse(openid_server),
nonce='1')
if request.method == 'POST':
if 'cancel' in request.POST:
# User refused
logger.info('OpenID decide canceled')
return HttpResponseRedirect('%s?cancel' % reverse(openid_server))
else:
form = DecideForm(sreg_request=sreg_request, data=request.POST)
if form.is_valid():
data = form.cleaned_data
# Remember the choice
t, created = models.TrustedRoot.objects.get_or_create(
user=request.user.id, trust_root=orequest.trust_root)
t.choices = sreg_request.required \
+ [ field for field in data if data[field] ]
t.save()
logger.debug('OpenID decide, user choice:%s' % data)
return HttpResponseRedirect(reverse('openid-provider-root'))
else:
form = DecideForm(sreg_request=sreg_request)
logger.info('OpenID device view, orequest:%s' % orequest)
# verify return_to of trust_root
try:
trust_root_valid = verifyReturnTo(orequest.trust_root,
orequest.return_to) and "Valid" or "Invalid"
except HTTPFetchingError:
trust_root_valid = "Unreachable"
except DiscoveryFailure:
trust_root_valid = "DISCOVERY_FAILED"
return render_to_response('idp/openid/decide.html', {
'title': _('Trust this site?'),
'required': sreg_request.required,
'optional': sreg_request.optional,
'trust_root_valid': trust_root_valid,
'form': form,
}, context_instance=RequestContext(request))
def test_verifyWithDiscoveryCalled(self):
realm = 'http://*.example.com/'
return_to = 'http://www.example.com/foo'
def vrfy(disco_url):
self.failUnlessEqual('http://www.example.com/', disco_url)
return [return_to]
self.failUnless(trustroot.verifyReturnTo(realm, return_to, _vrfy=vrfy))
self.failUnlessLogEmpty()
def test_verifyFailIfDiscoveryRedirects(self):
realm = 'http://*.example.com/'
return_to = 'http://www.example.com/foo'
def vrfy(disco_url):
raise trustroot.RealmVerificationRedirected(
disco_url, "http://redirected.invalid")
self.failIf(trustroot.verifyReturnTo(realm, return_to, _vrfy=vrfy))
self.failUnlessLogMatches("Attempting to verify")
def test_verifyWithDiscoveryCalled(self):
realm = 'http://*.example.com/'
return_to = 'http://www.example.com/foo'
def vrfy(disco_url):
self.assertEqual('http://www.example.com/', disco_url)
return [return_to]
self.assertTrue(trustroot.verifyReturnTo(realm, return_to, _vrfy=vrfy))
self.failUnlessLogEmpty()
def test_verifyFailWithDiscoveryCalled(self):
realm = 'http://*.example.com/'
return_to = 'http://www.example.com/foo'
def vrfy(disco_url):
self.failUnlessEqual('http://www.example.com/', disco_url)
return ['http://something-else.invalid/']
self.failIf(trustroot.verifyReturnTo(realm, return_to, _vrfy=vrfy))
self.failUnlessLogMatches("Failed to validate return_to")
def test_verifyFailWithDiscoveryCalled(self):
realm = 'http://*.example.com/'
return_to = 'http://www.example.com/foo'
def vrfy(disco_url):
self.assertEqual(disco_url, 'http://www.example.com/')
return ['http://something-else.invalid/']
with LogCapture() as logbook:
self.assertFalse(trustroot.verifyReturnTo(realm, return_to, _vrfy=vrfy))
logbook.check(('openid.server.trustroot', 'INFO', StringComparison('Failed to validate return_to .*')))
def trust_root_validation(orequest):
"""
OpenID specs 9.2.1: using realm for return url verification
"""
try:
return verifyReturnTo(orequest.trust_root,
orequest.return_to) and "Valid" or "Invalid"
except HTTPFetchingError:
return "Unreachable"
except DiscoveryFailure:
return "DISCOVERY_FAILED"
def test_verifyFailIfDiscoveryRedirects(self):
realm = 'http://*.example.com/'
return_to = 'http://www.example.com/foo'
def vrfy(disco_url):
raise trustroot.RealmVerificationRedirected(
disco_url, "http://redirected.invalid")
self.failIf(
trustroot.verifyReturnTo(realm, return_to, _vrfy=vrfy))
self.failUnlessLogMatches("Attempting to verify")
def test_verifyFailIfDiscoveryRedirects(self):
realm = 'http://*.example.com/'
return_to = 'http://www.example.com/foo'
def vrfy(disco_url):
raise trustroot.RealmVerificationRedirected(
disco_url, "http://redirected.invalid")
with LogCapture() as logbook:
self.assertFalse(trustroot.verifyReturnTo(realm, return_to, _vrfy=vrfy))
logbook.check(('openid.server.trustroot', 'INFO', StringComparison('Attempting to verify .*')))
def trust_root_validation(orequest):
"""
OpenID specs 9.2.1: using realm for return url verification
"""
try:
return verifyReturnTo(
orequest.trust_root, orequest.return_to) and "Valid" or "Invalid"
except HTTPFetchingError:
return "Unreachable"
except DiscoveryFailure:
return "DISCOVERY_FAILED"
def test_verifyWithDiscoveryCalled(self):
realm = 'http://*.example.com/'
return_to = 'http://www.example.com/foo'
def vrfy(disco_url):
self.assertEqual(disco_url, 'http://www.example.com/')
return [return_to]
with LogCapture() as logbook:
self.assertTrue(trustroot.verifyReturnTo(realm, return_to, _vrfy=vrfy))
self.assertEqual(logbook.records, [])
def test_verifyFailWithDiscoveryCalled(self):
realm = 'http://*.example.com/'
return_to = 'http://www.example.com/foo'
def vrfy(disco_url):
self.failUnlessEqual('http://www.example.com/', disco_url)
return ['http://something-else.invalid/']
self.failIf(
trustroot.verifyReturnTo(realm, return_to, _vrfy=vrfy))
self.failUnlessLogMatches("Failed to validate return_to")
def handleCheckIDRequest(self, openid_request):
if cherrypy.serving.user is None:
self.set_request(openid_request)
raise cherrypy.HTTPRedirect(
url_add_parms(
'../login'
, { 'redirect': cherrypy.url('resume'), 'error': 'Please log in to use your OpenID' }
)
)
if not openid_request.idSelect():
id_url = self.get_user_url()
#Confirm that this server can vouch for that ID
if id_url != openid_request.identity:
error = ProtocolError(
openid_request.message
,"This server cannot verify the URL {0}".format(openid_request.identity)
)
return self.displayResponse(error)
try:
trust_root = openid_request.trust_root
return_to = openid_request.return_to
trust_root_valid = verifyReturnTo(trust_root, return_to)
except DiscoveryFailure as err:
trust_root_valid = "DISCOVERY_FAILED"
except HTTPFetchingError as err:
trust_root_valid = "Unreachable"
if trust_root_valid != True:
return '<div class="lg_auth_form">The trust root / return is not valid. Denying authentication. Reason: {0}</div>'.format(trust_root_valid)
if openid_request.immediate:
#TODO - This is where we would do something for users that
#are already logged in
openid_response = openid_request.answer(False)
return self.displayResponse(openid_response)
# Beyond this point, we're definitely using our response.
# Store it.
self.set_request(openid_request)
if get_domain(trust_root).endswith(
get_domain(cherrypy.url().replace('/www.', '/'))
):
# e.g. if we get a request from test.lamegameproductions.com to
# www.lamegameproductions.com, implicitly trust this.
raise cherrypy.HTTPRedirect(url_add_parms(
'./trust_result'
, { 'allow': True }
))
else:
return self.showDecidePage(openid_request, trust_root)
def showDecidePage(request, openid_request):
"""
Render a page to the user so a trust decision can be made.
@type openid_request: openid.server.server.CheckIDRequest
"""
trust_root = openid_request.trust_root
return_to = openid_request.return_to
try:
# Stringify because template's ifequal can only compare to strings.
trust_root_valid = verifyReturnTo(trust_root, return_to) and "Valid" or "Invalid"
except DiscoveryFailure, err:
trust_root_valid = "DISCOVERY_FAILED"
def formatOidRequest(request, openid_request, userid=''):
result = {}
err = None
trust_root = openid_request.trust_root
return_to = openid_request.return_to
# Get requested fields
requested = sreg.SRegRequest.fromOpenIDRequest(openid_request).allRequestedFields()
try:
# Stringify because template's ifequal can only compare to strings.
trust_root_valid = verifyReturnTo(trust_root, return_to) \
and "Valid" or "Invalid"
except DiscoveryFailure, err:
trust_root_valid = "DISCOVERY_FAILED"
def show_decide_page(request, openid_request):
"""
Render a page to the user so a trust decision can be made.
@type openid_request: openid.server.server.CheckIDRequest
"""
trust_root = openid_request.trust_root
return_to = openid_request.return_to
try:
trust_root_validity = ('trust_root_valid'
if verifyReturnTo(trust_root, return_to)
else 'trust_root_invalid')
except DiscoveryFailure:
trust_root_validity = 'trust_root_undiscovered'
except HTTPFetchingError:
trust_root_validity = 'trust_root_unreachable'
site_name = trust_root
site_name = re.sub(r'^http://', '', site_name)
site_name = re.sub(r'^([^/]+)/$', r'\1', site_name)
if trust_root_validity in ('trust_root_valid', 'trust_root_undiscovered'):
try:
resp, cont = httplib2.Http().request(trust_root)
assert resp['content-type'].startswith('text/html')
soup = BeautifulSoup(cont)
trust_root_title = soup.title.string
except Exception:
pass
else:
site_name = trust_root_title
ax_request = ax.FetchRequest.fromOpenIDRequest(openid_request)
if ax_request and ax_request.has_key('http://activitystrea.ms/axschema/callback'):
ax_request.has_activity_callback = True
return render_to_response(
'trust.html',
{
'trust_root': trust_root,
trust_root_validity: True,
'ax_request': ax_request,
'site_name': site_name,
},
context_instance=RequestContext(request),
)
def decide(request, openid_request=None):
from openid.yadis.discover import DiscoveryFailure
from openid.fetchers import HTTPFetchingError
from openid.server.trustroot import verifyReturnTo
if not openid_request:
openid_request = utils._load_request(request)
trust_root = openid_request.trust_root
return_to = openid_request.return_to
try:
# Stringify because template's ifequal can only compare to strings.
trust_root_valid = verifyReturnTo(trust_root, return_to) \
and "Valid" or "Invalid"
except DiscoveryFailure, err:
trust_root_valid = "Discovery faild"
def openid_decide(req):
"""
The page that asks the user if they really want to sign in to the site, and
lets them add the consumer to their trusted whitelist.
# If user is logged in, ask if they want to trust this trust_root
# If they are NOT logged in, show the landing page
"""
from openid.server.trustroot import verifyReturnTo
from openid.yadis.discover import DiscoveryFailure
from openid.fetchers import HTTPFetchingError
orequest = req.session.get('OPENID_REQUEST')
if not req.user.is_authenticated():
return landing_page(req, orequest)
openid = openid_get_identity(req, orequest.identity)
if openid is None:
return error_page(req, "That is not a valid OpenID for your account!")
if req.method == 'POST' and req.POST.get('decide_page', False):
allowed = 'allow' in req.POST
if allowed:
openid.trustedroot_set.create(trust_root=orequest.trust_root)
return HttpResponseRedirect(reverse('openid-provider-root'))
else:
return HttpResponseRedirect(reverse('dv-root'))
# verify return_to of trust_root
try:
trust_root_valid = verifyReturnTo(
orequest.trust_root, orequest.return_to) and "Valid" or "Invalid"
except HTTPFetchingError:
trust_root_valid = "Unreachable"
except DiscoveryFailure:
trust_root_valid = "DISCOVERY_FAILED"
return render_to_response('openid_provider/decide.html', {
'title': 'Trust this site?',
'trust_root': orequest.trust_root,
'trust_root_valid': trust_root_valid,
'identity': orequest.identity,
},
context_instance=RequestContext(req))
def openid_decide(req):
"""
The page that asks the user if they really want to sign in to the site, and
lets them add the consumer to their trusted whitelist.
# If user is logged in, ask if they want to trust this trust_root
# If they are NOT logged in, show the landing page
"""
from openid.server.trustroot import verifyReturnTo
from openid.yadis.discover import DiscoveryFailure
from openid.fetchers import HTTPFetchingError
orequest = req.session.get('OPENID_REQUEST')
if not req.user.is_authenticated():
return landing_page(req, orequest)
openid = openid_get_identity(req, orequest.identity)
if openid is None:
return error_page(req, "That is not a valid OpenID for your account!")
if req.method == 'POST' and req.POST.get('decide_page', False):
allowed = 'allow' in req.POST
if allowed:
openid.trustedroot_set.create(trust_root=orequest.trust_root)
return HttpResponseRedirect(reverse('openid-provider-root'))
else:
return HttpResponseRedirect(reverse('dv-root'))
# verify return_to of trust_root
try:
trust_root_valid = verifyReturnTo(orequest.trust_root, orequest.return_to ) and "Valid" or "Invalid"
except HTTPFetchingError:
trust_root_valid = "Unreachable"
except DiscoveryFailure:
trust_root_valid = "DISCOVERY_FAILED"
return render_to_response('openid_provider/decide.html', {
'title': 'Trust this site?',
'trust_root': orequest.trust_root,
'trust_root_valid': trust_root_valid,
'identity': orequest.identity,
},
context_instance=RequestContext(req))
def showDecidePage(request):
"""
Render a page to the user so a trust decision can be made.
@type openid_request: openid.server.server.CheckIDRequest
"""
openid_request = getRequest(request)
trust_root = openid_request.trust_root
return_to = openid_request.return_to
# hack to always accept certain sites
skip_trust = any(
re.match(trust_regex, trust_root)
for trust_regex in settings.PAPAYA_SERVER_TRUSTED
)
if skip_trust:
old = request.POST._mutable
request.POST._mutable = True
request.POST['allow'] = True
request.POST._mutable = old
return processTrustResult(request)
try:
# Stringify because template's ifequal can only compare to strings.
trust_root_valid = 'Valid' if verifyReturnTo(trust_root, return_to) else 'Invalid'
except DiscoveryFailure as err:
trust_root_valid = "DISCOVERY_FAILED"
except HTTPFetchingError as err:
trust_root_valid = "Unreachable"
return direct_to_template(
request,
'server/trust.html',
{
'trust_root': trust_root,
'trust_handler_url': getViewURL(request, processTrustResult),
'trust_root_valid': trust_root_valid,
},
)
def openid_decide(request):
"""
The page that asks the user if they really want to sign in to the site, and
lets them add the consumer to their trusted whitelist.
# If user is logged in, ask if they want to trust this trust_root
# If they are NOT logged in, show the landing page
"""
orequest = request.session.get('OPENID_REQUEST')
if not request.user.is_authenticated():
return landing_page(request, orequest)
openid = openid_get_identity(request, orequest.identity)
if openid is None:
return error_page(request,
"You are signed in but you don't have OpenID here!")
#if request.method == 'POST' and request.POST.get('decide_page', False):
#if orequest.trust_root == settings.QUESTIONNAIRE_APP_URL:
openid.trustedroot_set.create(trust_root=orequest.trust_root)
return HttpResponseRedirect(reverse('openid-provider-root'))
# verify return_to of trust_root
try:
trust_root_valid = verifyReturnTo(
orequest.trust_root, orequest.return_to) and "Valid" or "Invalid"
except HTTPFetchingError:
trust_root_valid = "Unreachable"
except DiscoveryFailure:
trust_root_valid = "DISCOVERY_FAILED"
return render_to_response('openid_provider/decide.html', {
'title': _('Trust this site?'),
'trust_root': orequest.trust_root,
'trust_root_valid': trust_root_valid,
'identity': orequest.identity,
},
context_instance=RequestContext(request))
def showDecidePage(request, openid_request):
"""
Render a page to the user so a trust decision can be made.
@type openid_request: openid.server.server.CheckIDRequest
"""
trust_root = openid_request.trust_root
return_to = openid_request.return_to
auth_site = AuthSites.objects.filter(uid = request.user.id, site = trust_root)
if auth_site:
if auth_site[0].permission == 1:
request.POST = ['allow', ]
return processTrustResult(request)
else:
request.POST = []
return processTrustResult(request)
try:
# Stringify because template's ifequal can only compare to strings.
trust_root_valid = verifyReturnTo(trust_root, return_to) \
and "Valid" or "Invalid"
except DiscoveryFailure, err:
trust_root_valid = "DISCOVERY_FAILED"
def test_bogusRealm(self):
self.failIf(trustroot.verifyReturnTo('', 'http://example.com/'))
def endpoint(request):
s = getServer(request)
# First, decode the incoming request into something the OpenID
# library can use.
try:
openid_request = s.decodeRequest(request.params)
except ProtocolError as why:
# This means the incoming request was invalid.
return {'error': str(why)}
# If we did not get a request, display text indicating that this
# is an endpoint.
if openid_request is None:
return {}
# We got a request; if the mode is checkid_*, we will handle it by
# getting feedback from the user or by checking the session.
if openid_request.mode in ["checkid_immediate", "checkid_setup"]:
# If the request was an IDP-driven identifier selection request
# (i.e., the IDP URL was entered at the RP), then return the
# default identity URL for this server. In a full-featured
# provider, there could be interaction with the user to determine
# what URL should be sent.
if not openid_request.idSelect():
id_url = request.route_url('idPage')
# Confirm that this server can actually vouch for that
# identifier
if id_url != openid_request.identity:
# Return an error response
raise ProtocolError(openid_request.message,
"This server cannot verify the URL %r" %
openid_request.identity)
if openid_request.immediate:
# Always respond with 'cancel' to immediate mode requests
# because we don't track information about a logged-in user.
# If we did, then the answer would depend on whether that user
# had trusted the request's trust root and whether the user is
# even logged in.
openid_response = openid_request.answer(False)
return displayResponse(request, openid_response)
# Store the incoming request object in the session so we can
# get to it later.
setRequest(request, openid_request)
trust_root = openid_request.trust_root
return_to = openid_request.return_to
try:
# Stringify because template's ifequal can only compare to strings.
if verifyReturnTo(trust_root, return_to):
trust_root_valid = "Valid"
else:
trust_root_valid = "Invalid"
except DiscoveryFailure as err:
trust_root_valid = "DISCOVERY_FAILED"
except HTTPFetchingError as err:
trust_root_valid = "Unreachable"
pape_request = pape.Request.fromOpenIDRequest(openid_request)
pTR = request.route_url('processTrustResult')
return render_to_response('templates/trustPage.pt',
dict(trust_root=trust_root,
trust_handler_url=pTR,
trust_root_valid=trust_root_valid,
pape_request=pape_request,
main_template=main_template(),
),
request=request)
# We got some other kind of OpenID request, so we let the
# server handle this.
openid_response = s.handleRequest(openid_request)
return displayResponse(request, openid_response)
from openid.fetchers import HTTPFetchingError
orequest = req.session.get('OPENID_REQUEST')
if not req.user.is_authenticated():
return landing_page(req, orequest)
try:
openid = req.user.openid_set.all()[0]
except IndexError, ObjectDoesNotExist:
return error_page(req,
"You are signed in but you don't have OpenID here!")
if req.method == 'POST' and req.POST.get('decide_page', False):
allowed = 'allow' in req.POST
openid.trustedroot_set.create(trust_root=orequest.trust_root)
return HttpResponseRedirect(reverse('openid-provider-root'))
# verify return_to of trust_root
try:
trust_root_valid = verifyReturnTo(
orequest.trust_root, orequest.return_to) and "Valid" or "Invalid"
except HTTPFetchingError:
trust_root_valid = "Unreachable"
except DiscoveryFailure:
trust_root_valid = "DISCOVERY_FAILED"
return render_to_response('openid_provider/decide.html', {
'title': 'Trust this site?',
'trust_root': orequest.trust_root,
'trust_root_valid': trust_root_valid,
'identity': orequest.identity,
},
context_instance=RequestContext(req))
def error_page(req, msg):
return render_to_response('openid_provider/error.html', {
def test_bogusRealm(self):
self.assertFalse(trustroot.verifyReturnTo('', 'http://example.com/'))
def test_bogusRealm(self):
self.assertFalse(trustroot.verifyReturnTo('', 'http://example.com/'))
from openid.yadis.discover import DiscoveryFailure
from openid.fetchers import HTTPFetchingError
orequest = req.session.get('OPENID_REQUEST')
if not req.user.is_authenticated():
return landing_page(req, orequest)
try:
openid = req.user.openid_set.all()[0]
except IndexError, ObjectDoesNotExist:
return error_page(req, "You are signed in but you don't have OpenID here!")
if req.method == 'POST' and req.POST.get('decide_page', False):
allowed = 'allow' in req.POST
openid.trustedroot_set.create(trust_root=orequest.trust_root)
return HttpResponseRedirect(reverse('openid-provider-root'))
# verify return_to of trust_root
try:
trust_root_valid = verifyReturnTo(orequest.trust_root, orequest.return_to ) and "Valid" or "Invalid"
except HTTPFetchingError:
trust_root_valid = "Unreachable"
except DiscoveryFailure:
trust_root_valid = "DISCOVERY_FAILED"
return render_to_response('openid_provider/decide.html', {
'title': 'Trust this site?',
'trust_root': orequest.trust_root,
'trust_root_valid': trust_root_valid,
'identity': orequest.identity,
},
context_instance=RequestContext(req))
def error_page(req, msg):
return render_to_response('openid_provider/error.html', {
'title': 'Error',
def openid_decide(request):
"""
The page that asks the user if they really want to sign in to the site, and
lets them add the consumer to their trusted whitelist.
# If user is logged in, ask if they want to trust this trust_root
# If they are NOT logged in, show the landing page
"""
orequest = request.session.get("OPENID_REQUEST")
# No request ? Failure..
if not orequest:
logger.warning(
"OpenID decide view failed, \
because no OpenID request is saved"
)
return redirect("auth_homepage")
sreg_request = SRegRequest.fromOpenIDRequest(orequest)
logger.debug("SREG request: %s" % sreg_request.__dict__)
if not request.user.is_authenticated():
# Not authenticated ? Authenticate and go back to the server endpoint
return login_require(request, params={NONCE_FIELD_NAME: "1"})
if request.method == "POST":
if "cancel" in request.POST:
# User refused
logger.info("OpenID decide canceled")
return redirect(openid_server, params={"cancel": ""})
else:
form = DecideForm(sreg_request=sreg_request, data=request.POST)
if form.is_valid():
data = form.cleaned_data
# Remember the choice
t, created = models.TrustedRoot.objects.get_or_create(
user=request.user.id, trust_root=orequest.trust_root
)
t.choices = sreg_request.required + [field for field in data if data[field]]
t.save()
logger.debug("OpenID decide, user choice:%s" % data)
return redirect("openid-provider-root")
else:
form = DecideForm(sreg_request=sreg_request)
logger.info("OpenID device view, orequest:%s" % orequest)
# verify return_to of trust_root
try:
trust_root_valid = verifyReturnTo(orequest.trust_root, orequest.return_to) and "Valid" or "Invalid"
except HTTPFetchingError:
trust_root_valid = "Unreachable"
except DiscoveryFailure:
trust_root_valid = "DISCOVERY_FAILED"
return render_to_response(
"idp/openid/decide.html",
{
"title": _("Trust this site?"),
"required": sreg_request.required,
"optional": sreg_request.optional,
"trust_root_valid": trust_root_valid,
"form": form,
},
context_instance=RequestContext(request),
)
def test_bogusRealm(self):
self.failIf(trustroot.verifyReturnTo('', 'http://example.com/'))