def main(global_config, **settings): """ This function returns a Pyramid WSGI application. """ import logging logging.basicConfig(level=logging.DEBUG) config = Configurator(root_factory=get_root, settings=settings) config.begin() from pyramid_jinja2 import renderer_factory config.add_renderer('.jinja2', renderer_factory) # configure views, templates configure(config) # configure session import pyramid_beaker session_factory = pyramid_beaker.session_factory_from_settings(settings) config.set_session_factory(session_factory) # configure OpenID-specific storage import stucco_openid.models from openid.store import filestore stucco_openid.models.root.store = \ filestore.FileOpenIDStore(settings['openid.store_file_path']) config.end() return config.make_wsgi_app()
def __init__(self, cache_path): self.session_path = os.path.join(cache_path, 'session') self.store_path = os.path.join(cache_path, 'store') for dir in self.session_path, self.store_path: if not os.path.exists(dir): os.makedirs(dir) self.store = filestore.FileOpenIDStore(self.store_path)
def get_openid_consumer(request, session): """Initialize an OpenID store for authenticating comments. @param request: Pyblosxom request object @param session: session @type session: instance of C{Session} @return: An instance of OpenIDConsumer @rtype: OpenID consumer store or C{None} """ config = request.getConfiguration() logger = tools.getLogger() store_dir = config.get('openid_store_dir') if store_dir is None: logger.error('You must define openid_store_dir in your ' 'config to enable OpenID comments.') return None try: store = filestore.FileOpenIDStore(store_dir) return openid.Consumer(session, store) except Exception: trace = traceback.format_exception(*sys.exc_info()) logger.error('Error initializing OpenID server:\n' + '\n'.join(trace)) return None
def make_store(store, config): conn = None if store == 'file': from openid.store import filestore cstore = filestore.FileOpenIDStore(config) elif store == 'mysql': import MySQLdb from DBUtils.PersistentDB import PersistentDB from openid.store.sqlstore import MySQLStore from sqlalchemy.engine.url import make_url def create_conn(dburi): url = make_url(dburi) p = {'db': url.database} if url.username: p['user'] = url.username if url.password: p['passwd'] = url.password if url.host: p['host'] = url.host if url.port: p['port'] = url.port return PersistentDB(MySQLdb, 1, **p).connection() conn = create_conn(config) cstore = MySQLStore(conn) else: raise Exception("Invalid store type %r" % store) return conn, cstore
def verify_core(req): """This is the first phase of the OpenID login. We check the provided identifier, try to work out who we should ask about it, and redirect the user to the provider's site for their login process.""" # Set up the OpenID library session = Session.Session(req, timeout=60) global store if store is None: Logger.log.debug("Creating new store") server_options = req.get_options() store_path = os.path.join(server_options['wor.root_path'], "oid_store") store = filestore.FileOpenIDStore(store_path) oid_consumer = consumer.Consumer(session, store) # Get the user's account details that they provided if getattr(req, "form", None) is None: req.form = util.FieldStorage(req, True) account = req.form.getfirst("openid_identifier") # Look up the OAuth provider for this account try: request = oid_consumer.begin(account) except consumer.DiscoveryFailure, ex: raise
def __init__(self, app, data_store_path, auth_prefix='/oid', login_redirect=None, catch_401=False, url_to_username=None): """ Initialize the OpenID middleware ``app`` Your WSGI app to call ``data_store_path`` Directory to store crypto data in for use with OpenID servers. ``auth_prefix`` Location for authentication process/verification ``login_redirect`` Location to load after successful process of login ``catch_401`` If true, then any 401 responses will turn into open ID login requirements. ``url_to_username`` A function called like ``url_to_username(environ, url)``, which should return a string username. If not given, the URL will be the username. """ store = filestore.FileOpenIDStore(data_store_path) self.oidconsumer = consumer.OpenIDConsumer(store) self.app = app self.auth_prefix = auth_prefix self.data_store_path = data_store_path self.login_redirect = login_redirect self.catch_401 = catch_401 self.url_to_username = url_to_username
def __init__(self, provider): self.provider = provider self.consumer_class = None self.log_debug = logging.DEBUG >= log.getEffectiveLevel() self.config = get_oauth_config(provider) self.endpoint_regex = self.config.get('endpoint_regex') # application config items, dont use self.config store = config.get('openid_store', 'mem') if store == u"file": store_file_path = config.get('openid_store_path', None) self.openid_store = filestore.FileOpenIDStore(store_file_path) elif store == u"mem": self.openid_store = memstore.MemoryStore() elif store == u"sql": # TODO: This does not work as we need a connection, not a string # XXX #self.openid_store = sqlstore.SQLStore(sql_connstring, # sql_associations_table, sql_connstring) raise NotImplementedError() self.scope = self.config.get('scope', None) self.return_to_query = {}
def __init__(self, store, openid_field, error_field='', store_file_path='', session_name='', login_handler_path='', logout_handler_path='', login_form_url='', logged_in_url='', logged_out_url='', came_from_field='', rememberer_name='', sql_associations_table='', sql_nonces_table='', sql_connstring='', ax_require='', ax_optional='', sreg_require='', sreg_optional=''): self.rememberer_name = rememberer_name self.login_handler_path = login_handler_path self.logout_handler_path = logout_handler_path self.login_form_url = login_form_url self.session_name = session_name self.error_field = error_field self.came_from_field = came_from_field self.logged_out_url = logged_out_url self.logged_in_url = logged_in_url self.ax_require = {} for item in ax_require.split(): key, value = item.split("=") self.ax_require[key] = value self.ax_optional = {} for item in ax_optional.split(): key, value = item.split("=") self.ax_optional[key] = value self.sreg_require = [a.strip() for a in sreg_require.split()] self.sreg_optional = [a.strip() for a in sreg_optional.split()] # for the SQL store self.sql_associations_table = sql_associations_table self.sql_nonces_table = sql_nonces_table self.sql_connstring = sql_connstring # set up the store if store == u"file": self.store = filestore.FileOpenIDStore(store_file_path) elif store == u"mem": self.store = memstore.MemoryStore() elif store == u"sql": # TODO: This does not work as we need a connection, not a string self.store = sqlstore.SQLStore(sql_connstring, sql_associations_table, sql_connstring) self.openid_field = openid_field
def __init__( self, cache_path ): assert oidutil is not None, OPENID_IMPORT_MESSAGE self.session_path = os.path.join( cache_path, 'session' ) self.store_path = os.path.join( cache_path, 'store' ) for dir in self.session_path, self.store_path: if not os.path.exists( dir ): os.makedirs( dir ) self.store = filestore.FileOpenIDStore( self.store_path )
def init_store(dir): """Init the OpenId store (file store). Arguments: - dir: where the store is located. """ global OPENID_STORE OPENID_STORE = filestore.FileOpenIDStore(dir)
def test_filestore(): from openid.store import filestore import tempfile import shutil temp_dir = tempfile.mkdtemp() store = filestore.FileOpenIDStore(temp_dir) testStore(store) store.cleanup() shutil.rmtree(temp_dir)
def main(host, port, data_path, weak_ssl=False): # Instantiate OpenID consumer store and OpenID consumer. If you # were connecting to a database, you would create the database # connection and instantiate an appropriate store here. if data_path: store = filestore.FileOpenIDStore(data_path) else: store = memstore.MemoryStore() if weak_ssl: setDefaultFetcher(Urllib2Fetcher()) addr = (host, port) server = OpenIDHTTPServer(store, addr, OpenIDRequestHandler) print 'Server running at:' print server.base_url server.serve_forever()
def test_filestore(): from openid.store import filestore import tempfile import shutil try: temp_dir = tempfile.mkdtemp() except AttributeError: import os temp_dir = os.tmpnam() os.mkdir(temp_dir) store = filestore.FileOpenIDStore(temp_dir) try: testStore(store) store.cleanup() except: raise else: shutil.rmtree(temp_dir)
def __init__(self, provider='openid'): self.provider = provider self.consumer_class = None self.log_debug = logging.DEBUG >= log.getEffectiveLevel() self.endpoint_regex = None # application config items, dont use self.config # store = config.get('openid_store', 'mem') store = "mem" if store == u"file": store_file_path = config.get('openid_store_path', None) self.openid_store = filestore.FileOpenIDStore(store_file_path) elif store == u"mem": self.openid_store = memstore.MemoryStore() elif store == u"sql": # TODO: This does not work as we need a connection, not a string self.openid_store = sqlstore.SQLStore(sql_connstring, sql_associations_table, sql_connstring) self.return_to_query = {}
class OpenIDController(openerpweb.Controller): _cp_path = '/auth_openid/login' _store = filestore.FileOpenIDStore(_storedir) _REQUIRED_ATTRIBUTES = ['email'] _OPTIONAL_ATTRIBUTES = 'nickname fullname postcode country language timezone'.split( ) def _add_extensions(self, request): """Add extensions to the request""" sreg_request = sreg.SRegRequest(required=self._REQUIRED_ATTRIBUTES, optional=self._OPTIONAL_ATTRIBUTES) request.addExtension(sreg_request) ax_request = ax.FetchRequest() for alias in self._REQUIRED_ATTRIBUTES: uri = utils.SREG2AX[alias] ax_request.add(ax.AttrInfo(uri, required=True, alias=alias)) for alias in self._OPTIONAL_ATTRIBUTES: uri = utils.SREG2AX[alias] ax_request.add(ax.AttrInfo(uri, required=False, alias=alias)) request.addExtension(ax_request) def _get_attributes_from_success_response(self, success_response): attrs = {} all_attrs = self._REQUIRED_ATTRIBUTES + self._OPTIONAL_ATTRIBUTES sreg_resp = sreg.SRegResponse.fromSuccessResponse(success_response) if sreg_resp: for attr in all_attrs: value = sreg_resp.get(attr) if value is not None: attrs[attr] = value ax_resp = ax.FetchResponse.fromSuccessResponse(success_response) if ax_resp: for attr in all_attrs: value = ax_resp.getSingle(utils.SREG2AX[attr]) if value is not None: attrs[attr] = value return attrs def _get_realm(self, req): return req.httprequest.host_url @openerpweb.httprequest def verify_direct(self, req, db, url): result = self._verify(req, db, url) if 'error' in result: return werkzeug.exceptions.BadRequest(result['error']) if result['action'] == 'redirect': return werkzeug.utils.redirect(result['value']) return result['value'] @openerpweb.jsonrequest def verify(self, req, db, url): return self._verify(req, db, url) def _verify(self, req, db, url): redirect_to = werkzeug.urls.Href(req.httprequest.host_url + 'auth_openid/login/process')( session_id=req.session_id) realm = self._get_realm(req) session = dict(dbname=db, openid_url=url) # TODO add origin page ? oidconsumer = consumer.Consumer(session, self._store) try: request = oidconsumer.begin(url) except consumer.DiscoveryFailure, exc: fetch_error_string = 'Error in discovery: %s' % (str(exc[0]), ) return {'error': fetch_error_string, 'title': 'OpenID Error'} if request is None: return { 'error': 'No OpenID services found', 'title': 'OpenID Error' } req.session.openid_session = session self._add_extensions(request) if request.shouldSendRedirect(): redirect_url = request.redirectURL(realm, redirect_to) return { 'action': 'redirect', 'value': redirect_url, 'session_id': req.session_id } else: form_html = request.htmlMarkup(realm, redirect_to) return { 'action': 'post', 'value': form_html, 'session_id': req.session_id }
class OpenIDController(http.Controller): _store = filestore.FileOpenIDStore(_storedir) _REQUIRED_ATTRIBUTES = ['email'] _OPTIONAL_ATTRIBUTES = 'nickname fullname postcode country language timezone'.split( ) def _add_extensions(self, oidrequest): """Add extensions to the oidrequest""" sreg_request = sreg.SRegRequest(required=self._REQUIRED_ATTRIBUTES, optional=self._OPTIONAL_ATTRIBUTES) oidrequest.addExtension(sreg_request) ax_request = ax.FetchRequest() for alias in self._REQUIRED_ATTRIBUTES: uri = utils.SREG2AX[alias] ax_request.add(ax.AttrInfo(uri, required=True, alias=alias)) for alias in self._OPTIONAL_ATTRIBUTES: uri = utils.SREG2AX[alias] ax_request.add(ax.AttrInfo(uri, required=False, alias=alias)) oidrequest.addExtension(ax_request) def _get_attributes_from_success_response(self, success_response): attrs = {} all_attrs = self._REQUIRED_ATTRIBUTES + self._OPTIONAL_ATTRIBUTES sreg_resp = sreg.SRegResponse.fromSuccessResponse(success_response) if sreg_resp: for attr in all_attrs: value = sreg_resp.get(attr) if value is not None: attrs[attr] = value ax_resp = ax.FetchResponse.fromSuccessResponse(success_response) if ax_resp: for attr in all_attrs: value = ax_resp.getSingle(utils.SREG2AX[attr]) if value is not None: attrs[attr] = value return attrs def _get_realm(self): return request.httprequest.host_url @http.route('/auth_openid/login/verify_direct', type='http', auth='none') def verify_direct(self, db, url): result = self._verify(db, url) if 'error' in result: return werkzeug.exceptions.BadRequest(result['error']) if result['action'] == 'redirect': return werkzeug.utils.redirect(result['value']) return result['value'] @http.route('/auth_openid/login/verify', type='json', auth='none') def verify(self, db, url): return self._verify(db, url) def _verify(self, db, url): redirect_to = werkzeug.urls.Href(request.httprequest.host_url + 'auth_openid/login/process')( session_id=request.session_id) realm = self._get_realm() session = dict(dbname=db, openid_url=url) # TODO add origin page ? oidconsumer = consumer.Consumer(session, self._store) try: oidrequest = oidconsumer.begin(url) except consumer.DiscoveryFailure as exc: fetch_error_string = 'Error in discovery: %s' % (str(exc[0]), ) return {'error': fetch_error_string, 'title': 'OpenID Error'} if oidrequest is None: return { 'error': 'No OpenID services found', 'title': 'OpenID Error' } request.session.openid_session = session self._add_extensions(oidrequest) if oidrequest.shouldSendRedirect(): redirect_url = oidrequest.redirectURL(realm, redirect_to) return { 'action': 'redirect', 'value': redirect_url, 'session_id': request.session_id } else: form_html = oidrequest.htmlMarkup(realm, redirect_to) return { 'action': 'post', 'value': form_html, 'session_id': request.session_id } @http.route('/auth_openid/login/process', type='http', auth='none') def process(self, **kw): session = getattr(request.session, 'openid_session', None) if not session: return set_cookie_and_redirect('/') oidconsumer = consumer.Consumer(session, self._store, consumer_class=GoogleAppsAwareConsumer) query = request.httprequest.args info = oidconsumer.complete(query, request.httprequest.base_url) display_identifier = info.getDisplayIdentifier() session['status'] = info.status if info.status == consumer.SUCCESS: dbname = session['dbname'] registry = RegistryManager.get(dbname) with registry.cursor() as cr: Modules = registry.get('ir.module.module') installed = Modules.search_count(cr, SUPERUSER_ID, [ '&', ('name', '=', 'auth_openid'), ('state', '=', 'installed') ]) == 1 if installed: Users = registry.get('res.users') #openid_url = info.endpoint.canonicalID or display_identifier openid_url = session['openid_url'] attrs = self._get_attributes_from_success_response(info) attrs['openid_url'] = openid_url session['attributes'] = attrs openid_email = attrs.get('email', False) domain = [] if openid_email: domain += ['|', ('openid_email', '=', False)] domain += [('openid_email', '=', openid_email)] domain += [('openid_url', '=', openid_url), ('active', '=', True)] ids = Users.search(cr, SUPERUSER_ID, domain) assert len(ids) < 2 if ids: user_id = ids[0] login = Users.browse(cr, SUPERUSER_ID, user_id).login key = randomString(utils.KEY_LENGTH, '0123456789abcdef') Users.write(cr, SUPERUSER_ID, [user_id], {'openid_key': key}) # TODO fill empty fields with the ones from sreg/ax cr.commit() return login_and_redirect(dbname, login, key) session[ 'message'] = 'This OpenID identifier is not associated to any active users' elif info.status == consumer.SETUP_NEEDED: session['message'] = info.setup_url elif info.status == consumer.FAILURE and display_identifier: fmt = "Verification of %s failed: %s" session['message'] = fmt % (display_identifier, info.message) else: # FAILURE # Either we don't understand the code or there is no # openid_url included with the error. Give a generic # failure message. The library should supply debug # information in a log. session['message'] = 'Verification failed.' return set_cookie_and_redirect('/#action=login&loginerror=1') @http.route('/auth_openid/login/status', type='json', auth='none') def status(self): session = getattr(request.session, 'openid_session', {}) return { 'status': session.get('status'), 'message': session.get('message') }
def process_core(req): Logger.log.debug("Processing request: " + str(req)) # Set up OpenID library session = Session.Session(req, timeout=60) global store if store is None: Logger.log.debug("Creating new store") server_options = req.get_options() store_path = os.path.join(server_options['wor.root_path'], "oid_store") store = filestore.FileOpenIDStore(store_path) oid_consumer = consumer.Consumer(session, store) # Get request parameters if getattr(req, "form", None) is None: req.form = util.FieldStorage(req, True) # Convert the request parameters into an ordinary decent # dictionary for the oid_consumer to use params = {} for k in req.form: params[k] = req.form.getfirst(k).value Logger.log.debug("Request was " + str(params)) url = req.construct_url("/process") info = oid_consumer.complete(params, url) display_identifier = info.getDisplayIdentifier() if info.status == consumer.FAILURE and display_identifier: # In the case of failure, if info is non-None, it is the # URL that we were verifying. We include it in the error # message to help the user figure out what happened. fmt = "Verification of %s failed: %s" # FIXME: To avoid XSS issues, quote this identifier before # echoing it back (and below) message = fmt % (display_identifier, info.message) elif info.status == consumer.SUCCESS: # Success means that the transaction completed without # error. If info is None, it means that the user cancelled # the verification. css_class = 'alert' # This is a successful verification attempt. If this # was a real application, we would do our login, # comment posting, etc. here. fmt = "You have successfully verified %s as your identity." message = fmt % (display_identifier, ) if info.endpoint.canonicalID: # You should authorize i-name users by their canonicalID, # rather than their more human-friendly identifiers. That # way their account with you is not compromised if their # i-name registration expires and is bought by someone else. message += (" This is an i-name, and its persistent ID is %s" % (info.endpoint.canonicalID, )) # FIXME: We should check here whether the account exists. If # it doesn't, we need to create the account using SREG data, # and drop the user into a character-creation screen. If it # does exist, we should drop them into the game UI, in # "character-selection" mode. accid = Account.get_id_from_name(display_identifier) if accid is None: # Then there's no corresponding account: create one pass # We generate a random string to use as a session key, store # that locally for the account's session, and push it up to # the browser for temporary storage while it loads the game # interface. key = random_value(16) req.headers_out['X-WoR-Session-Key'] = key Account.set_session_key(accid, key) req.write( """<html><head><title>WoR</title><script src="/js/redirect.js" type="text/javascript"/></head><body onload="load_game(%{url}s);"></body></html>""" % ("http://game.worldofrodney.org/", )) return apache.OK elif info.status == consumer.CANCEL: # cancelled message = 'Verification cancelled' elif info.status == consumer.SETUP_NEEDED: if info.setup_url: message = '<a href=%s>Setup needed</a>' % (quoteattr( info.setup_url), ) else: # This means auth didn't succeed, but you're welcome to try # non-immediate mode. message = 'Setup needed' else: # Either we don't understand the code or there is no # openid_url included with the error. Give a generic # failure message. The library should supply debug # information in a log. message = 'Verification failed.' req.write(message) return apache.OK