def endpoint(request): """ Respond to low-level OpenID protocol messages. """ s = getServer(request) query = util.normalDict(request.GET or request.POST) # First, decode the incoming request into something the OpenID # library can use. try: openid_request = s.decodeRequest(query) except ProtocolError as why: # This means the incoming request was invalid. return render_to_response('server/endpoint.html', {'error': str(why)}, context_instance=RequestContext(request)) # If we did not get a request, display text indicating that this # is an endpoint. if openid_request is None: return render_to_response('server/endpoint.html', {}, context_instance=RequestContext(request)) # We got a request; if the mode is checkid_*, we will handle it by # getting feedback from the user or by checking the session. if openid_request.mode in ["checkid_immediate", "checkid_setup"]: return handleCheckIDRequest(request, openid_request) else: # We got some other kind of OpenID request, so we let the # server handle this. openid_response = s.handleRequest(openid_request) return displayResponse(request, openid_response)
def endpoint(request): """ Respond to low-level OpenID protocol messages. """ s = getServer(request) query = util.normalDict(request.GET or request.POST) # First, decode the incoming request into something the OpenID # library can use. try: openid_request = s.decodeRequest(query) except ProtocolError as why: # This means the incoming request was invalid. return render_to_response( 'server/endpoint.html', {'error': str(why)}, context_instance=RequestContext(request)) # If we did not get a request, display text indicating that this # is an endpoint. if openid_request is None: return render_to_response( 'server/endpoint.html', {}, context_instance=RequestContext(request)) # We got a request; if the mode is checkid_*, we will handle it by # getting feedback from the user or by checking the session. if openid_request.mode in ["checkid_immediate", "checkid_setup"]: return handleCheckIDRequest(request, openid_request) else: # We got some other kind of OpenID request, so we let the # server handle this. openid_response = s.handleRequest(openid_request) return displayResponse(request, openid_response)
def endpoint(request): """ Respond to low-level OpenID protocol messages. """ s = getServer(request) query = util.normalDict(request.GET or request.POST) # First, decode the incoming request into something the OpenID # library can use. try: openid_request = s.decodeRequest(query) except ProtocolError, why: # This means the incoming request was invalid. return render(request, "server/endpoint.html", {"error": str(why)})
def endpoint(request): """ Respond to low-level OpenID protocol messages. """ ret_json = request.META.get('HTTP_ACCEPT', False) and \ not (request.META['HTTP_ACCEPT'].find('html') > -1) query = util.normalDict(request.GET or request.POST) if query.get('data', ''): #TODO no use query.get('remember', '') username = query.get('user') password = query.get('passwd') user = _sign_in(request, username, password) if not user or not user.is_active: next_url = query.get('next') or request.META.get('HTTP_REFERER', '') if not ret_json: return direct_to_template(request, 'server/login.html', {'ret': 'error<a href=' + next_url + '>back</a>', 'data': query['data'], 'url': getViewURL(request, endpoint), 'next': next_url}) else: response_data = {'prompt': 'openid login', \ 'action': getViewURL(request, endpoint), \ 'method': 'POST', \ 'fields': [ {'type': 'text', 'name': 'user', 'label': 'Username: '******'type': 'password', 'name': 'passwd', 'label': 'Password: '******'type': 'hidden', 'name': 'data', 'value': query['data']}, ] } return http.HttpResponse(json.dumps(response_data), mimetype="application/json") query = pickle.loads(base64.decodestring(query['data'])) s = getServer(request) # First, decode the incoming request into something the OpenID # library can use. try: openid_request = s.decodeRequest(query) except ProtocolError, why: # This means the incoming request was invalid. return direct_to_template( request, 'server/endpoint.html', {'error': str(why)})
def finishOpenID(request): """ Finish the OpenID authentication process. Invoke the OpenID library with the response from the OpenID server and render a page detailing the result. """ result = {} # Because the object containing the query parameters is a # MultiValueDict and the OpenID library doesn't allow that, we'll # convert it to a normal dict. # OpenID 2 can send arguments as either POST body or GET query # parameters. request_args = util.normalDict(request.GET) if request.method == 'POST': request_args.update(util.normalDict(request.POST)) if request_args: c = getConsumer(request) # Get a response object indicating the result of the OpenID # protocol. return_to = util.getViewURL(request, finishOpenID) response = c.complete(request_args, return_to) # Get a Simple Registration response object if response # information was included in the OpenID response. sreg_response = {} ax_items = {} if response.status == consumer.SUCCESS: sreg_response = sreg.SRegResponse.fromSuccessResponse(response) ax_response = ax.FetchResponse.fromSuccessResponse(response) if ax_response: ax_items = { 'fullname': ax_response.get('http://schema.openid.net/namePerson'), 'web': ax_response.get( 'http://schema.openid.net/contact/web/default'), } # Get a PAPE response object if response information was # included in the OpenID response. pape_response = None if response.status == consumer.SUCCESS: pape_response = pape.Response.fromSuccessResponse(response) if not pape_response.auth_policies: pape_response = None # Map different consumer status codes to template contexts. results = { consumer.CANCEL: { 'message': 'OpenID authentication cancelled.' }, consumer.FAILURE: { 'error': 'OpenID authentication failed.' }, consumer.SUCCESS: { 'url': response.getDisplayIdentifier(), 'sreg': sreg_response and list(sreg_response.items()), 'ax': list(ax_items.items()), 'pape': pape_response } } result = results[response.status] if isinstance(response, consumer.FailureResponse): # In a real application, this information should be # written to a log for debugging/tracking OpenID # authentication failures. In general, the messages are # not user-friendly, but intended for developers. result['failure_reason'] = response.message return renderIndexPage(request, **result)
def finishOpenID(request): """ Finish the OpenID authentication process. Invoke the OpenID library with the response from the OpenID server and render a page detailing the result. """ result = {} # Because the object containing the query parameters is a # MultiValueDict and the OpenID library doesn't allow that, we'll # convert it to a normal dict. # OpenID 2 can send arguments as either POST body or GET query # parameters. request_args = util.normalDict(request.GET) if request.method == "POST": request_args.update(util.normalDict(request.POST)) if request_args: c = getConsumer(request) # Get a response object indicating the result of the OpenID # protocol. return_to = util.getViewURL(request, finishOpenID) response = c.complete(request_args, return_to) # Get a Simple Registration response object if response # information was included in the OpenID response. sreg_response = {} ax_items = {} if response.status == consumer.SUCCESS: sreg_response = sreg.SRegResponse.fromSuccessResponse(response) ax_response = ax.FetchResponse.fromSuccessResponse(response) if ax_response: ax_items = { "fullname": ax_response.get("http://schema.openid.net/namePerson"), "web": ax_response.get("http://schema.openid.net/contact/web/default"), } # Get a PAPE response object if response information was # included in the OpenID response. pape_response = None if response.status == consumer.SUCCESS: pape_response = pape.Response.fromSuccessResponse(response) if not pape_response.auth_policies: pape_response = None # Map different consumer status codes to template contexts. results = { consumer.CANCEL: {"message": "OpenID authentication cancelled."}, consumer.FAILURE: {"error": "OpenID authentication failed."}, consumer.SUCCESS: { "url": response.getDisplayIdentifier(), "sreg": sreg_response and sreg_response.items(), "ax": ax_items.items(), "pape": pape_response, }, } result = results[response.status] if isinstance(response, consumer.FailureResponse): # In a real application, this information should be # written to a log for debugging/tracking OpenID # authentication failures. In general, the messages are # not user-friendly, but intended for developers. result["failure_reason"] = response.message return renderIndexPage(request, **result)
def handleCheckIDRequest(request, openid_request): """ Handle checkid_* requests. Get input from the user to find out whether she trusts the RP involved. Possibly, get intput about what Simple Registration information, if any, to send in the response. """ # If the request was an IDP-driven identifier selection request # (i.e., the IDP URL was entered at the RP), then return the # default identity URL for this server. In a full-featured # provider, there could be interaction with the user to determine # what URL should be sent. for k in dir(openid_request): if k.startswith('_'): continue if not request.user.is_authenticated(): ret_json = request.META.get('HTTP_ACCEPT', False) and \ not (request.META['HTTP_ACCEPT'].find('html') > -1) query = util.normalDict(request.GET or request.POST) if not ret_json: return direct_to_template(request, 'server/login.html', {'ret': '', 'data': base64.encodestring(pickle.dumps(query)).strip('\n'), 'url': getViewURL(request, endpoint), 'next': request.GET.get('next', request.META.get('HTTP_REFERER', '')) }) else: response_data = {'prompt': 'openid login', \ 'action': getViewURL(request, endpoint), \ 'method': 'POST', \ 'fields': [ {'type': 'text', 'name': 'user', 'label': 'Username: '******'type': 'password', 'name': 'passwd', 'label': 'Password: '******'type': 'hidden', 'name': 'data', 'value': base64.encodestring(pickle.dumps(query)).strip('\n')}, ] } return http.HttpResponse(json.dumps(response_data), mimetype="application/json") if not openid_request.idSelect(): id_url = getViewURL(request, idPage, args=[request.user.username]) # Confirm that this server can actually vouch for that # identifier if id_url != openid_request.identity: # Return an error response error_response = ProtocolError( openid_request.message, "This server cannot verify the URL %r" % (openid_request.identity,)) return displayResponse(request, error_response) if openid_request.immediate: # Always respond with 'cancel' to immediate mode requests # because we don't track information about a logged-in user. # If we did, then the answer would depend on whether that user # had trusted the request's trust root and whether the user is # even logged in. openid_response = openid_request.answer(False) return displayResponse(request, openid_response) else: # Store the incoming request object in the session so we can # get to it later. setRequest(request, openid_request) return showDecidePage(request, openid_request)
def finishOpenID(request): """ Finish the OpenID authentication process. Invoke the OpenID library with the response from the OpenID server and render a page detailing the result. """ result = {} # Because the object containing the query parameters is a # MultiValueDict and the OpenID library doesn't allow that, we'll # convert it to a normal dict. # OpenID 2 can send arguments as either POST body or GET query # parameters. request_args = util.normalDict(request.GET) if request.method == 'POST': request_args.update(util.normalDict(request.POST)) if request_args: c = getConsumer(request) # Get a response object indicating the result of the OpenID # protocol. return_to = util.getViewURL(request, finishOpenID) response = c.complete(request_args, return_to) # Get a Simple Registration response object if response # information was included in the OpenID response. sreg_response = {} if response.status == consumer.SUCCESS: sreg_response = sreg.SRegResponse.fromSuccessResponse(response) # Get a PAPE response object if response information was # included in the OpenID response. pape_response = None if response.status == consumer.SUCCESS: pape_response = pape.Response.fromSuccessResponse(response) # Map different consumer status codes to template contexts. results = { consumer.CANCEL: {'message': 'OpenID authentication cancelled.'}, consumer.FAILURE: {'error': 'OpenID authentication failed.'}, consumer.SUCCESS: {'url': response.getDisplayIdentifier(), 'sreg': sreg_response.items(), 'pape': pape_response}, } result = results[response.status] if isinstance(response, consumer.FailureResponse): # In a real application, this information should be # written to a log for debugging/tracking OpenID # authentication failures. In general, the messages are # not user-friendly, but intended for developers. result['failure_reason'] = response.message return renderIndexPage(request, **result)