def verify(self, request, url, session):
request_token = oauth.Token.from_string(session['token'])
verifier = request.GET.get('oauth_verifier')
if not verifier:
redirect(self.config.get('oauth_failure'))
request_token.set_verifier(verifier)
client = oauth.Client(self.consumer, request_token)
resp, content = client.request(self.access_token_url, "POST")
if resp['status'] != '200':
redirect(self.config.get('oauth_failure'))
access_token = dict(urlparse.parse_qsl(content))
return self._get_credentials(access_token)
def request_access(self, request, url, session):
return_to = url(controller='account',
action="verify",
provider=self.provider,
qualified=True)
loc = build_url(self.authorization_url,
client_id=self.app_id,
scope=self.scope,
redirect_uri=return_to)
return redirect(loc)
def request_access(self, request, url, session):
# Create the consumer and client, make the request
client = oauth.Client(self.consumer)
params = {
'oauth_callback':
url(controller='account',
action="verify",
provider=self.provider,
qualified=True)
}
if self.scope:
params['scope'] = self.scope
# We go through some shennanigans here to specify a callback url
oauth_request = oauth.Request.from_consumer_and_token(
self.consumer, http_url=self.request_token_url, parameters=params)
oauth_request.sign_request(self.sigmethod, self.consumer, None)
client = HttpRequestor()
resp, content = client.request(self.request_token_url,
method='GET',
headers=oauth_request.to_header())
if resp['status'] != '200':
client.save_capture("oauth1 request_access failure")
raise AccessException("Error status: %r", resp['status'])
request_token = oauth.Token.from_string(content)
session['token'] = content
session.save()
# force_login is twitter specific
if (self.provider == 'twitter.com'
and asbool(request.POST.get('force_login'))):
http_url = self.authorization_url + '?force_login=true'
else:
http_url = self.authorization_url
# Send the user to the oauth provider to authorize us
oauth_request = \
oauth.Request.from_token_and_callback(token=request_token,
http_url=http_url)
return redirect(oauth_request.to_url())
def request_access(self, request, url, session):
log_debug = self.log_debug
if log_debug:
log.debug('Handling OpenID login')
# Load default parameters that all Auth Responders take
fail_uri = self.config.get('oauth_failure')
openid_url = request.POST.get('openid_identifier')
# Let inherited consumers alter the openid identifier if desired
openid_url = self._lookup_identifier(openid_url)
openid_session = {}
oidconsumer = consumer.Consumer(openid_session, self.openid_store,
self.consumer_class)
try:
authrequest = oidconsumer.begin(openid_url)
except consumer.DiscoveryFailure, exc:
log.error("openid discovery failure: %s", exc)
return redirect(fail_uri)
class OpenIDResponder(object):
"""OpenID Consumer for handling OpenID authentication
"""
def __init__(self, provider):
self.provider = provider
self.consumer_class = None
self.log_debug = logging.DEBUG >= log.getEffectiveLevel()
self.config = get_oauth_config(provider)
self.endpoint_regex = self.config.get('endpoint_regex')
# application config items, dont use self.config
store = config.get('openid_store', 'mem')
if store == u"file":
store_file_path = config.get('openid_store_path', None)
self.openid_store = filestore.FileOpenIDStore(store_file_path)
elif store == u"mem":
self.openid_store = memstore.MemoryStore()
elif store == u"sql":
# TODO: This does not work as we need a connection, not a string
# XXX
#self.openid_store = sqlstore.SQLStore(sql_connstring,
# sql_associations_table, sql_connstring)
raise NotImplementedError()
self.scope = self.config.get('scope', None)
self.return_to_query = {}
def _lookup_identifier(self, identifier):
"""Extension point for inherited classes that want to change or set
a default identifier"""
return identifier
def _update_authrequest(self, authrequest, request):
"""Update the authrequest with the default extensions and attributes
we ask for
This method doesn't need to return anything, since the extensions
should be added to the authrequest object itself.
"""
# Add on the Attribute Exchange for those that support that
ax_request = ax.FetchRequest()
for attrib in attributes.values():
ax_request.add(ax.AttrInfo(attrib))
authrequest.addExtension(ax_request)
# Form the Simple Reg request
sreg_request = sreg.SRegRequest(optional=[
'nickname', 'email', 'fullname', 'dob', 'gender', 'postcode',
'country', 'language', 'timezone'
], )
authrequest.addExtension(sreg_request)
return None
def _get_access_token(self, request_token):
"""Called to exchange a request token for the access token
This method doesn't by default return anything, other OpenID+Oauth
consumers should override it to do the appropriate lookup for the
access token, and return the access token.
"""
return None
def request_access(self, request, url, session):
log_debug = self.log_debug
if log_debug:
log.debug('Handling OpenID login')
# Load default parameters that all Auth Responders take
fail_uri = self.config.get('oauth_failure')
openid_url = request.POST.get('openid_identifier')
# Let inherited consumers alter the openid identifier if desired
openid_url = self._lookup_identifier(openid_url)
openid_session = {}
oidconsumer = consumer.Consumer(openid_session, self.openid_store,
self.consumer_class)
try:
authrequest = oidconsumer.begin(openid_url)
except consumer.DiscoveryFailure, exc:
log.error("openid discovery failure: %s", exc)
return redirect(fail_uri)
if authrequest is None:
return redirect(fail_uri)
# Update the authrequest
self._update_authrequest(authrequest, request)
return_to = url(controller='account',
action="verify",
provider=self.provider,
qualified=True,
**self.return_to_query)
# Ensure our session is saved for the id to persist
session['openid_session'] = openid_session
session.save()
redirect_url = authrequest.redirectURL(realm=request.application_url,
return_to=return_to,
immediate=False)
# OpenID 2.0 lets Providers request POST instead of redirect, this
# checks for such a request.
if authrequest.shouldSendRedirect():
redirect_url = authrequest.redirectURL(
realm=request.application_url,
return_to=return_to,
immediate=False)
return redirect(redirect_url)
else:
return authrequest.htmlMarkup(realm=request.application_url,
return_to=return_to,
immediate=False)