def cleanupAssociations(self):
try:
return OpenIDAssociation.query.filter(
OpenIDAssociation.lifetime < int(time())
).delete()
finally:
db_session.commit()
def first_login():
with open(os.path.join(app.config['BASEDIR'], "allowed_openids")) as f:
allowed_openids = [x.strip() for x in f.readlines()]
with open(os.path.join(app.config['BASEDIR'], "allowed_emails")) as f:
allowed_emails = [x.strip() for x in f.readlines()]
if g.user is not None or 'openid' not in session:
return redirect(url_for('.login'))
if request.method == 'POST':
if 'cancel' in request.form:
del session['openid']
flash(u'Login was aborted')
return redirect(url_for('general.login'))
if (session['openid'] not in allowed_openids) and (request.form["email"] not in allowed_emails):
flash(u"Unauthorized user.")
del session['openid']
return redirect(url_for('general.logout'))
db_session.add(User(request.form['name'], session['openid'], request.form["email"]))
db_session.commit()
flash(u'Successfully created profile and logged in!')
return redirect(oid.get_next_url())
return render_template('general/first_login.html',
next=oid.get_next_url(),
openid=session['openid'])
def cleanupNonces(self):
try:
return OpenIDUserNonce.query.filter(
OpenIDUserNonce.timestamp <= int(time() - nonce.SKEW)
).delete()
finally:
db_session.commit()
def removeAssociation(self, server_url, handle):
try:
return OpenIDAssociation.query.filter(
(OpenIDAssociation.server_url == server_url) &
(OpenIDAssociation.handle == handle)
).delete()
finally:
db_session.commit()
def storeAssociation(self, server_url, association):
assoc = OpenIDAssociation(
server_url=server_url,
handle=association.handle,
secret=association.secret.encode('base64'),
issued=association.issued,
lifetime=association.lifetime,
assoc_type=association.assoc_type
)
db_session.add(assoc)
db_session.commit()
def profile():
name = g.user.name
if request.method == 'POST':
name = request.form['name'].strip()
if not name:
flash(u'Error: a name is required')
else:
g.user.name = name
db_session.commit()
flash(u'User profile updated')
return redirect(url_for('.index'))
return render_template('general/profile.html', name=name)
def useNonce(self, server_url, timestamp, salt):
if abs(timestamp - time()) > nonce.SKEW:
return False
rv = OpenIDUserNonce.query.filter(
(OpenIDUserNonce.server_url == server_url) &
(OpenIDUserNonce.timestamp == timestamp) &
(OpenIDUserNonce.salt == salt)
).first()
if rv is not None:
return False
rv = OpenIDUserNonce(server_url=server_url, timestamp=timestamp,
salt=salt)
db_session.add(rv)
db_session.commit()
return True
def create_or_login(resp):
with open(os.path.join(app.config['BASEDIR'], "allowed_openids")) as f:
allowed_openids = [x.strip() for x in f.readlines()]
session['openid'] = resp.identity_url
#if session['openid'] not in allowed_openids:
# flash(u"Unauthorized user.")
# del session['openid']
# return redirect(url_for('general.logout'))
user = g.user or User.query.filter_by(openid=resp.identity_url).first()
if user is None:
print "\n\n\n resp email: {} \n\n\n".format(resp.email)
return redirect(url_for('.first_login', next=oid.get_next_url(),
name=resp.fullname or resp.nickname, email=resp.email))
if user.openid != resp.identity_url:
user.openid = resp.identity_url
db_session.commit()
flash(u'OpenID identity changed')
else:
flash(u'Successfully signed in!')
return redirect(oid.get_next_url())
