Exemplo n.º 1
0
    def init(self):
        self.consumer = create_consumer(self.openid_session)
        if not hasattr(self, 'form_result'):
            return self._failure('', _("Invalid input."))
        openid = self.form_result.get("openid")
        try:
            if not openid:
                raise ValueError(_("No OpenID given!"))
            authrequest = self.consumer.begin(openid)

            if not c.user and not model.OpenID.find(openid):
                axreq = ax.FetchRequest(h.base_url(c.instance,
                                                   path='/openid/update'))
                axreq.add(ax.AttrInfo(AX_MAIL_SCHEMA, alias="email",
                                      required=True))
                authrequest.addExtension(axreq)
                sreq = sreg.SRegRequest(required=['nickname'],
                                        optional=['email'])
                authrequest.addExtension(sreq)

            redirecturl = authrequest.redirectURL(
                h.base_url(c.instance, path='/'),
                return_to=h.base_url(c.instance, path='/openid/verify'),
                immediate=False)
            session['openid_session'] = self.openid_session
            session.save()
            return redirect(redirecturl)
        except HTTPFound:
            raise
        except Exception, e:
            log.exception(e)
            return self._failure(openid, str(e))
Exemplo n.º 2
0
    def init(self):
        self.consumer = create_consumer(self.openid_session)
        if not hasattr(self, 'form_result'):
            return self._failure('', _("Invalid input."))
        openid = self.form_result.get("openid")
        try:
            if not openid:
                raise ValueError(_("No OpenID given!"))
            authrequest = self.consumer.begin(openid)

            if not c.user and not model.OpenID.find(openid):
                axreq = ax.FetchRequest(h.base_url('/openid/update'))
                axreq.add(ax.AttrInfo(AX_MAIL_SCHEMA, alias="email",
                                      required=True))
                authrequest.addExtension(axreq)
                sreq = sreg.SRegRequest(required=['nickname'],
                                        optional=['email'])
                authrequest.addExtension(sreq)

            redirecturl = authrequest.redirectURL(
                h.base_url('/'),
                return_to=h.base_url('/openid/verify'),
                immediate=False)
            session['openid_session'] = self.openid_session
            session.save()
            return redirect(redirecturl)
        except HTTPFound:
            raise
        except Exception, e:
            log.exception(e)
            return self._failure(openid, str(e))
Exemplo n.º 3
0
    def init(self):
        self.consumer = create_consumer(self.openid_session)
        if not hasattr(self, "form_result"):
            return self._failure("", _("Invalid input."))
        openid = self.form_result.get("openid")
        try:
            if not openid:
                raise ValueError(_("No OpenID given!"))
            authrequest = self.consumer.begin(openid)

            if not c.user and not model.OpenID.find(openid):
                axreq = ax.FetchRequest(h.base_url("/openid/update", absolute=True))
                axreq.add(ax.AttrInfo(get_ax_mail_schema(openid), alias="email", required=True))
                authrequest.addExtension(axreq)
                sreq = sreg.SRegRequest(required=["nickname"], optional=["email"])
                authrequest.addExtension(sreq)

            redirecturl = authrequest.redirectURL(
                h.base_url("/", absolute=True), return_to=h.base_url("/openid/verify", absolute=True), immediate=False
            )
            self.set_session(self.openid_session)
            session.save()
            return redirect(redirecturl)
        except HTTPFound:
            raise
        except Exception, e:
            log.exception(e)
            return self._failure(openid, str(e))
Exemplo n.º 4
0
    def verify(self):
        self.consumer = create_consumer(self.openid_session)
        info = self.consumer.complete(request.params,
                                      h.base_url('/openid/verify'))
        if not info.status == SUCCESS:
            return self._failure(info.identity_url, _("OpenID login failed."))
        email = None
        user_name = None
        # evaluate Simple Registration Extension data
        srep = sreg.SRegResponse.fromSuccessResponse(info)
        if srep:
            if srep.get('nickname'):
                user_name = srep.get('nickname').strip()
            if srep.get('email'):
                email = srep.get('email')
        # evaluate Attribute Exchange data
        # TBD: AXSCHEMA friendlyName
        # TBD: SignedMembership
        axrep = ax.FetchResponse.fromSuccessResponse(info)
        if axrep:
            try:
                email = axrep.getSingle(AX_MAIL_SCHEMA) or email
            except ValueError:
                email = axrep.get(AX_MAIL_SCHEMA)[0]
            except KeyError:
                email = email

        if 'openid_session' in session:
            del session['openid_session']

        oid = model.OpenID.find(info.identity_url)
        if oid:
            if c.user:
                if oid.user == c.user:
                    return self._failure(info.identity_url,
                        _("You have already claimed this OpenID."))
                else:
                    return self._failure(info.identity_url,
                        _("OpenID %s already belongs to %s.")
                        % (info.identity_url, oid.user.name))
            else:
                self._login(oid.user)
                # returns
        else:
            if c.user:
                oid = model.OpenID(unicode(info.identity_url), c.user)
                model.meta.Session.add(oid)
                model.meta.Session.commit()
                redirect(h.entity_url(c.user, member='edit'))
            else:
                try:
                    forms.UniqueUsername(not_empty=True).to_python(user_name)
                except:
                    session['openid_req'] = (info.identity_url, user_name,
                                             email)
                    session.save()
                    redirect('/openid/username')
                user = self._create(user_name, email, info.identity_url)
                self._login(user)
        return self._failure(info.identity_url,
                             _("Justin Case has entered the room."))
Exemplo n.º 5
0
    def verify(self):
        if not openid_login_allowed():
            ret_abort(_("OpenID login has been disabled on this installation"),
                      code=403)

        self.consumer = create_consumer(self.openid_session)
        info = self.consumer.complete(request.params,
                                      h.base_url('/openid/verify',
                                                 absolute=True))
        if not info.status == SUCCESS:
            return self._failure(info.identity_url, _("OpenID login failed."))
        email = None
        user_name = None
        # evaluate Simple Registration Extension data
        srep = sreg.SRegResponse.fromSuccessResponse(info)
        if srep:
            if srep.get('nickname'):
                user_name = srep.get('nickname').strip()
            if srep.get('email'):
                email = srep.get('email')
        # evaluate Attribute Exchange data
        # TBD: AXSCHEMA friendlyName
        # TBD: SignedMembership
        axrep = ax.FetchResponse.fromSuccessResponse(info)
        if axrep:
            ax_mail_schema = get_ax_mail_schema(info.identity_url)
            try:
                email = axrep.getSingle(ax_mail_schema) or email
            except ValueError:
                email = axrep.get(ax_mail_schema)[0]
            except KeyError:
                email = email

        if 'openid_session' in session:
            self.delete_session()

        oid = model.OpenID.find(info.identity_url)
        if oid:
            if c.user:
                if oid.user == c.user:
                    return self._failure(
                        info.identity_url,
                        _("You have already claimed this OpenID."))
                else:
                    return self._failure(
                        info.identity_url,
                        _("OpenID %s already belongs to %s.")
                        % (info.identity_url, oid.user.name))
            else:
                self._login(oid.user)
                # returns
        else:
            if c.user:
                oid = model.OpenID(unicode(info.identity_url), c.user)
                model.meta.Session.add(oid)
                model.meta.Session.commit()
                h.flash(_("Successfully added OpenID to user account."),
                        'success')
                redirect(h.entity_url(c.user, member='edit'))
            else:

                if not h.allow_user_registration():
                    h.flash(_(
                        "OpenID %s doesn't belong to an existing user account "
                        "and user registration is disabled in this "
                        "installation." % info.identity_url
                    ), 'warning')
                    redirect(h.base_url('/login'))

                user_by_email = model.User.find_by_email(email)
                if user_by_email is not None:
                    if is_trusted_provider(info.identity_url):
                        # A user with the email returned by the OpenID provider
                        # exists. As we trust the OpenID provider, we log in
                        # that account and assign the OpenID to this user.
                        oid = model.OpenID(unicode(info.identity_url),
                                           user_by_email)
                        model.meta.Session.add(oid)
                        model.meta.Session.commit()
                        h.flash(_(
                            "Successfully added OpenID to user account."
                        ), 'success')
                        self._login(user_by_email)
                    else:
                        # A user with the email returned by the OpenID provider
                        # exists. As we don't trust the OpenID provider, we
                        # demand that the user needs to login first.
                        #
                        # Note: We could store the successful OpenID
                        # authentication in the session and assign it after
                        # login. However probably more is gained if the
                        # list of trusted OpenID providers is extended.
                        h.flash(_(
                            "The email address %s which was returned by the "
                            "OpenID provider already belongs to a different "
                            "user account. Please login with that account "
                            "or use the forgot password functionality, and "
                            "add the OpenID in your user profile settings "
                            "afterwards. Sorry for the inconvenience." % email
                        ), 'warning')
                        redirect(h.base_url('/login'))

                try:
                    forms.UniqueUsername(not_empty=True).to_python(user_name)
                    formencode.All(validators.PlainText(not_empty=True),
                                   forms.UniqueUsername(),
                                   forms.ContainsChar())
                except:
                    session['openid_req'] = (info.identity_url, user_name,
                                             email)
                    session.save()
                    redirect(h.base_url('/openid/username'))
                user = self._create(user_name, email, info.identity_url)
                h.flash(_("Successfully created new user account %s" %
                          user_name), 'success')
                self._login(user, register=True)
Exemplo n.º 6
0
    def verify(self):
        self.consumer = create_consumer(self.openid_session)
        info = self.consumer.complete(request.params,
                                      h.base_url(c.instance,
                                                 path='/openid/verify'))
        if not info.status == SUCCESS:
            return self._failure(info.identity_url, _("OpenID login failed."))
        email = None
        user_name = None
        # evaluate Simple Registration Extension data
        srep = sreg.SRegResponse.fromSuccessResponse(info)
        if srep:
            if srep.get('nickname'):
                user_name = srep.get('nickname').strip()
            if srep.get('email'):
                email = srep.get('email')
        # evaluate Attribute Exchange data
        # TBD: AXSCHEMA friendlyName
        # TBD: SignedMembership
        axrep = ax.FetchResponse.fromSuccessResponse(info)
        if axrep:
            try:
                email = axrep.getSingle(AX_MAIL_SCHEMA) or email
            except ValueError:
                email = axrep.get(AX_MAIL_SCHEMA)[0]
            except KeyError:
                email = email

        if 'openid_session' in session:
            del session['openid_session']

        oid = model.OpenID.find(info.identity_url)
        if oid:
            if c.user:
                if oid.user == c.user:
                    return self._failure(info.identity_url,
                        _("You have already claimed this OpenID."))
                else:
                    return self._failure(info.identity_url,
                        _("OpenID %s already belongs to %s.")
                        % (info.identity_url, oid.user.name))
            else:
                self._login(oid.user)
                # returns
        else:
            if c.user:
                oid = model.OpenID(unicode(info.identity_url), c.user)
                model.meta.Session.add(oid)
                model.meta.Session.commit()
                redirect(h.entity_url(c.user, member='edit'))
            else:
                try:
                    forms.UniqueUsername(not_empty=True).to_python(user_name)
                except:
                    session['openid_req'] = (info.identity_url, user_name,
                                             email)
                    session.save()
                    redirect('/openid/username')
                user = self._create(user_name, email, info.identity_url)
                self._login(user)
        return self._failure(info.identity_url,
                             _("Justin Case has entered the room."))
Exemplo n.º 7
0
    def verify(self):
        if not openid_login_allowed():
            ret_abort(_("OpenID login has been disabled on this installation"),
                      code=403)

        self.consumer = create_consumer(self.openid_session)
        info = self.consumer.complete(
            request.params, h.base_url('/openid/verify', absolute=True))
        if not info.status == SUCCESS:
            return self._failure(info.identity_url, _("OpenID login failed."))
        email = None
        user_name = None
        # evaluate Simple Registration Extension data
        srep = sreg.SRegResponse.fromSuccessResponse(info)
        if srep:
            if srep.get('nickname'):
                user_name = srep.get('nickname').strip()
            if srep.get('email'):
                email = srep.get('email')
        # evaluate Attribute Exchange data
        # TBD: AXSCHEMA friendlyName
        # TBD: SignedMembership
        axrep = ax.FetchResponse.fromSuccessResponse(info)
        if axrep:
            ax_mail_schema = get_ax_mail_schema(info.identity_url)
            try:
                email = axrep.getSingle(ax_mail_schema) or email
            except ValueError:
                email = axrep.get(ax_mail_schema)[0]
            except KeyError:
                email = email

        if 'openid_session' in session:
            self.delete_session()

        oid = model.OpenID.find(info.identity_url)
        if oid:
            if c.user:
                if oid.user == c.user:
                    return self._failure(
                        info.identity_url,
                        _("You have already claimed this OpenID."))
                else:
                    return self._failure(
                        info.identity_url,
                        _("OpenID %s is already connected to an account.") %
                        (info.identity_url, oid.user.name))
            else:
                self._login(oid.user)
                # returns
        else:
            if c.user:
                oid = model.OpenID(unicode(info.identity_url), c.user)
                model.meta.Session.add(oid)
                model.meta.Session.commit()
                h.flash(_("Successfully added OpenID to user account."),
                        'success')
                redirect(h.entity_url(c.user, member='settings/login'))
            else:

                if not h.allow_user_registration():
                    h.flash(
                        _("OpenID %s doesn't belong to an existing user account "
                          "and user registration is disabled in this "
                          "installation." % info.identity_url), 'warning')
                    redirect(h.base_url('/login'))

                user_by_email = model.User.find_by_email(email)
                if user_by_email is not None:
                    if is_trusted_provider(info.identity_url):
                        # A user with the email returned by the OpenID provider
                        # exists. As we trust the OpenID provider, we log in
                        # that account and assign the OpenID to this user.
                        oid = model.OpenID(unicode(info.identity_url),
                                           user_by_email)
                        model.meta.Session.add(oid)
                        model.meta.Session.commit()
                        h.flash(
                            _("Successfully added OpenID to user account."),
                            'success')
                        self._login(user_by_email)
                    else:
                        # A user with the email returned by the OpenID provider
                        # exists. As we don't trust the OpenID provider, we
                        # demand that the user needs to login first.
                        #
                        # Note: We could store the successful OpenID
                        # authentication in the session and assign it after
                        # login. However probably more is gained if the
                        # list of trusted OpenID providers is extended.
                        h.flash(
                            _("The email address %s which was returned by the "
                              "OpenID provider already belongs to a different "
                              "user account. Please login with that account "
                              "or use the forgot password functionality, and "
                              "add the OpenID in your user profile settings "
                              "afterwards. Sorry for the inconvenience." %
                              email), 'warning')
                        redirect(h.base_url('/login'))

                try:
                    forms.UniqueUsername(not_empty=True).to_python(user_name)
                    formencode.All(validators.PlainText(not_empty=True),
                                   forms.UniqueUsername(),
                                   forms.ContainsChar())
                except:
                    session['openid_req'] = (info.identity_url, user_name,
                                             email)
                    session.save()
                    redirect(h.base_url('/openid/username'))
                user = self._create(user_name, email, info.identity_url)
                h.flash(
                    _("Successfully created new user account %s" % user_name),
                    'success')
                self._login(user, register=True)