def verify(request, redirect_field_name=auth.REDIRECT_FIELD_NAME):
"""
This view exists because the way django_browserid does it automatically
is not ideal.
TODO: fork django_browserid and use a class based view system so you can
sublcass and customize without borking everything
Process browserid assertions.
"""
redirect_to = request.REQUEST.get(redirect_field_name, '')
if not redirect_to:
redirect_to = getattr(settings, 'LOGIN_REDIRECT_URL', '/')
redirect_to_failure = getattr(settings, 'LOGIN_REDIRECT_URL_FAILURE', '/')
form = BrowserIDForm(data=request.POST)
if form.is_valid():
assertion = form.cleaned_data['assertion']
user = auth.authenticate(assertion=assertion,
audience=get_audience(request))
if user and user.is_active:
if user.get_profile().is_complete():
auth.login(request, user)
return redirect(reverse('profile', args=[user.username]))
else:
_store_user_in_session(request, assertion,
get_audience(request))
return redirect(reverse('register'))
return HttpResponseRedirect(redirect_to_failure)
def _verify_browserid(form, request):
"""Verify submitted BrowserID assertion.
This is broken out into a standalone function because it will probably
change in the near future if the django-browserid API changes, and it's
handy to mock out in tests this way."""
assertion = form.cleaned_data['assertion']
backend = browserid_auth.BrowserIDBackend()
result = backend.verify(assertion, get_audience(request))
return result
def _verify_browserid(form, request):
"""Verify submitted BrowserID assertion.
This is broken out into a standalone function because it will probably
change in the near future if the django-browserid API changes, and it's
handy to mock out in tests this way."""
assertion = form.cleaned_data['assertion']
backend = browserid_auth.BrowserIDBackend()
result = backend.verify(assertion, get_audience(request))
return result
def browserid_verify(request):
"""
Accept a posted BrowserID assertion and return user details if login succeeds.
"""
assertion = request.raw_post_data
user = auth.authenticate(assertion=assertion, audience=get_audience(request))
if user is not None and user.is_active:
auth.login(request, user)
return HttpResponse(
json.dumps({"user": user.profile.as_dict(request_user=user), "sessionid": request.session.session_key})
)
return HttpResponse(json.dumps({"error": "Unauthorized", "status": 401}), status=401)
def mozilla_browserid_verify(request):
"""Custom BrowserID verifier for mozilla addresses."""
form = BrowserIDForm(request.POST)
if form.is_valid():
assertion = form.cleaned_data['assertion']
audience = get_audience(request)
result = verify(assertion, audience)
if result and result['email'].split('@')[-1] in settings.ALLOWED_BID:
user = auth.authenticate(assertion=assertion, audience=audience)
auth.login(request, user)
return redirect(settings.LOGIN_REDIRECT_URL)
return redirect(settings.LOGIN_REDIRECT_URL_FAILURE)
def verify(request, redirect_field_name=auth.REDIRECT_FIELD_NAME):
"""Process browserid assertions."""
redirect_to = request.REQUEST.get(redirect_field_name, '')
if not redirect_to:
redirect_to = getattr(settings, 'LOGIN_REDIRECT_URL', '/')
redirect_to_failure = getattr(settings, 'LOGIN_REDIRECT_URL_FAILURE', '/')
form = BrowserIDForm(data=request.POST)
if form.is_valid():
assertion = form.cleaned_data['assertion']
user = auth.authenticate(assertion=assertion,
audience=get_audience(request))
if user is not None and user.is_active:
auth.login(request, user)
return HttpResponseRedirect(redirect_to)
return HttpResponseRedirect(redirect_to_failure)
def verify(request):
"""Process login."""
form = BrowserIDForm(request.POST)
if form.is_valid():
assertion = form.cleaned_data['assertion']
user = auth.authenticate(assertion=assertion,
audience=get_audience(request))
if user is not None and user.is_active:
auth.login(request, user)
# Redirect to edit profile page if user has no profile.
if UserProfile.objects.filter(pk=user.pk).exists():
return redirect(settings.LOGIN_REDIRECT)
else:
return redirect('flicks.users.edit_profile')
# TODO: Determine how to convey login failure.
return redirect(settings.LOGIN_REDIRECT_FAILURE)
def browserid_verify(request):
"""
Accept a posted BrowserID assertion and return user details if login succeeds.
"""
assertion = request.raw_post_data
user = auth.authenticate(assertion=assertion,
audience=get_audience(request))
if user is not None and user.is_active:
auth.login(request, user)
return HttpResponse(
json.dumps({
'user': user.profile.as_dict(request_user=user),
'sessionid': request.session.session_key
}))
return HttpResponse(json.dumps({
'error': "Unauthorized",
'status': 401
}),
status=401)
