def login_begin(request, attribute_set='default'):
"""Begin an MojeID login request."""
if mojeid_settings.MOJEID_SESSION_NEXT_PAGE_ATTR in request.session:
del request.session[mojeid_settings.MOJEID_SESSION_NEXT_PAGE_ATTR]
# create consumer, start login process
consumer = MojeIDConsumer(DjangoOpenIDStore())
openid_request = consumer.begin(create_service())
# Request user details.
attributes = get_attribute_query(attribute_set)
# save settings set name for response handler
request.session[SESSION_ATTR_SET_KEY] = attribute_set
fetch_request = ax.FetchRequest()
for attribute, required in attributes:
fetch_request.add(attribute.generate_ax_attrinfo(required))
if attributes:
openid_request.addExtension(fetch_request)
if mojeid_settings.MOJEID_LOGIN_METHOD != 'ANY' or \
mojeid_settings.MOJEID_MAX_AUTH_AGE is not None:
# set authentication method to OTP or CERT
if mojeid_settings.MOJEID_LOGIN_METHOD == "OTP":
auth_method = [pape.AUTH_MULTI_FACTOR]
elif mojeid_settings.MOJEID_LOGIN_METHOD == "CERT":
auth_method = [pape.AUTH_PHISHING_RESISTANT]
else:
auth_method = None
pape_request = pape.Request(
preferred_auth_policies=auth_method,
max_auth_age=mojeid_settings.MOJEID_MAX_AUTH_AGE,
)
openid_request.addExtension(pape_request)
# Construct the request completion URL
return_to = request.build_absolute_uri(reverse(login_complete))
# get 'next page' and save it to the session
redirect_to = sanitise_redirect_url(OpenIDBackend.get_redirect_to(request))
if redirect_to:
request.session[mojeid_settings.MOJEID_SESSION_NEXT_PAGE_ATTR] = redirect_to
# Realm should be always something like 'https://example.org/openid/'
realm = getattr(settings, 'MOJEID_REALM', None)
if not realm:
realm = request.build_absolute_uri(reverse(top))
# we always use POST request
form_html = openid_request.htmlMarkup(
realm, return_to, form_tag_attrs={'id': 'openid_message'})
return HttpResponse(form_html, content_type='text/html; charset=UTF-8')
