return message
ret = openid_consumer_views.begin(request, redirect_to=reverse('openid_complete'), on_failure=openid_failure)
if isinstance(ret, (str, unicode)) or isinstance(ret,unicode):
messages.add_message(request, messages.ERROR, ret)
else:
return ret
try:
fb_association = FBAssociation.objects.get(user=request.user)
except FBAssociation.DoesNotExist, e:
fb_association = None
used = [o.openid for o in request.openids]
remove_openid = request.POST.get('remove_openid')
if remove_openid and remove_openid not in used:
unassociate_openid(request.user, remove_openid)
return HttpResponseRedirect(reverse(associations))
openids = list(UserOpenID.objects.filter(user=request.user).order_by('created_at'))
for o in openids:
o.is_used = o.openid in used
class Association(object):
def __init__(self, service):
self.service = service
def is_associated(self):
return bool(self.service.get_user_id(request.user))
def is_logged_in(self):
return getattr(backend, 'service_class', None) == self.service.__class__
def associations(request, template_name='openid_associations.html', post_login_redirect='/openid/complete/'):
"""
A view for managing the OpenIDs associated with a user account.
"""
if 'openid_url' in request.POST:
# They entered a new OpenID and need to authenticate it - kick off the
# process and make sure they are redirected back here afterwards
return consumer_views.begin(request, redirect_to=post_login_redirect)
messages = []
associated_openids = [
rec.openid
for rec in UserOpenID.objects.filter(user__id = request.user.id)
]
# OpenIDs are associated and de-associated based on their key - which is a
# hash of the OpenID, user ID and SECRET_KEY - this gives us a nice key for
# submit button names or checkbox values and provides CSRF protection at
# the same time. We need to pre-calculate the hashes for the user's OpenIDs
# in advance.
add_hashes = dict([
(_make_hash('add', request.user, openid), str(openid))
for openid in request.openids
if str(openid) not in associated_openids
])
del_hashes = dict([
(_make_hash('del', request.user, openid), openid)
for openid in associated_openids
])
# We can now cycle through the keys in POST, looking for stuff to add or
# delete. First though we check for the ?direct=1 argument and directly add
# any OpenIDs that were authenticated in the last 5 seconds - this supports
# the case where a user has entered an OpenID in the form on this page,
# authenticated it and been directed straight back here.
# TODO: Reconsider this technique now that it's easier to create custom
# behaviour when an OpenID authentication is successful.
if request.GET.get('direct') and request.openids and \
request.openids[-1].issued > int(time.time()) - 5 and \
str(request.openids[-1]) not in associated_openids:
new_openid = str(request.openids[-1])
associate_openid(request.user, new_openid)
associated_openids.append(new_openid)
messages.append('%s has been associated with your account' % escape(
new_openid
))
# Now cycle through POST.keys() looking for OpenIDs to add or remove
for key in request.POST.keys():
if key in add_hashes:
openid = add_hashes[key]
if openid not in associated_openids:
associate_openid(request.user, openid)
associated_openids.append(openid)
messages.append('%s has been associated with your account' % \
escape(openid)
)
if key in del_hashes:
openid = del_hashes[key]
if openid in associated_openids:
unassociate_openid(request.user, openid)
associated_openids.remove(openid)
messages.append('%s has been removed from your account' % \
escape(openid)
)
# At this point associated_openids represents the current set of associated
# OpenIDs, and messages contains any messages that should be displayed. The
# final step is to work out which OpenIDs they have that are currently
# logged in BUT are not associated - these are the ones that should be
# displayed with an "associate this?" buttons.
potential_openids = [
str(openid) for openid in request.openids
if str(openid) not in associated_openids
]
# Finally, calculate the button hashes we are going to need for the form.
add_buttons = [
{'openid': openid, 'hash': _make_hash('add', request.user, openid)}
for openid in potential_openids
]
del_buttons = [
{'openid': openid, 'hash': _make_hash('del', request.user, openid)}
for openid in associated_openids
]
return render(template_name, {
'user': request.user,
'messages': messages,
'action': request.path,
'add_buttons': add_buttons,
'del_buttons': del_buttons, # This is also used to generate the list of
# of associated OpenIDs
},
context_instance=RequestContext(request))
redirect_to=reverse('openid_complete'),
on_failure=openid_failure)
if isinstance(ret, (str, unicode)) or isinstance(ret, unicode):
messages.add_message(request, messages.ERROR, ret)
else:
return ret
try:
fb_association = FBAssociation.objects.get(user=request.user)
except FBAssociation.DoesNotExist, e:
fb_association = None
used = [o.openid for o in request.openids]
remove_openid = request.POST.get('remove_openid')
if remove_openid and remove_openid not in used:
unassociate_openid(request.user, remove_openid)
return HttpResponseRedirect(reverse(associations))
openids = list(
UserOpenID.objects.filter(user=request.user).order_by('created_at'))
for o in openids:
o.is_used = o.openid in used
class Association(object):
def __init__(self, service):
self.service = service
def is_associated(self):
return bool(self.service.get_user_id(request.user))
def is_logged_in(self):
