Exemplo n.º 1
0
def rpx_response(request):
    """
    process the login token
    """
    logger.debug('django_rpx.views.rpx_response processing')
    token = request.POST.get('token', None)
    if not token: 
        logger.debug('no token provided, forbidden')
        return HttpResponseForbidden()
    logger.debug('authenticating')
    user=authenticate(token=token)
    logger.debug('authenticaton complete, user is %s' %(user,))
    if user and user.is_active:
        login(request, user)
        # TODO make it 302 and put in a cache buster
        return HttpResponseRedirect('/?login')
    else:
        return HttpResponseForbidden()
Exemplo n.º 2
0
    def authenticate(self, token=''):
        """
        TODO: pass in a message array here which can be filled with an error
        message with failure response
        """
        logger.debug('django_rpx.backends.authenticate token = %s'  %(token, ))
        api = RpxApi()
        json = api.get_auth_info(token)
        if json['stat'] <> 'ok':
            logger.debug('json results != ok -- %s' %(json['stat']))
            return None
        profile = json['profile']
        rpx_id = profile['identifier']
        nickname = profile.get('displayName') or \
          profile.get('preferredUsername')
        email = profile.get('email', '')
        profile_pic_url = profile.get('photo')
        info_page_url = profile.get('url')
        provider=profile.get("providerName")

        user=self.get_user_by_rpx_id(rpx_id)
        logger.debug('got user by rpx id %s' %(user, ))

        if not user:
            # no match. we can try to match on email, though, provided that doesn't steal
            # an rpx association
            if email and profile['providerName'] in TRUSTED_PROVIDERS:
                #beware - this would allow account theft, so we only allow it
                #for trusted providers
                user_candidates=User.objects.all().filter(
                  rpxdata=None).filter(email=email)
                # if unambiguous, do it. otherwise, don't.
                if user_candidates.count()==1:
                    [user]=user_candidates
                    rpxdata=RpxData(identifier=rpx_id)
                else:
                    return None
            else:
                #no match, create a new user - but there may be duplicate user names.
                logger.debug('backends.authenticate -- creating new user')
                username=nickname
                user=None
                try:
                    i=0
                    while True:
                        User.objects.get(username=username)
                        username=permute_name(nickname, i)
                        i+=1
                except User.DoesNotExist:
                    #available name!
                    user=User.objects.create_user(username, email)
                rpxdata = RpxData(identifier=rpx_id)
                rpxdata.user=user
                try:
                    rpxdata.save()
                except:
                    # the object already exists
                    return False
        rpxdata = RpxData.objects.get(identifier=rpx_id)
        api.save_data(json, rpxdata, user)
        if profile_pic_url:
            rpxdata.profile_pic_url=profile_pic_url
        if info_page_url:
            rpxdata.info_page_url=info_page_url
        if provider:
            rpxdata.provider=provider
        rpxdata.save()
        return user