def openid_process(self, request, token):
""" Process a callback from an identity provider. """
oid_consumer = consumer.Consumer(self.get_openid_session(request),
self.store)
query = urlparse.parse_qsl(urlparse.urlparse(request.uri).query)
queries = {}
for key, val in query:
queries[key] = val.decode('UTF-8')
logging.debug("Queries: {0}".format(queries))
info = oid_consumer.complete(
queries, self.webserver.server_url + "/" + self.base_path +
"/openid_process")
display_identifier = info.getDisplayIdentifier()
if info.status == consumer.FAILURE and display_identifier:
logging.error("Verification of {0} failed: {1}".format(
display_identifier, info.message))
self._send_openid_redirect(request, {
"status": 401,
"message": "Unauthorized"
})
return
elif info.status == consumer.SUCCESS:
sreg_resp = sreg.SRegResponse.fromSuccessResponse(info)
sreg_data = {}
if sreg_resp is not None:
sreg_data = sreg_resp.data
pape_resp = pape.Response.fromSuccessResponse(info)
ax_resp = ax.FetchResponse.fromSuccessResponse(info)
ax_data = {}
if ax_resp is not None:
for uri in self.AX_URIS:
ax_data[uri] = ax_resp.get(uri)
logging.debug(
"openid_process: Success of {0}, sreg_resp: {1} (sreg_data: {2}), pape_resp: {3}, ax_resp: {4}, ax_data: {5}"
.format(display_identifier, sreg_resp, sreg_data, pape_resp,
ax_resp, ax_data))
if len(ax_data.keys()) > 0:
user_metadata = {
"name":
ax_data['http://schema.openid.net/namePerson/first'][0] +
" " +
ax_data['http://schema.openid.net/namePerson/last'][0],
"email":
ax_data['http://schema.openid.net/contact/email'][0],
}
elif len(sreg_data.keys()) > 0:
user_metadata = {
"name": sreg_data['fullname'],
"nickname": sreg_data['nickname'],
"email": sreg_data['email'],
}
else:
user_metadata = {}
if info.endpoint.canonicalID:
logging.debug(
"openid_process, additional: ...This is an i-name and its persistent ID is: {0}"
.format(info.endpoint.canonicalID))
# Success - User is now INDX authenticated - they can request a token now.
wbSession = self.get_session(request)
wbSession.setAuthenticated(True)
wbSession.setUserType("openid") # TODO FIXME standardise
wbSession.setUser(
display_identifier) # namespace this as a openid or something?
wbSession.setPassword("") # XXX
# Initialise the OpenID user now:
ix_openid = IndxOpenID(self.database, display_identifier)
def err_cb(err):
logging.error("Error in IndxOpenID: {0}".format(err))
self._send_openid_redirect(request, {
"status": 401,
"message": "Unauthorized"
})
return
def cb(user_info):
user_info['status'] = 200
user_info['message'] = "OK"
self._send_openid_redirect(request, user_info)
return
ix_openid.init_user(user_metadata).addCallbacks(cb, err_cb)
return
elif info.status == consumer.CANCEL:
logging.error("Error in openid_process: Verification cancelled.")
self._send_openid_redirect(request, {
"status": 401,
"message": "Unauthorized"
})
return
elif info.status == consumer.SETUP_NEEDED:
logging.error(
"Error in openid_process: Setup needed at URL: {0}".format(
info.setup_url))
self._send_openid_redirect(request, {
"status": 401,
"message": "Unauthorized"
})
return
else:
logging.error("Error in openid_process: Verification Failed.")
self._send_openid_redirect(request, {
"status": 401,
"message": "Unauthorized"
})
return
def openid_process(self, request, token):
""" Process a callback from an identity provider. """
oid_consumer = consumer.Consumer(self.get_openid_session(request), self.store)
query = urlparse.parse_qsl(urlparse.urlparse(request.uri).query)
queries = {}
for key, val in query:
queries[key] = val.decode('UTF-8')
logging.debug("Queries: {0}".format(queries))
info = oid_consumer.complete(queries, self.webserver.server_url + "/" + self.base_path + "/openid_process")
display_identifier = info.getDisplayIdentifier()
if info.status == consumer.FAILURE and display_identifier:
logging.error("Verification of {0} failed: {1}".format(display_identifier, info.message))
self._send_openid_redirect(request, {"status": 401, "message": "Unauthorized"})
return
elif info.status == consumer.SUCCESS:
sreg_resp = sreg.SRegResponse.fromSuccessResponse(info)
sreg_data = {}
if sreg_resp is not None:
sreg_data = sreg_resp.data
pape_resp = pape.Response.fromSuccessResponse(info)
ax_resp = ax.FetchResponse.fromSuccessResponse(info)
ax_data = {}
if ax_resp is not None:
for uri in self.AX_URIS:
ax_data[uri] = ax_resp.get(uri)
logging.debug("openid_process: Success of {0}, sreg_resp: {1} (sreg_data: {2}), pape_resp: {3}, ax_resp: {4}, ax_data: {5}".format(display_identifier, sreg_resp, sreg_data, pape_resp, ax_resp, ax_data))
if len(ax_data.keys()) > 0:
user_metadata = {
"name": ax_data['http://schema.openid.net/namePerson/first'][0] + " " + ax_data['http://schema.openid.net/namePerson/last'][0],
"email": ax_data['http://schema.openid.net/contact/email'][0],
}
elif len(sreg_data.keys()) > 0:
user_metadata = {
"name": sreg_data['fullname'],
"nickname": sreg_data['nickname'],
"email": sreg_data['email'],
}
else:
user_metadata = {}
if info.endpoint.canonicalID:
logging.debug("openid_process, additional: ...This is an i-name and its persistent ID is: {0}".format(info.endpoint.canonicalID))
# Success - User is now INDX authenticated - they can request a token now.
wbSession = self.get_session(request)
wbSession.setAuthenticated(True)
wbSession.setUserType("openid") # TODO FIXME standardise
wbSession.setUser(display_identifier) # namespace this as a openid or something?
wbSession.setPassword("") # XXX
# Initialise the OpenID user now:
ix_openid = IndxOpenID(self.database, display_identifier)
def err_cb(err):
logging.error("Error in IndxOpenID: {0}".format(err))
self._send_openid_redirect(request, {"status": 401, "message": "Unauthorized"})
return
def cb(user_info):
user_info['status'] = 200
user_info['message'] = "OK"
self._send_openid_redirect(request, user_info)
return
ix_openid.init_user(user_metadata).addCallbacks(cb, err_cb)
return
elif info.status == consumer.CANCEL:
logging.error("Error in openid_process: Verification cancelled.")
self._send_openid_redirect(request, {"status": 401, "message": "Unauthorized"})
return
elif info.status == consumer.SETUP_NEEDED:
logging.error("Error in openid_process: Setup needed at URL: {0}".format(info.setup_url))
self._send_openid_redirect(request, {"status": 401, "message": "Unauthorized"})
return
else:
logging.error("Error in openid_process: Verification Failed.")
self._send_openid_redirect(request, {"status": 401, "message": "Unauthorized"})
return
def openid_process(self, request):
""" Process a callback from an identity provider. """
oid_consumer = consumer.Consumer(self.get_openid_session(request), self.store)
query = urlparse.parse_qsl(urlparse.urlparse(request.uri).query)
queries = {}
for key, val in query:
queries[key] = val
logging.debug("Queries: {0}".format(queries))
info = oid_consumer.complete(queries, self.webserver.server_url + "/" + self.base_path + "/openid_process")
display_identifier = info.getDisplayIdentifier()
if info.status == consumer.FAILURE and display_identifier:
#request.setResponseCode(200, "OK")
logging.error("Verification of {0} failed: {1}".format(display_identifier, info.message))
#request.finish()
return self.return_unauthorized(request)
elif info.status == consumer.SUCCESS:
sreg_resp = sreg.SRegResponse.fromSuccessResponse(info)
sreg_data = {}
if sreg_resp is not None:
sreg_data = sreg_resp.data
pape_resp = pape.Response.fromSuccessResponse(info)
ax_resp = ax.FetchResponse.fromSuccessResponse(info)
ax_data = {}
if ax_resp is not None:
for uri in self.AX_URIS:
ax_data[uri] = ax_resp.get(uri)
logging.debug("openid_process: Success of {0}, sreg_resp: {1} (sreg_data: {2}), pape_resp: {3}, ax_resp: {4}, ax_data: {5}".format(display_identifier, sreg_resp, sreg_data, pape_resp, ax_resp, ax_data))
if info.endpoint.canonicalID:
logging.debug("openid_process, additional: ...This is an i-name and its persistent ID is: {0}".format(info.endpoint.canonicalID))
# Success - User is now INDX authenticated - they can request a token now.
wbSession = self.get_session(request)
wbSession.setAuthenticated(True)
wbSession.setUserType("openid") # TODO FIXME standardise
wbSession.setUser(display_identifier) # namespace this as a openid or something?
wbSession.setPassword("") # XXX
# Initialise the OpenID user now:
ix_openid = IndxOpenID(self.database, display_identifier)
def err_cb(err):
logging.error("Error in IndxOpenID: {0}".format(err))
return self.return_unauthorized(request)
def cb(user_info):
password_hash = user_info['password_hash']
if password_hash == "":
# user should be prompted for a password by the UI now, because they never have set one (new OpenID user)
# TODO do this...
return self.return_ok(request)
else:
return self.return_ok(request)
ix_openid.init_user().addCallbacks(cb, err_cb)
return
#return self.return_ok(request)
elif info.status == consumer.CANCEL:
#request.setResponseCode(200, "OK")
logging.error("Error in openid_process: Verification cancelled.")
#request.finish()
return self.return_unauthorized(request)
elif info.status == consumer.SETUP_NEEDED:
#request.setResponseCode(200, "OK")
logging.error("Error in openid_process: Setup needed at URL: {0}".format(info.setup_url))
#request.finish()
return self.return_unauthorized(request)
else:
#request.setResponseCode(200, "OK")
logging.error("Error in openid_process: Verification Failed.")
#request.finish()
return self.return_unauthorized(request)
