Exemplo n.º 1
0
    def init_user(self, new_user_metadata):
        """ Check there is a user in the database, and initialise one if not.

            If there are pending permission requests, initialise them too.

            Callsback with an object with user details.
        """
        logging.debug("IndxOpenID, init_user")
        return_d = Deferred()

        user = IndxUser(self.db, self.uri)

        def info_cb(user_metadata):
            logging.debug(
                "IndxOpenID, init_user, info_cb user_metadata: {0}".format(
                    user_metadata))

            if user_metadata is None:
                # user does not exist: create a new user in the table now, with empty password hash

                def connected_cb(conn):
                    user_metadata_json = json.dumps(new_user_metadata)

                    insert_q = "INSERT INTO tbl_users (username, username_type, password_hash, password_encrypted, user_metadata_json) VALUES (%s, %s, %s, %s, %s)"
                    insert_p = [self.uri, "openid", "", "", user_metadata_json]

                    def inserted_d(empty):
                        logging.debug(
                            "IndxOpenID, init_user, connected_d, query_d, inserted_d"
                        )

                        def generated_cb(empty):
                            logging.debug(
                                "IndxOpenID, init_user, connected_d, query_d, inserted_d, generated_cb"
                            )
                            user.get_user_info(decode_json=False).addCallbacks(
                                return_d.callback, return_d.errback)

                        user.generate_encryption_keys().addCallbacks(
                            generated_cb, return_d.errback)

                    conn.runOperation(insert_q, insert_p).addCallbacks(
                        inserted_d, return_d.errback)

                self.db.connect_indx_db().addCallbacks(connected_cb,
                                                       return_d.errback)

            else:
                # user already exists, no init required here
                return_d.callback(user_metadata)

        user.get_user_info(decode_json=False).addCallbacks(
            info_cb, return_d.errback)
        return return_d
Exemplo n.º 2
0
Arquivo: auth.py Projeto: imclab/indx
    def auth_whoami(self, request, token):
        wbSession = self.get_session(request)
        logging.debug('auth whoami ' + repr(wbSession))

        user = IndxUser(self.database, wbSession.username)

        def info_cb(user_info):
            if user_info is None:
                user_info = {}

            # add our username and is_authenticated information
            if 'username' not in user_info: 
                user_info['username'] = wbSession and wbSession.username or 'nobody'

            user_info['is_authenticated'] = wbSession and wbSession.is_authenticated
            self.return_ok(request, user_info)

        # don't decode the user_metadata string, leave as a json string
        user.get_user_info(decode_json = False).addCallbacks(info_cb, lambda failure: self.return_internal_error(request))
Exemplo n.º 3
0
    def auth_whoami(self, request, token):
        wbSession = self.get_session(request)
        logging.debug('auth whoami ' + repr(wbSession))

        user = IndxUser(self.database, wbSession.username)

        def info_cb(user_info):
            if user_info is None:
                user_info = {}

            # add our username and is_authenticated information
            if 'username' not in user_info: 
                user_info['username'] = wbSession and wbSession.username or 'nobody'

            user_info['is_authenticated'] = wbSession and wbSession.is_authenticated
            self.return_ok(request, user_info)

        # don't decode the user_metadata string, leave as a json string
        user.get_user_info(decode_json = False).addCallbacks(info_cb, lambda failure: self.return_internal_error(request))
Exemplo n.º 4
0
    def init_user(self, new_user_metadata):
        """ Check there is a user in the database, and initialise one if not.

            If there are pending permission requests, initialise them too.

            Callsback with an object with user details.
        """
        logging.debug("IndxOpenID, init_user")
        return_d = Deferred()
        
        user = IndxUser(self.db, self.uri)

        def info_cb(user_metadata):
            logging.debug("IndxOpenID, init_user, info_cb user_metadata: {0}".format(user_metadata))

            if user_metadata is None:
                # user does not exist: create a new user in the table now, with empty password hash

                def connected_cb(conn):
                    user_metadata_json = json.dumps(new_user_metadata)

                    insert_q = "INSERT INTO tbl_users (username, username_type, password_hash, password_encrypted, user_metadata_json) VALUES (%s, %s, %s, %s, %s)"
                    insert_p = [self.uri, "openid", "", "", user_metadata_json]

                    def inserted_d(empty):
                        logging.debug("IndxOpenID, init_user, connected_d, query_d, inserted_d")

                        def generated_cb(empty):
                            logging.debug("IndxOpenID, init_user, connected_d, query_d, inserted_d, generated_cb")
                            user.get_user_info(decode_json = False).addCallbacks(return_d.callback, return_d.errback)

                        user.generate_encryption_keys().addCallbacks(generated_cb, return_d.errback)

                    conn.runOperation(insert_q, insert_p).addCallbacks(inserted_d, return_d.errback)
                
                self.db.connect_indx_db().addCallbacks(connected_cb, return_d.errback)

            else:
                # user already exists, no init required here
                return_d.callback(user_metadata)

        user.get_user_info(decode_json = False).addCallbacks(info_cb, return_d.errback)
        return return_d
Exemplo n.º 5
0
Arquivo: auth.py Projeto: imclab/indx
    def login_openid(self, request, token):
        """ Verify an OpenID identity. """
        wbSession = self.get_session(request)

        identity = self.get_arg(request, "identity")

        if identity is None:
            logging.error("login_openid error, identity is None, returning bad request.")
            return self.return_bad_request(request, "You must specify an 'identity' in the GET/POST query parameters.")

        redirect = self.get_arg(request, "redirect")
        wbSession.set_openid_redirect(redirect)

        if redirect is None:
            logging.error("login_openid error, redirect is None, returning bad request.")
            return self.return_bad_request(request, "You must specify a 'redirect' in the GET/POST query parameters.")


        def post_user_info(request_user_metadata):
            logging.debug("login_openid post_user_info, request_user_metadata: {0}".format(request_user_metadata))

            oid_consumer = consumer.Consumer(self.get_openid_session(request), self.store)
            try:
                oid_req = oid_consumer.begin(identity)
                if request_user_metadata:                    
                    # SReg speaks this protocol: http://openid.net/specs/openid-simple-registration-extension-1_1-01.html
                    # and tries to request additional metadata about this OpenID identity
                    sreg_req = sreg.SRegRequest(required=['fullname','nickname','email'], optional=[])
                    oid_req.addExtension(sreg_req)

                    # AX speaks this protocol: http://openid.net/specs/openid-attribute-exchange-1_0.html
                    # and tries to get more attributes (by URI), we request some of the more common ones
                    ax_req = ax.FetchRequest()
                    for uri in self.AX_URIS:
                        ax_req.add(ax.AttrInfo(uri, required = True))
                    oid_req.addExtension(ax_req)
            except consumer.DiscoveryFailure as exc:
                logging.error("Error in login_openid: {0}".format(exc))
                self._send_openid_redirect(request, {"status": 401, "message": "Unauthorized"})
                return
            else:
                if oid_req is None:
                    logging.error("Error in login_openid: no OpenID services found for: {0}".format(identity))
                    self._send_openid_redirect(request, {"status": 401, "message": "Unauthorized"})
                    return
                else:
                    trust_root = self.webserver.server_url
                    return_to = appendArgs(trust_root + "/" + self.base_path + "/openid_process", {})

                    logging.debug("OpenID, had oid_req, trust_root: {0}, return_to: {1}, oid_req: {2}".format(trust_root, return_to, oid_req))

                    redirect_url = oid_req.redirectURL(trust_root, return_to)
                    request.setHeader("Location", redirect_url)
                    request.setResponseCode(302, "Found")
                    request.finish()
                    return

        user = IndxUser(self.database, identity)
        user.get_user_info().addCallbacks(lambda user_info: post_user_info(user_info is None), lambda failure: self.return_internal_error(request))
        # if user_info is None, then request_user_metadata = True
        return
Exemplo n.º 6
0
    def login_openid(self, request, token):
        """ Verify an OpenID identity. """
        wbSession = self.get_session(request)

        identity = self.get_arg(request, "identity")

        if identity is None:
            logging.error(
                "login_openid error, identity is None, returning bad request.")
            return self.return_bad_request(
                request,
                "You must specify an 'identity' in the GET/POST query parameters."
            )

        redirect = self.get_arg(request, "redirect")
        wbSession.set_openid_redirect(redirect)

        if redirect is None:
            logging.error(
                "login_openid error, redirect is None, returning bad request.")
            return self.return_bad_request(
                request,
                "You must specify a 'redirect' in the GET/POST query parameters."
            )

        def post_user_info(request_user_metadata):
            logging.debug(
                "login_openid post_user_info, request_user_metadata: {0}".
                format(request_user_metadata))

            oid_consumer = consumer.Consumer(self.get_openid_session(request),
                                             self.store)
            try:
                oid_req = oid_consumer.begin(identity)
                if request_user_metadata:
                    # SReg speaks this protocol: http://openid.net/specs/openid-simple-registration-extension-1_1-01.html
                    # and tries to request additional metadata about this OpenID identity
                    sreg_req = sreg.SRegRequest(
                        required=['fullname', 'nickname', 'email'],
                        optional=[])
                    oid_req.addExtension(sreg_req)

                    # AX speaks this protocol: http://openid.net/specs/openid-attribute-exchange-1_0.html
                    # and tries to get more attributes (by URI), we request some of the more common ones
                    ax_req = ax.FetchRequest()
                    for uri in self.AX_URIS:
                        ax_req.add(ax.AttrInfo(uri, required=True))
                    oid_req.addExtension(ax_req)
            except consumer.DiscoveryFailure as exc:
                logging.error("Error in login_openid: {0}".format(exc))
                self._send_openid_redirect(request, {
                    "status": 401,
                    "message": "Unauthorized"
                })
                return
            else:
                if oid_req is None:
                    logging.error(
                        "Error in login_openid: no OpenID services found for: {0}"
                        .format(identity))
                    self._send_openid_redirect(request, {
                        "status": 401,
                        "message": "Unauthorized"
                    })
                    return
                else:
                    trust_root = self.webserver.server_url
                    return_to = appendArgs(
                        trust_root + "/" + self.base_path + "/openid_process",
                        {})

                    logging.debug(
                        "OpenID, had oid_req, trust_root: {0}, return_to: {1}, oid_req: {2}"
                        .format(trust_root, return_to, oid_req))

                    redirect_url = oid_req.redirectURL(trust_root, return_to)
                    request.setHeader("Location", redirect_url)
                    request.setResponseCode(302, "Found")
                    request.finish()
                    return

        user = IndxUser(self.database, identity)
        user.get_user_info().addCallbacks(
            lambda user_info: post_user_info(user_info is None),
            lambda failure: self.return_internal_error(request))
        # if user_info is None, then request_user_metadata = True
        return