def login(request): if 'openid' in request.GET or request.method == 'POST': form = LoginForm(request.REQUEST) if form.is_valid(): client = _openid_consumer(request) try: auth_request = client.begin(form.cleaned_data['openid']) if QUERY_EMAIL: sreg = SRegRequest() sreg.requestField(field_name=SRegField.EMAIL, required=True) auth_request.addExtension(sreg) ax = FetchRequest() ax.add(AttrInfo(AXAttribute.CONTACT_EMAIL, required=True)) auth_request.addExtension(ax) callback_url = reverse(callback) state = SocialLogin.marshall_state(request) callback_url = callback_url + '?' + urlencode(dict(state=state)) redirect_url = auth_request.redirectURL( request.build_absolute_uri('/'), request.build_absolute_uri(callback_url)) return HttpResponseRedirect(redirect_url) except DiscoveryFailure, e: if request.method == 'POST': form._errors["openid"] = form.error_class([e]) else: return render_authentication_error(request)
def begin(request, openid_url): request.session['request_referer'] = urlparse.urljoin(request.META.get('HTTP_REFERER', ''), '/') consumer = Consumer(request.session, DjangoOpenIDStore()) try: auth_request = consumer.begin(openid_url) except DiscoveryFailure: return on_failure(request, _('The OpenID was invalid')) s = SRegRequest() for sarg in OPENID_SREG: if sarg.lower().lstrip() == "policy_url": s.policy_url = OPENID_SREG[sarg] else: for v in OPENID_SREG[sarg].split(','): s.requestField(field_name=v.lower().lstrip(), required=(sarg.lower().lstrip() == "required")) auth_request.addExtension(s) axr = AXFetchRequest() for i in OPENID_AX: axr.add(AttrInfo(i['type_uri'], i['count'], i['required'], i['alias'])) auth_request.addExtension(axr) redirect_url = auth_request.redirectURL(get_trusted_root(request), request.build_absolute_uri(reverse("openid_complete"))) return HttpResponseRedirect(redirect_url)
def login(request): if 'openid' in request.GET or request.method == 'POST': form = LoginForm(request.REQUEST) if form.is_valid(): client = _openid_consumer(request) try: auth_request = client.begin(form.cleaned_data['openid']) if QUERY_EMAIL: sreg = SRegRequest() sreg.requestField(field_name=SRegField.EMAIL, required=True) auth_request.addExtension(sreg) ax = FetchRequest() ax.add(AttrInfo(AXAttribute.CONTACT_EMAIL, required=True)) auth_request.addExtension(ax) callback_url = reverse(callback) SocialLogin.stash_state(request) redirect_url = auth_request.redirectURL( request.build_absolute_uri('/'), request.build_absolute_uri(callback_url)) return HttpResponseRedirect(redirect_url) # UnicodeDecodeError: # see https://github.com/necaris/python3-openid/issues/1 except (UnicodeDecodeError, DiscoveryFailure) as e: if request.method == 'POST': form._errors["openid"] = form.error_class([e]) else: return render_authentication_error(request) else: form = LoginForm() d = dict(form=form) return render_to_response('openid/login.html', d, context_instance=RequestContext(request))
class AccountController(BaseController): geoip = GeoIP(os.path.join(config['pylons.paths']['data'], 'geoip.dat')) openid_store = FileOpenIDStore('/var/tmp') @require('guest') def login(self): login = render('account/login.tpl', slacks=True) if request.environ['REQUEST_METHOD'] != 'POST': return login try: form = LoginForm().to_python(request.POST) except validators.Invalid, e: return h.htmlfill(e, form=login) try: cons = Consumer(session=session, store=self.openid_store) auth_request = cons.begin(form['openid_identifier']) auth_request.addExtension( SRegRequest(optional=['nickname', 'email'])) except DiscoveryFailure: h.flash(_('The specified URL is not a valid OpenID end-point.'), 'error') redirect(url(controller='account', action='login')) host = request.headers['host'] realm = '%s://%s' % (request_config().protocol, host) return_url = url(host=host, controller='account', action='login_complete') new_url = auth_request.redirectURL(return_to=return_url, realm=realm) redirect(new_url)
def login_begin(self): """Step one of logging in with OpenID; we redirect to the provider""" cons = Consumer(session=session, store=self.openid_store) try: openid_url = request.params['openid_identifier'] except KeyError: return self._bail("Gotta enter an OpenID to log in.") try: auth_request = cons.begin(openid_url) except DiscoveryFailure: return self._bail( "Can't connect to '{0}'. You sure it's an OpenID?".format( openid_url)) sreg_req = SRegRequest(optional=[ 'nickname', 'email', 'dob', 'gender', 'country', 'language', 'timezone' ]) auth_request.addExtension(sreg_req) host = request.headers['host'] protocol = request_config().protocol return_url = url(host=host, controller='accounts', action='login_finish') new_url = auth_request.redirectURL(return_to=return_url, realm=protocol + '://' + host) redirect(new_url)
def perform_openid_auth(self, form): if not form.is_valid(): return form request = self.request provider = self.provider(request) endpoint = form.cleaned_data["openid"] client = self.get_client(provider, endpoint) realm = self.get_realm(provider) auth_request = client.begin(endpoint) if QUERY_EMAIL: sreg = SRegRequest() for name in SRegFields: sreg.requestField(field_name=name, required=True) auth_request.addExtension(sreg) ax = FetchRequest() for name in AXAttributes: ax.add(AttrInfo(name, required=True)) provider = OpenIDProvider(request) server_settings = provider.get_server_settings( request.GET.get("openid")) extra_attributes = server_settings.get("extra_attributes", []) for _, name, required in extra_attributes: ax.add(AttrInfo(name, required=required)) auth_request.addExtension(ax) SocialLogin.stash_state(request) # Fix for issues 1523 and 2072 (github django-allauth) if "next" in form.cleaned_data and form.cleaned_data["next"]: auth_request.return_to_args["next"] = form.cleaned_data["next"] redirect_url = auth_request.redirectURL( realm, request.build_absolute_uri(self.get_callback_url())) return HttpResponseRedirect(redirect_url)
def __init__(self, status, identity_url): self.status = status self.identity_url = identity_url self.message = message.Message() sig_ext = SignatureVerification(consumer_key='CKEY', secret_key='SKEY', request_token='token', hmac=None, timestamp=None) sig_ext.toMessage(self.message) sreg_ext = SRegRequest( required=['nickname', 'email'], optional=['fullname'], policy_url=None, sreg_ns_uri='http://openid.net/extensions/sreg/1.1') sreg_ext.toMessage(self.message) self.signed_fields = [ 'openid.sreg.nickname', 'openid.sreg.email', 'openid.sreg.required', 'openid.sreg.optional', 'openid.sreg.fullname' ] self.endpoint = OpenIDServiceEndpoint() self.endpoint.claimed_id = identity_url
def post(self, request, *args, **kwargs): data = dict(list(request.GET.items()) + list(request.POST.items())) if self.provider.endpoint: data['openid'] = self.provider.endpoint form = LoginForm(data) if form.is_valid(): client = _openid_consumer(request) try: auth_request = client.begin(form.cleaned_data['openid']) if QUERY_EMAIL: sreg = SRegRequest() for name in SRegFields: sreg.requestField(field_name=name, required=True) auth_request.addExtension(sreg) ax = FetchRequest() for name in AXAttributes: ax.add(AttrInfo(name, required=True)) auth_request.addExtension(ax) callback_url = reverse(self.callback_view) SocialLogin.stash_state(request) redirect_url = auth_request.redirectURL( request.build_absolute_uri('/'), request.build_absolute_uri(callback_url)) return HttpResponseRedirect(redirect_url) # UnicodeDecodeError: # see https://github.com/necaris/python3-openid/issues/1 except (UnicodeDecodeError, DiscoveryFailure) as e: if request.method == 'POST': form._errors["openid"] = form.error_class([e]) else: return render_authentication_error(request, self.provider.id, exception=e) return render(request, self.template_name, {'form': form})
def begin(self, request, data): try: openid_url = data['openid_url'].strip() except KeyError: messages.error(request, lang.FILL_OPENID_URL) raise Redirect('publicauth-login') # allow user to type openid provider without http:// prefix if not openid_url.startswith("http"): openid_url = "http://%s" % openid_url return_url = request.build_absolute_uri( reverse('publicauth-complete', args=[self.provider])) request.session['openid_return_to'] = return_url client = consumer.Consumer(request.session, None) try: openid_request = client.begin(openid_url) sreg_extra = [i for i in self.PROFILE_MAPPING] sreg = SRegRequest(required=sreg_extra) openid_request.addExtension(sreg) ax_msg = FetchRequest() for detail in self.PROFILE_MAPPING: ax_msg.add(AttrInfo(settings.AX_URIS[detail], required=True)) openid_request.addExtension(ax_msg) redirect_url = openid_request.redirectURL(realm='http://' + request.get_host(), return_to=return_url) raise Redirect(redirect_url) except discover.DiscoveryFailure: messages.error(request, _('Could not find OpenID server')) raise Redirect('publicauth-login')
def _start_verification(request, form, return_to, sreg=True): """ Start OpenID Verification. Returns False if verification fails, otherwise, will return either a redirect or render_to_response object """ openid_url = form.openid.data c = consumer.Consumer(request.session, SQLAlchemyOpenIDStore()) # Try to discover provider try: auth_request = c.begin(openid_url) except DiscoveryFailure: # Discovery failed, return to login page form.openid.errors.append( _('Sorry, the OpenID server could not be found')) return False host = 'http://' + request.host if sreg: # Ask provider for email and nickname auth_request.addExtension(SRegRequest(required=['email', 'nickname'])) # Do we even need this? if auth_request is None: form.openid.errors.append( _('No OpenID service was found for %s' % openid_url)) elif auth_request.shouldSendRedirect(): # Begin the authentication process as a HTTP redirect redirect_url = auth_request.redirectURL( host, return_to) return redirect( request, location=redirect_url) else: # Send request as POST form_html = auth_request.htmlMarkup( host, host + return_to, # Is this necessary? form_tag_attrs={'id': 'openid_message'}) # Beware: this renders a template whose content is a form # and some javascript to submit it upon page load. Non-JS # users will have to click the form submit button to # initiate OpenID authentication. return render_to_response( request, 'mediagoblin/plugins/openid/request_form.html', {'html': form_html}) return False
def begin(self, oid, realm, return_to_url): """ Begin the OpenID authentication """ w2popenid = self.session.w2popenid w2popenid.oid = oid auth_req = self.consumer.begin(oid) auth_req.addExtension(SRegRequest(required=['email', 'nickname'])) url = auth_req.redirectURL(return_to=return_to_url, realm=realm) return url
def dispatch(self, request): if 'openid' in request.GET or request.method == 'POST': form = LoginForm( dict(list(request.GET.items()) + list(request.POST.items()))) if form.is_valid(): client = _openid_consumer(request) try: auth_request = client.begin(form.cleaned_data['openid']) provider = self.provider app = provider.get_app(request) if QUERY_EMAIL: sreg = SRegRequest() for name in SRegFields: sreg.requestField(field_name=name, required=True) auth_request.addExtension(sreg) ax = FetchRequest() for name in AXAttributes: ax.add(AttrInfo(name, required=True)) server_settings = provider.get_server_settings( request.GET.get('openid')) extra_attributes = server_settings.get( 'extra_attributes', []) for _, name, required in extra_attributes: ax.add(AttrInfo(name, required=required)) auth_request.addExtension(ax) callback_url = provider.get_callback_url(request, app) SocialLogin.stash_state(request) # https://github.com/pennersr/django-allauth/issues/1523 auth_request.return_to_args['next'] = \ form.cleaned_data.get('next', '/') redirect_url = auth_request.redirectURL( request.build_absolute_uri('/'), request.build_absolute_uri(callback_url)) return HttpResponseRedirect(redirect_url) # UnicodeDecodeError: # see https://github.com/necaris/python3-openid/issues/1 except (UnicodeDecodeError, DiscoveryFailure) as e: if request.method == 'POST': form._errors["openid"] = form.error_class([e]) else: return render_authentication_error(request, self.provider.id, exception=e) else: form = LoginForm( initial={ 'next': request.GET.get('next'), 'process': request.GET.get('process') }) d = dict(form=form) return render(request, "openid/login.html", d)
def prepare_authentication_request(self, request, redirect_to): if not redirect_to.startswith('http://') or redirect_to.startswith( 'https://'): redirect_to = get_url_host(request) + redirect_to user_url = self.get_user_url(request) if xri.identifierScheme(user_url) == 'XRI' and getattr( settings, 'OPENID_DISALLOW_INAMES', False): raise InvalidAuthentication('i-names are not supported') consumer = Consumer(request.session, OsqaOpenIDStore()) try: auth_request = consumer.begin(user_url) except DiscoveryFailure: raise InvalidAuthentication( _('Sorry, but your input is not a valid OpenId')) sreg = getattr(self, 'sreg_attributes', False) if sreg: s = SRegRequest() for k, attr_dic in sreg.items(): if k == "policy_url": s.policy_url = attr_dic continue for attr_name in attr_dic.keys(): s.requestField(field_name=attr_name, required=(k == "required")) auth_request.addExtension(s) ax_schema = getattr(self, 'dataype2ax_schema', False) if ax_schema and request.session.get('force_email_request', True): axr = AXFetchRequest() for data_type, schema in ax_schema.items(): if isinstance(schema, tuple): axr.add(AttrInfo(schema[0], required=True, alias=schema[1])) else: axr.add(AttrInfo(schema, required=True, alias=data_type)) auth_request.addExtension(axr) trust_root = getattr(settings, 'OPENID_TRUST_ROOT', get_url_host(request) + '/') return auth_request.redirectURL(trust_root, redirect_to)
def attach_reg_info(self, auth_request, keys): """Attaches sreg and ax requests to the auth request. :internal: """ keys = set(keys) sreg_keys = list(SREG_KEYS & keys) auth_request.addExtension(SRegRequest(required=sreg_keys)) ax_req = ax.FetchRequest() for key in keys: for uri in AX_MAPPING.get(key, ()): ax_req.add(ax.AttrInfo(uri, required=key in REQUIRED_KEYS)) auth_request.addExtension(ax_req)
def openid_begin(identifier, return_url, request, max_auth_age=False, sreg=False): """Step one of logging in with OpenID; we resolve a webfinger, if present, then redirect to the provider. Set sreg to True to attempt to retrieve Simple Registration information. Set max_auth_age to a number of seconds to request the OP to ensure that the user authenticated within that many seconds prior to the request, or else force immediate re-authentication.""" session = request.session openid_url = identifier # Does it look like an email address? # If so, try finding an OpenID URL via Webfinger. webfinger_openid = resolve_webfinger(identifier) if webfinger_openid: openid_url = webfinger_openid session['pending_identity_webfinger'] = identifier session.save() cons = Consumer(session=session, store=openid_store) print 1 try: auth_request = cons.begin(openid_url) except DiscoveryFailure: # XXX this error blows raise OpenIDError( "Can't connect to '{0}'. It might not support OpenID.".format(openid_url)) print 2 if sreg: sreg_req = SRegRequest(optional=['nickname', 'email', 'timezone']) auth_request.addExtension(sreg_req) if max_auth_age is not False and max_auth_age >= 0: auth_age_req = PAPERequest(max_auth_age=max_auth_age) auth_request.addExtension(auth_age_req) print 3 # XXX is this realm stuff correct # ^^^ AFAICT, yes, as long as we don't need the assertion to be valid for # sub-domains new_url = auth_request.redirectURL( return_to=return_url, realm=request.host_url, ) print new_url return new_url
def create_request(openid_url, session): errors = [] try: consumer = get_consumer(session) request = consumer.begin(openid_url) if request is None: errors.append(_('OpenID service is not found')) except Exception as e: errors.append(str(e)) if errors: raise OpenIdError(errors) sreg_request = SRegRequest(optional=['nickname', 'fullname']) request.addExtension(sreg_request) return request
def begin_openid_login(request): request.session["openid_login"] = True consumer = get_consumer(request) auth_request = consumer.begin('https://openid.intuit.com/openid/xrds') auth_request.addExtension(SRegRequest( required=['fullname', 'email'] )) trust_root = get_base_url(request) return_to = urljoin(get_base_url(request), request.path) url = auth_request.redirectURL(trust_root, return_to) return HttpResponseRedirect(url)
def _begin_login(self, environ, start_response): """Start the process of authenticating with OpenID. We redirect the user to Launchpad to identify themselves, asking to be sent their nickname. Launchpad will then redirect them to our +login page with enough information that we can then redirect them again to the page they were looking at, with a cookie that gives us the username. """ openid_request = self._make_consumer(environ).begin( config.launchpad.openid_provider_root) openid_request.addExtension(SRegRequest(required=['nickname'])) back_to = construct_url(environ) raise HTTPMovedPermanently( openid_request.redirectURL( config.codehosting.secure_codebrowse_root, config.codehosting.secure_codebrowse_root + '+login/?' + urllib.urlencode({'back_to': back_to})))
def login(request): if 'openid' in request.GET or request.method == 'POST': form = LoginForm( dict(list(request.GET.items()) + list(request.POST.items()))) if form.is_valid(): client = _openid_consumer(request) try: auth_request = client.begin(form.cleaned_data['openid']) if QUERY_EMAIL: sreg = SRegRequest() for name in SRegFields: sreg.requestField(field_name=name, required=True) auth_request.addExtension(sreg) ax = FetchRequest() for name in AXAttributes: ax.add(AttrInfo(name, required=True)) auth_request.addExtension(ax) callback_url = reverse(callback) SocialLogin.stash_state(request) redirect_url = auth_request.redirectURL( request.build_absolute_uri('/'), request.build_absolute_uri(callback_url)) return HttpResponseRedirect(redirect_url) # UnicodeDecodeError: # see https://github.com/necaris/python3-openid/issues/1 except (UnicodeDecodeError, DiscoveryFailure) as e: if request.method == 'POST': form._errors["openid"] = form.error_class([e]) else: return render_authentication_error(request, OpenIDProvider.id, exception=e) else: form = LoginForm(initial={ 'next': request.GET.get('next'), 'process': request.GET.get('process') }) d = dict(form=form) return render_to_response('openid/login.html', d, context_instance=RequestContext(request))
try: return User.objects.get(pk=user_id) except User.DoesNotExist: return None class OpenIdSetupError(Exception): pass class OpenIdError(Exception): pass def get_consumer(session): if not settings.SCIPIO_STORE_ROOT: raise OpenIdSetupError('SCIPIO_STORE_ROOT is not set') return Consumer(session, FileOpenIDStore(settings.SCIPIO_STORE_ROOT)) def create_request(openid_url, session): errors = [] try: consumer = get_consumer(session) request = consumer.begin(openid_url) if request is None: errors.append(_('OpenID service is not found')) except (DiscoveryFailure, OpenIdSetupError, ValueError), e: errors.append(str(e[0])) if errors: raise OpenIdError(errors) sreg_request = SRegRequest(optional=['nickname', 'fullname']) request.addExtension(sreg_request) return request