def main(host, port, data_path):
addr = (host, port)
httpserver = OpenIDHTTPServer(addr, ServerHandler)
# Instantiate OpenID consumer store and OpenID consumer. If you
# were connecting to a database, you would create the database
# connection and instantiate an appropriate store here.
store = MemoryStore()
# xxx For reasons unknown, the server is confused about whether
# our openid client is "smart" or "dumb" (one request is
# considered "smart", a later one is considered "dumb"), and since
# it uses this as data for the hashing algorithm used to store
# state, it never realises it's the same client making multiple
# requests.
# Fix by using the same string when hashing both types - unknown
# what potential buggy side effects this has...
server.Signatory._normal_key = server.Signatory._dumb_key = 'foo'
oidserver = server.Server(store, httpserver.base_url + 'openidserver')
httpserver.setOpenIDServer(oidserver)
print 'Server running at:'
print httpserver.base_url
httpserver.serve_forever()
def InitializeOpenId():
global oidserver
name = os.environ.get('SERVER_NAME', None)
port = os.environ.get('SERVER_PORT', '80')
op_endpoint = "http://%s%s/server" % (
name, ":%s" % port if port != "80" else "") if name else None
logging.info('op_endpoint: %s', op_endpoint)
oidserver = OpenIDServer.Server(store.DatastoreStore(),
op_endpoint=op_endpoint)
def main(host, port, data_path):
addr = (host, port)
httpserver = OpenIDHTTPServer(addr, ServerHandler)
# Instantiate OpenID consumer store and OpenID consumer. If you
# were connecting to a database, you would create the database
# connection and instantiate an appropriate store here.
store = FileOpenIDStore(data_path)
oidserver = server.Server(store, httpserver.base_url + 'openidserver')
httpserver.setOpenIDServer(oidserver)
httpserver.serve_forever()
def initialize_open_id():
"""
Initialize and set the global OpenID protocol server.
"""
global oidserver
if oidserver is None:
# We have to use os.environ, the server uses it.
name = os.environ.get('SERVER_NAME', None)
port = os.environ.get('SERVER_PORT', '80')
op_endpoint = "http://%s%s/server" % (
name, ":%s" % port if port != "80" else "") if name else None
logging.info('op_endpoint: %s', op_endpoint)
oidserver = OpenIDServer.Server(store.DatastoreStore(),
op_endpoint=op_endpoint)
def __init__(self, config):
self.config = config # Saves the config because Page needs it
self.encoder = json.JSONEncoder()
# The full URL of this openid server
if hasattr(config, 'server_url'):
self.base_path = '%s/' % config.server_url
else:
self.base_path = '%s/' % cherrypy.url()
# Now instantiates the OpenID Store (used for nonces and associations)
if config.store == 'filestore':
store = FileOpenIDStore(config.store_path)
elif config.store == 'dbstore':
store = DBOidStore(config.store_source)
else:
store = MemoryStore()
# Now instantiates the OpenID server
self.openid = server.Server(store, self.base_path + 'openidserver')
# Record how to get user details out...
factory = WMFactory('oid_factory')
self.userstore = factory.loadObject(config.users_store.object,
config.users_store)
# List of remote sites allowed to request auth/authz to this server
self.truststore = factory.loadObject(config.trust_store.object,
config.trust_store)
# This is a thread safe object to display web pages/forms related to
# the oid server. I put it on a separate class to avoid blowing
# the main class with html code.
self.webpages = OidServerWebPages()
# *** Should enable cherrypy session somewhere... sorry
cherrypy.config.update({
'tools.sessions.on': True,
'tools.sessions.storage_type': 'ram',
#'tools.sessions.storage_type': "file",
#'tools.sessions.storage_path': "/tmp/oidserver-sessions",
'tools.sessions.timeout': 60,
'tools.sessions.name': 'oidserver_sid'
})
def openid(request):
# NECESSARIAMENTE OS 3 TRECHOS DE CÓDIGO DEVEM ESTAR NESSA MESMA URL POIS O CONSUMIDOR FAZ A VERIFICACAO
# SE A URL QUE O RESPONDER EH A MESMA URL A QUAL ELE FEZ REQUISICAO, ENTAO OS RENDERS ABAIXO NAO PODEM TROCAR DE URL
endpoint_url = 'http://' + request.environ['HTTP_HOST'] + '/openid'
oidserver = server.Server(
FileOpenIDStore('/tmp/openid_session_store_server'), endpoint_url)
# TRECHO 1
# NESSE TRECHO DE CODIGO SE CRIA A ASSOCIACAO NECESSARIA NA PRIMEIRA INTERACAO COM O SERVIDOR
# ESTA ASSOCIACAO COMPOE O PARAMETRO ASSOC_HANDLE NO PRIMEIRO FORM MONTADO PELO CONSUMIDOR
if 'openid.mode' in request.POST:
if request.POST['openid.mode'] in [
'associate', 'check_authentication'
]:
oidrequest = oidserver.decodeRequest(request.POST)
oidresponse = oidserver.handleRequest(oidrequest)
webresponse = oidserver.encodeResponse(oidresponse)
return HttpResponse(webresponse.body)
# TRECHO 2
# CASO O USUARIO NAO ESTEJA LOGADO RENDERIZA A TELA DE LOGIN
# DEPOIS REDIRECIONA DE VOLTA PARA ESSA MESMA URL QUE A TRATA NOVAMENTE
if not request.session.get('username', False):
request.session['save_post'] = request.POST
return render(request, 'login.html', {'next': '/openid'})
# TRECHO 3
# NESSE TRECHO DE CODIGO O SERVIDOR ASSOCIA DADOS DO USUÁRIO NO OBJETO RESPONSE E MANDA AO CONSUMIDOR
if request.session.get('save_post', False):
saved_post_data = request.session['save_post']
del request.session['save_post']
else:
saved_post_data = request.POST
openid_request = oidserver.decodeRequest(saved_post_data)
openid_response = openid_request.answer(True, identity=None)
# addSRegResponse(openid_request, openid_response, request) # PROTOCOLO SREG
addAttributeExchangeResponse(openid_request, openid_response, request)
webresponse = oidserver.encodeResponse(openid_response)
# MONTA A URL COM QUERY STRING PARA REDIRECIONAR OS DADOS PARA O CONSUMIDOR
location = None
for header, value in webresponse.headers.iteritems():
if header == 'location':
location = value
return redirect(location)
# The OpenID library expects single values (which is naive). This
# class makes it work.
class TornadoArgumentDecoder(server.Decoder):
def decode(self, arguments):
q = {}
for key, values in arguments .items():
q[key] = values[0]
return server.Decoder.decode(self, q)
store = FileOpenIDStore("openid_data")
SERVER_ENDPOINT = server_config.external_base_url + '/openid'
USER_ID_PATH_PREFIX = "/openid/"
USER_ID_BASE = server_config.external_base_url + USER_ID_PATH_PREFIX + "%s"
OpenIDServer = server.Server(store, SERVER_ENDPOINT)
OpenIDServer.decoder = TornadoArgumentDecoder(OpenIDServer)
def quoteattr(s):
"""Helper function to escape and quote a value for inclusion in HTML.
>>> quoteattr("a b < > & c d")
'"a b < > & c d"'
"""
if s:
qs = cgi.escape(s, 1)
return '"%s"' % (qs,)
else:
return '""'
import urlparse
import wsgiref.handlers
from google.appengine.api import datastore
from google.appengine.api import users
from google.appengine.ext.webapp import template
import webapp2
from openid.server import server as OpenIDServer
import store
# Set to True if stack traces should be shown in the browser, etc.
_DEBUG = False
# the global openid server instance
oidserver = OpenIDServer.Server(store.DatastoreStore())
class Handler(webapp2.RequestHandler):
"""A base handler class with a couple OpenID-specific utilities."""
def ArgsToDict(self):
"""Converts the URL and POST parameters to a singly-valued dictionary.
Returns:
dict with the URL and POST body parameters
"""
req = self.request
return dict([(arg, req.get(arg)) for arg in req.arguments()])
def HasCookie(self):
"""Returns True if we "remember" the user, False otherwise.
def get_server():
url = 'http://%s%s' % (Site.objects.get_current().domain,
reverse('openid_endpoint'))
return server.Server(DjangoidStore(), url)
def InitializeOpenId(): global oidserver oidserver = OpenIDServer.Server(store.DatastoreStore())
def __init__(self):
store_loc = os.path.join(os.path.dirname(__file__), 'openid store')
self.store = FileOpenIDStore(store_loc)
self.openid = server.Server(self.store, self.endpoint_url)
from openid.server import server
from djangoidstore import DjangoidStore
from django.http import HttpResponse
import settings
#OpenID server instance, using a DjangoidStore object as container
_openidserver = server.Server(DjangoidStore(), settings.BASE_URL)
def convertToHttpResponse(response):
#Convert an OpenID server response to a Django-compatible HttpResponse:
#copy HTTP headers, and payload
r = _openidserver.encodeResponse(response)
ret = HttpResponse(r.body)
for header, value in r.headers.iteritems():
ret[header] = value
ret.status_code = r.code
return ret
def convertToOpenIDRequest(request):
#Copy over all query (GET and POST) key-value pairs, so we can pass them to out OpenID server.
#request.REQUEST.copy() seems not to work, as openidserver.decodeRequest seems to use some function
#on the passed object that's not implemented in the copied object.
query = {}
for i in request.REQUEST.items():
query[i[0]] = i[1]
try:
return _openidserver.decodeRequest(query)
except server.ProtocolError, why:
raise
from openid.server import server as OpenIDServer
from openid.message import Message
from openid import sreg
except ImportError, e:
msg = ('Could not find the JanRain OpenId libraries in:\n' +
'\n'.join(sys.path))
data['openid_error'] = msg
return False
# initialize the OpenID server
global oidserver
if not oidserver:
try:
store = FileOpenIDStore(config['datadir'])
endpoint = config.get('openid_trigger', DEFAULT_TRIGGER)
oidserver = OpenIDServer.Server(store, endpoint)
except Exception:
exception = traceback.format_exception(*sys.exc_info())
msg = 'Error initializing OpenID server:\n' + '\n'.join(exception)
data['openid_error'] = msg
return False
return True
def verify_installation(request):
if not request.getConfiguration().has_key('openid_password'):
print 'The openid_password config variable is not set.'
return False
return True
with open(os.path.join(PROJECT_ROOT, 'config.yml'), 'r') as fh:
config = yaml.load(fh.read())
app = Flask(__name__,
static_folder=os.path.join(PROJECT_ROOT, 'static'),
static_url_path='/static')
app.secret_key = os.environ.get('SESSION_KEY')
store = FileOpenIDStore('sstore')
if 'SERVER_NAME' in os.environ:
base_url = os.environ['SERVER_NAME']
else:
port = os.environ.get('PORT', '5000')
base_url = 'http://localhost:' + port + '/'
oidserver = server.Server(store, base_url + 'openidserver')
if 'error_emails' in config and not app.debug:
email_config = config['error_emails']
if 'EMAIL_PASSWORD' in os.environ:
credentials = (os.environ['EMAIL_USERNAME'],
os.environ['EMAIL_PASSWORD'])
else:
credentials = None
mail_handler = SMTPHandler(email_config['host'], email_config['sender'],
email_config['recipients'], 'Identity error',
credentials)
mail_handler.setLevel(logging.ERROR)
mail_handler.setFormatter(
logging.Formatter('''
Message type: %(levelname)s
def getServer(url_root):
openidstore = SQLiteStore(sqlite3.connect('/tmp/cstore.db'))
oserver = server.Server(openidstore, url_root + '/openidserver')
return oserver
def __init__(self, *args, **kw):
super(OpenID, self).__init__(*args, **kw)
store = model.SamadhiStore()
self.openid = server.Server(store, endpoint_url)
def handle(self):
_ = self._
request = self.request
form = request.values
username = request.page.page_name
if 'openid.user' in request.page.pi:
username = request.page.pi['openid.user']
if not request.cfg.openid_server_enabled:
# since we didn't put any openid.server into
# the page to start with, this is someone trying
# to abuse us. No need to give a nice error
request.makeForbidden(403, '')
return
server_url = request.getQualifiedURL(
request.page.url(request, querystr={'action': 'serveopenid'}))
yadis_type = form.get('yadis')
if yadis_type == 'ep':
return self.serveYadisEP(server_url)
elif yadis_type == 'idp':
return self.serveYadisIDP(server_url)
# if the identity is set it must match the server URL
# sort of arbitrary, but we have to have some restriction
identity = form.get('openid.identity')
if identity == IDENTIFIER_SELECT:
identity, server_url = self._make_identity()
if not identity:
return self._sorry_no_identity()
username = request.user.name
elif identity is not None:
if not self._verify_endpoint_identity(identity):
request.makeForbidden(403, 'verification failed')
return
if 'openid.user' in request.page.pi:
username = request.page.pi['openid.user']
store = MoinOpenIDStore(request)
openidsrv = server.Server(store, op_endpoint=server_url)
answer = None
if 'dontapprove' in form:
answer = self.handle_response(False, username, identity)
if answer is None:
return
elif form.has_key('approve'):
answer = self.handle_response(True, username, identity)
if answer is None:
return
else:
query = {}
for key in form:
query[key] = form[key]
try:
openidreq = openidsrv.decodeRequest(query)
except Exception, e:
request.makeForbidden(403, 'OpenID decode error: %r' % e)
return
if openidreq is None:
request.makeForbidden(403, 'no request')
return
if request.user.valid and username != request.user.name:
answer = openidreq.answer(False, identity=identity, server_url=server_url)
elif openidreq.mode in ["checkid_immediate", "checkid_setup"]:
answer = self.handleCheckIDRequest(identity, username, openidreq, server_url)
if answer is None:
return
else:
answer = openidsrv.handleRequest(openidreq)
MY_HOST = 'icardea-server.lksdom21.lks.local'
try:
from mod_wsgi import version
# Running as wsgi application!
# we assume that this wsgi application has been already "mounted"
# in the '/idp' sub dir in the Apache configuration file.
server_base_url = 'https://%s/idp' % (MY_HOST,)
idp_app = app
idp_app.catchall = False
except:
PORT = 4545
server_base_url = 'https://%s/idp' % (MY_HOST, )
idp_app = bottle.default_app.push()
idp_app.mount(app, '/idp')
oserver = server.Server(FileOpenIDStore(os.path.join(APP_HOME, "openid_sessions")),
server_base_url + '/openidserver')
session_opts = {
'session.type': 'dbm',
'session.cookie_expires': 3600,
'session.data_dir': os.path.join(APP_HOME, 'sessions'),
'session.key': 'icardea_idp_sid',
'session.secret': COOKIE_SECRET,
'session.auto': True
}
application = SessionMiddleware(idp_app, session_opts)
def run_standalone_server():
print """=======================================================
iCARDEA OpenID Provider is about to launch...
It will %s contact the Windows Domain Controller and Active Directory
for authenticating local MS Windows users. Please change the STANDALONE
