Exemplo n.º 1
0
def openid_decide(request):
    """
    The page that asks the user if they really want to sign in to the site, and
    lets them add the consumer to their trusted whitelist.
    # If user is logged in, ask if they want to trust this trust_root
    # If they are NOT logged in, show the landing page
    """
    server = openid_get_server(request)
    orequest = server.decodeRequest(request.session.get('OPENID_REQUEST'))
    trust_root_valid = request.session.get('OPENID_TRUSTROOT_VALID')

    logger.debug('Got OPENID_REQUEST %s, OPENID_TRUSTROOT_VALID %s from '
                  'session %s', orequest, trust_root_valid, request.session)

    if not request.user.is_authenticated():
        return landing_page(request, orequest)

    if orequest is None:
        # This isn't normal, but can occur if the user uses the 'back' button
        # or if the session data is otherwise lost for some reason.
        return error_page(
            request, "I've lost track of your session now. Sorry! Please go "
                     "back to the site you are logging in to with a Baserock "
                     "OpenID and, if you're not yet logged in, try again.")

    openid = openid_get_identity(request, orequest.identity)
    if openid is None:
        # User should only ever have one OpenID, created for them when they
        # registered.
        message = openid_not_found_error_message(request, orequest.identity)
        return error_page(request, message)

    if request.method == 'POST' and request.POST.get('decide_page', False):
        if request.POST.get('allow', False):
            TrustedRoot.objects.get_or_create(
                openid=openid, trust_root=orequest.trust_root)
            if not conf.FAILED_DISCOVERY_AS_VALID:
                request.session[get_trust_session_key(orequest)] = True
            return HttpResponseRedirect(reverse('openid-provider-root'))

        oresponse = orequest.answer(False)
        logger.debug('orequest.answer(False)')
        return prep_response(request, orequest, oresponse)

    return render_to_response('openid_provider/decide.html', {
        'title': _('Trust this site?'),
        'trust_root': orequest.trust_root,
        'trust_root_valid': trust_root_valid,
        'return_to': orequest.return_to,
        'identity': orequest.identity,
    }, context_instance=RequestContext(request))
Exemplo n.º 2
0
def openid_decide(request):
    """
    The page that asks the user if they really want to sign in to the site, and
    lets them add the consumer to their trusted whitelist.
    # If user is logged in, ask if they want to trust this trust_root
    # If they are NOT logged in, show the landing page
    """
    server = openid_get_server(request)
    orequest = server.decodeRequest(request.session.get('OPENID_REQUEST'))
    trust_root_valid = request.session.get('OPENID_TRUSTROOT_VALID')

    if not request.user.is_authenticated():
        return landing_page(request, orequest)

    openid = openid_get_identity(request, orequest.identity)
    if openid is None:
        return error_page(
            request, "You are signed in but you don't have OpenID here!")

    # Unconditionally allow access to a site without prompting the 
    # user if the trusted root contains the trusted domain name 
    # configured in the settings
    if any(x in orequest.trust_root for x in settings.TRUSTED_DOMAINS):
        TrustedRoot.objects.get_or_create(
            openid=openid, trust_root=orequest.trust_root)
        if not conf.FAILED_DISCOVERY_AS_VALID:
            request.session[get_trust_session_key(orequest)] = True
        return HttpResponseRedirect(reverse('openid-provider-root'))

    if request.method == 'POST' and request.POST.get('decide_page', False):
        if request.POST.get('allow', False):
            TrustedRoot.objects.get_or_create(
                openid=openid, trust_root=orequest.trust_root)
            if not conf.FAILED_DISCOVERY_AS_VALID:
                request.session[get_trust_session_key(orequest)] = True
            return HttpResponseRedirect(reverse('openid-provider-root'))

        oresponse = orequest.answer(False)
        logger.debug('orequest.answer(False)')
        return prep_response(request, orequest, oresponse)

    return render_to_response('openid_provider/decide.html', {
        'title': _('Trust this site?'),
        'trust_root': orequest.trust_root,
        'trust_root_valid': trust_root_valid,
        'return_to': orequest.return_to,
        'identity': orequest.identity,
    }, context_instance=RequestContext(request))
Exemplo n.º 3
0
def openid_decide(request):
    """
    The page that asks the user if they really want to sign in to the site, and
    lets them add the consumer to their trusted whitelist.
    # If user is logged in, ask if they want to trust this trust_root
    # If they are NOT logged in, show the landing page
    """
    server = openid_get_server(request)
    orequest = server.decodeRequest(request.session.get('OPENID_REQUEST'))
    trust_root_valid = request.session.get('OPENID_TRUSTROOT_VALID')

    if not request.user.is_authenticated():
        return landing_page(request, orequest)
    try:
        openid = openid_get_identity(request, orequest.identity)
    except AttributeError:
        openid = None
    if openid is None:
        return error_page(request,
                          "You are signed in but you don't have OpenID here!")

    if request.method == 'POST' and request.POST.get('decide_page', False):
        if request.POST.get('allow', False):
            TrustedRoot.objects.get_or_create(openid=openid,
                                              trust_root=orequest.trust_root)
            if not conf.FAILED_DISCOVERY_AS_VALID:
                request.session[get_trust_session_key(orequest)] = True
            return HttpResponseRedirect(reverse('openid-provider-root'))

        oresponse = orequest.answer(False)
        logger.debug('orequest.answer(False)')
        return prep_response(request, orequest, oresponse)

    return render(
        request, 'openid_provider/decide.html', {
            'title': _('Trust this site?'),
            'trust_root': orequest.trust_root,
            'trust_root_valid': trust_root_valid,
            'return_to': orequest.return_to,
            'identity': orequest.identity,
        })
Exemplo n.º 4
0
def openid_server(request):
    """
    This view is the actual OpenID server - running at the URL pointed to by 
    the <link rel="openid.server"> tag. 
    """
    logger.debug('server request %s: %s',
                 request.method, request.POST or request.GET)
    server = openid_get_server(request)

    if not request.is_secure():
        # if request is not secure allow only encrypted association sessions
        server.negotiator = encrypted_negotiator

    # Clear AuthorizationInfo session var, if it is set
    if request.session.get('AuthorizationInfo', None):
        del request.session['AuthorizationInfo']

    querydict = dict(request.REQUEST.items())
    orequest = server.decodeRequest(querydict)
    if not orequest:
        orequest = server.decodeRequest(request.session.get('OPENID_REQUEST', None))
        if orequest:
            # remove session stored data:
            del request.session['OPENID_REQUEST']
        else:
            # not request, render info page:
            data = {
                'host': request.build_absolute_uri('/'),
                'xrds_location': request.build_absolute_uri(
                    reverse('openid-provider-xrds')),
            }
            logger.debug('invalid request, sending info: %s', data)
            return render_to_response('openid_provider/server.html',
                                      data,
                                      context_instance=RequestContext(request))

    if orequest.mode in BROWSER_REQUEST_MODES:
        if not request.user.is_authenticated():
            logger.debug('no local authentication, sending landing page')
            return landing_page(request, orequest)

        openid = openid_is_authorized(request, orequest.identity,
                                      orequest.trust_root)

        # verify return_to:
        trust_root_valid = trust_root_validation(orequest)
        validated = False

        if conf.FAILED_DISCOVERY_AS_VALID:
            if trust_root_valid == 'DISCOVERY_FAILED':
                validated = True
        else:
            # if in decide already took place, set as valid:
            if request.session.get(get_trust_session_key(orequest), False):
                validated = True

        if openid is not None and (validated or trust_root_valid == 'Valid'):
            id_url = request.build_absolute_uri(
                reverse('openid-provider-identity', args=[openid.openid]))
            oresponse = orequest.answer(True, identity=id_url)
            logger.debug('orequest.answer(True, identity="%s")', id_url)
        elif orequest.immediate:
            logger.debug('checkid_immediate mode not supported')
            raise Exception('checkid_immediate mode not supported')
        else:
            request.session['OPENID_REQUEST'] = orequest.message.toPostArgs()
            request.session['OPENID_TRUSTROOT_VALID'] = trust_root_valid
            logger.debug('redirecting to decide page')
            return HttpResponseRedirect(reverse('openid-provider-decide'))
    else:
        oresponse = server.handleRequest(orequest)
    if request.user.is_authenticated():
        add_sreg_data(request, orequest, oresponse)
        if conf.AX_EXTENSION:
            add_ax_data(request, orequest, oresponse)

    return prep_response(request, orequest, oresponse, server)
Exemplo n.º 5
0
def openid_server(request):
    """
    This view is the actual OpenID server - running at the URL pointed to by 
    the <link rel="openid.server"> tag. 
    """
    logger.debug('server request %s: %s', request.method, request.POST
                 or request.GET)
    server = openid_get_server(request)

    if not request.is_secure():
        # if request is not secure allow only encrypted association sessions
        server.negotiator = encrypted_negotiator

    # Clear AuthorizationInfo session var, if it is set
    if request.session.get('AuthorizationInfo', None):
        del request.session['AuthorizationInfo']

    querydict = dict(request.POST.items())
    orequest = server.decodeRequest(querydict)
    if not orequest:
        orequest = server.decodeRequest(
            request.session.get('OPENID_REQUEST', None))
        if orequest:
            # remove session stored data:
            del request.session['OPENID_REQUEST']
        else:
            # not request, render info page:
            data = {
                'host':
                request.build_absolute_uri('/'),
                'xrds_location':
                request.build_absolute_uri(reverse('openid-provider-xrds')),
            }
            logger.debug('invalid request, sending info: %s', data)
            return render(request, 'openid_provider/server.html', data)

    if orequest.mode in BROWSER_REQUEST_MODES:
        if not request.user.is_authenticated():
            logger.debug('no local authentication, sending landing page')
            return landing_page(request, orequest)

        openid = openid_is_authorized(request, orequest.identity,
                                      orequest.trust_root)

        # verify return_to:
        trust_root_valid = trust_root_validation(orequest)
        validated = False

        if conf.FAILED_DISCOVERY_AS_VALID:
            if trust_root_valid == 'DISCOVERY_FAILED':
                validated = True
        else:
            # if in decide already took place, set as valid:
            if request.session.get(get_trust_session_key(orequest), False):
                validated = True

        if openid is not None and (validated or trust_root_valid == 'Valid'):
            id_url = request.build_absolute_uri(
                reverse('openid-provider-identity', args=[openid.openid]))
            oresponse = orequest.answer(True, identity=id_url)
            logger.debug('orequest.answer(True, identity="%s")', id_url)
        elif orequest.immediate:
            logger.debug('checkid_immediate mode not supported')
            raise Exception('checkid_immediate mode not supported')
        else:
            request.session['OPENID_REQUEST'] = orequest.message.toPostArgs()
            request.session['OPENID_TRUSTROOT_VALID'] = trust_root_valid
            logger.debug('redirecting to decide page')
            return HttpResponseRedirect(reverse('openid-provider-decide'))
    else:
        oresponse = server.handleRequest(orequest)
    if request.user.is_authenticated():
        add_sreg_data(request, orequest, oresponse)
        if conf.AX_EXTENSION:
            add_ax_data(request, orequest, oresponse)

    return prep_response(request, orequest, oresponse, server)