def signin(request, redirect_to=None):
trust_root = getattr(
settings, 'OPENID_TRUST_ROOT', get_url_host(request) + '/'
)
# foo derbis.
redirect_to = redirect_to or reverse('openid_complete')
# In case they were lazy...
if not redirect_to.startswith('http://') or redirect_to.startswith('https://'):
redirect_to = get_url_host(request) + redirect_to
if request.GET.get('next') and is_valid_next_url(request.GET['next']):
if '?' in redirect_to:
join = '&'
else:
join = '?'
redirect_to += join + urllib.urlencode({
'next': request.GET['next']
})
if xri.identifierScheme(STEAM_PROVIDER_URL) == 'XRI' and getattr(
settings, 'OPENID_DISALLOW_INAMES', False
):
return on_failure(request, 'i-names are not supported')
consumer = Consumer(request.session, DjangoOpenIDStore())
try:
auth_request = consumer.begin(STEAM_PROVIDER_URL)
except DiscoveryFailure:
return on_failure(request, 'The OpenID was invalid')
redirect_url = auth_request.redirectURL(trust_root, redirect_to)
return HttpResponseRedirect(redirect_url)
def begin(request, sreg=None, extension_args=None, redirect_to=None,
on_failure=None):
on_failure = on_failure or default_on_failure
extension_args = extension_args or {}
if sreg:
extension_args['sreg.optional'] = sreg
trust_root = getattr(
settings, 'OPENID_TRUST_ROOT', get_url_host(request) + '/'
)
redirect_to = redirect_to or getattr(
settings, 'OPENID_REDIRECT_TO',
# If not explicitly set, assume current URL with complete/ appended
get_full_url(request).split('?')[0] + 'complete/'
)
# In case they were lazy...
if not redirect_to.startswith('http://'):
redirect_to = get_url_host(request) + redirect_to
if request.GET.get('next') and is_valid_next_url(request.GET['next']):
if '?' in redirect_to:
join = '&'
else:
join = '?'
redirect_to += join + urllib.urlencode({
'next': request.GET['next']
})
user_url = request.POST.get('openid_url', None)
if not user_url:
request_path = request.path
if request.GET.get('next'):
request_path += '?' + urllib.urlencode({
'next': request.GET['next']
})
return on_failure(request, "You didn't submit an OpenID URL")
if xri.identifierScheme(user_url) == 'XRI' and getattr(
settings, 'OPENID_DISALLOW_INAMES', False
):
return on_failure(request, 'i-names are not supported')
user_url = oidutil.normalizeUrl(user_url)
if not User.objects.filter(oid_url=user_url):
return on_failure(request, "That is not a known OpenID URL. Please read <a href='/accounts/'>about accounts</a>")
consumer = Consumer(request.session, DjangoOpenIDStore())
try:
auth_request = consumer.begin(user_url)
except DiscoveryFailure:
return on_failure(request, "The OpenID was invalid")
# Add extension args (for things like simple registration)
for name, value in extension_args.items():
namespace, key = name.split('.', 1)
auth_request.addExtensionArg(namespace, key, value)
redirect_url = auth_request.redirectURL(trust_root, redirect_to)
return HttpResponseRedirect(redirect_url)
def __init__(self, openid, issued, attrs=None, sreg=None, pape=None, ax=None):
self.openid = openid
self.issued = issued
self.attrs = attrs or {}
self.sreg = sreg or {}
self.pape = pape or {}
self.ax = ax or {}
self.is_iname = (xri.identifierScheme(openid) == 'XRI')
def __init__(self, openid, issued, attrs=None, sreg=None, pape=None, ax=None):
self.openid = openid
self.issued = issued
self.attrs = attrs or {}
self.sreg = sreg or {}
self.pape = pape or {}
self.ax = ax or {}
self.is_iname = (xri.identifierScheme(openid) == 'XRI')
def begin(request, sreg=None, extension_args=None, redirect_to=None,
on_failure=None, if_not_user_url=None):
on_failure = on_failure or default_on_failure
if_not_user_url = if_not_user_url or default_if_not_user_url
if request.GET.get('logo'):
# Makes for a better demo
return logo(request)
extension_args = extension_args or {}
if sreg:
extension_args['sreg.optional'] = sreg
trust_root = getattr(
settings, 'OPENID_TRUST_ROOT', get_url_host(request) + '/'
)
redirect_to = redirect_to or getattr(
settings, 'OPENID_REDIRECT_TO',
# If not explicitly set, assume current URL with complete/ appended
get_full_url(request).split('?')[0] + 'complete/'
)
# In case they were lazy...
if not redirect_to.startswith('http://'):
redirect_to = get_url_host(request) + redirect_to
if request.GET.get('next') and is_valid_next_url(request.GET['next']):
if '?' in redirect_to:
join = '&'
else:
join = '?'
redirect_to += join + urllib.urlencode({
'next': request.GET['next']
})
user_url = request.REQUEST.get('openid_url', None)
if not user_url:
return if_not_user_url(request)
if xri.identifierScheme(user_url) == 'XRI' and getattr(
settings, 'OPENID_DISALLOW_INAMES', False
):
return on_failure(request, 'i-names are not supported')
consumer = Consumer(request.session, DjangoOpenIDStore())
try:
auth_request = consumer.begin(user_url)
except DiscoveryFailure:
return on_failure(request, "The OpenID was invalid")
# Add extension args (for things like simple registration)
for name, value in extension_args.items():
namespace, key = name.split('.', 1)
auth_request.addExtensionArg(namespace, key, value)
redirect_url = auth_request.redirectURL(trust_root, redirect_to)
return HttpResponseRedirect(redirect_url)
def begin(request,
sreg=None,
extension_args=None,
redirect_to=None,
on_failure=None):
on_failure = on_failure or default_on_failure
if request.GET.get('logo'):
# Makes for a better demo
return HttpResponse(OPENID_LOGO_BASE_64.decode('base64'),
mimetype='image/gif')
extension_args = extension_args or {}
if sreg:
extension_args['sreg.optional'] = sreg
trust_root = getattr(settings, 'OPENID_TRUST_ROOT',
get_url_host(request) + '/')
redirect_to = redirect_to or getattr(
settings,
'OPENID_REDIRECT_TO',
# If not explicitly set, assume current URL with complete/ appended
get_full_url(request).split('?')[0] + 'complete/')
# In case they were lazy...
if not redirect_to.startswith('http://'):
redirect_to = get_url_host(request) + redirect_to
if request.GET.get('next') and is_valid_next_url(request.GET['next']):
if '?' in redirect_to:
join = '&'
else:
join = '?'
redirect_to += join + 'next=' + urllib.urlencode(request.GET['next'])
user_url = request.POST.get('openid_url', None)
if not user_url:
return render('openid_signin.html', {'action': request.path})
if xri.identifierScheme(user_url) == 'XRI' and getattr(
settings, 'OPENID_DISALLOW_INAMES', False):
return on_failure(request, 'i-names are not supported')
consumer = Consumer(request.session, DjangoOpenIDStore())
try:
auth_request = consumer.begin(user_url)
except DiscoveryFailure:
return on_failure(request, "The OpenID was invalid")
# Add extension args (for things like simple registration)
for name, value in extension_args.items():
namespace, key = name.split('.', 1)
auth_request.addExtensionArg(namespace, key, value)
redirect_url = auth_request.redirectURL(trust_root, redirect_to)
return HttpResponseRedirect(redirect_url)
def begin(request, user_url, redirect_to=None, next = None, on_failure=None, template_name='openid_signin.html'):
on_failure = on_failure or default_on_failure
trust_root = getattr(
settings, 'OPENID_TRUST_ROOT', get_url_host(request) + '/'
)
redirect_to = redirect_to or getattr(
settings, 'OPENID_REDIRECT_TO',
get_full_url(request).split('?')[0] + 'complete/'
)
if not redirect_to.startswith('http://') or redirect_to.startswith('https://'):
redirect_to = get_url_host(request) + redirect_to
if next and is_valid_next_url(request, next):
redirect_to += '?' + urllib.urlencode({'redirect': next})
if xri.identifierScheme(user_url) == 'XRI' and getattr(
settings, 'OPENID_DISALLOW_INAMES', False
):
return on_failure(request, _('i-names are not supported'))
consumer = Consumer(request.session, DjangoOpenIDStore())
try:
auth_request = consumer.begin(user_url)
except DiscoveryFailure:
return on_failure(request, _('The OpenID was invalid'))
########## OPENID-PAPE ###########
if django_openidconsumer.config.OPENID_PAPE:
if openid.__version__ <= '2.0.0' and openid.__version__ >= '2.1.0':
raise ImportError, 'For pape extension you need python-openid 2.1.0 or newer'
p = oidpape.Request()
for parg in django_openidconsumer.config.OPENID_PAPE:
if parg.lower().strip() == 'policy_list':
for v in pape[parg].split(','):
p.addPolicyURI(v)
elif parg.lower().strip() == 'max_auth_age':
p.max_auth_age = pape[parg]
auth_request.addExtension(p)
########## OPENID-AX ##############
if django_openidconsumer.config.OPENID_AX:
axr = oidax.FetchRequest()
for i in django_openidconsumer.config.URI_GROUPS.values():
axr.add(oidax.AttrInfo(i['type_uri'], i['count'], i['required'], i['alias']))
auth_request.addExtension(axr)
redirect_url = auth_request.redirectURL(trust_root, redirect_to)
return HttpResponseRedirect(redirect_url)
def begin(request, sreg=None, extension_args=None, redirect_to=None, on_failure=None):
on_failure = on_failure or default_on_failure
if request.GET.get("logo"):
# Makes for a better demo
return HttpResponse(OPENID_LOGO_BASE_64.decode("base64"), mimetype="image/gif")
extension_args = extension_args or {}
if sreg:
extension_args["sreg.optional"] = sreg
trust_root = getattr(settings, "OPENID_TRUST_ROOT", get_url_host(request) + "/")
redirect_to = redirect_to or getattr(
settings,
"OPENID_REDIRECT_TO",
# If not explicitly set, assume current URL with complete/ appended
get_full_url(request).split("?")[0] + "complete/",
)
# In case they were lazy...
if not redirect_to.startswith("http://"):
redirect_to = get_url_host(request) + redirect_to
if request.GET.get("next") and is_valid_next_url(request.GET["next"]):
if "?" in redirect_to:
join = "&"
else:
join = "?"
redirect_to += join + "next=" + urllib.urlencode(request.GET["next"])
user_url = request.POST.get("openid_url", None)
if not user_url:
return render("openid_signin.html", {"action": request.path})
if xri.identifierScheme(user_url) == "XRI" and getattr(settings, "OPENID_DISALLOW_INAMES", False):
return on_failure(request, "i-names are not supported")
consumer = Consumer(request.session, DjangoOpenIDStore())
try:
auth_request = consumer.begin(user_url)
except DiscoveryFailure:
return on_failure(request, "The OpenID was invalid")
# Add extension args (for things like simple registration)
for name, value in extension_args.items():
namespace, key = name.split(".", 1)
auth_request.addExtensionArg(namespace, key, value)
redirect_url = auth_request.redirectURL(trust_root, redirect_to)
return HttpResponseRedirect(redirect_url)
def begin(self, user_url):
"""Start the OpenID authentication process. See steps 1-2 in
the overview at the top of this file.
@param user_url: Identity URL given by the user. This method
performs a textual transformation of the URL to try and
make sure it is normalized. For example, a user_url of
example.com will be normalized to http://example.com/
normalizing and resolving any redirects the server might
issue.
@type user_url: str
@returns: An object containing the discovered information will
be returned, with a method for building a redirect URL to
the server, as described in step 3 of the overview. This
object may also be used to add extension arguments to the
request, using its
L{addExtensionArg<openid.consumer.consumer.AuthRequest.addExtensionArg>}
method.
@returntype: L{AuthRequest<openid.consumer.consumer.AuthRequest>}
@raises openid.consumer.discover.DiscoveryFailure: when I fail to
find an OpenID server for this URL. If the C{yadis} package
is available, L{openid.consumer.discover.DiscoveryFailure} is
an alias for C{yadis.discover.DiscoveryFailure}.
"""
if yadis_available and xri.identifierScheme(user_url) == "XRI":
discoverMethod = discoverXRI
openid_url = user_url
else:
discoverMethod = openIDDiscover
openid_url = oidutil.normalizeUrl(user_url)
if yadis_available:
try:
disco = Discovery(self.session,
openid_url,
self.session_key_prefix)
service = disco.getNextService(discoverMethod)
except fetchers.HTTPFetchingError, e:
raise DiscoveryFailure('Error fetching XRDS document', e)
def __init__(self, openid, issued, attrs=None, sreg=None, pape=None, ax=None):
self.openid = openid
self.issued = issued
self.attrs = attrs or {}
self.is_iname = xri.identifierScheme(openid) == "XRI"
def begin(request, redirect_to=None, on_failure=None, user_url=None, template_name='openid_consumer/signin.html'):
on_failure = on_failure or default_on_failure
trust_root = getattr(
settings, 'OPENID_TRUST_ROOT', get_url_host(request) + '/'
)
# foo derbis.
redirect_to = redirect_to or getattr(
settings, 'OPENID_REDIRECT_TO',
# If not explicitly set, assume current URL with complete/ appended
get_full_url(request).split('?')[0] + 'complete/'
)
# In case they were lazy...
if not redirect_to.startswith('http://') or redirect_to.startswith('https://'):
redirect_to = get_url_host(request) + redirect_to
if request.GET.get('next') and is_valid_next_url(request.GET['next']):
if '?' in redirect_to:
join = '&'
else:
join = '?'
redirect_to += join + urllib.urlencode({
'next': request.GET['next']
})
if not user_url:
user_url = request.REQUEST.get('openid_url', None)
if not user_url:
request_path = request.path
if request.GET.get('next'):
request_path += '?' + urllib.urlencode({
'next': request.GET['next']
})
return render(template_name, {
'action': request_path,
}, RequestContext(request))
if xri.identifierScheme(user_url) == 'XRI' and getattr(
settings, 'OPENID_DISALLOW_INAMES', False
):
return on_failure(request, _('i-names are not supported'))
consumer = Consumer(request.session, DjangoOpenIDStore())
try:
auth_request = consumer.begin(user_url)
except DiscoveryFailure:
return on_failure(request, _('The OpenID was invalid'))
sreg = getattr(settings, 'OPENID_SREG', False)
if sreg:
s = SRegRequest()
for sarg in sreg:
if sarg.lower().lstrip() == "policy_url":
s.policy_url = sreg[sarg]
else:
for v in sreg[sarg].split(','):
s.requestField(field_name=v.lower().lstrip(), required=(sarg.lower().lstrip() == "required"))
auth_request.addExtension(s)
pape = getattr(settings, 'OPENID_PAPE', False)
if pape:
if openid.__version__ <= '2.0.0' and openid.__version__ >= '2.1.0':
raise ImportError, 'For pape extension you need python-openid 2.1.0 or newer'
p = PapeRequest()
for parg in pape:
if parg.lower().strip() == 'policy_list':
for v in pape[parg].split(','):
p.addPolicyURI(v)
elif parg.lower().strip() == 'max_auth_age':
p.max_auth_age = pape[parg]
auth_request.addExtension(p)
ax = getattr(settings, 'OPENID_AX', [])
if ax:
axr = AXFetchRequest()
for i in ax:
axr.add(AttrInfo(i['type_uri'], i['count'], i['required'], i['alias']))
auth_request.addExtension(axr)
redirect_url = auth_request.redirectURL(trust_root, redirect_to)
return HttpResponseRedirect(redirect_url)
def begin(request,
confirmed=True,
redirect_to=None,
on_failure=None,
user_url=None,
template_name='openid_consumer/signin.html'):
on_failure = on_failure or default_on_failure
trust_root = getattr(settings, 'OPENID_TRUST_ROOT',
get_url_host(request) + '/')
# foo derbis.
redirect_to = redirect_to or getattr(
settings,
'OPENID_REDIRECT_TO',
# If not explicitly set, assume current URL with complete/ appended
get_full_url(request).split('?')[0] + 'complete/')
# In case they were lazy...
if not redirect_to.startswith('http://') or redirect_to.startswith(
'https://'):
redirect_to = get_url_host(request) + redirect_to
if request.GET.get('next') and is_valid_next_url(request.GET['next']):
if '?' in redirect_to:
join = '&'
else:
join = '?'
redirect_to += join + urlencode({'next': request.GET['next']})
if not user_url:
user_url = request.REQUEST.get('openid_url', None)
if not user_url:
request_path = request.path
if request.GET.get('next'):
request_path += '?' + urlencode({'next': request.GET['next']})
return render(template_name, {
'action': request_path,
}, RequestContext(request))
if xri.identifierScheme(user_url) == 'XRI' and getattr(
settings, 'OPENID_DISALLOW_INAMES', False):
return on_failure(request, _('i-names are not supported'))
consumer = Consumer(request.session, DjangoOpenIDStore())
try:
auth_request = consumer.begin(user_url)
except DiscoveryFailure:
return on_failure(request, _('The OpenID was invalid'))
sreg = getattr(settings, 'OPENID_SREG', False)
if sreg:
s = SRegRequest()
for sarg in sreg:
if sarg.lower().lstrip() == "policy_url":
s.policy_url = sreg[sarg]
else:
for v in sreg[sarg].split(','):
s.requestField(
field_name=v.lower().lstrip(),
required=(sarg.lower().lstrip() == "required"))
auth_request.addExtension(s)
pape = getattr(settings, 'OPENID_PAPE', False)
if pape:
if openid.__version__ <= '2.0.0' and openid.__version__ >= '2.1.0':
raise ImportError, 'For pape extension you need python-openid 2.1.0 or newer'
p = PapeRequest()
for parg in pape:
if parg.lower().strip() == 'policy_list':
for v in pape[parg].split(','):
p.addPolicyURI(v)
elif parg.lower().strip() == 'max_auth_age':
p.max_auth_age = pape[parg]
auth_request.addExtension(p)
ax = getattr(settings, 'OPENID_AX', [])
if ax:
axr = AXFetchRequest()
for i in ax:
axr.add(
AttrInfo(i['type_uri'], i['count'], i['required'], i['alias']))
auth_request.addExtension(axr)
redirect_url = auth_request.redirectURL(trust_root, redirect_to)
return HttpResponseRedirect(redirect_url)
def begin(request, redirect_to=None, on_failure=None, user_url=None, template_name="openid_consumer/signin.html"):
on_failure = on_failure or default_on_failure
trust_root = getattr(settings, "OPENID_TRUST_ROOT", get_url_host(request) + "/")
# foo derbis.
redirect_to = redirect_to or getattr(
settings,
"OPENID_REDIRECT_TO",
# If not explicitly set, assume current URL with complete/ appended
get_full_url(request).split("?")[0] + "complete/",
)
# In case they were lazy...
if not redirect_to.startswith("http://") and not redirect_to.startswith("https://"):
redirect_to = get_url_host(request) + redirect_to
if request.GET.get("next") and is_valid_next_url(request.GET["next"]):
if "?" in redirect_to:
join = "&"
else:
join = "?"
redirect_to += join + urllib.urlencode({"next": request.GET["next"]})
if not user_url:
if request.method in ["GET", "POST"]:
user_url = getattr(request, request.method).get("openid_url")
else:
user_url = None
if not user_url:
request_path = request.path
if request.GET.get("next"):
request_path += "?" + urllib.urlencode({"next": request.GET["next"]})
return render(request, template_name, {"action": request_path})
if xri.identifierScheme(user_url) == "XRI" and getattr(settings, "OPENID_DISALLOW_INAMES", False):
return on_failure(request, _("i-names are not supported"))
consumer = Consumer(request.session, DjangoOpenIDStore())
try:
auth_request = consumer.begin(user_url)
except DiscoveryFailure:
return on_failure(request, _("The OpenID was invalid"))
sreg = getattr(settings, "OPENID_SREG", False)
if sreg:
s = SRegRequest()
for sarg in sreg:
if sarg.lower().lstrip() == "policy_url":
s.policy_url = sreg[sarg]
else:
for v in sreg[sarg].split(","):
s.requestField(field_name=v.lower().lstrip(), required=(sarg.lower().lstrip() == "required"))
auth_request.addExtension(s)
pape = getattr(settings, "OPENID_PAPE", False)
if pape:
if openid.__version__ <= "2.0.0" and openid.__version__ >= "2.1.0":
raise ImportError, "For pape extension you need python-openid 2.1.0 or newer"
p = PapeRequest()
for parg in pape:
if parg.lower().strip() == "policy_list":
for v in pape[parg].split(","):
p.addPolicyURI(v)
elif parg.lower().strip() == "max_auth_age":
p.max_auth_age = pape[parg]
auth_request.addExtension(p)
ax = getattr(settings, "OPENID_AX", [])
if ax:
axr = AXFetchRequest()
for i in ax:
axr.add(AttrInfo(i["type_uri"], i["count"], i["required"], i["alias"]))
auth_request.addExtension(axr)
redirect_url = auth_request.redirectURL(trust_root, redirect_to)
return HttpResponseRedirect(redirect_url)
