def signin(request, redirect_to=None): trust_root = getattr( settings, 'OPENID_TRUST_ROOT', get_url_host(request) + '/' ) # foo derbis. redirect_to = redirect_to or reverse('openid_complete') # In case they were lazy... if not redirect_to.startswith('http://') or redirect_to.startswith('https://'): redirect_to = get_url_host(request) + redirect_to if request.GET.get('next') and is_valid_next_url(request.GET['next']): if '?' in redirect_to: join = '&' else: join = '?' redirect_to += join + urllib.urlencode({ 'next': request.GET['next'] }) if xri.identifierScheme(STEAM_PROVIDER_URL) == 'XRI' and getattr( settings, 'OPENID_DISALLOW_INAMES', False ): return on_failure(request, 'i-names are not supported') consumer = Consumer(request.session, DjangoOpenIDStore()) try: auth_request = consumer.begin(STEAM_PROVIDER_URL) except DiscoveryFailure: return on_failure(request, 'The OpenID was invalid') redirect_url = auth_request.redirectURL(trust_root, redirect_to) return HttpResponseRedirect(redirect_url)
def begin(request, sreg=None, extension_args=None, redirect_to=None, on_failure=None): on_failure = on_failure or default_on_failure extension_args = extension_args or {} if sreg: extension_args['sreg.optional'] = sreg trust_root = getattr( settings, 'OPENID_TRUST_ROOT', get_url_host(request) + '/' ) redirect_to = redirect_to or getattr( settings, 'OPENID_REDIRECT_TO', # If not explicitly set, assume current URL with complete/ appended get_full_url(request).split('?')[0] + 'complete/' ) # In case they were lazy... if not redirect_to.startswith('http://'): redirect_to = get_url_host(request) + redirect_to if request.GET.get('next') and is_valid_next_url(request.GET['next']): if '?' in redirect_to: join = '&' else: join = '?' redirect_to += join + urllib.urlencode({ 'next': request.GET['next'] }) user_url = request.POST.get('openid_url', None) if not user_url: request_path = request.path if request.GET.get('next'): request_path += '?' + urllib.urlencode({ 'next': request.GET['next'] }) return on_failure(request, "You didn't submit an OpenID URL") if xri.identifierScheme(user_url) == 'XRI' and getattr( settings, 'OPENID_DISALLOW_INAMES', False ): return on_failure(request, 'i-names are not supported') user_url = oidutil.normalizeUrl(user_url) if not User.objects.filter(oid_url=user_url): return on_failure(request, "That is not a known OpenID URL. Please read <a href='/accounts/'>about accounts</a>") consumer = Consumer(request.session, DjangoOpenIDStore()) try: auth_request = consumer.begin(user_url) except DiscoveryFailure: return on_failure(request, "The OpenID was invalid") # Add extension args (for things like simple registration) for name, value in extension_args.items(): namespace, key = name.split('.', 1) auth_request.addExtensionArg(namespace, key, value) redirect_url = auth_request.redirectURL(trust_root, redirect_to) return HttpResponseRedirect(redirect_url)
def __init__(self, openid, issued, attrs=None, sreg=None, pape=None, ax=None): self.openid = openid self.issued = issued self.attrs = attrs or {} self.sreg = sreg or {} self.pape = pape or {} self.ax = ax or {} self.is_iname = (xri.identifierScheme(openid) == 'XRI')
def __init__(self, openid, issued, attrs=None, sreg=None, pape=None, ax=None): self.openid = openid self.issued = issued self.attrs = attrs or {} self.sreg = sreg or {} self.pape = pape or {} self.ax = ax or {} self.is_iname = (xri.identifierScheme(openid) == 'XRI')
def begin(request, sreg=None, extension_args=None, redirect_to=None, on_failure=None, if_not_user_url=None): on_failure = on_failure or default_on_failure if_not_user_url = if_not_user_url or default_if_not_user_url if request.GET.get('logo'): # Makes for a better demo return logo(request) extension_args = extension_args or {} if sreg: extension_args['sreg.optional'] = sreg trust_root = getattr( settings, 'OPENID_TRUST_ROOT', get_url_host(request) + '/' ) redirect_to = redirect_to or getattr( settings, 'OPENID_REDIRECT_TO', # If not explicitly set, assume current URL with complete/ appended get_full_url(request).split('?')[0] + 'complete/' ) # In case they were lazy... if not redirect_to.startswith('http://'): redirect_to = get_url_host(request) + redirect_to if request.GET.get('next') and is_valid_next_url(request.GET['next']): if '?' in redirect_to: join = '&' else: join = '?' redirect_to += join + urllib.urlencode({ 'next': request.GET['next'] }) user_url = request.REQUEST.get('openid_url', None) if not user_url: return if_not_user_url(request) if xri.identifierScheme(user_url) == 'XRI' and getattr( settings, 'OPENID_DISALLOW_INAMES', False ): return on_failure(request, 'i-names are not supported') consumer = Consumer(request.session, DjangoOpenIDStore()) try: auth_request = consumer.begin(user_url) except DiscoveryFailure: return on_failure(request, "The OpenID was invalid") # Add extension args (for things like simple registration) for name, value in extension_args.items(): namespace, key = name.split('.', 1) auth_request.addExtensionArg(namespace, key, value) redirect_url = auth_request.redirectURL(trust_root, redirect_to) return HttpResponseRedirect(redirect_url)
def begin(request, sreg=None, extension_args=None, redirect_to=None, on_failure=None): on_failure = on_failure or default_on_failure if request.GET.get('logo'): # Makes for a better demo return HttpResponse(OPENID_LOGO_BASE_64.decode('base64'), mimetype='image/gif') extension_args = extension_args or {} if sreg: extension_args['sreg.optional'] = sreg trust_root = getattr(settings, 'OPENID_TRUST_ROOT', get_url_host(request) + '/') redirect_to = redirect_to or getattr( settings, 'OPENID_REDIRECT_TO', # If not explicitly set, assume current URL with complete/ appended get_full_url(request).split('?')[0] + 'complete/') # In case they were lazy... if not redirect_to.startswith('http://'): redirect_to = get_url_host(request) + redirect_to if request.GET.get('next') and is_valid_next_url(request.GET['next']): if '?' in redirect_to: join = '&' else: join = '?' redirect_to += join + 'next=' + urllib.urlencode(request.GET['next']) user_url = request.POST.get('openid_url', None) if not user_url: return render('openid_signin.html', {'action': request.path}) if xri.identifierScheme(user_url) == 'XRI' and getattr( settings, 'OPENID_DISALLOW_INAMES', False): return on_failure(request, 'i-names are not supported') consumer = Consumer(request.session, DjangoOpenIDStore()) try: auth_request = consumer.begin(user_url) except DiscoveryFailure: return on_failure(request, "The OpenID was invalid") # Add extension args (for things like simple registration) for name, value in extension_args.items(): namespace, key = name.split('.', 1) auth_request.addExtensionArg(namespace, key, value) redirect_url = auth_request.redirectURL(trust_root, redirect_to) return HttpResponseRedirect(redirect_url)
def begin(request, user_url, redirect_to=None, next = None, on_failure=None, template_name='openid_signin.html'): on_failure = on_failure or default_on_failure trust_root = getattr( settings, 'OPENID_TRUST_ROOT', get_url_host(request) + '/' ) redirect_to = redirect_to or getattr( settings, 'OPENID_REDIRECT_TO', get_full_url(request).split('?')[0] + 'complete/' ) if not redirect_to.startswith('http://') or redirect_to.startswith('https://'): redirect_to = get_url_host(request) + redirect_to if next and is_valid_next_url(request, next): redirect_to += '?' + urllib.urlencode({'redirect': next}) if xri.identifierScheme(user_url) == 'XRI' and getattr( settings, 'OPENID_DISALLOW_INAMES', False ): return on_failure(request, _('i-names are not supported')) consumer = Consumer(request.session, DjangoOpenIDStore()) try: auth_request = consumer.begin(user_url) except DiscoveryFailure: return on_failure(request, _('The OpenID was invalid')) ########## OPENID-PAPE ########### if django_openidconsumer.config.OPENID_PAPE: if openid.__version__ <= '2.0.0' and openid.__version__ >= '2.1.0': raise ImportError, 'For pape extension you need python-openid 2.1.0 or newer' p = oidpape.Request() for parg in django_openidconsumer.config.OPENID_PAPE: if parg.lower().strip() == 'policy_list': for v in pape[parg].split(','): p.addPolicyURI(v) elif parg.lower().strip() == 'max_auth_age': p.max_auth_age = pape[parg] auth_request.addExtension(p) ########## OPENID-AX ############## if django_openidconsumer.config.OPENID_AX: axr = oidax.FetchRequest() for i in django_openidconsumer.config.URI_GROUPS.values(): axr.add(oidax.AttrInfo(i['type_uri'], i['count'], i['required'], i['alias'])) auth_request.addExtension(axr) redirect_url = auth_request.redirectURL(trust_root, redirect_to) return HttpResponseRedirect(redirect_url)
def begin(request, sreg=None, extension_args=None, redirect_to=None, on_failure=None): on_failure = on_failure or default_on_failure if request.GET.get("logo"): # Makes for a better demo return HttpResponse(OPENID_LOGO_BASE_64.decode("base64"), mimetype="image/gif") extension_args = extension_args or {} if sreg: extension_args["sreg.optional"] = sreg trust_root = getattr(settings, "OPENID_TRUST_ROOT", get_url_host(request) + "/") redirect_to = redirect_to or getattr( settings, "OPENID_REDIRECT_TO", # If not explicitly set, assume current URL with complete/ appended get_full_url(request).split("?")[0] + "complete/", ) # In case they were lazy... if not redirect_to.startswith("http://"): redirect_to = get_url_host(request) + redirect_to if request.GET.get("next") and is_valid_next_url(request.GET["next"]): if "?" in redirect_to: join = "&" else: join = "?" redirect_to += join + "next=" + urllib.urlencode(request.GET["next"]) user_url = request.POST.get("openid_url", None) if not user_url: return render("openid_signin.html", {"action": request.path}) if xri.identifierScheme(user_url) == "XRI" and getattr(settings, "OPENID_DISALLOW_INAMES", False): return on_failure(request, "i-names are not supported") consumer = Consumer(request.session, DjangoOpenIDStore()) try: auth_request = consumer.begin(user_url) except DiscoveryFailure: return on_failure(request, "The OpenID was invalid") # Add extension args (for things like simple registration) for name, value in extension_args.items(): namespace, key = name.split(".", 1) auth_request.addExtensionArg(namespace, key, value) redirect_url = auth_request.redirectURL(trust_root, redirect_to) return HttpResponseRedirect(redirect_url)
def begin(self, user_url): """Start the OpenID authentication process. See steps 1-2 in the overview at the top of this file. @param user_url: Identity URL given by the user. This method performs a textual transformation of the URL to try and make sure it is normalized. For example, a user_url of example.com will be normalized to http://example.com/ normalizing and resolving any redirects the server might issue. @type user_url: str @returns: An object containing the discovered information will be returned, with a method for building a redirect URL to the server, as described in step 3 of the overview. This object may also be used to add extension arguments to the request, using its L{addExtensionArg<openid.consumer.consumer.AuthRequest.addExtensionArg>} method. @returntype: L{AuthRequest<openid.consumer.consumer.AuthRequest>} @raises openid.consumer.discover.DiscoveryFailure: when I fail to find an OpenID server for this URL. If the C{yadis} package is available, L{openid.consumer.discover.DiscoveryFailure} is an alias for C{yadis.discover.DiscoveryFailure}. """ if yadis_available and xri.identifierScheme(user_url) == "XRI": discoverMethod = discoverXRI openid_url = user_url else: discoverMethod = openIDDiscover openid_url = oidutil.normalizeUrl(user_url) if yadis_available: try: disco = Discovery(self.session, openid_url, self.session_key_prefix) service = disco.getNextService(discoverMethod) except fetchers.HTTPFetchingError, e: raise DiscoveryFailure('Error fetching XRDS document', e)
def __init__(self, openid, issued, attrs=None, sreg=None, pape=None, ax=None): self.openid = openid self.issued = issued self.attrs = attrs or {} self.is_iname = xri.identifierScheme(openid) == "XRI"
def begin(request, redirect_to=None, on_failure=None, user_url=None, template_name='openid_consumer/signin.html'): on_failure = on_failure or default_on_failure trust_root = getattr( settings, 'OPENID_TRUST_ROOT', get_url_host(request) + '/' ) # foo derbis. redirect_to = redirect_to or getattr( settings, 'OPENID_REDIRECT_TO', # If not explicitly set, assume current URL with complete/ appended get_full_url(request).split('?')[0] + 'complete/' ) # In case they were lazy... if not redirect_to.startswith('http://') or redirect_to.startswith('https://'): redirect_to = get_url_host(request) + redirect_to if request.GET.get('next') and is_valid_next_url(request.GET['next']): if '?' in redirect_to: join = '&' else: join = '?' redirect_to += join + urllib.urlencode({ 'next': request.GET['next'] }) if not user_url: user_url = request.REQUEST.get('openid_url', None) if not user_url: request_path = request.path if request.GET.get('next'): request_path += '?' + urllib.urlencode({ 'next': request.GET['next'] }) return render(template_name, { 'action': request_path, }, RequestContext(request)) if xri.identifierScheme(user_url) == 'XRI' and getattr( settings, 'OPENID_DISALLOW_INAMES', False ): return on_failure(request, _('i-names are not supported')) consumer = Consumer(request.session, DjangoOpenIDStore()) try: auth_request = consumer.begin(user_url) except DiscoveryFailure: return on_failure(request, _('The OpenID was invalid')) sreg = getattr(settings, 'OPENID_SREG', False) if sreg: s = SRegRequest() for sarg in sreg: if sarg.lower().lstrip() == "policy_url": s.policy_url = sreg[sarg] else: for v in sreg[sarg].split(','): s.requestField(field_name=v.lower().lstrip(), required=(sarg.lower().lstrip() == "required")) auth_request.addExtension(s) pape = getattr(settings, 'OPENID_PAPE', False) if pape: if openid.__version__ <= '2.0.0' and openid.__version__ >= '2.1.0': raise ImportError, 'For pape extension you need python-openid 2.1.0 or newer' p = PapeRequest() for parg in pape: if parg.lower().strip() == 'policy_list': for v in pape[parg].split(','): p.addPolicyURI(v) elif parg.lower().strip() == 'max_auth_age': p.max_auth_age = pape[parg] auth_request.addExtension(p) ax = getattr(settings, 'OPENID_AX', []) if ax: axr = AXFetchRequest() for i in ax: axr.add(AttrInfo(i['type_uri'], i['count'], i['required'], i['alias'])) auth_request.addExtension(axr) redirect_url = auth_request.redirectURL(trust_root, redirect_to) return HttpResponseRedirect(redirect_url)
def begin(request, confirmed=True, redirect_to=None, on_failure=None, user_url=None, template_name='openid_consumer/signin.html'): on_failure = on_failure or default_on_failure trust_root = getattr(settings, 'OPENID_TRUST_ROOT', get_url_host(request) + '/') # foo derbis. redirect_to = redirect_to or getattr( settings, 'OPENID_REDIRECT_TO', # If not explicitly set, assume current URL with complete/ appended get_full_url(request).split('?')[0] + 'complete/') # In case they were lazy... if not redirect_to.startswith('http://') or redirect_to.startswith( 'https://'): redirect_to = get_url_host(request) + redirect_to if request.GET.get('next') and is_valid_next_url(request.GET['next']): if '?' in redirect_to: join = '&' else: join = '?' redirect_to += join + urlencode({'next': request.GET['next']}) if not user_url: user_url = request.REQUEST.get('openid_url', None) if not user_url: request_path = request.path if request.GET.get('next'): request_path += '?' + urlencode({'next': request.GET['next']}) return render(template_name, { 'action': request_path, }, RequestContext(request)) if xri.identifierScheme(user_url) == 'XRI' and getattr( settings, 'OPENID_DISALLOW_INAMES', False): return on_failure(request, _('i-names are not supported')) consumer = Consumer(request.session, DjangoOpenIDStore()) try: auth_request = consumer.begin(user_url) except DiscoveryFailure: return on_failure(request, _('The OpenID was invalid')) sreg = getattr(settings, 'OPENID_SREG', False) if sreg: s = SRegRequest() for sarg in sreg: if sarg.lower().lstrip() == "policy_url": s.policy_url = sreg[sarg] else: for v in sreg[sarg].split(','): s.requestField( field_name=v.lower().lstrip(), required=(sarg.lower().lstrip() == "required")) auth_request.addExtension(s) pape = getattr(settings, 'OPENID_PAPE', False) if pape: if openid.__version__ <= '2.0.0' and openid.__version__ >= '2.1.0': raise ImportError, 'For pape extension you need python-openid 2.1.0 or newer' p = PapeRequest() for parg in pape: if parg.lower().strip() == 'policy_list': for v in pape[parg].split(','): p.addPolicyURI(v) elif parg.lower().strip() == 'max_auth_age': p.max_auth_age = pape[parg] auth_request.addExtension(p) ax = getattr(settings, 'OPENID_AX', []) if ax: axr = AXFetchRequest() for i in ax: axr.add( AttrInfo(i['type_uri'], i['count'], i['required'], i['alias'])) auth_request.addExtension(axr) redirect_url = auth_request.redirectURL(trust_root, redirect_to) return HttpResponseRedirect(redirect_url)
def begin(request, redirect_to=None, on_failure=None, user_url=None, template_name="openid_consumer/signin.html"): on_failure = on_failure or default_on_failure trust_root = getattr(settings, "OPENID_TRUST_ROOT", get_url_host(request) + "/") # foo derbis. redirect_to = redirect_to or getattr( settings, "OPENID_REDIRECT_TO", # If not explicitly set, assume current URL with complete/ appended get_full_url(request).split("?")[0] + "complete/", ) # In case they were lazy... if not redirect_to.startswith("http://") and not redirect_to.startswith("https://"): redirect_to = get_url_host(request) + redirect_to if request.GET.get("next") and is_valid_next_url(request.GET["next"]): if "?" in redirect_to: join = "&" else: join = "?" redirect_to += join + urllib.urlencode({"next": request.GET["next"]}) if not user_url: if request.method in ["GET", "POST"]: user_url = getattr(request, request.method).get("openid_url") else: user_url = None if not user_url: request_path = request.path if request.GET.get("next"): request_path += "?" + urllib.urlencode({"next": request.GET["next"]}) return render(request, template_name, {"action": request_path}) if xri.identifierScheme(user_url) == "XRI" and getattr(settings, "OPENID_DISALLOW_INAMES", False): return on_failure(request, _("i-names are not supported")) consumer = Consumer(request.session, DjangoOpenIDStore()) try: auth_request = consumer.begin(user_url) except DiscoveryFailure: return on_failure(request, _("The OpenID was invalid")) sreg = getattr(settings, "OPENID_SREG", False) if sreg: s = SRegRequest() for sarg in sreg: if sarg.lower().lstrip() == "policy_url": s.policy_url = sreg[sarg] else: for v in sreg[sarg].split(","): s.requestField(field_name=v.lower().lstrip(), required=(sarg.lower().lstrip() == "required")) auth_request.addExtension(s) pape = getattr(settings, "OPENID_PAPE", False) if pape: if openid.__version__ <= "2.0.0" and openid.__version__ >= "2.1.0": raise ImportError, "For pape extension you need python-openid 2.1.0 or newer" p = PapeRequest() for parg in pape: if parg.lower().strip() == "policy_list": for v in pape[parg].split(","): p.addPolicyURI(v) elif parg.lower().strip() == "max_auth_age": p.max_auth_age = pape[parg] auth_request.addExtension(p) ax = getattr(settings, "OPENID_AX", []) if ax: axr = AXFetchRequest() for i in ax: axr.add(AttrInfo(i["type_uri"], i["count"], i["required"], i["alias"])) auth_request.addExtension(axr) redirect_url = auth_request.redirectURL(trust_root, redirect_to) return HttpResponseRedirect(redirect_url)