def persona_login(request):
assertion = request.POST.get('assertion', '')
audience = request.build_absolute_uri('/')
resp = requests.post('https://verifier.login.persona.org/verify', {
'assertion': assertion,
'audience': audience
})
if resp.json['status'] != 'okay':
return render_authentication_error(request)
email = resp.json['email']
user = User(email=email)
extra_data = resp.json
account = SocialAccount(uid=email,
provider=PersonaProvider.id,
extra_data=extra_data,
user=user)
# TBD: Persona e-mail addresses are verified, so we could check if
# a matching local user account already exists with an identical
# verified e-mail address and short-circuit the social login. Then
# again, this holds for all social providers that guarantee
# verified e-mail addresses, so if at all, short-circuiting should
# probably not be handled here...
login = SocialLogin(account)
login.state = SocialLogin.state_from_request(request)
return complete_social_login(request, login)
def persona_login(request):
assertion = request.POST.get('assertion', '')
audience = request.build_absolute_uri('/')
resp = requests.post('https://verifier.login.persona.org/verify',
{'assertion': assertion,
'audience': audience})
if resp.json()['status'] != 'okay':
return render_authentication_error(request)
email = resp.json()['email']
user = get_adapter() \
.populate_new_user(email=email)
extra_data = resp.json()
account = SocialAccount(uid=email,
provider=PersonaProvider.id,
extra_data=extra_data,
user=user)
# TBD: Persona e-mail addresses are verified, so we could check if
# a matching local user account already exists with an identical
# verified e-mail address and short-circuit the social login. Then
# again, this holds for all social providers that guarantee
# verified e-mail addresses, so if at all, short-circuiting should
# probably not be handled here...
login = SocialLogin(account)
login.state = SocialLogin.state_from_request(request)
return complete_social_login(request, login)
def callback(request):
client = _openid_consumer(request)
response = client.complete(dict(request.REQUEST.items()), request.build_absolute_uri(request.path))
if response.status == consumer.SUCCESS:
account = SocialAccount(uid=response.identity_url, provider=OpenIDProvider.id, extra_data={})
account.user = get_adapter().populate_new_user(request, account, email=_get_email_from_response(response))
login = SocialLogin(account)
login.state = SocialLogin.unstash_state(request)
ret = complete_social_login(request, login)
elif response.status == consumer.CANCEL:
ret = HttpResponseRedirect(reverse("socialaccount_login_cancelled"))
else:
ret = render_authentication_error(request)
return ret
def test_handle_facebook_without_email_cancel():
request = RequestFactory().get('/accounts/login/callback/')
request.user = AnonymousUser()
account = SocialAccount(provider='facebook')
sociallogin = SocialLogin(user=User(), account=account)
sociallogin.state = SocialLogin.state_from_request(request)
response = complete_social_login(request, sociallogin)
assert response.status_code == 302
assert response['location'].startswith(reverse('email_needed'))
sociallogin.state['auth_params'] = 'auth_type=rerequest'
response = complete_social_login(request, sociallogin)
assert response.status_code == 302
assert response['location'] == reverse('socialaccount_login_cancelled')
def callback(request):
client = _openid_consumer(request)
response = client.complete(dict(request.REQUEST.items()),
request.build_absolute_uri(request.path))
if response.status == consumer.SUCCESS:
user = get_adapter() \
.populate_new_user(email=_get_email_from_response(response))
account = SocialAccount(uid=response.identity_url,
provider=OpenIDProvider.id,
user=user,
extra_data={})
login = SocialLogin(account)
login.state = SocialLogin.unstash_state(request)
ret = complete_social_login(request, login)
elif response.status == consumer.CANCEL:
ret = HttpResponseRedirect(reverse('socialaccount_login_cancelled'))
else:
ret = render_authentication_error(request)
return ret
