def openid_decide(request): """ The page that asks the user if they really want to sign in to the site, and lets them add the consumer to their trusted whitelist. # If user is logged in, ask if they want to trust this trust_root # If they are NOT logged in, show the landing page """ orequest = request.session.get('OPENID_REQUEST') # No request ? Failure.. if not orequest: logger.warning('OpenID decide view failed, \ because no OpenID request is saved') return HttpResponseRedirect('/') sreg_request = SRegRequest.fromOpenIDRequest(orequest) logger.debug('SREG request: %s' % sreg_request.__dict__) if not request.user.is_authenticated(): # Not authenticated ? Authenticate and go back to the server endpoint return redirect_to_login(request, next=reverse(openid_server), nonce='1') if request.method == 'POST': if 'cancel' in request.POST: # User refused logger.info('OpenID decide canceled') return HttpResponseRedirect('%s?cancel' % reverse(openid_server)) else: form = DecideForm(sreg_request=sreg_request, data=request.POST) if form.is_valid(): data = form.cleaned_data # Remember the choice t, created = models.TrustedRoot.objects.get_or_create( user=request.user.id, trust_root=orequest.trust_root) t.choices = sreg_request.required \ + [ field for field in data if data[field] ] t.save() logger.debug('OpenID decide, user choice:%s' % data) return HttpResponseRedirect(reverse('openid-provider-root')) else: form = DecideForm(sreg_request=sreg_request) logger.info('OpenID device view, orequest:%s' % orequest) # verify return_to of trust_root try: trust_root_valid = verifyReturnTo(orequest.trust_root, orequest.return_to) and "Valid" or "Invalid" except HTTPFetchingError: trust_root_valid = "Unreachable" except DiscoveryFailure: trust_root_valid = "DISCOVERY_FAILED" return render_to_response('idp/openid/decide.html', { 'title': _('Trust this site?'), 'required': sreg_request.required, 'optional': sreg_request.optional, 'trust_root_valid': trust_root_valid, 'form': form, }, context_instance=RequestContext(request))
logger.debug('SREG request: %s' % sreg_request.__dict__) if orequest.mode in ("checkid_immediate", "checkid_setup"): # User is not logged if not request.user.is_authenticated(): # Site does not want interaction if orequest.immediate: logger.debug('User not logged and checkid immediate request, \ returning OpenID failure') return oresponse_to_response(server, orequest.answer(False)) else: # Try to login request.session['OPENID_REQUEST'] = orequest logger.debug('User not logged and checkid request, \ redirecting to login page') return redirect_to_login(request, nonce='1') else: identity = orequest.identity if identity != IDENTIFIER_SELECT: exploded = urlparse.urlparse(identity) # Allows only /openid/<user_id> if check_exploded(exploded, request): # We only support directed identity logger.debug('Invalid OpenID identity %s' % identity) return oresponse_to_response(server, orequest.answer(False)) if getattr(settings, 'RESTRICT_OPENID_RP', None): logger.debug('RP restriction is activated') if orequest.trust_root in getattr(settings, 'RESTRICT_OPENID_RP'): logger.debug('The RP %s is authorized' % orequest.trust_root) else: logger.debug('The RP %s is not authorized, return 404.' \