def authenticate(self, assertion=None, audience=None, request=None, **kwargs): """ Authenticate a user by verifying a BrowserID assertion. Defers to the verifier returned by :func:`BrowserIDBackend.get_verifier` for verification. You may either pass the ``request`` parameter to determine the audience from the request, or pass the ``audience`` parameter explicitly. :param assertion: Assertion submitted by the user. This asserts that the user controls a specific email address. :param audience: The audience to use when verifying the assertion; this prevents another site using an assertion for their site to login to yours. This value takes precedence over the audience pulled from the request parameter, if given. :param request: The request that generated this authentication attempt. This is used to determine the audience to use during verification, using the :func:`django_browserid.base.get_audience` function. If the audience parameter is also passed, it will be used instead of the audience from the request. :param kwargs: All remaining keyword arguments are passed to the ``verify`` function on the verifier. """ email = self.verify(assertion, audience, request, **kwargs) if not email or not self.is_valid_email(email): return None # In the rare case that two user accounts have the same email address, # log and bail. Randomly selecting one seems really wrong. users = self.filter_users_by_email(email=email) if len(users) > 1: logger.warn('%s users with email address %s.', len(users), email) return None if len(users) == 1: return users[0] create_user = getattr(settings, 'BROWSERID_CREATE_USER', True) if not create_user: logger.debug('Login failed: No user with email %s found, and ' 'BROWSERID_CREATE_USER is False', email) return None else: if create_user is True: create_function = self.create_user else: # Find the function to call. create_function = import_from_setting('BROWSERID_CREATE_USER') user = create_function(email) user_created.send(create_function, user=user) return user
def authenticate(self, assertion=None, audience=None, browserid_extra=None, **kw): """``django.contrib.auth`` compatible authentication method. Given a BrowserID assertion and an audience, it attempts to verify them and then extract the email address for the authenticated user. An audience should be in the form ``https://example.com`` or ``http://localhost:8001``. See django_browserid.base.get_audience() """ result = verify(assertion, audience, extra_params=browserid_extra) if not result: return None email = result['email'] # In the rare case that two user accounts have the same email address, # log and bail. Randomly selecting one seems really wrong. users = self.filter_users_by_email(email=email) if len(users) > 1: logger.warn('%s users with email address %s.', len(users), email) return None if len(users) == 1: return users[0] create_user = getattr(settings, 'BROWSERID_CREATE_USER', True) if not create_user: logger.debug( 'Login failed: No user with email %s found, and ' 'BROWSERID_CREATE_USER is False', email) return None else: if create_user is True: create_function = self.create_user else: # Find the function to call. create_function = self._load_module(create_user) user = create_function(email) user_created.send(create_function, user=user) return user
def authenticate(self, assertion=None, audience=None, browserid_extra=None, **kw): """``django.contrib.auth`` compatible authentication method. Given a BrowserID assertion and an audience, it attempts to verify them and then extract the email address for the authenticated user. An audience should be in the form ``https://example.com`` or ``http://localhost:8001``. See django_browserid.base.get_audience() """ result = verify(assertion, audience, extra_params=browserid_extra) if not result: return None email = result['email'] if not self.is_valid_email(email): return None # In the rare case that two user accounts have the same email address, # log and bail. Randomly selecting one seems really wrong. users = self.filter_users_by_email(email=email) if len(users) > 1: logger.warn('%s users with email address %s.', len(users), email) return None if len(users) == 1: return users[0] create_user = getattr(settings, 'BROWSERID_CREATE_USER', True) if not create_user: logger.debug('Login failed: No user with email %s found, and ' 'BROWSERID_CREATE_USER is False', email) return None else: if create_user is True: create_function = self.create_user else: # Find the function to call. create_function = import_function_from_setting('BROWSERID_CREATE_USER') user = create_function(email) user_created.send(create_function, user=user) return user
def authenticate(self, assertion=None, audience=None, browserid_extra=None, **kw): """``django.contrib.auth`` compatible authentication method. Given a BrowserID assertion and an audience, it attempts to verify them and then extract the email address for the authenticated user. An audience should be in the form ``https://example.com`` or ``http://localhost:8001``. See django_browserid.base.get_audience() """ result = verify(assertion, audience, extra_params=browserid_extra) if not result: return None email = result['email'] # in the rare case that two user accounts have the same email address, # log and bail. randomly selecting one seems really wrong. users = self.filter_users_by_email(email=email) if len(users) > 1: log.warn('{0} users with email address {1}.'.format(len(users), email)) return None if len(users) == 1: return users[0] create_user = getattr(settings, 'BROWSERID_CREATE_USER', True) if not create_user: return None else: if create_user is True: create_function = self.create_user else: # Find the function to call. create_function = self._load_module(create_user) user = create_function(email) user_created.send(create_function, user=user) return user