def cleanup_associations(self, request, queryset):
store = DjangoOpenIDStore()
count = store.cleanupAssociations()
self.message_user(request, "%d expired associations removed" % count)
def handle_noargs(self, **options):
store = DjangoOpenIDStore()
store.cleanup()
def cleanup_nonces(self, request, queryset):
store = DjangoOpenIDStore()
count = store.cleanupNonces()
self.message_user(request, "%d expired nonces removed" % count)
def setUp(self):
super(OpenIDStoreTests, self).setUp()
self.store = DjangoOpenIDStore()
def make_consumer(request):
"""Create an OpenID Consumer object for the given Django request."""
# Give the OpenID library its own space in the session object.
session = request.session.setdefault('OPENID', {})
store = DjangoOpenIDStore()
return Consumer(session, store)
def cleanup_associations(self, request, queryset):
store = DjangoOpenIDStore()
count = store.cleanupAssociations()
self.message_user(request, "%d expired associations removed" % count)
class OpenIDStoreTests(TestCase):
def setUp(self):
super(OpenIDStoreTests, self).setUp()
self.store = DjangoOpenIDStore()
def test_storeAssociation(self):
assoc = OIDAssociation('handle', 'secret', 42, 600, 'HMAC-SHA1')
self.store.storeAssociation('server-url', assoc)
dbassoc = Association.objects.get(server_url='server-url',
handle='handle')
self.assertEquals(dbassoc.server_url, 'server-url')
self.assertEquals(dbassoc.handle, 'handle')
self.assertEquals(dbassoc.secret,
base64.encodestring(b'secret').decode('utf-8'))
self.assertEquals(dbassoc.issued, 42)
self.assertEquals(dbassoc.lifetime, 600)
self.assertEquals(dbassoc.assoc_type, 'HMAC-SHA1')
def test_storeAssociation_update_existing(self):
assoc = OIDAssociation('handle', 'secret', 42, 600, 'HMAC-SHA1')
self.store.storeAssociation('server-url', assoc)
# Now update the association with new information.
assoc = OIDAssociation('handle', 'secret2', 420, 900, 'HMAC-SHA256')
self.store.storeAssociation('server-url', assoc)
dbassoc = Association.objects.get(server_url='server-url',
handle='handle')
self.assertEqual(dbassoc.secret,
base64.encodestring(b'secret2').decode('utf-8'))
self.assertEqual(dbassoc.issued, 420)
self.assertEqual(dbassoc.lifetime, 900)
self.assertEqual(dbassoc.assoc_type, 'HMAC-SHA256')
def test_getAssociation(self):
timestamp = int(time.time())
self.store.storeAssociation(
'server-url',
OIDAssociation('handle', 'secret', timestamp, 600, 'HMAC-SHA1'))
assoc = self.store.getAssociation('server-url', 'handle')
self.assertTrue(isinstance(assoc, OIDAssociation))
self.assertEquals(assoc.handle, 'handle')
self.assertEquals(assoc.secret, b'secret')
self.assertEquals(assoc.issued, timestamp)
self.assertEquals(assoc.lifetime, 600)
self.assertEquals(assoc.assoc_type, 'HMAC-SHA1')
def test_getAssociation_unknown(self):
assoc = self.store.getAssociation('server-url', 'unknown')
self.assertEquals(assoc, None)
def test_getAssociation_expired(self):
lifetime = 600
timestamp = int(time.time()) - 2 * lifetime
self.store.storeAssociation(
'server-url',
OIDAssociation('handle', 'secret', timestamp, lifetime,
'HMAC-SHA1'))
# The association is not returned, and is removed from the database.
assoc = self.store.getAssociation('server-url', 'handle')
self.assertEquals(assoc, None)
self.assertRaises(Association.DoesNotExist,
Association.objects.get,
server_url='server-url',
handle='handle')
def test_getAssociation_no_handle(self):
timestamp = int(time.time())
self.store.storeAssociation(
'server-url',
OIDAssociation('handle1', 'secret', timestamp + 1, 600,
'HMAC-SHA1'))
self.store.storeAssociation(
'server-url',
OIDAssociation('handle2', 'secret', timestamp, 600, 'HMAC-SHA1'))
# The newest handle is returned.
assoc = self.store.getAssociation('server-url', None)
self.assertNotEquals(assoc, None)
self.assertEquals(assoc.handle, 'handle1')
self.assertEquals(assoc.issued, timestamp + 1)
def test_removeAssociation(self):
timestamp = int(time.time())
self.store.storeAssociation(
'server-url',
OIDAssociation('handle', 'secret', timestamp, 600, 'HMAC-SHA1'))
self.assertEquals(self.store.removeAssociation('server-url', 'handle'),
True)
self.assertEquals(self.store.getAssociation('server-url', 'handle'),
None)
def test_removeAssociation_unknown(self):
self.assertEquals(
self.store.removeAssociation('server-url', 'unknown'), False)
def test_useNonce(self):
timestamp = time.time()
# The nonce can only be used once.
self.assertEqual(self.store.useNonce('server-url', timestamp, 'salt'),
True)
self.assertEqual(self.store.useNonce('server-url', timestamp, 'salt'),
False)
self.assertEqual(self.store.useNonce('server-url', timestamp, 'salt'),
False)
def test_useNonce_expired(self):
timestamp = time.time() - 2 * SKEW
self.assertEqual(self.store.useNonce('server-url', timestamp, 'salt'),
False)
def test_useNonce_future(self):
timestamp = time.time() + 2 * SKEW
self.assertEqual(self.store.useNonce('server-url', timestamp, 'salt'),
False)
def test_cleanupNonces(self):
timestamp = time.time()
self.assertEqual(self.store.useNonce('server1', timestamp, 'salt1'),
True)
self.assertEqual(self.store.useNonce('server2', timestamp, 'salt2'),
True)
self.assertEqual(self.store.useNonce('server3', timestamp, 'salt3'),
True)
self.assertEqual(Nonce.objects.count(), 3)
self.assertEqual(self.store.cleanupNonces(_now=timestamp + 2 * SKEW),
3)
self.assertEqual(Nonce.objects.count(), 0)
# The nonces have now been cleared:
self.assertEqual(self.store.useNonce('server1', timestamp, 'salt1'),
True)
self.assertEqual(self.store.cleanupNonces(_now=timestamp + 2 * SKEW),
1)
self.assertEqual(self.store.cleanupNonces(_now=timestamp + 2 * SKEW),
0)
def test_cleanupAssociations(self):
timestamp = int(time.time()) - 100
self.store.storeAssociation(
'server-url',
OIDAssociation('handle1', 'secret', timestamp, 50, 'HMAC-SHA1'))
self.store.storeAssociation(
'server-url',
OIDAssociation('handle2', 'secret', timestamp, 200, 'HMAC-SHA1'))
self.assertEquals(self.store.cleanupAssociations(), 1)
# The second (non-expired) association is left behind.
self.assertNotEqual(self.store.getAssociation('server-url', 'handle2'),
None)
def cleanup_nonces(self, request, queryset):
store = DjangoOpenIDStore()
count = store.cleanupNonces()
self.message_user(request, "%d expired nonces removed" % count)
def openid_server(req):
"""
This view is the actual OpenID server - running at the URL pointed to by
the <link rel="openid.server"> tag.
"""
host = get_base_uri(req)
try:
# if we have django_openid_auth in applications directory
# then we can use DjangoOpenIDStore
from django_openid_auth.store import DjangoOpenIDStore
store = DjangoOpenIDStore()
except:
# otherwise use FileOpenIDStore
OPENID_FILESTORE = '/tmp/openid-filestore'
from openid.store.filestore import FileOpenIDStore
store = FileOpenIDStore(OPENID_FILESTORE)
server = Server(store,
op_endpoint="%s%s" %
(host, reverse('openid-provider-root')))
# Clear AuthorizationInfo session var, if it is set
if req.session.get('AuthorizationInfo', None):
del req.session['AuthorizationInfo']
querydict = dict(req.REQUEST.items())
try:
orequest = server.decodeRequest(querydict)
except:
L.exception("Request decode failed")
orequest = None
if not orequest:
orequest = req.session.get('OPENID_REQUEST', None)
if not orequest:
# not request, render info page:
return render_to_response('openid_provider/server.html', {
'host': host,
},
context_instance=RequestContext(req))
else:
# remove session stored data:
del req.session['OPENID_REQUEST']
if orequest.mode in ("checkid_immediate", "checkid_setup"):
if not req.user.is_authenticated():
return landing_page(req, orequest)
openid = openid_is_authorized(req, orequest.identity,
orequest.trust_root)
if openid is not None:
oresponse = orequest.answer(
True,
identity="%s%s" %
(host, reverse('openid-provider-identity',
args=[openid.openid])))
sreg_data = {'nickname': req.user.username}
sreg_req = sreg.SRegRequest.fromOpenIDRequest(orequest)
sreg_resp = sreg.SRegResponse.extractResponse(sreg_req, sreg_data)
oresponse.addExtension(sreg_resp)
elif orequest.immediate:
raise Exception('checkid_immediate mode not supported')
else:
req.session['OPENID_REQUEST'] = orequest
return HttpResponseRedirect(reverse('openid-provider-decide'))
else:
oresponse = server.handleRequest(orequest)
webresponse = server.encodeResponse(oresponse)
return django_response(webresponse)
def setUp(self):
super(OpenIDStoreTests, self).setUp()
self.store = DjangoOpenIDStore()
class OpenIDStoreTests(TestCase):
def setUp(self):
super(OpenIDStoreTests, self).setUp()
self.store = DjangoOpenIDStore()
def test_storeAssociation(self):
assoc = OIDAssociation('handle', 'secret', 42, 600, 'HMAC-SHA1')
self.store.storeAssociation('server-url', assoc)
dbassoc = Association.objects.get(
server_url='server-url', handle='handle')
self.assertEquals(dbassoc.server_url, 'server-url')
self.assertEquals(dbassoc.handle, 'handle')
self.assertEquals(dbassoc.secret, 'secret'.encode('base-64'))
self.assertEquals(dbassoc.issued, 42)
self.assertEquals(dbassoc.lifetime, 600)
self.assertEquals(dbassoc.assoc_type, 'HMAC-SHA1')
def test_storeAssociation_update_existing(self):
assoc = OIDAssociation('handle', 'secret', 42, 600, 'HMAC-SHA1')
self.store.storeAssociation('server-url', assoc)
# Now update the association with new information.
assoc = OIDAssociation('handle', 'secret2', 420, 900, 'HMAC-SHA256')
self.store.storeAssociation('server-url', assoc)
dbassoc = Association.objects.get(
server_url='server-url', handle='handle')
self.assertEqual(dbassoc.secret, 'secret2'.encode('base-64'))
self.assertEqual(dbassoc.issued, 420)
self.assertEqual(dbassoc.lifetime, 900)
self.assertEqual(dbassoc.assoc_type, 'HMAC-SHA256')
def test_getAssociation(self):
timestamp = int(time.time())
self.store.storeAssociation(
'server-url', OIDAssociation('handle', 'secret', timestamp, 600,
'HMAC-SHA1'))
assoc = self.store.getAssociation('server-url', 'handle')
self.assertTrue(isinstance(assoc, OIDAssociation))
self.assertEquals(assoc.handle, 'handle')
self.assertEquals(assoc.secret, 'secret')
self.assertEquals(assoc.issued, timestamp)
self.assertEquals(assoc.lifetime, 600)
self.assertEquals(assoc.assoc_type, 'HMAC-SHA1')
def test_getAssociation_unknown(self):
assoc = self.store.getAssociation('server-url', 'unknown')
self.assertEquals(assoc, None)
def test_getAssociation_expired(self):
lifetime = 600
timestamp = int(time.time()) - 2 * lifetime
self.store.storeAssociation(
'server-url', OIDAssociation('handle', 'secret', timestamp,
lifetime, 'HMAC-SHA1'))
# The association is not returned, and is removed from the database.
assoc = self.store.getAssociation('server-url', 'handle')
self.assertEquals(assoc, None)
self.assertRaises(Association.DoesNotExist, Association.objects.get,
server_url='server-url', handle='handle')
def test_getAssociation_no_handle(self):
timestamp = int(time.time())
self.store.storeAssociation(
'server-url', OIDAssociation('handle1', 'secret', timestamp + 1,
600, 'HMAC-SHA1'))
self.store.storeAssociation(
'server-url', OIDAssociation('handle2', 'secret', timestamp,
600, 'HMAC-SHA1'))
# The newest handle is returned.
assoc = self.store.getAssociation('server-url', None)
self.assertNotEquals(assoc, None)
self.assertEquals(assoc.handle, 'handle1')
self.assertEquals(assoc.issued, timestamp + 1)
def test_removeAssociation(self):
timestamp = int(time.time())
self.store.storeAssociation(
'server-url', OIDAssociation('handle', 'secret', timestamp, 600,
'HMAC-SHA1'))
self.assertEquals(
self.store.removeAssociation('server-url', 'handle'), True)
self.assertEquals(
self.store.getAssociation('server-url', 'handle'), None)
def test_removeAssociation_unknown(self):
self.assertEquals(
self.store.removeAssociation('server-url', 'unknown'), False)
def test_useNonce(self):
timestamp = time.time()
# The nonce can only be used once.
self.assertEqual(
self.store.useNonce('server-url', timestamp, 'salt'), True)
self.assertEqual(
self.store.useNonce('server-url', timestamp, 'salt'), False)
self.assertEqual(
self.store.useNonce('server-url', timestamp, 'salt'), False)
def test_useNonce_expired(self):
timestamp = time.time() - 2 * SKEW
self.assertEqual(
self.store.useNonce('server-url', timestamp, 'salt'), False)
def test_useNonce_future(self):
timestamp = time.time() + 2 * SKEW
self.assertEqual(
self.store.useNonce('server-url', timestamp, 'salt'), False)
def test_cleanupNonces(self):
timestamp = time.time()
self.assertEqual(
self.store.useNonce('server1', timestamp, 'salt1'), True)
self.assertEqual(
self.store.useNonce('server2', timestamp, 'salt2'), True)
self.assertEqual(
self.store.useNonce('server3', timestamp, 'salt3'), True)
self.assertEqual(Nonce.objects.count(), 3)
self.assertEqual(
self.store.cleanupNonces(_now=timestamp + 2 * SKEW), 3)
self.assertEqual(Nonce.objects.count(), 0)
# The nonces have now been cleared:
self.assertEqual(
self.store.useNonce('server1', timestamp, 'salt1'), True)
self.assertEqual(
self.store.cleanupNonces(_now=timestamp + 2 * SKEW), 1)
self.assertEqual(
self.store.cleanupNonces(_now=timestamp + 2 * SKEW), 0)
def test_cleanupAssociations(self):
timestamp = int(time.time()) - 100
self.store.storeAssociation(
'server-url', OIDAssociation('handle1', 'secret', timestamp,
50, 'HMAC-SHA1'))
self.store.storeAssociation(
'server-url', OIDAssociation('handle2', 'secret', timestamp,
200, 'HMAC-SHA1'))
self.assertEquals(self.store.cleanupAssociations(), 1)
# The second (non-expired) association is left behind.
self.assertNotEqual(self.store.getAssociation('server-url', 'handle2'),
None)
def handle_noargs(self, **options):
store = DjangoOpenIDStore()
store.cleanup()
