def rpx_response(request): """ process the login token """ logger.debug('django_rpx.views.rpx_response processing') token = request.POST.get('token', None) if not token: logger.debug('no token provided, forbidden') return HttpResponseForbidden() logger.debug('authenticating') user=authenticate(token=token) logger.debug('authenticaton complete, user is %s' %(user,)) if user and user.is_active: login(request, user) # TODO make it 302 and put in a cache buster return HttpResponseRedirect('/?login') else: return HttpResponseForbidden()
def authenticate(self, token=''): """ TODO: pass in a message array here which can be filled with an error message with failure response """ logger.debug('django_rpx.backends.authenticate token = %s' %(token, )) api = RpxApi() json = api.get_auth_info(token) if json['stat'] <> 'ok': logger.debug('json results != ok -- %s' %(json['stat'])) return None profile = json['profile'] rpx_id = profile['identifier'] nickname = profile.get('displayName') or \ profile.get('preferredUsername') email = profile.get('email', '') profile_pic_url = profile.get('photo') info_page_url = profile.get('url') provider=profile.get("providerName") user=self.get_user_by_rpx_id(rpx_id) logger.debug('got user by rpx id %s' %(user, )) if not user: # no match. we can try to match on email, though, provided that doesn't steal # an rpx association if email and profile['providerName'] in TRUSTED_PROVIDERS: #beware - this would allow account theft, so we only allow it #for trusted providers user_candidates=User.objects.all().filter( rpxdata=None).filter(email=email) # if unambiguous, do it. otherwise, don't. if user_candidates.count()==1: [user]=user_candidates rpxdata=RpxData(identifier=rpx_id) else: return None else: #no match, create a new user - but there may be duplicate user names. logger.debug('backends.authenticate -- creating new user') username=nickname user=None try: i=0 while True: User.objects.get(username=username) username=permute_name(nickname, i) i+=1 except User.DoesNotExist: #available name! user=User.objects.create_user(username, email) rpxdata = RpxData(identifier=rpx_id) rpxdata.user=user try: rpxdata.save() except: # the object already exists return False rpxdata = RpxData.objects.get(identifier=rpx_id) api.save_data(json, rpxdata, user) if profile_pic_url: rpxdata.profile_pic_url=profile_pic_url if info_page_url: rpxdata.info_page_url=info_page_url if provider: rpxdata.provider=provider rpxdata.save() return user