def view_persons_provision_sign(): if not 'email' in request.form or not 'publicKey' in request.form \ or not 'certDuration' in request.form: return Response('Invalid request', status=400) email = request.form['email'] publicKey = request.form['publicKey'] certDuration = request.form['certDuration'] if email == ('%s@%s' % (get_auth_module().get_username() , app.config['PERSONA_DOMAIN'])): return persona_sign(email, publicKey, certDuration) else: if get_auth_module().logged_in(): log_error('Failure', { 'email': email, 'username': get_auth_module().get_username(), 'message': 'User tried to get certificate for incorrect user' }) return Response('Incorrect user!', status=403) else: log_error('Failure', { 'email': email, 'message': 'User tried to get certificate while not logged in' }) return Response('Not signed in', status=401)
'message': 'Trust root demanded checkid_immediate'}) return openid_respond(openid_request.answer(False)) elif authed == AUTH_TIMEOUT: get_session()['timeout'] = True get_session()['next'] = request.base_url get_session().save() return get_auth_module().start_authentication() elif authed == AUTH_NOT_LOGGED_IN: get_session()['next'] = request.base_url get_session()['trust_root'] = openid_request.trust_root get_session().save() return get_auth_module().start_authentication() else: log_error('Failure', { 'username': get_auth_module().get_username(), 'attempted_claimed_id': openid_request.identity, 'trust_root': openid_request.trust_root, 'message': 'The user tried to claim an ID that is not theirs'}) return 'This is not your ID! If it is, please contact the ' \ 'administrators at [email protected]. Be sure to ' \ 'mention your session ID: %(logid)s' % { 'logid': get_session()['log_id']} else: return openid_respond(get_server().handleRequest(openid_request)) def isAuthorized(openid_request): pape_req_time, pape_auth_policies, pape_auth_level_types = \ getPapeRequestInfo(openid_request) if not get_auth_module().logged_in():
key = M2Crypto.RSA.load_key(app.config['PERSONA_PRIVATE_KEY_PATH'], get_passphrase) key_len = len(key) if key_len == 2048: digest_size = '256' else: raise Exception('Keys with size %i bits are not supported' % key_len) e = 0 for c in key.e[4:]: e = (e*256) + ord(c) n = 0 for c in key.n[4:]: n = (n*256) + ord(c) key_e = e key_n = n except Exception as e: log_error('Unable to read the private key for Persona: %s' % e) # These things only make sense if we were able to get a key if key and key_len and digest_size and key_e and key_n: @app.route('/.well-known/browserid') def view_browserid(): info = {} info['authentication'] = '/persona/sign_in/' info['provisioning'] = '/persona/provision/' info['public-key'] = {} info['public-key']['algorithm'] = 'RS' info['public-key']['n'] = str(key_n) info['public-key']['e'] = str(key_e)