def view_persons_provision_sign():
if not 'email' in request.form or not 'publicKey' in request.form \
or not 'certDuration' in request.form:
return Response('Invalid request', status=400)
email = request.form['email']
publicKey = request.form['publicKey']
certDuration = request.form['certDuration']
if email == ('%s@%s' % (get_auth_module().get_username()
, app.config['PERSONA_DOMAIN'])):
return persona_sign(email, publicKey, certDuration)
else:
if get_auth_module().logged_in():
log_error('Failure', {
'email': email,
'username': get_auth_module().get_username(),
'message': 'User tried to get certificate for incorrect user'
})
return Response('Incorrect user!', status=403)
else:
log_error('Failure', {
'email': email,
'message': 'User tried to get certificate while not logged in'
})
return Response('Not signed in', status=401)
'message': 'Trust root demanded checkid_immediate'})
return openid_respond(openid_request.answer(False))
elif authed == AUTH_TIMEOUT:
get_session()['timeout'] = True
get_session()['next'] = request.base_url
get_session().save()
return get_auth_module().start_authentication()
elif authed == AUTH_NOT_LOGGED_IN:
get_session()['next'] = request.base_url
get_session()['trust_root'] = openid_request.trust_root
get_session().save()
return get_auth_module().start_authentication()
else:
log_error('Failure', {
'username': get_auth_module().get_username(),
'attempted_claimed_id': openid_request.identity,
'trust_root': openid_request.trust_root,
'message':
'The user tried to claim an ID that is not theirs'})
return 'This is not your ID! If it is, please contact the ' \
'administrators at [email protected]. Be sure to ' \
'mention your session ID: %(logid)s' % {
'logid': get_session()['log_id']}
else:
return openid_respond(get_server().handleRequest(openid_request))
def isAuthorized(openid_request):
pape_req_time, pape_auth_policies, pape_auth_level_types = \
getPapeRequestInfo(openid_request)
if not get_auth_module().logged_in():
key = M2Crypto.RSA.load_key(app.config['PERSONA_PRIVATE_KEY_PATH'], get_passphrase)
key_len = len(key)
if key_len == 2048:
digest_size = '256'
else:
raise Exception('Keys with size %i bits are not supported' % key_len)
e = 0
for c in key.e[4:]:
e = (e*256) + ord(c)
n = 0
for c in key.n[4:]:
n = (n*256) + ord(c)
key_e = e
key_n = n
except Exception as e:
log_error('Unable to read the private key for Persona: %s' % e)
# These things only make sense if we were able to get a key
if key and key_len and digest_size and key_e and key_n:
@app.route('/.well-known/browserid')
def view_browserid():
info = {}
info['authentication'] = '/persona/sign_in/'
info['provisioning'] = '/persona/provision/'
info['public-key'] = {}
info['public-key']['algorithm'] = 'RS'
info['public-key']['n'] = str(key_n)
info['public-key']['e'] = str(key_e)
