def verify(self, request, url, session): request_token = oauth.Token.from_string(session['token']) verifier = request.GET.get('oauth_verifier') if not verifier: redirect(self.config.get('oauth_failure')) request_token.set_verifier(verifier) client = oauth.Client(self.consumer, request_token) resp, content = client.request(self.access_token_url, "POST") if resp['status'] != '200': redirect(self.config.get('oauth_failure')) access_token = dict(urlparse.parse_qsl(content)) return self._get_credentials(access_token)
def request_access(self, request, url, session): return_to = url(controller='account', action="verify", provider=self.provider, qualified=True) loc = build_url(self.authorization_url, client_id=self.app_id, scope=self.scope, redirect_uri=return_to) return redirect(loc)
def request_access(self, request, url, session): # Create the consumer and client, make the request client = oauth.Client(self.consumer) params = { 'oauth_callback': url(controller='account', action="verify", provider=self.provider, qualified=True) } if self.scope: params['scope'] = self.scope # We go through some shennanigans here to specify a callback url oauth_request = oauth.Request.from_consumer_and_token( self.consumer, http_url=self.request_token_url, parameters=params) oauth_request.sign_request(self.sigmethod, self.consumer, None) client = HttpRequestor() resp, content = client.request(self.request_token_url, method='GET', headers=oauth_request.to_header()) if resp['status'] != '200': client.save_capture("oauth1 request_access failure") raise AccessException("Error status: %r", resp['status']) request_token = oauth.Token.from_string(content) session['token'] = content session.save() # force_login is twitter specific if (self.provider == 'twitter.com' and asbool(request.POST.get('force_login'))): http_url = self.authorization_url + '?force_login=true' else: http_url = self.authorization_url # Send the user to the oauth provider to authorize us oauth_request = \ oauth.Request.from_token_and_callback(token=request_token, http_url=http_url) return redirect(oauth_request.to_url())
def request_access(self, request, url, session): log_debug = self.log_debug if log_debug: log.debug('Handling OpenID login') # Load default parameters that all Auth Responders take fail_uri = self.config.get('oauth_failure') openid_url = request.POST.get('openid_identifier') # Let inherited consumers alter the openid identifier if desired openid_url = self._lookup_identifier(openid_url) openid_session = {} oidconsumer = consumer.Consumer(openid_session, self.openid_store, self.consumer_class) try: authrequest = oidconsumer.begin(openid_url) except consumer.DiscoveryFailure, exc: log.error("openid discovery failure: %s", exc) return redirect(fail_uri)
class OpenIDResponder(object): """OpenID Consumer for handling OpenID authentication """ def __init__(self, provider): self.provider = provider self.consumer_class = None self.log_debug = logging.DEBUG >= log.getEffectiveLevel() self.config = get_oauth_config(provider) self.endpoint_regex = self.config.get('endpoint_regex') # application config items, dont use self.config store = config.get('openid_store', 'mem') if store == u"file": store_file_path = config.get('openid_store_path', None) self.openid_store = filestore.FileOpenIDStore(store_file_path) elif store == u"mem": self.openid_store = memstore.MemoryStore() elif store == u"sql": # TODO: This does not work as we need a connection, not a string # XXX #self.openid_store = sqlstore.SQLStore(sql_connstring, # sql_associations_table, sql_connstring) raise NotImplementedError() self.scope = self.config.get('scope', None) self.return_to_query = {} def _lookup_identifier(self, identifier): """Extension point for inherited classes that want to change or set a default identifier""" return identifier def _update_authrequest(self, authrequest, request): """Update the authrequest with the default extensions and attributes we ask for This method doesn't need to return anything, since the extensions should be added to the authrequest object itself. """ # Add on the Attribute Exchange for those that support that ax_request = ax.FetchRequest() for attrib in attributes.values(): ax_request.add(ax.AttrInfo(attrib)) authrequest.addExtension(ax_request) # Form the Simple Reg request sreg_request = sreg.SRegRequest(optional=[ 'nickname', 'email', 'fullname', 'dob', 'gender', 'postcode', 'country', 'language', 'timezone' ], ) authrequest.addExtension(sreg_request) return None def _get_access_token(self, request_token): """Called to exchange a request token for the access token This method doesn't by default return anything, other OpenID+Oauth consumers should override it to do the appropriate lookup for the access token, and return the access token. """ return None def request_access(self, request, url, session): log_debug = self.log_debug if log_debug: log.debug('Handling OpenID login') # Load default parameters that all Auth Responders take fail_uri = self.config.get('oauth_failure') openid_url = request.POST.get('openid_identifier') # Let inherited consumers alter the openid identifier if desired openid_url = self._lookup_identifier(openid_url) openid_session = {} oidconsumer = consumer.Consumer(openid_session, self.openid_store, self.consumer_class) try: authrequest = oidconsumer.begin(openid_url) except consumer.DiscoveryFailure, exc: log.error("openid discovery failure: %s", exc) return redirect(fail_uri) if authrequest is None: return redirect(fail_uri) # Update the authrequest self._update_authrequest(authrequest, request) return_to = url(controller='account', action="verify", provider=self.provider, qualified=True, **self.return_to_query) # Ensure our session is saved for the id to persist session['openid_session'] = openid_session session.save() redirect_url = authrequest.redirectURL(realm=request.application_url, return_to=return_to, immediate=False) # OpenID 2.0 lets Providers request POST instead of redirect, this # checks for such a request. if authrequest.shouldSendRedirect(): redirect_url = authrequest.redirectURL( realm=request.application_url, return_to=return_to, immediate=False) return redirect(redirect_url) else: return authrequest.htmlMarkup(realm=request.application_url, return_to=return_to, immediate=False)