def test_services_service_not_supported(self, mock_discover):
mock_discover.return_value = ('http://test.com/openid',
self.mock_services)
with self.assertRaises(openid.ServiceError) as e:
openid.services('http://test.com/openid',
['urn.test1', 'urn.test2'])
self.assertEqual(
str(e.exception),
str(openid.ServiceError('http://test.com/openid', 'urn.test1')))
def login_oauth2(request):
try:
common.authentication_required(request)
logger.info('Authenticating OAuth2 for {}'.format(
request.user.auth.openid_url))
auth_service, cert_service = openid.services(
request.user.auth.openid_url, (URN_AUTHORIZE, URN_RESOURCE))
redirect_url, state = oauth2.get_authorization_url(
auth_service.server_url, cert_service.server_url)
logger.info('Retrieved authorization url for OpenID {}'.format(
request.user.auth.openid_url))
request.session.update({
'oauth_state': state,
'openid': request.user.auth.openid_url
})
except WPSError as e:
logger.exception('Error authenticating OAuth2')
return common.failed(str(e))
else:
return common.success({'redirect': redirect_url})
def oauth2_callback(request):
user = None
try:
openid_url = request.session.pop('openid')
oauth_state = request.session.pop('oauth_state')
logger.info('Handling OAuth2 callback for %r current state %r',
openid_url, oauth_state)
user = models.User.objects.get(auth__openid_url=openid_url)
logger.info('Discovering token and certificate services')
token_service, cert_service = openid.services(
openid_url, (URN_ACCESS, URN_RESOURCE))
request_url = '{}?{}'.format(settings.WPS_OAUTH2_CALLBACK,
request.META['QUERY_STRING'])
logger.info('Getting token from service')
token = oauth2.get_token(token_service.server_url, request_url,
oauth_state)
logger.info('Getting certificate from service')
cert, key, new_token = oauth2.get_certificate(token, oauth_state,
token_service.server_url,
cert_service.server_url)
logger.info('Updating user with token, certificate and state')
user.auth.update('oauth2', [cert, key],
token=new_token,
state=oauth_state)
except KeyError as e:
logger.exception('Missing %r key from session data', e)
return common.failed('Invalid OAuth state, report to server'
' administrator')
except (WPSError, oauth2.OAuth2Error) as e:
logger.exception('OAuth2 callback failed')
if user is not None:
extra = json.loads(user.auth.extra)
extra['error'] = 'OAuth2 callback failed "{}"'.format(str(e))
user.auth.extra = json.dumps(extra)
user.auth.save()
logger.info('Finished handling OAuth2 callback, redirect to profile')
metrics.track_login(metrics.WPS_OAUTH_LOGIN_SUCCESS, user.auth.openid_url)
return redirect(settings.WPS_PROFILE_URL)
def test_services(self, mock_discover):
mock_discover.return_value = ('http://test.com/openid',
self.mock_services)
services = openid.services('http://test.com/openid',
['test_uri_1', 'test_uri_3'])
self.assertEqual(len(services), 2)
def login_mpc(request):
try:
common.authentication_required(request)
form = forms.MPCForm(request.POST)
data = common.validate_form(form, ('username', 'password'))
logger.info('Authenticating MyProxyClient for {}'.format(
data['username']))
services = openid.services(request.user.auth.openid_url, (URN_MPC, ))
g = re.match('socket://(.*):(.*)', services[0].server_url)
if g is None or len(g.groups()) != 2:
raise MPCEndpointParseError()
host, port = g.groups()
from OpenSSL import SSL
MyProxyClient.SSL_METHOD = SSL.TLSv1_2_METHOD
try:
m = MyProxyClient(hostname=host, caCertDir=settings.WPS_CA_PATH)
c = m.logon(data['username'], data['password'], bootstrap=True)
except Exception as e:
raise common.AuthenticationError(user=data['username'])
logger.info(
'Authenticated with MyProxyClient backend for user {}'.format(
data['username']))
request.user.auth.update('myproxyclient', c)
except WPSError as e:
logger.exception('Error authenticating MyProxyClient')
return common.failed(str(e))
else:
metrics.track_login(metrics.WPS_MPC_LOGIN_SUCCESS,
request.user.auth.openid_url)
return common.success({
'type': request.user.auth.type,
'api_key': request.user.auth.api_key
})
finally:
if not request.user.is_anonymous:
metrics.track_login(metrics.WPS_MPC_LOGIN,
request.user.auth.openid_url)
def oauth2_callback(request):
user = None
try:
openid_url = request.session.pop('openid')
oauth_state = request.session.pop('oauth_state')
user = models.User.objects.get(auth__openid_url=openid_url)
token_service, cert_service = openid.services(
openid_url, (URN_ACCESS, URN_RESOURCE))
request_url = '{}?{}'.format(settings.OAUTH2_CALLBACK,
request.META['QUERY_STRING'])
token = oauth2.get_token(token_service.server_url, request_url,
oauth_state)
logger.info('Retrieved OAuth2 token for OpenID {}'.format(openid_url))
cert, key, new_token = oauth2.get_certificate(token,
token_service.server_url,
cert_service.server_url)
logger.info('Retrieved Certificated for OpenID {}'.format(openid_url))
user.auth.update('oauth2', [cert, key], token=new_token)
except KeyError as e:
pass
except WPSError as e:
logger.exception('OAuth2 callback failed')
if user is not None:
extra = json.loads(user.auth.extra)
extra['error'] = 'OAuth2 callback failed "{}"'.format(str(e))
user.auth.extra = json.dumps(extra)
user.auth.save()
finally:
return redirect(settings.PROFILE_URL)
def test_services_discovery_error(self):
with self.assertRaises(openid.DiscoverError) as e:
openid.services('http://testbad.com/openid',
['urn.test1', 'urn.test2'])