Changeset 136

Timestamp:

11/06/07 00:37:54

Author:

thejimmyg

Message:

Added some updates to support OpenID 2

Files:

• AuthKit/trunk/authkit/authenticate/open_id.py (modified) (20 diffs)

AuthKit/trunk/authkit/authenticate/open_id.py

@@ -18 +18 @@
-This middleware actually sets two cookies, one for AuthKit and one for a session
-store to store the ID which OpenID information is keyed against.
+
+The OpenID sreg variables you can use include:
+
+``nickname``
+    Any UTF-8 string that the End User wants to use as a nickname. 
+
+``email``
+    The email address of the End User as specified in section 3.4.1 of
+    [RFC2822] (Resnick, P., "Internet Message Format," .). 
+
+``fullname``
+    UTF-8 string free text representation of the End User's full name. 
+
+``dob``
+    The End User's date of birth as YYYY-MM-DD. Any values whose representation
+    uses fewer than the specified number of digits should be zero-padded. The
+    length of this value MUST always be 10. If the End User user does not want
+    to reveal any particular component of this value, it MUST be set to zero.
+    For instance, if a End User wants to specify that his date of birth is in
+    1980, but not the month or day, the value returned SHALL be "1980-00-00".
+
+``gender``
+    The End User's gender, "M" for male, "F" for female. 
+
+``postcode``
+    UTF-8 string free text that SHOULD conform to the End User's country's
+    postal system. 
+
+``country``
+    The End User's country of residence as specified by ISO3166. 
+
+``language``
+    End User's preferred language as specified by ISO639. 
+
+``timezone``
+    ASCII string from TimeZone database
+    For example, "Europe/Paris" or "America/Los_Angeles".
-"""
-
@@ -27 +64 @@
-from paste.request import construct_url
-from openid.consumer import consumer
-
-
-
+
+
-from authkit.authenticate import get_template, valid_password, \
-   get_authenticate_function, strip_base, RequireEnvironKey, \
-   AuthKitUserSetter, AuthKitAuthHandler
-from authkit.authenticate.multi import MultiHandler, status_checker
-from beaker.middleware import SessionMiddleware
-
-def template():
@@ -116 +151 @@
-        from openid.store.sqlstore import MySQLStore
-        from sqlalchemy.engine.url import make_url
-
+
-        def create_conn(dburi):
-            url = make_url(dburi)
@@ -134 +169 @@
-        raise Exception("Invalid store type %r"%store)
-    return conn, cstore
-
+
-class AuthOpenIDHandler:
-    """
@@ -148 +183 @@
-        path_signedin, 
-        template=None,
-        session_secret=None,
-        session_key='authkit_openid',
-        session_middleware='beaker.session',
-        path_verify='/verify', 
@@ -166 +199 @@
-        self.path_process = path_process
-        self.session_middleware = session_middleware
-        self.session_key = session_key
-        self.session_secret = session_secret
-        self.app = app
-        self.urltouser = urltouser
@@ -218 +249 @@
-                [
-                    ('Content-type', 'text/html'+self.charset),
-len(response
+str(len(response)
-                ]
-            )
@@ -225 +256 @@
-        try:
-            request_ = oidconsumer.begin(openid_url)
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
-            response = render(
-                self.template,
@@ -257 +270 @@
-                [
-                    ('Content-type', 'text/html'+self.charset),
-len(response
+str(len(response)
-                ]
-            )
@@ -276 +289 @@
-                    [
-                        ('Content-type', 'text/html'+self.charset),
-len(response
+str(len(response)
-                    ]
-                )
-                return response
-            else:
+                session = environ[self.session_middleware]
+                if 'HTTP_REFERER' in environ and \
+                        not environ['HTTP_REFERER'].endswith(self.path_verify) and \
+                        not environ['HTTP_REFERER'].endswith(self.path_process):
+                    session['referer'] = environ['HTTP_REFERER']
+
+                if self.sreg_required or self.sreg_optional or self.sreg_policyurl:
+                    required_list = []
+                    if self.sreg_required:
+                        required_list = [opt.strip() for opt in self.sreg_required.split(',')]
+                    optional_list = []
+                    if self.sreg_optional:
+                        optional_list = [opt.strip() for opt in self.sreg_optional.split(',')]
+                    sreg_request = sreg.SRegRequest(
+                        required=required_list,
+                        optional=optional_list,
+                        policy_url=self.sreg_policyurl)
+                    request_.addExtension(sreg_request)
+
-                trust_root = baseurl
-                return_to = baseurl + self.path_process
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-
-    def process(self, environ, start_response):
@@ -309 +357 @@
-        css_class = 'error'
-        message = ''
+
-        params = dict(paste.request.parse_querystring(environ))
-        oidconsumer = self._get_consumer(environ)
-        info = oidconsumer.complete(dict(params))
-
+
-        if info.status == consumer.FAILURE and info.identity_url:
-            fmt = "Verification of %s failed."
@@ -321 +370 @@
-        elif info.status == consumer.SUCCESS:
-            username = info.identity_url
-
+
+
+
-            # Set the cookie
-            if self.urltouser:
@@ -327 +378 @@
-            environ['paste.auth_tkt.set_user'](username, user_data=user_data)
-            # Return a page that does a meta refresh
+            session = environ[self.session_middleware]
+            if 'referer' in session:
+                redirect_url = session.pop('referer')
+            else:
+                redirect_url = self.baseurl + self.path_signedin
+
-            response = """
-<HTML>
@@ -337 +394 @@
-</BODY>
-</HTML>
-self.baseurl + self.path_signedin
+redirect_url
-            start_response(
-                '200 OK', 
-                [
-                    ('Content-type', 'text/html'+self.charset),
-len(response
+str(len(response)
-                ]
-            )
@@ -348 +405 @@
-        elif info.status == consumer.CANCEL:
-            message = 'Verification cancelled'
+        elif info.status == consumer.SETUP_NEEDED:
+            if info.setup_url:
+                message = '<a href=%s>Setup needed</a>' % (
+                    self._quoteattr(info.setup_url),)
+            else:
+                message = 'Setup needed'
-        else:
-            environ['wsgi.errors'].write("Passurl Message: %s"%info.message)
@@ -363 +426 @@
-            [
-                ('Content-type', 'text/html'+self.charset),
-len(response
+str(len(response)
-            ]
-        )
@@ -375 +438 @@
-        session = environ[self.session_middleware]
-        session['id'] = session.id
-
+
+
-        session.save()
-
+o
-
-    def _quoteattr(self, s):
@@ -384 +448 @@
-        qs = cgi.escape(s, 1)
-        return '"%s"' % (qs,)
-            
-
-class OpenIDUserSetter(AuthKitUserSetter):
@@ -402 +465 @@
-            sreg_policyurl=options['sreg_policyurl'],
-        )
-
-        if options['session_middleware'] == 'beaker.session':
-            app = SessionMiddleware(
-                app, 
-                key=options['session_key'], 
-                secret=options['session_secret']
-            )
-        self.app = app
-
-    def __call__(self, environ, start_response):
-        return self.app(environ, start_response)
-
-
-def load_openid_config(
@@ -447 +502 @@
-        'sreg_optional': auth_conf.get('sreg.optional'),
-        'sreg_policyurl': auth_conf.get('sreg.policyurl'),
-        # XXX This need to actually be configurable, not hard coded
-        'session_secret': 'asdasd',
-        'session_key': 'authkit_openid',
-        'session_middleware': 'beaker.session',
-    }
-    if user_setter_params['session_middleware'] == 'beaker.session':
-        if not user_setter_params['session_secret']:
-            raise AuthKitConfigError('No session_secret set')
-    auth_handler_params={
-        'template':user_setter_params['template'],