annotate MoinMoin/action/serveopenid.py @ 6103:500f68d3e2fd

remove our own usage of python_compatibility module
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Tue, 06 Sep 2016 01:00:25 +0200
parents 4ab3c578e44b
children
rev   line source
3144
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
1 # -*- coding: utf-8 -*-
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
2 """
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
3 MoinMoin - OpenID server action
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
4
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
5 This is the UI and provider for OpenID.
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
6
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
7 @copyright: 2006, 2007, 2008 Johannes Berg <johannes@sipsolutions.net>
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
8 @license: GNU GPL, see COPYING for details.
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
9 """
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
10
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
11 from MoinMoin.util.moinoid import MoinOpenIDStore, strbase64
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
12 from MoinMoin import wikiutil
4393
911cb338943e Python 2.3 compatibility fixes (thanks to Greg Ward)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3234
diff changeset
13 from openid.consumer.discover import OPENID_1_0_TYPE, \
911cb338943e Python 2.3 compatibility fixes (thanks to Greg Ward)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3234
diff changeset
14 OPENID_1_1_TYPE, OPENID_2_0_TYPE, OPENID_IDP_2_0_TYPE
3144
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
15 from openid import sreg
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
16 from openid.cryptutil import randomString
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
17 from openid.server import server
5800
4ab3c578e44b Introduced the invalidation of associations where the endpoint to be returned in
Paul Boddie <paul@boddie.org.uk>
parents: 5386
diff changeset
18 from openid.message import IDENTIFIER_SELECT, OPENID_NS
3144
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
19 from MoinMoin.widget import html
4277
c9240417af81 Fixed: import of MoinMoinFinish
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4201
diff changeset
20 from MoinMoin.web.request import MoinMoinFinish
3144
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
21
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
22 def execute(pagename, request):
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
23 return MoinOpenIDServer(pagename, request).handle()
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
24
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
25 class MoinOpenIDServer:
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
26 def __init__(self, pagename, request):
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
27 self.request = request
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
28 self._ = request.getText
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
29 self.cfg = request.cfg
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
30
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
31 def serveYadisEP(self, endpoint_url):
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
32 request = self.request
4183
fc20a076aad0 Accomodate for consolidation of Request/Response
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4176
diff changeset
33 request.content_type = 'application/xrds+xml'
3144
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
34
3234
a739558ca3dc Page.url() default changed to relative=False
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3214
diff changeset
35 user_url = request.getQualifiedURL(request.page.url(request))
3144
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
36 self.request.write("""\
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
37 <?xml version="1.0" encoding="UTF-8"?>
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
38 <xrds:XRDS
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
39 xmlns:xrds="xri://$xrds"
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
40 xmlns="xri://$xrd*($v*2.0)">
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
41 <XRD>
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
42
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
43 <Service priority="0">
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
44 <Type>%(type10)s</Type>
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
45 <URI>%(uri)s</URI>
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
46 <LocalID>%(id)s</LocalID>
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
47 </Service>
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
48
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
49 <Service priority="0">
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
50 <Type>%(type11)s</Type>
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
51 <URI>%(uri)s</URI>
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
52 <LocalID>%(id)s</LocalID>
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
53 </Service>
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
54
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
55 <!-- older version of the spec draft -->
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
56 <Service priority="0">
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
57 <Type>http://openid.net/signon/2.0</Type>
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
58 <URI>%(uri)s</URI>
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
59 <LocalID>%(id)s</LocalID>
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
60 </Service>
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
61
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
62 <Service priority="0">
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
63 <Type>%(type20)s</Type>
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
64 <URI>%(uri)s</URI>
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
65 <LocalID>%(id)s</LocalID>
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
66 </Service>
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
67
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
68 </XRD>
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
69 </xrds:XRDS>
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
70 """ % {
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
71 'type10': OPENID_1_0_TYPE,
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
72 'type11': OPENID_1_1_TYPE,
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
73 'type20': OPENID_2_0_TYPE,
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
74 'uri': endpoint_url,
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
75 'id': user_url
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
76 })
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
77
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
78 def serveYadisIDP(self, endpoint_url):
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
79 request = self.request
4183
fc20a076aad0 Accomodate for consolidation of Request/Response
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4176
diff changeset
80 request.content_type = 'application/xrds+xml'
3144
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
81
3234
a739558ca3dc Page.url() default changed to relative=False
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3214
diff changeset
82 user_url = request.getQualifiedURL(request.page.url(request))
3144
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
83 self.request.write("""\
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
84 <?xml version="1.0" encoding="UTF-8"?>
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
85 <xrds:XRDS
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
86 xmlns:xrds="xri://$xrds"
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
87 xmlns="xri://$xrd*($v*2.0)">
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
88 <XRD>
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
89
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
90 <Service priority="0">
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
91 <Type>%(typeidp)s</Type>
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
92 <URI>%(uri)s</URI>
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
93 <LocalID>%(id)s</LocalID>
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
94 </Service>
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
95
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
96 </XRD>
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
97 </xrds:XRDS>
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
98 """ % {
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
99 'typeidp': OPENID_IDP_2_0_TYPE,
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
100 'uri': endpoint_url,
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
101 'id': user_url
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
102 })
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
103
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
104 def _verify_endpoint_identity(self, identity):
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
105 """
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
106 Verify that the given identity matches the current endpoint.
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
107
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
108 We always serve out /UserName?action=... for the UserName
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
109 OpenID and this is pure paranoia to make sure it is that way
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
110 on incoming data.
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
111
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
112 Also verify that the given identity is allowed to have an OpenID.
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
113 """
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
114 request = self.request
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
115 cfg = request.cfg
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
116
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
117 # we can very well split on the last slash since usernames
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
118 # must not contain slashes
6103
500f68d3e2fd remove our own usage of python_compatibility module
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5800
diff changeset
119 base, received_name = identity.rsplit('/', 1)
3144
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
120 check_name = received_name
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
121
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
122 if received_name == '':
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
123 pg = wikiutil.getFrontPage(request)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
124 if pg:
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
125 received_name = pg.page_name
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
126 check_name = received_name
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
127 if 'openid.user' in pg.pi:
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
128 received_name = pg.pi['openid.user']
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
129
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
130 # some sanity checking
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
131 # even if someone goes to http://johannes.sipsolutions.net/
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
132 # we'll serve out http://johannes.sipsolutions.net/JohannesBerg?action=serveopenid
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
133 # (if JohannesBerg is set as page_front_page)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
134 # For the #OpenIDUser PI, we need to allow the page that includes the PI,
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
135 # hence use check_name here (see above for how it is assigned)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
136 fullidentity = '/'.join([base, check_name])
3234
a739558ca3dc Page.url() default changed to relative=False
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3214
diff changeset
137 thisurl = request.getQualifiedURL(request.page.url(request))
3144
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
138 if not thisurl == fullidentity:
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
139 return False
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
140
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
141 # again, we never put an openid.server link on this page...
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
142 # why are they here?
4815
d761238f67f9 Groups2009: OpenID related code was refactored to use groups instead of dicts.
Dmitrijs Milajevs <dimazest@gmail.com>
parents: 4410
diff changeset
143 openid_group_name = cfg.openid_server_restricted_users_group
4829
9d510417add0 Groups2009: Instead of checking that some group is defined in a request.groups and then check that some member is in that group request.groups.get method is used.
Dmitrijs Milajevs <dimazest@gmail.com>
parents: 4815
diff changeset
144 if openid_group_name and received_name not in request.groups.get(openid_group_name, []):
4815
d761238f67f9 Groups2009: OpenID related code was refactored to use groups instead of dicts.
Dmitrijs Milajevs <dimazest@gmail.com>
parents: 4410
diff changeset
145 return False
3144
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
146
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
147 return True
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
148
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
149 def handleCheckIDRequest(self, identity, username, openidreq, server_url):
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
150 if self.user_trusts_url(openidreq.trust_root):
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
151 return self.approved(identity, openidreq, server_url=server_url)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
152
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
153 if openidreq.immediate:
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
154 return openidreq.answer(False, identity=identity, server_url=server_url)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
155
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
156 self.request.session['openidserver.request'] = openidreq
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
157 self.show_decide_page(identity, username, openidreq)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
158 return None
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
159
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
160 def _make_identity(self):
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
161 page = wikiutil.getHomePage(self.request)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
162 if page:
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
163 server_url = self.request.getQualifiedURL(
3234
a739558ca3dc Page.url() default changed to relative=False
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3214
diff changeset
164 page.url(self.request, querystr={'action': 'serveopenid'}))
a739558ca3dc Page.url() default changed to relative=False
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3214
diff changeset
165 identity = self.request.getQualifiedURL(page.url(self.request))
3144
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
166 return identity, server_url
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
167 return None, None
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
168
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
169 def handle(self):
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
170 _ = self._
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
171 request = self.request
5386
581cdc260b90 openid server: use request.values to process POSTed form data AND URL args
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5252
diff changeset
172 form = request.values
3144
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
173
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
174 username = request.page.page_name
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
175 if 'openid.user' in request.page.pi:
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
176 username = request.page.pi['openid.user']
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
177
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
178
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
179 if not request.cfg.openid_server_enabled:
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
180 # since we didn't put any openid.server into
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
181 # the page to start with, this is someone trying
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
182 # to abuse us. No need to give a nice error
5252
6f6736e7683c makeForbidden403() is makeForbidden(403, ...) now
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
183 request.makeForbidden(403, '')
3144
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
184 return
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
185
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
186 server_url = request.getQualifiedURL(
3234
a739558ca3dc Page.url() default changed to relative=False
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3214
diff changeset
187 request.page.url(request, querystr={'action': 'serveopenid'}))
3144
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
188
4201
40acd13fb3d6 Changed form access to MultiDict forms
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4183
diff changeset
189 yadis_type = form.get('yadis')
3144
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
190 if yadis_type == 'ep':
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
191 return self.serveYadisEP(server_url)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
192 elif yadis_type == 'idp':
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
193 return self.serveYadisIDP(server_url)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
194
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
195 # if the identity is set it must match the server URL
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
196 # sort of arbitrary, but we have to have some restriction
4201
40acd13fb3d6 Changed form access to MultiDict forms
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4183
diff changeset
197 identity = form.get('openid.identity')
3144
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
198 if identity == IDENTIFIER_SELECT:
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
199 identity, server_url = self._make_identity()
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
200 if not identity:
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
201 return self._sorry_no_identity()
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
202 username = request.user.name
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
203 elif identity is not None:
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
204 if not self._verify_endpoint_identity(identity):
5252
6f6736e7683c makeForbidden403() is makeForbidden(403, ...) now
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
205 request.makeForbidden(403, 'verification failed')
3144
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
206 return
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
207
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
208 if 'openid.user' in request.page.pi:
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
209 username = request.page.pi['openid.user']
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
210
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
211 store = MoinOpenIDStore(request)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
212 openidsrv = server.Server(store, op_endpoint=server_url)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
213
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
214 answer = None
4201
40acd13fb3d6 Changed form access to MultiDict forms
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4183
diff changeset
215 if 'dontapprove' in form:
3144
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
216 answer = self.handle_response(False, username, identity)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
217 if answer is None:
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
218 return
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
219 elif form.has_key('approve'):
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
220 answer = self.handle_response(True, username, identity)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
221 if answer is None:
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
222 return
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
223 else:
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
224 query = {}
4201
40acd13fb3d6 Changed form access to MultiDict forms
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4183
diff changeset
225 for key in form:
40acd13fb3d6 Changed form access to MultiDict forms
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4183
diff changeset
226 query[key] = form[key]
3144
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
227 try:
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
228 openidreq = openidsrv.decodeRequest(query)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
229 except Exception, e:
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
230 request.makeForbidden(403, 'OpenID decode error: %r' % e)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
231 return
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
232
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
233 if openidreq is None:
5252
6f6736e7683c makeForbidden403() is makeForbidden(403, ...) now
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
234 request.makeForbidden(403, 'no request')
3144
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
235 return
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
236
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
237 if request.user.valid and username != request.user.name:
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
238 answer = openidreq.answer(False, identity=identity, server_url=server_url)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
239 elif openidreq.mode in ["checkid_immediate", "checkid_setup"]:
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
240 answer = self.handleCheckIDRequest(identity, username, openidreq, server_url)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
241 if answer is None:
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
242 return
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
243 else:
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
244 answer = openidsrv.handleRequest(openidreq)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
245 webanswer = openidsrv.encodeResponse(answer)
4183
fc20a076aad0 Accomodate for consolidation of Request/Response
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4176
diff changeset
246 request.status = '%d OpenID status' % webanswer.code
3144
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
247 for hdr in webanswer.headers:
4183
fc20a076aad0 Accomodate for consolidation of Request/Response
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4176
diff changeset
248 request.headers.add(hdr, webanswer.headers[hdr])
3144
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
249 request.write(webanswer.body)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
250 raise MoinMoinFinish
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
251
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
252 def handle_response(self, positive, username, identity):
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
253 request = self.request
5386
581cdc260b90 openid server: use request.values to process POSTed form data AND URL args
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5252
diff changeset
254 form = request.values
3144
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
255
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
256 # check form submission nonce, use None for stored value default
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
257 # since it cannot be sent from the user
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
258 session_nonce = self.request.session.get('openidserver.nonce')
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
259 if session_nonce is not None:
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
260 del self.request.session['openidserver.nonce']
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
261 # use empty string if nothing was sent
4201
40acd13fb3d6 Changed form access to MultiDict forms
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4183
diff changeset
262 form_nonce = form.get('nonce', '')
3144
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
263 if session_nonce != form_nonce:
5252
6f6736e7683c makeForbidden403() is makeForbidden(403, ...) now
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
264 self.request.makeForbidden(403, 'invalid nonce')
3144
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
265 return None
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
266
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
267 openidreq = request.session.get('openidserver.request')
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
268 if not openidreq:
5252
6f6736e7683c makeForbidden403() is makeForbidden(403, ...) now
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
269 request.makeForbidden(403, 'no response request')
3144
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
270 return None
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
271 del request.session['openidserver.request']
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
272
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
273 if (not positive or
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
274 not request.user.valid or
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
275 request.user.name != username):
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
276 return openidreq.answer(False)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
277
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
278
4201
40acd13fb3d6 Changed form access to MultiDict forms
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4183
diff changeset
279 if form.get('remember', 'no') == 'yes':
3144
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
280 if not hasattr(request.user, 'openid_trusted_roots'):
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
281 request.user.openid_trusted_roots = []
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
282 request.user.openid_trusted_roots.append(strbase64(openidreq.trust_root))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
283 request.user.save()
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
284 dummyidentity, server_url = self._make_identity()
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
285 return self.approved(identity, openidreq, server_url=server_url)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
286
3212
5c5dbfafea66 comment out simple registration code in openid provider
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 3175
diff changeset
287 def approved(self, identity, openidreq, server_url=None):
5c5dbfafea66 comment out simple registration code in openid provider
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 3175
diff changeset
288 # TODO: If simple registration is implemented, this needs
5c5dbfafea66 comment out simple registration code in openid provider
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 3175
diff changeset
289 # to do something like the following:
5c5dbfafea66 comment out simple registration code in openid provider
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 3175
diff changeset
290 #
5c5dbfafea66 comment out simple registration code in openid provider
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 3175
diff changeset
291 # sreg_data = { fill this dict with real values }
5c5dbfafea66 comment out simple registration code in openid provider
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 3175
diff changeset
292 # sreq_req = sreg.SRegRequest.fromOpenIDRequest(openidreq.message)
5c5dbfafea66 comment out simple registration code in openid provider
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 3175
diff changeset
293 # # do something with the request to see what values are required?
5c5dbfafea66 comment out simple registration code in openid provider
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 3175
diff changeset
294 # sreg_resp = sreg.SRegResponse.extractResponse(openidreq, sreg_data)
5c5dbfafea66 comment out simple registration code in openid provider
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 3175
diff changeset
295 # sreg_resp.addToOpenIDResponse(reply.fields)
5c5dbfafea66 comment out simple registration code in openid provider
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 3175
diff changeset
296
5800
4ab3c578e44b Introduced the invalidation of associations where the endpoint to be returned in
Paul Boddie <paul@boddie.org.uk>
parents: 5386
diff changeset
297 request = self.request
4ab3c578e44b Introduced the invalidation of associations where the endpoint to be returned in
Paul Boddie <paul@boddie.org.uk>
parents: 5386
diff changeset
298
4ab3c578e44b Introduced the invalidation of associations where the endpoint to be returned in
Paul Boddie <paul@boddie.org.uk>
parents: 5386
diff changeset
299 # obtain the endpoint if not overridden by an identity endpoint
4ab3c578e44b Introduced the invalidation of associations where the endpoint to be returned in
Paul Boddie <paul@boddie.org.uk>
parents: 5386
diff changeset
300 page_url = request.getQualifiedURL(
4ab3c578e44b Introduced the invalidation of associations where the endpoint to be returned in
Paul Boddie <paul@boddie.org.uk>
parents: 5386
diff changeset
301 request.page.url(request, querystr={'action': 'serveopenid'}))
4ab3c578e44b Introduced the invalidation of associations where the endpoint to be returned in
Paul Boddie <paul@boddie.org.uk>
parents: 5386
diff changeset
302 endpoint_changed = server_url != page_url
4ab3c578e44b Introduced the invalidation of associations where the endpoint to be returned in
Paul Boddie <paul@boddie.org.uk>
parents: 5386
diff changeset
303
4ab3c578e44b Introduced the invalidation of associations where the endpoint to be returned in
Paul Boddie <paul@boddie.org.uk>
parents: 5386
diff changeset
304 # prepare the response
4ab3c578e44b Introduced the invalidation of associations where the endpoint to be returned in
Paul Boddie <paul@boddie.org.uk>
parents: 5386
diff changeset
305 reply = openidreq.answer(True, identity=identity, server_url=server_url or page_url)
4ab3c578e44b Introduced the invalidation of associations where the endpoint to be returned in
Paul Boddie <paul@boddie.org.uk>
parents: 5386
diff changeset
306
4ab3c578e44b Introduced the invalidation of associations where the endpoint to be returned in
Paul Boddie <paul@boddie.org.uk>
parents: 5386
diff changeset
307 # if the endpoint has changed, perhaps reflecting an identity-specific
4ab3c578e44b Introduced the invalidation of associations where the endpoint to be returned in
Paul Boddie <paul@boddie.org.uk>
parents: 5386
diff changeset
308 # endpoint, remove any association handle in use, working around any
4ab3c578e44b Introduced the invalidation of associations where the endpoint to be returned in
Paul Boddie <paul@boddie.org.uk>
parents: 5386
diff changeset
309 # association-related issues in relying parties (such as python-openid)
4ab3c578e44b Introduced the invalidation of associations where the endpoint to be returned in
Paul Boddie <paul@boddie.org.uk>
parents: 5386
diff changeset
310 if openidreq.assoc_handle and endpoint_changed:
4ab3c578e44b Introduced the invalidation of associations where the endpoint to be returned in
Paul Boddie <paul@boddie.org.uk>
parents: 5386
diff changeset
311 store = MoinOpenIDStore(request)
4ab3c578e44b Introduced the invalidation of associations where the endpoint to be returned in
Paul Boddie <paul@boddie.org.uk>
parents: 5386
diff changeset
312 signatory = server.Signatory(store)
4ab3c578e44b Introduced the invalidation of associations where the endpoint to be returned in
Paul Boddie <paul@boddie.org.uk>
parents: 5386
diff changeset
313 reply.fields.setArg(OPENID_NS, "invalidate_handle", openidreq.assoc_handle)
4ab3c578e44b Introduced the invalidation of associations where the endpoint to be returned in
Paul Boddie <paul@boddie.org.uk>
parents: 5386
diff changeset
314 signatory.invalidate(openidreq.assoc_handle, dumb=False)
3144
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
315 return reply
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
316
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
317 def user_trusts_url(self, trustroot):
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
318 user = self.request.user
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
319 if hasattr(user, 'openid_trusted_roots'):
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
320 return strbase64(trustroot) in user.openid_trusted_roots
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
321 return False
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
322
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
323 def show_decide_page(self, identity, username, openidreq):
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
324 request = self.request
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
325 _ = self._
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
326
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
327 if not request.user.valid or username != request.user.name:
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
328 request.makeForbidden(403, _('''You need to manually go to your OpenID provider wiki
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
329 and log in before you can use your OpenID. MoinMoin will
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
330 never allow you to enter your password here.
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
331
3164
c25bc6e9ad61 i18n.getText: removing wrong (old) kw arguments from _() calls
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3148
diff changeset
332 Once you have logged in, simply reload this page.'''))
3144
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
333 return
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
334
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
335 request.theme.send_title(_("OpenID Trust verification"), pagename=request.page.page_name)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
336 # Start content (important for RTL support)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
337 request.write(request.formatter.startContent("content"))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
338
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
339 request.write(request.formatter.paragraph(1))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
340 request.write(_('The site %s has asked for your identity.') % openidreq.trust_root)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
341 request.write(request.formatter.paragraph(0))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
342 request.write(request.formatter.paragraph(1))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
343 request.write(_('''
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
344 If you approve, the site represented by the trust root below will be
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
345 told that you control the identity URL %s. (If you are using a delegated
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
346 identity, the site will take care of reversing the
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
347 delegation on its own.)''') % openidreq.identity)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
348 request.write(request.formatter.paragraph(0))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
349
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
350 form = html.FORM(method='POST', action=request.page.url(request))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
351 form.append(html.INPUT(type='hidden', name='action', value='serveopenid'))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
352 form.append(html.INPUT(type='hidden', name='openid.identity', value=openidreq.identity))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
353 form.append(html.INPUT(type='hidden', name='openid.return_to', value=openidreq.return_to))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
354 form.append(html.INPUT(type='hidden', name='openid.trust_root', value=openidreq.trust_root))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
355 form.append(html.INPUT(type='hidden', name='openid.mode', value=openidreq.mode))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
356 form.append(html.INPUT(type='hidden', name='name', value=username))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
357
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
358 nonce = randomString(32, 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789')
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
359 form.append(html.INPUT(type='hidden', name='nonce', value=nonce))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
360 request.session['openidserver.nonce'] = nonce
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
361
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
362 table = html.TABLE()
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
363 form.append(table)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
364
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
365 tr = html.TR()
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
366 table.append(tr)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
367 tr.append(html.TD().append(html.STRONG().append(html.Text(_('Trust root')))))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
368 tr.append(html.TD().append(html.Text(openidreq.trust_root)))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
369
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
370 tr = html.TR()
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
371 table.append(tr)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
372 tr.append(html.TD().append(html.STRONG().append(html.Text(_('Identity URL')))))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
373 tr.append(html.TD().append(html.Text(identity)))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
374
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
375 tr = html.TR()
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
376 table.append(tr)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
377 tr.append(html.TD().append(html.STRONG().append(html.Text(_('Name')))))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
378 tr.append(html.TD().append(html.Text(username)))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
379
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
380 tr = html.TR()
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
381 table.append(tr)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
382 tr.append(html.TD().append(html.STRONG().append(html.Text(_('Remember decision')))))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
383 td = html.TD()
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
384 tr.append(td)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
385 td.append(html.INPUT(type='checkbox', name='remember', value='yes'))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
386 td.append(html.Text(_('Remember this trust decision and don\'t ask again')))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
387
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
388 tr = html.TR()
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
389 table.append(tr)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
390 tr.append(html.TD())
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
391 td = html.TD()
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
392 tr.append(td)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
393
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
394 td.append(html.INPUT(type='submit', name='approve', value=_("Approve")))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
395 td.append(html.INPUT(type='submit', name='dontapprove', value=_("Don't approve")))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
396
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
397 request.write(unicode(form))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
398
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
399 request.write(request.formatter.endContent())
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
400 request.theme.send_footer(request.page.page_name)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
401 request.theme.send_closing_html()
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
402
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
403 def _sorry_no_identity(self):
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
404 request = self.request
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
405 _ = self._
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
406
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
407 request.theme.send_title(_("OpenID not served"), pagename=request.page.page_name)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
408 # Start content (important for RTL support)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
409 request.write(request.formatter.startContent("content"))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
410
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
411 request.write(request.formatter.paragraph(1))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
412 request.write(_('''
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
413 Unfortunately you have not created your homepage yet. Therefore,
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
414 we cannot serve an OpenID for you. Please create your homepage first
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
415 and then reload this page or click the button below to cancel this
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
416 verification.'''))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
417 request.write(request.formatter.paragraph(0))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
418
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
419 form = html.FORM(method='POST', action=request.page.url(request))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
420 form.append(html.INPUT(type='hidden', name='action', value='serveopenid'))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
421
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
422 nonce = randomString(32, 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789')
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
423 form.append(html.INPUT(type='hidden', name='nonce', value=nonce))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
424 request.session['openidserver.nonce'] = nonce
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
425
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
426 form.append(html.INPUT(type='submit', name='dontapprove', value=_("Cancel")))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
427
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
428 request.write(unicode(form))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
429
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
430 request.write(request.formatter.endContent())
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
431 request.theme.send_footer(request.page.page_name)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
432 request.theme.send_closing_html()