annotate MoinMoin/action/serveopenid.py @ 3144:7aba52041f56

add OpenID provider code
author Johannes Berg <johannes AT sipsolutions DOT net>
date Wed, 27 Feb 2008 16:12:06 +0100
parents
children e1fe8dd52b83
rev   line source
3144
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
1 # -*- coding: utf-8 -*-
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
2 """
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
3 MoinMoin - OpenID server action
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
4
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
5 This is the UI and provider for OpenID.
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
6
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
7 @copyright: 2006, 2007, 2008 Johannes Berg <johannes@sipsolutions.net>
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
8 @license: GNU GPL, see COPYING for details.
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
9 """
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
10
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
11 from MoinMoin.util.moinoid import MoinOpenIDStore, strbase64
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
12 from MoinMoin import wikiutil
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
13 from openid.consumer.discover import (OPENID_1_0_TYPE,
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
14 OPENID_1_1_TYPE, OPENID_2_0_TYPE, OPENID_IDP_2_0_TYPE)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
15 from openid import sreg
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
16 from openid import server
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
17 from openid.cryptutil import randomString
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
18 from openid.server import server
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
19 from openid.message import IDENTIFIER_SELECT
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
20 from MoinMoin.widget import html
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
21 from MoinMoin.Page import Page
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
22 from MoinMoin.request import MoinMoinFinish
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
23
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
24 def execute(pagename, request):
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
25 return MoinOpenIDServer(pagename, request).handle()
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
26
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
27 class MoinOpenIDServer:
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
28 def __init__(self, pagename, request):
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
29 self.request = request
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
30 self._ = request.getText
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
31 self.cfg = request.cfg
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
32
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
33 def serveYadisEP(self, endpoint_url):
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
34 request = self.request
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
35 hdrs = ['Content-type: application/xrds+xml']
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
36
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
37 request.emit_http_headers(hdrs)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
38 user_url = request.getQualifiedURL(request.page.url(request, relative=False))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
39 self.request.write("""\
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
40 <?xml version="1.0" encoding="UTF-8"?>
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
41 <xrds:XRDS
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
42 xmlns:xrds="xri://$xrds"
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
43 xmlns="xri://$xrd*($v*2.0)">
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
44 <XRD>
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
45
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
46 <Service priority="0">
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
47 <Type>%(type10)s</Type>
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
48 <URI>%(uri)s</URI>
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
49 <LocalID>%(id)s</LocalID>
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
50 </Service>
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
51
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
52 <Service priority="0">
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
53 <Type>%(type11)s</Type>
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
54 <URI>%(uri)s</URI>
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
55 <LocalID>%(id)s</LocalID>
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
56 </Service>
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
57
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
58 <!-- older version of the spec draft -->
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
59 <Service priority="0">
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
60 <Type>http://openid.net/signon/2.0</Type>
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
61 <URI>%(uri)s</URI>
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
62 <LocalID>%(id)s</LocalID>
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
63 </Service>
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
64
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
65 <Service priority="0">
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
66 <Type>%(type20)s</Type>
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
67 <URI>%(uri)s</URI>
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
68 <LocalID>%(id)s</LocalID>
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
69 </Service>
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
70
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
71 </XRD>
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
72 </xrds:XRDS>
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
73 """ % {
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
74 'type10': OPENID_1_0_TYPE,
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
75 'type11': OPENID_1_1_TYPE,
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
76 'type20': OPENID_2_0_TYPE,
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
77 'uri': endpoint_url,
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
78 'id': user_url
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
79 })
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
80
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
81 def serveYadisIDP(self, endpoint_url):
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
82 request = self.request
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
83 hdrs = ['Content-type: application/xrds+xml']
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
84
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
85 request.emit_http_headers(hdrs)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
86 user_url = request.getQualifiedURL(request.page.url(request, relative=False))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
87 self.request.write("""\
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
88 <?xml version="1.0" encoding="UTF-8"?>
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
89 <xrds:XRDS
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
90 xmlns:xrds="xri://$xrds"
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
91 xmlns="xri://$xrd*($v*2.0)">
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
92 <XRD>
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
93
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
94 <Service priority="0">
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
95 <Type>%(typeidp)s</Type>
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
96 <URI>%(uri)s</URI>
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
97 <LocalID>%(id)s</LocalID>
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
98 </Service>
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
99
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
100 </XRD>
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
101 </xrds:XRDS>
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
102 """ % {
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
103 'typeidp': OPENID_IDP_2_0_TYPE,
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
104 'uri': endpoint_url,
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
105 'id': user_url
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
106 })
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
107
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
108 def _verify_endpoint_identity(self, identity):
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
109 """
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
110 Verify that the given identity matches the current endpoint.
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
111
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
112 We always serve out /UserName?action=... for the UserName
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
113 OpenID and this is pure paranoia to make sure it is that way
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
114 on incoming data.
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
115
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
116 Also verify that the given identity is allowed to have an OpenID.
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
117 """
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
118 request = self.request
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
119 cfg = request.cfg
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
120
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
121 # we can very well split on the last slash since usernames
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
122 # must not contain slashes
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
123 base, received_name = identity.rsplit('/', 1)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
124 check_name = received_name
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
125
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
126 if received_name == '':
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
127 pg = wikiutil.getFrontPage(request)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
128 if pg:
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
129 received_name = pg.page_name
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
130 check_name = received_name
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
131 if 'openid.user' in pg.pi:
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
132 received_name = pg.pi['openid.user']
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
133
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
134 # some sanity checking
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
135 # even if someone goes to http://johannes.sipsolutions.net/
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
136 # we'll serve out http://johannes.sipsolutions.net/JohannesBerg?action=serveopenid
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
137 # (if JohannesBerg is set as page_front_page)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
138 # For the #OpenIDUser PI, we need to allow the page that includes the PI,
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
139 # hence use check_name here (see above for how it is assigned)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
140 fullidentity = '/'.join([base, check_name])
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
141 thisurl = request.getQualifiedURL(request.page.url(request, relative=False))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
142 if not thisurl == fullidentity:
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
143 return False
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
144
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
145 # again, we never put an openid.server link on this page...
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
146 # why are they here?
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
147 if cfg.openid_server_restricted_users_group:
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
148 request.dicts.addgroup(request, cfg.openid_server_restricted_users_group)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
149 if not request.dicts.has_member(cfg.openid_server_restricted_users_group, received_name):
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
150 return False
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
151
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
152 return True
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
153
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
154 def handleCheckIDRequest(self, identity, username, openidreq, server_url):
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
155 if self.user_trusts_url(openidreq.trust_root):
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
156 return self.approved(identity, openidreq, server_url=server_url)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
157
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
158 if openidreq.immediate:
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
159 return openidreq.answer(False, identity=identity, server_url=server_url)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
160
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
161 self.request.session['openidserver.request'] = openidreq
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
162 self.show_decide_page(identity, username, openidreq)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
163 return None
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
164
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
165 def _make_identity(self):
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
166 page = wikiutil.getHomePage(self.request)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
167 if page:
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
168 server_url = self.request.getQualifiedURL(
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
169 page.url(self.request,
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
170 querystr={'action': 'serveopenid'},
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
171 relative=False))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
172 identity = self.request.getQualifiedURL(page.url(self.request, relative=False))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
173 return identity, server_url
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
174 return None, None
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
175
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
176 def handle(self):
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
177 _ = self._
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
178 request = self.request
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
179 form = request.form
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
180
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
181 username = request.page.page_name
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
182 if 'openid.user' in request.page.pi:
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
183 username = request.page.pi['openid.user']
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
184
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
185
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
186 if not request.cfg.openid_server_enabled:
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
187 # since we didn't put any openid.server into
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
188 # the page to start with, this is someone trying
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
189 # to abuse us. No need to give a nice error
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
190 request.makeForbidden403()
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
191 return
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
192
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
193 server_url = request.getQualifiedURL(
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
194 request.page.url(request,
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
195 querystr={'action':'serveopenid'},
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
196 relative=False))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
197
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
198 yadis_type = form.get('yadis', [None])[0]
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
199 if yadis_type == 'ep':
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
200 return self.serveYadisEP(server_url)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
201 elif yadis_type == 'idp':
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
202 return self.serveYadisIDP(server_url)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
203
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
204 # if the identity is set it must match the server URL
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
205 # sort of arbitrary, but we have to have some restriction
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
206 identity = form.get('openid.identity', [None])[0]
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
207 if identity == IDENTIFIER_SELECT:
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
208 identity, server_url = self._make_identity()
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
209 if not identity:
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
210 return self._sorry_no_identity()
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
211 username = request.user.name
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
212 elif identity is not None:
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
213 if not self._verify_endpoint_identity(identity):
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
214 request.makeForbidden403()
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
215 request.write('verification failed')
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
216 return
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
217
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
218 if 'openid.user' in request.page.pi:
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
219 username = request.page.pi['openid.user']
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
220
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
221 store = MoinOpenIDStore(request)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
222 openidsrv = server.Server(store, op_endpoint=server_url)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
223
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
224 answer = None
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
225 if form.has_key('dontapprove'):
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
226 answer = self.handle_response(False, username, identity)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
227 if answer is None:
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
228 return
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
229 elif form.has_key('approve'):
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
230 answer = self.handle_response(True, username, identity)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
231 if answer is None:
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
232 return
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
233 else:
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
234 query = {}
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
235 for key in form.keys():
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
236 query[key] = form[key][0]
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
237 try:
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
238 openidreq = openidsrv.decodeRequest(query)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
239 except Exception, e:
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
240 request.makeForbidden(403, 'OpenID decode error: %r' % e)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
241 return
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
242
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
243 if openidreq is None:
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
244 request.makeForbidden403()
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
245 request.write('no request')
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
246 return
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
247
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
248 if request.user.valid and username != request.user.name:
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
249 answer = openidreq.answer(False, identity=identity, server_url=server_url)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
250 elif openidreq.mode in ["checkid_immediate", "checkid_setup"]:
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
251 answer = self.handleCheckIDRequest(identity, username, openidreq, server_url)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
252 if answer is None:
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
253 return
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
254 else:
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
255 answer = openidsrv.handleRequest(openidreq)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
256 webanswer = openidsrv.encodeResponse(answer)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
257 headers = ['Status: %d OpenID status' % webanswer.code]
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
258 for hdr in webanswer.headers:
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
259 headers += [hdr+': '+webanswer.headers[hdr]]
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
260 request.emit_http_headers(headers)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
261 request.write(webanswer.body)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
262 raise MoinMoinFinish
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
263
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
264 def handle_response(self, positive, username, identity):
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
265 request = self.request
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
266 form = request.form
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
267
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
268 # check form submission nonce, use None for stored value default
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
269 # since it cannot be sent from the user
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
270 session_nonce = self.request.session.get('openidserver.nonce')
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
271 if session_nonce is not None:
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
272 del self.request.session['openidserver.nonce']
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
273 # use empty string if nothing was sent
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
274 form_nonce = form.get('nonce', [''])[0]
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
275 if session_nonce != form_nonce:
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
276 self.request.makeForbidden403()
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
277 self.request.write('invalid nonce')
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
278 return None
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
279
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
280 openidreq = request.session.get('openidserver.request')
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
281 if not openidreq:
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
282 request.makeForbidden403()
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
283 request.write('no response request')
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
284 return None
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
285 del request.session['openidserver.request']
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
286
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
287 if (not positive or
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
288 not request.user.valid or
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
289 request.user.name != username):
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
290 return openidreq.answer(False)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
291
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
292
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
293 if form.get('remember', ['no'])[0] == 'yes':
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
294 if not hasattr(request.user, 'openid_trusted_roots'):
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
295 request.user.openid_trusted_roots = []
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
296 request.user.openid_trusted_roots.append(strbase64(openidreq.trust_root))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
297 request.user.save()
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
298 dummyidentity, server_url = self._make_identity()
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
299 return self.approved(identity, openidreq, server_url=server_url)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
300
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
301 def approved(self, identity, openidreq, data=False, server_url=None):
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
302 reply = openidreq.answer(True, identity=identity, server_url=server_url)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
303 if data:
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
304 # TODO
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
305 sreg_data = { }
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
306 sreq_req = sreg.SRegRequest.fromOpenIDRequest(openidreq.message)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
307 sreg_resp = sreg.SRegResponse.extractResponse(openidreq, sreg_data)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
308 sreg_resp.addToOpenIDResponse(reply.fields)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
309 return reply
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
310
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
311 def user_trusts_url(self, trustroot):
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
312 user = self.request.user
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
313 if hasattr(user, 'openid_trusted_roots'):
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
314 return strbase64(trustroot) in user.openid_trusted_roots
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
315 return False
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
316
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
317 def show_decide_page(self, identity, username, openidreq):
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
318 request = self.request
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
319 _ = self._
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
320
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
321 if not request.user.valid or username != request.user.name:
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
322 request.makeForbidden(403, _('''You need to manually go to your OpenID provider wiki
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
323 and log in before you can use your OpenID. MoinMoin will
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
324 never allow you to enter your password here.
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
325
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
326 Once you have logged in, simply reload this page.''', formatted=False))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
327 return
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
328
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
329 request.emit_http_headers()
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
330 request.theme.send_title(_("OpenID Trust verification"), pagename=request.page.page_name)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
331 # Start content (important for RTL support)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
332 request.write(request.formatter.startContent("content"))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
333
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
334 request.write(request.formatter.paragraph(1))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
335 request.write(_('The site %s has asked for your identity.') % openidreq.trust_root)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
336 request.write(request.formatter.paragraph(0))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
337 request.write(request.formatter.paragraph(1))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
338 request.write(_('''
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
339 If you approve, the site represented by the trust root below will be
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
340 told that you control the identity URL %s. (If you are using a delegated
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
341 identity, the site will take care of reversing the
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
342 delegation on its own.)''') % openidreq.identity)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
343 request.write(request.formatter.paragraph(0))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
344
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
345 form = html.FORM(method='POST', action=request.page.url(request))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
346 form.append(html.INPUT(type='hidden', name='action', value='serveopenid'))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
347 form.append(html.INPUT(type='hidden', name='openid.identity', value=openidreq.identity))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
348 form.append(html.INPUT(type='hidden', name='openid.return_to', value=openidreq.return_to))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
349 form.append(html.INPUT(type='hidden', name='openid.trust_root', value=openidreq.trust_root))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
350 form.append(html.INPUT(type='hidden', name='openid.mode', value=openidreq.mode))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
351 form.append(html.INPUT(type='hidden', name='name', value=username))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
352
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
353 nonce = randomString(32, 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789')
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
354 form.append(html.INPUT(type='hidden', name='nonce', value=nonce))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
355 request.session['openidserver.nonce'] = nonce
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
356
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
357 table = html.TABLE()
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
358 form.append(table)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
359
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
360 tr = html.TR()
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
361 table.append(tr)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
362 tr.append(html.TD().append(html.STRONG().append(html.Text(_('Trust root')))))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
363 tr.append(html.TD().append(html.Text(openidreq.trust_root)))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
364
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
365 tr = html.TR()
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
366 table.append(tr)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
367 tr.append(html.TD().append(html.STRONG().append(html.Text(_('Identity URL')))))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
368 tr.append(html.TD().append(html.Text(identity)))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
369
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
370 tr = html.TR()
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
371 table.append(tr)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
372 tr.append(html.TD().append(html.STRONG().append(html.Text(_('Name')))))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
373 tr.append(html.TD().append(html.Text(username)))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
374
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
375 tr = html.TR()
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
376 table.append(tr)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
377 tr.append(html.TD().append(html.STRONG().append(html.Text(_('Remember decision')))))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
378 td = html.TD()
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
379 tr.append(td)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
380 td.append(html.INPUT(type='checkbox', name='remember', value='yes'))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
381 td.append(html.Text(_('Remember this trust decision and don\'t ask again')))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
382
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
383 tr = html.TR()
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
384 table.append(tr)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
385 tr.append(html.TD())
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
386 td = html.TD()
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
387 tr.append(td)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
388
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
389 td.append(html.INPUT(type='submit', name='approve', value=_("Approve")))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
390 td.append(html.INPUT(type='submit', name='dontapprove', value=_("Don't approve")))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
391
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
392 request.write(unicode(form))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
393
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
394 request.write(request.formatter.endContent())
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
395 request.theme.send_footer(request.page.page_name)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
396 request.theme.send_closing_html()
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
397
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
398 def _sorry_no_identity(self):
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
399 request = self.request
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
400 _ = self._
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
401
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
402 request.emit_http_headers()
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
403 request.theme.send_title(_("OpenID not served"), pagename=request.page.page_name)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
404 # Start content (important for RTL support)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
405 request.write(request.formatter.startContent("content"))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
406
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
407 request.write(request.formatter.paragraph(1))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
408 request.write(_('''
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
409 Unfortunately you have not created your homepage yet. Therefore,
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
410 we cannot serve an OpenID for you. Please create your homepage first
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
411 and then reload this page or click the button below to cancel this
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
412 verification.'''))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
413 request.write(request.formatter.paragraph(0))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
414
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
415 form = html.FORM(method='POST', action=request.page.url(request))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
416 form.append(html.INPUT(type='hidden', name='action', value='serveopenid'))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
417
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
418 nonce = randomString(32, 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789')
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
419 form.append(html.INPUT(type='hidden', name='nonce', value=nonce))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
420 request.session['openidserver.nonce'] = nonce
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
421
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
422 form.append(html.INPUT(type='submit', name='dontapprove', value=_("Cancel")))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
423
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
424 request.write(unicode(form))
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
425
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
426 request.write(request.formatter.endContent())
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
427 request.theme.send_footer(request.page.page_name)
7aba52041f56 add OpenID provider code
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
428 request.theme.send_closing_html()