Infrastructure/fedora-infrastructure
1
0
Fork 0
Code Issues 70 Pull requests Projects Releases Packages Wiki Activity Actions

"Working" OpenID provider, needs *serious* refactoring/possibly implement trusted URLs in LDAP.

Browse source
This commit is contained in:
Ricky Zhou (周家杰) 2007-10-07 12:03:50 -07:00
parent 9c359b3157
commit f616c26bd3
1 changed files with 20 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

23
fas/fas/openid_fas.py
View file

@ -44,12 +44,17 @@ class OpenID(controllers.Controller):
openid_server = self.openid_server openid_server = self.openid_server
openid_query = {} openid_query = {}
openid_request = None openid_request = None
if not session.has_key('openid_trusted'):
session['openid_trusted'] = []
if query.has_key('url') and query.has_key('trusted') and query['trusted'] == 'allow':
session['openid_trusted'].append(query['url'])
if query.has_key('openid'): if query.has_key('openid'):
try: try:
for key in query['openid'].keys(): for key in query['openid'].keys():
openid_key = OPENID_PREFIX + key openid_key = OPENID_PREFIX + key
openid_query[openid_key] = query['openid'][key] openid_query[openid_key] = query['openid'][key]
openid_request = openid_server.decodeRequest(openid_query) openid_request = openid_server.decodeRequest(openid_query)
session['openid_request'] = openid_request
except KeyError: except KeyError:
turbogears.flash(_('The OpenID request could not be decoded.')) turbogears.flash(_('The OpenID request could not be decoded.'))
elif session.has_key('openid_request'): elif session.has_key('openid_request'):
@ -59,15 +64,21 @@ class OpenID(controllers.Controller):
return dict() return dict()
else: else:
openid_response = None openid_response = None
session['openid_request'] = openid_request
if openid_request.mode in BROWSER_REQUEST_MODES: if openid_request.mode in BROWSER_REQUEST_MODES:
userName = turbogears.identity.current.user_name; userName = turbogears.identity.current.user_name;
url = None url = None
if userName is not None: if userName is not None:
url = config.get('base_url') + turbogears.url('/openid/id/%s' % userName) url = config.get('base_url') + turbogears.url('/openid/id/%s' % userName)
if openid_request.identity == url: if openid_request.identity == url:
# TODO: Check openid_request.trust_root if openid_request.trust_root in session['openid_trusted']:
openid_response = openid_request.answer(True) openid_response = openid_request.answer(True)
elif openid_request.immediate:
openid_response = openid_request.answer(False, server_url=config.get('base_url') + turbogears.url('/openid/server'))
else:
if query.has_key('url') and not query.has_key('allow'):
openid_response = openid_request.answer(False, server_url=config.get('base_url') + turbogears.url('/openid/server'))
else:
turbogears.redirect('/openid/trusted', url=openid_request.trust_root)
elif openid_request.immediate: elif openid_request.immediate:
openid_response = openid_request.answer(False, server_url=config.get('base_url') + turbogears.url('/openid/server')) openid_response = openid_request.answer(False, server_url=config.get('base_url') + turbogears.url('/openid/server'))
else: else:
@ -81,6 +92,12 @@ class OpenID(controllers.Controller):
cherrypy.response.status = web_response.code cherrypy.response.status = web_response.code
return dict(body=web_response.body) return dict(body=web_response.body)
@identity.require(turbogears.identity.not_anonymous())
@expose(template="fas.templates.openid.trusted")
def trusted(self, url):
'''Ask the user if they trust a site for OpenID authentication'''
return dict(url=url)
@identity.require(turbogears.identity.not_anonymous()) @identity.require(turbogears.identity.not_anonymous())
@expose() @expose()
def login(self): def login(self):