Cleanups to token dispatching. Some doc cleanups.

docs/architecture.rst

@@ -8,11 +8,11 @@ Velruse is designed as several sets of components that work together, and can
 be used individually for the authentication style desired.
 
 
-Provider Templates
-==================
+Provider HTML Examples
+======================
 
 Every authentication provider that is available comes with a basic HTML 
-template illustrating the parameters it requires. The template generally 
+example illustrating the parameters it requires. The template generally 
 includes a logo when its a third party :term:`identity provider` to help
 a website user find the preferred authentication option.
 
@@ -40,12 +40,12 @@ Each :term:`auth provider` must be a callable. It will be called with a
 
 The Auth Provider is expected to respond to a POST to `/auth`, and then
 proceed with the necessary calls and/or redirects necessary to complete
-the authentication.
+the authentication. The normalized user data should then be written to the
+store, and a token returned to the user.
 
-Auth Provider's are usually setup under the :class:`~velruse.wsgiapp.AuthApp`
+Auth Provider's are usually setup under the :class:`~velruse.app.VelruseApp`
 WSGI app, which is a minimal WSGI application that can dispatch to several
-configured Auth Provider's. This WSGI app can also be configured to serve
-user details given a token via HTTPS.
+configured Auth Provider's based on a YAML configuration file.
 
 
 UserStore Backends

docs/providers.rst

@@ -9,7 +9,7 @@ Authentication Providers supply varying levels of information when authenticatio
 Default POST Parameters
 =======================
 
-Every provider accepts the POST parameter `end_point`, which is the URL that the token will be POSTed to when authentication is complete.
+Almost every provider accepts the POST parameter `end_point`, which is the URL that the token will be POSTed to when authentication is complete.
 
 Facebook
 ========
@@ -206,3 +206,81 @@ Complete Example:
     <input type="submit" value="Login with Yahoo" />
     </form>
 
+Twitter
+=======
+
+The Twitter provider combines authentication with OAuth authorization. It requires a Twitter Application to have been created to use. Twitter only provides the twitter screen name and id, along with an OAuth access token.
+
+Twitter Developer Links:
+
+* `Register a New Twitter Application <http://dev.twitter.com/apps/new>`_
+* `Twitter OAuth API <http://dev.twitter.com/doc>`_
+
+YAML Parameters
+---------------
+
+Consumer Key
+    Twitter application consumer key
+Consumer Secret
+    Twitter application secret
+
+POST Parameters
+---------------
+
+Only the default `end_point` parameter is used.
+
+Complete Example:
+
+.. code-block:: html
+
+    <form action="/velruse/twitter/auth'" method="post">
+    <input type="hidden" name="end_point" value="http://END_POINT" />
+    <input type="submit" value="Login with Twitter" />
+    </form>
+
+
+Windows Live
+============
+
+The Windows Live Provider handles Windows Live Web Authentication and Delegated Authentication. Both of these methods of authentication require a Live Services Component to be registered `per the 'Registering Your Application' documentation <http://msdn.microsoft.com/en-us/library/cc287659(v=MSDN.10).aspx>`_.
+
+Delegated authentication will only be performed if the `Offers` YAML parameter is set.
+
+Login Authentication provides a single unique identifier, while Delegated Authentication provides the single unique identifier and a consent token to use to access Live services.
+
+Windows Live Developer Links:
+
+* `Getting Your Application ID <http://msdn.microsoft.com/en-us/library/cc287659(v=MSDN.10).aspx>`_
+* `Services Available for Delegated Authentication <http://dev.live.com/blogs/liveid/archive/2008/02/25/211.aspx>`_
+* `Live Services Management Page <https://live.azure.com/Cloud/Provisioning/Services.aspx>`_
+
+YAML Parameters
+---------------
+
+Application ID
+    Component Application ID
+Secret Key
+    Component Secret Key
+Policy URL
+    Site's Policy URL
+Offers
+    Delegated auth Offers, e.g. `Contacts.View`
+
+The `Offers` parameter is optional to invoke Delegated Authentication.
+
+POST Parameters
+---------------
+
+Live Services authentication does not take any parameters, as the `end_point` must be registered with the Live Services component as the **Return URL**.
+
+Example Return URL::
+    
+    http://YOURDOMAIN.COM/velruse/live/process
+
+Complete Example:
+
+.. code-block:: html
+
+    <form action="/velruse/live/auth'" method="post">
+    <input type="submit" value="Login with Windows Live" />
+    </form>

setup.cfg

@@ -10,3 +10,6 @@ cover-package = velruse
 cover-inclusive = True
 cover-erase=True
 with-doctest=True
+
+[upload_docs]
+upload-dir = docs/_build/html

velruse/providers/facebook_.py

@@ -1,8 +1,6 @@
 import urlparse
 
-from openid.oidutil import autoSubmitHTML
 from routes import Mapper
-from webob import Response
 import httplib2
 import webob.exc as exc
 
@@ -127,8 +125,4 @@ def process(self, req):
         cred = {'oauthAccessToken': access_token}
         result_data['credentials'] = cred
 
-        # Generate the token, store the extracted user-data for 5 mins, and send back
-        token = utils.generate_token()
-        self.storage.store(token, result_data, expires=300)
-        form_html = utils.redirect_form(req.session['end_point'], token)
-        return Response(body=autoSubmitHTML(form_html))
+        return self._success_redirect(result_data, end_point)

velruse/providers/google_.py

@@ -85,6 +85,9 @@ def _get_access_token(self, request_token):
         token = oauth.Token(key=request_token, secret='')
         client = oauth.Client(consumer, token)
         resp, content = client.request(GOOGLE_OAUTH, "POST")
+        if resp['status'] != '200':
+            return None
+
         access_token = dict(urlparse.parse_qsl(content))
 
         return {'oauthAccessToken': access_token['oauth_token'], 

velruse/providers/live_.py

@@ -1,10 +1,5 @@
 """Windows Live ID Delegated Authentication"""
-import urlparse
-
-from openid.oidutil import autoSubmitHTML
 from routes import Mapper
-from webob import Response
-import httplib2
 import webob.exc as exc
 
 import velruse.utils as utils
@@ -81,8 +76,4 @@ def process(self, req):
         if consenttoken:
             result_data['credentials'] = {'consentToken': consenttoken.getToken()}
 
-        # Generate the token, store the extracted user-data for 5 mins, and send back
-        token = utils.generate_token()
-        self.storage.store(token, result_data, expires=300)
-        form_html = utils.redirect_form(req.session['end_point'], token)
-        return Response(body=autoSubmitHTML(form_html))
+        return self._success_redirect(result_data, req.session['end_point'])

velruse/providers/openidconsumer.py

@@ -4,7 +4,6 @@
 from openid.consumer import consumer
 from openid.extensions import ax
 from openid.extensions import sreg
-from openid.oidutil import autoSubmitHTML
 from routes import Mapper
 from webob import Response
 import webob.exc as exc
@@ -289,10 +288,6 @@ def process(self, req):
             # Delete the temporary token data used for the OpenID auth
             self.storage.delete(req.session.id)
 
-            # Generate the token, store the extracted user-data for 5 mins, and send back
-            token = utils.generate_token()
-            self.storage.store(token, result_data, expires=300)
-            form_html = utils.redirect_form(req.session['end_point'], token)
-            return Response(body=autoSubmitHTML(form_html))
+            return self._success_redirect(result_data, end_point)
         else:
             return self._error_redirect(1, end_point)

velruse/providers/twitter_.py

@@ -1,8 +1,6 @@
 import urlparse
 
-from openid.oidutil import autoSubmitHTML
 from routes import Mapper
-from webob import Response
 import httplib2
 import oauth2 as oauth
 import webob.exc as exc
@@ -90,8 +88,4 @@ def process(self, req):
                 'oauthAccessTokenSecret': access_token['oauth_token_secret']}
         result_data['credentials'] = cred
 
-        # Generate the token, store the extracted user-data for 5 mins, and send back
-        token = utils.generate_token()
-        self.storage.store(token, result_data, expires=300)
-        form_html = utils.redirect_form(req.session['end_point'], token)
-        return Response(body=autoSubmitHTML(form_html))
+        return self._success_redirect(result_data, end_point)

velruse/providers/yahoo_.py

@@ -66,6 +66,9 @@ def _get_access_token(self, request_token):
         token = oauth.Token(key=request_token, secret='')
         client = oauth.Client(consumer, token)
         resp, content = client.request(YAHOO_OAUTH, "POST")
+        if resp['status'] != '200':
+            return None
+
         access_token = dict(urlparse.parse_qsl(content))
 
         return {'oauthAccessToken': access_token['oauth_token'], 

velruse/utils.py

@@ -91,6 +91,14 @@ def _error_redirect(self, error_code, end_point):
         self.storage.store(token, error_string(error_code))
         form_html = redirect_form(end_point, token)
         return Response(body=autoSubmitHTML(form_html))
+
+    def _success_redirect(self, user_data, end_point):
+        # Generate the token, store the extracted user-data for 5 mins, and send back
+        token = generate_token()
+        self.storage.store(token, user_data, expires=300)
+        form_html = redirect_form(end_point, token)
+        return Response(body=autoSubmitHTML(form_html))
+
 
 
 class _Missing(object):