Permalink
Browse files

Change audience to match format now expected by the verifier

Train 2011-10-20 now accepts the scheme and port number as part of
the audience:

https://groups.google.com/group/mozilla.dev.identity/browse_thread/thread/f56b436d804a66c5
  • Loading branch information...
1 parent 28e36db commit d6f8398916acffde738b6751e6550bc19d91a3fe @fmarier fmarier committed with ozten Oct 28, 2011
Showing with 19 additions and 20 deletions.
  1. +2 −5 README.rst
  2. +15 −7 django_browserid/auth.py
  3. +2 −8 django_browserid/views.py
View
@@ -111,11 +111,8 @@ If you do not wish to automatically create user accounts, you may manually verif
if not form.is_valid():
# do something
host = request.get_host()
- if ':' in host:
- host, port = host.split(':')
- else:
- port = '80'
- audience = get_audience(host, port)
+ https = request.is_secure()
+ audience = get_audience(host, https)
result = verify(form.cleaned_data['assertion'], audience)
# ...
View
@@ -16,7 +16,6 @@
log = logging.getLogger(__name__)
-DEFAULT_HTTP_PORT = '80'
DEFAULT_HTTP_TIMEOUT = 5
DEFAULT_VERIFICATION_URL = 'https://browserid.org/verify'
OKAY_RESPONSE = 'okay'
@@ -26,10 +25,19 @@ class BrowserIDBackend(object):
supports_anonymous_user = False
supports_object_permissions = False
- def get_audience(self, host, port):
- if port and port != DEFAULT_HTTP_PORT:
- return u'%s:%s' % (host, port)
- return host
+ def get_audience(self, host, https):
+ if https:
+ scheme = 'https'
+ default_port = 443
+ else:
+ scheme = 'http'
+ default_port = 80
+
+ audience = "%s://%s" % (scheme, host)
+ if ':' in host:
+ return audience
+ else:
+ return "%s:%s" % (audience, default_port)
def _verify_http_request(self, url, qs):
params = {'timeout': getattr(settings, 'BROWSERID_HTTP_TIMEOUT',
@@ -78,8 +86,8 @@ def create_user(self, username, email):
"""Return object for a newly created user account."""
return User.objects.create_user(username, email)
- def authenticate(self, assertion=None, host=None, port=None):
- result = self.verify(assertion, self.get_audience(host, port))
+ def authenticate(self, assertion=None, host=None, https=None):
+ result = self.verify(assertion, self.get_audience(host, https))
if result is None:
return None
email = result['email']
View
@@ -6,12 +6,6 @@
from django_browserid.forms import BrowserIDForm
-def _get_host_and_port(request):
- """Return host, port if port is nonstandard or host, '80' otherwise"""
- host = request.get_host()
- return ':' in host and host.split(':') or (host, '80')
-
-
@require_POST
def verify(request, redirect_field_name=auth.REDIRECT_FIELD_NAME):
"""Process browserid assertions."""
@@ -22,8 +16,8 @@ def verify(request, redirect_field_name=auth.REDIRECT_FIELD_NAME):
form = BrowserIDForm(data=request.POST)
if form.is_valid():
assertion = form.cleaned_data['assertion']
- host, port = _get_host_and_port(request)
- user = auth.authenticate(assertion=assertion, host=host, port=port)
+ user = auth.authenticate(assertion=assertion, host=request.get_host(),
+ https=request.is_secure())
if user is not None and user.is_active:
auth.login(request, user)
return HttpResponseRedirect(redirect_to)

0 comments on commit d6f8398

Please sign in to comment.