forked from bbangert/velruse
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Refactor of the openid provider into separate inherited openid providers
for specific settings as needed.
- Loading branch information
Showing
7 changed files
with
255 additions
and
91 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
from velruse.providers.google_ import GoogleResponder | ||
from velruse.providers.yahoo_ import YahooResponder | ||
from velruse.providers.openidconsumer import OpenIDResponder | ||
|
||
__all__ = ['GoogleResponder', 'OpenIDResponder', 'YahooResponder'] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,81 @@ | ||
"""Google Responder | ||
A Google responder that authenticates against Google using OpenID, or optionally | ||
can use OpenId+OAuth hybrid protocol to request access to Google Apps using OAuth2. | ||
""" | ||
import time | ||
import urlparse | ||
|
||
from openid.extensions import ax | ||
import oauth2 as oauth | ||
|
||
from velruse.providers.oid_extensions import OAuthRequest | ||
from velruse.providers.oid_extensions import UIRequest | ||
from velruse.providers.openidconsumer import ax_attributes | ||
from velruse.providers.openidconsumer import OpenIDResponder | ||
|
||
GOOGLE_OAUTH = 'https://www.google.com/accounts/OAuthGetAccessToken' | ||
|
||
|
||
class GoogleResponder(OpenIDResponder): | ||
def __init__(self, consumer=None, oauth_key=None, oauth_secret=None, *args, | ||
**kwargs): | ||
"""Handle Google Auth | ||
This also handles making an OAuth request during the OpenID | ||
authentication. | ||
""" | ||
super(GoogleResponder, self).__init__(*args, **kwargs) | ||
self.consumer = consumer | ||
self.oauth_secret = oauth_secret | ||
|
||
def _lookup_identifier(self, req, identifier): | ||
"""Return the Google OpenID directed endpoint""" | ||
return "https://www.google.com/accounts/o8/id" | ||
|
||
def _update_authrequest(self, req, authrequest): | ||
"""Update the authrequest with Attribute Exchange and optionally OAuth | ||
To optionally request OAuth, the request POST must include an ``oauth_scope`` | ||
parameter that indicates what Google Apps should have access requested. | ||
""" | ||
ax_request = ax.FetchRequest() | ||
for attr in ['country', 'email', 'first_name', 'last_name', 'language']: | ||
ax_request.add(ax.AttrInfo(ax_attributes[attr], required=True)) | ||
authrequest.addExtension(ax_request) | ||
|
||
# Add OAuth request? | ||
if 'oauth_scope' in req.POST: | ||
oauth_request = OAuthRequest(consumer=self.consumer, scope=req.POST['oauth_scope']) | ||
authrequest.addExtension(oauth_request) | ||
|
||
if 'popup_mode' in req.POST: | ||
kw_args = {'mode': req.POST['popup_mode']} | ||
if 'popup_icon' in req.POST: | ||
kw_args['icon'] = req.POST['popup_icon'] | ||
ui_request = UIRequest(**kw_args) | ||
authrequest.addExtension(ui_request) | ||
return None | ||
|
||
def _get_access_token(self, request_token): | ||
consumer = oauth.Consumer(key=self.consumer, secret=self.oauth_secret) | ||
token = oauth.Token(key=request_token, secret=None) | ||
params = { | ||
'oauth_version': "1.0", | ||
'oauth_nonce': oauth.generate_nonce(), | ||
'oauth_timestamp': int(time.time()), | ||
'oauth_token': request_token | ||
} | ||
req = oauth.Request(method="POST", url=GOOGLE_OAUTH, parameters=params) | ||
signature_method = oauth.SignatureMethod_HMAC_SHA1() | ||
req.sign_request(signature_method, consumer, token) | ||
|
||
client = oauth.Client(consumer, token) | ||
resp, content = client.request(GOOGLE_OAUTH, "POST") | ||
access_token = dict(urlparse.parse_qsl(content)) | ||
|
||
return {'oauthAccessToken': access_token['oauth_token'], | ||
'oauthAccessTokenSecret': access_token['oauth_token_secret']} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
"""OpenID Extensions | ||
Additional OpenID extensions for OAuth and UIRequest extensions. | ||
""" | ||
from openid import extension | ||
|
||
class UIRequest(extension.Extension): | ||
"""OpenID UI extension""" | ||
ns_uri = 'http://specs.openid.net/extensions/ui/1.0' | ||
ns_alias = 'ui' | ||
|
||
def __init__(self, mode=None, icon=False): | ||
super(UIRequest, self).__init__() | ||
self._args = {} | ||
if mode: | ||
self._args['mode'] = mode | ||
if icon: | ||
self._args['icon'] = str(icon).lower() | ||
|
||
def getExtensionArgs(self): | ||
return self._args | ||
|
||
|
||
class OAuthRequest(extension.Extension): | ||
"""OAuth extension""" | ||
ns_uri = 'http://specs.openid.net/extensions/oauth/1.0' | ||
ns_alias = 'oauth' | ||
|
||
def __init__(self, consumer, scope=None): | ||
super(OAuthRequest, self).__init__() | ||
self._args = {'consumer': consumer} | ||
if scope: | ||
self._args['scope'] = scope | ||
|
||
def getExtensionArgs(self): | ||
return self._args |
Oops, something went wrong.