Skip to content

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also .

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also .
  • 3 commits
  • 3 files changed
  • 0 commit comments
  • 1 contributor
Commits on Apr 10, 2012
Jukka Ojaniemi Removed unneeded imports. b031d96
Jukka Ojaniemi Removed empty lines (pep8). e81568f
Commits on Apr 12, 2012
Jukka Ojaniemi Added check for allowed openid_providers to extractCredentials method…
…. Made some pep8 fixes too.
0ad850f
Showing with 32 additions and 37 deletions.
  1. +27 −25 plone/openid/plugins/oid.py
  2. +0 −2 plone/openid/tests/oitestcase.py
  3. +5 −10 plone/openid/tests/testAuthentication.py
View
52 plone/openid/plugins/oid.py
@@ -13,11 +13,13 @@
from openid.consumer.consumer import Consumer, SUCCESS
import logging
-manage_addOpenIdPlugin = PageTemplateFile("../www/openidAdd", globals(),
- __name__="manage_addOpenIdPlugin")
+
+manage_addOpenIdPlugin = PageTemplateFile("../www/openidAdd", globals(),
+ __name__="manage_addOpenIdPlugin")
logger = logging.getLogger("PluggableAuthService")
+
def addOpenIdPlugin(self, id, title='', REQUEST=None):
"""Add a OpenID plugin to a Pluggable Authentication Service.
"""
@@ -34,34 +36,37 @@ class OpenIdPlugin(BasePlugin):
"""OpenID authentication plugin.
"""
+ _properties = ({'id' : 'allowed_openid_providers',
+ 'label' : 'Allowed openid providers',
+ 'type' : 'lines',
+ 'mode' : 'w'},
+ )
+
meta_type = "OpenID plugin"
security = ClassSecurityInfo()
- def __init__(self, id, title=None):
+ def __init__(self, id, title=None, allowed_openid_providers=[]):
self._setId(id)
self.title=title
+ self.allowed_openid_providers=allowed_openid_providers
self.store=ZopeStore()
-
def getTrustRoot(self):
pas=self._getPAS()
site=aq_parent(pas)
return site.absolute_url()
-
def getConsumer(self):
session=self.REQUEST["SESSION"]
return Consumer(session, self.store)
-
def extractOpenIdServerResponse(self, request, creds):
"""Process incoming redirect from an OpenId server.
The redirect is detected by looking for the openid.mode
form parameters. If it is found the creds parameter is
cleared and filled with the found credentials.
"""
-
mode=request.form.get("openid.mode", None)
if mode=="id_res":
# id_res means 'positive assertion' in OpenID, more commonly
@@ -77,7 +82,6 @@ def extractOpenIdServerResponse(self, request, creds):
# which means the user did not authorize correctly.
pass
-
# IOpenIdExtractionPlugin implementation
def initiateChallenge(self, identity_url, return_to=None):
consumer=self.getConsumer()
@@ -91,7 +95,7 @@ def initiateChallenge(self, identity_url, return_to=None):
logger.info("openid consumer error for identity %s: %s",
identity_url, e.why)
pass
-
+
if return_to is None:
return_to=self.REQUEST.form.get("came_from", None)
if not return_to or 'janrain_nonce' in return_to:
@@ -113,7 +117,6 @@ def initiateChallenge(self, identity_url, return_to=None):
transaction.commit()
raise Redirect, url
-
# IExtractionPlugin implementation
def extractCredentials(self, request):
"""This method performs the PAS credential extraction.
@@ -123,30 +126,33 @@ def extractCredentials(self, request):
"""
creds={}
identity=request.form.get("__ac_identity_url", None)
- if identity is not None and identity != "":
+
+ allowed_openid_providers = getattr(self, 'allowed_openid_providers', None)
+
+ if identity is not None and identity != "" and\
+ (not allowed_openid_providers or identity in allowed_openid_providers):
self.initiateChallenge(identity)
return creds
-
+
self.extractOpenIdServerResponse(request, creds)
return creds
-
# IAuthenticationPlugin implementation
def authenticateCredentials(self, credentials):
if not credentials.has_key("openid.source"):
return None
if credentials["openid.source"]=="server":
consumer=self.getConsumer()
-
+
# remove the extractor key that PAS adds to the credentials,
# or python-openid will complain
query = credentials.copy()
del query['extractor']
-
+
result=consumer.complete(query, self.REQUEST.ACTUAL_URL)
identity=result.identity_url
-
+
if result.status==SUCCESS:
self._getPAS().updateCredentials(self.REQUEST,
self.REQUEST.RESPONSE, identity, "")
@@ -157,7 +163,6 @@ def authenticateCredentials(self, credentials):
return None
-
# IUserEnumerationPlugin implementation
def enumerateUsers(self, id=None, login=None, exact_match=False,
sort_by=None, max_results=None, **kw):
@@ -180,15 +185,12 @@ def enumerateUsers(self, id=None, login=None, exact_match=False,
if not (key.startswith("http:") or key.startswith("https:")):
return None
- return [ {
- "id" : key,
- "login" : key,
- "pluginid" : self.getId(),
- } ]
-
+ return [{
+ "id": key,
+ "login": key,
+ "pluginid": self.getId(),
+ }]
classImplements(OpenIdPlugin, IOpenIdExtractionPlugin, IAuthenticationPlugin,
IUserEnumerationPlugin)
-
-
View
2 plone/openid/tests/oitestcase.py
@@ -1,7 +1,5 @@
from Testing import ZopeTestCase
from plone.session.tests.sessioncase import PloneSessionTestCase
-from Testing.ZopeTestCase.placeless import setUp, tearDown
-from Testing.ZopeTestCase.placeless import zcml
from plone.openid.plugins.oid import OpenIdPlugin
from plone.openid.tests.consumer import PatchPlugin
View
15 plone/openid/tests/testAuthentication.py
@@ -1,5 +1,6 @@
import unittest
+
class TestOpenIdAuthentication(unittest.TestCase):
identity = "http://plone.myopenid.com"
@@ -10,31 +11,28 @@ def createPlugin(self):
pas=MockPAS()
return plugin.__of__(pas)
-
def buildServerResponse(self):
credentials={}
- for field in [ "nonce", "openid.assoc_handle", "openid.return_to",
- "openid.signed", "openid.sig",
- "openid.invalidate_handle", "openid.mode"]:
+ for field in ["nonce", "openid.assoc_handle", "openid.return_to",
+ "openid.signed", "openid.sig",
+ "openid.invalidate_handle", "openid.mode"]:
credentials[field]=field
credentials["openid.identity"]=self.identity
credentials["openid.source"]="server"
-
+
# this isn't part of the server response, but is added to the
# credentials by PAS
credentials["extractor"] = "openid"
return credentials
-
def testEmptyAuthentication(self):
"""Test if we do not invent an identity out of thin air.
"""
plugin=self.createPlugin()
creds=plugin.authenticateCredentials({})
self.assertEqual(creds, None)
-
def testEmptyStringIdentityAuthentication(self):
"""Test coverage for bug #7176, where an
"" (i.e. an empty string) identity passed to
@@ -46,16 +44,13 @@ def testEmptyStringIdentityAuthentication(self):
creds=plugin.authenticateCredentials(credentials)
self.assertEqual(creds, None)
-
def testUnknownOpenIdSource(self):
"""Test if an incorrect source does not produce unexpected exceptions.
"""
plugin=self.createPlugin()
creds=plugin.authenticateCredentials({"openid.source" : "x"})
self.assertEqual(creds, None)
-
-
def testIncompleteServerAuthentication(self):
"""Test authentication of OpenID server responses.
"""

No commit comments for this range

Something went wrong with that request. Please try again.