Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

add openid code

  • Loading branch information...
commit 141a9b22dec0c75ce60403fcee82deb4b564f83a 1 parent 10b4e17
Aaron Swartz authored
Showing with 116 additions and 0 deletions.
  1. +1 −0  web/__init__.py
  2. +115 −0 web/webopenid.py
View
1  web/__init__.py
@@ -26,6 +26,7 @@
from httpserver import *
from debugerror import *
from application import *
+import webopenid as openid
try:
import cheetah
View
115 web/webopenid.py
@@ -0,0 +1,115 @@
+"""openid.py: an openid library for web.py
+
+Notes:
+
+ - This will create a file called .openid_secret_key in the
+ current directory with your secret key in it. If someone
+ has access to this file they can log in as any user. And
+ if the app can't find this file for any reason (e.g. you
+ moved the app somewhere else) then each currently logged
+ in user will get logged out.
+
+ - State must be maintained through the entire auth process
+ -- this means that if you have multiple web.py processes
+ serving one set of URLs or if you restart your app often
+ then log ins will fail. You have to replace sessions and
+ store for things to work.
+
+ - We set cookies starting with "openid_".
+
+"""
+
+import os
+import random
+import hmac
+import __init__ as web
+import openid.consumer.consumer
+import openid.store.memstore
+
+sessions = {}
+store = openid.store.memstore.MemoryStore()
+
+def _secret():
+ try:
+ secret = file('.openid_secret_key').read()
+ except IOError:
+ # file doesn't exist
+ secret = os.urandom(20)
+ file('.openid_secret_key', 'w').write(secret)
+ return secret
+
+def _hmac(identity_url):
+ return hmac.new(_secret(), identity_url).hexdigest()
+
+def _random_session():
+ n = random.random()
+ while n in sessions:
+ n = random.random()
+ n = str(n)
+ return n
+
+def status():
+ oid_hash = web.cookies().get('openid_identity_hash', '').split(',', 1)
+ if len(oid_hash) > 1:
+ oid_hash, identity_url = oid_hash
+ if oid_hash == _hmac(identity_url):
+ return identity_url
+ return None
+
+def form(openid_loc):
+ oid = status()
+ if oid:
+ return '''
+ <form method="post" action="%s">
+ <img src="http://openid.net/login-bg.gif" alt="OpenID" />
+ <strong>%s</strong>
+ <input type="hidden" name="action" value="logout" />
+ <input type="hidden" name="return_to" value="%s" />
+ <button type="submit">log out</button>
+ </form>''' % (openid_loc, oid, web.ctx.fullpath)
+ else:
+ return '''
+ <form method="post" action="%s">
+ <input type="text" name="openid" value=""
+ style="background: url(http://openid.net/login-bg.gif) no-repeat; padding-left: 18px; background-position: 0 50%%;" />
+ <input type="hidden" name="return_to" value="%s" />
+ <button type="submit">log in</button>
+ </form>''' % (openid_loc, web.ctx.fullpath)
+
+def logout():
+ web.setcookie('openid_identity_hash', '', expires=-1)
+
+class host:
+ def POST(self):
+ # unlike the usual scheme of things, the POST is actually called
+ # first here
+ i = web.input(return_to='/')
+ if i.get('action') == 'logout':
+ logout()
+ return web.redirect(i.return_to)
+
+ i = web.input('openid', return_to='/')
+
+ n = _random_session()
+ sessions[n] = {'webpy_return_to': i.return_to}
+
+ c = openid.consumer.consumer.Consumer(sessions[n], store)
+ a = c.begin(i.openid)
+ f = a.redirectURL(web.ctx.home, web.ctx.home + web.ctx.fullpath)
+
+ web.setcookie('openid_session_id', n)
+ return web.redirect(f)
+
+ def GET(self):
+ n = web.cookies('openid_session_id').openid_session_id
+ web.setcookie('openid_session_id', '', expires=-1)
+ return_to = sessions[n]['webpy_return_to']
+
+ c = openid.consumer.consumer.Consumer(sessions[n], store)
+ a = c.complete(web.input(), web.ctx.home + web.ctx.fullpath)
+
+ if a.status.lower() == 'success':
+ web.setcookie('openid_identity_hash', _hmac(a.identity_url) + ',' + a.identity_url)
+
+ del sessions[n]
+ return web.redirect(return_to)
Please sign in to comment.
Something went wrong with that request. Please try again.