WebStack

Changeset

775:127c9715df14
2009-11-25 Paul Boddie raw files shortlog changelog graph Added a test for empty identifiers in OpenID initiation. Changed the user identity to be the claimed identity (not the local identity from the provider) for users authenticated via OpenID. Made the local identities distinct from the claimed identities in the login/provider example.
WebStack/Resources/OpenIDInitiation.py (file) WebStack/Resources/OpenIDRedirect.py (file) examples/Common/OpenIDLogin/__init__.py (file)
     1.1 --- a/WebStack/Resources/OpenIDInitiation.py	Tue Jul 07 01:12:55 2009 +0200
     1.2 +++ b/WebStack/Resources/OpenIDInitiation.py	Wed Nov 25 20:12:52 2009 +0100
     1.3 @@ -76,10 +76,18 @@
     1.4          if identity.startswith("xri://"):
     1.5              identity = openid[6:]
     1.6  
     1.7 +        # Detect empty identifiers.
     1.8 +
     1.9 +        if not identity:
    1.10 +            return None, None, None
    1.11 +
    1.12          # NOTE: Not yet discovering XRI providers.
    1.13  
    1.14 -        if identity[0] in ("=", "@", "+", "$", "!", "("):
    1.15 +        elif identity[0] in ("=", "@", "+", "$", "!", "("):
    1.16              pass
    1.17 +
    1.18 +        # Handle URL-based identifiers.
    1.19 +
    1.20          else:
    1.21              if not identity.startswith("http"):
    1.22                  identity = "http://" + identity
     2.1 --- a/WebStack/Resources/OpenIDRedirect.py	Tue Jul 07 01:12:55 2009 +0200
     2.2 +++ b/WebStack/Resources/OpenIDRedirect.py	Wed Nov 25 20:12:52 2009 +0100
     2.3 @@ -90,7 +90,7 @@
     2.4          otherwise.
     2.5  
     2.6          If the optional 'verify' parameter is specified as a true value, perform
     2.7 -        verification on any 
     2.8 +        verification on any incoming OpenID credentials.
     2.9          """
    2.10  
    2.11          # If requested, attempt to verify OpenID assertions.
    2.12 @@ -107,7 +107,7 @@
    2.13                      self.test_signature(trans, fields) and \
    2.14                      self.test_replay(fields):
    2.15  
    2.16 -                    self.set_token(trans, fields["openid.identity"][0])
    2.17 +                    self.set_token(trans, fields["openid.claimed_id"][0])
    2.18                      return 1
    2.19  
    2.20              # Incomplete assertion.
    2.21 @@ -140,7 +140,8 @@
    2.22  
    2.23          # NOTE: Currently, this is not strict enough.
    2.24  
    2.25 -        return fields["openid.return_to"][0].startswith(self.app_url)
    2.26 +        return fields.has_key("openid.return_to") and \
    2.27 +            fields["openid.return_to"][0].startswith(self.app_url)
    2.28  
    2.29      def test_signature(self, trans, fields):
    2.30  
     3.1 --- a/examples/Common/OpenIDLogin/__init__.py	Tue Jul 07 01:12:55 2009 +0200
     3.2 +++ b/examples/Common/OpenIDLogin/__init__.py	Wed Nov 25 20:12:52 2009 +0100
     3.3 @@ -20,10 +20,13 @@
     3.4          app_url=app_url,
     3.5          authenticator=Authenticator(
     3.6              credentials=(
     3.7 -                # Local identifier,           username,  password
     3.8 -                ((deployment_url + "/badger", "badger"), "abc"),
     3.9 -                ((deployment_url + "/vole",   "vole"),   "xyz"),
    3.10 -                ((deployment_url + u"/זרו",   u"זרו"),   u"ֶ״ֵ"),
    3.11 +                # Local identifier, username, password
    3.12 +                (( "badger",  "badger"), "abc"),
    3.13 +                (( "vole",    "vole"),   "xyz"),
    3.14 +                ((u"זרו",    u"זרו"),   u"ֶ״ֵ"),
    3.15 +                (( "badger2", "badger"), "abc"),
    3.16 +                (( "vole2",   "vole"),   "xyz"),
    3.17 +                ((u"זרו2",   u"זרו"),   u"ֶ״ֵ"),
    3.18                  )
    3.19              )
    3.20          )
    3.21 @@ -39,40 +42,74 @@
    3.22                  <html>
    3.23                    <head>
    3.24                      <link rel="openid2.provider openid.server" href="%s/login" />
    3.25 -                    <link rel="openid2.local_id openid.delegate" href="%s/badger" />
    3.26 +                    <link rel="openid2.local_id openid.delegate" href="badger" />
    3.27                      <title>Badger's Home Page</title>
    3.28                    </head>
    3.29                    <body>
    3.30                      <p>Home page for the OpenID authenticated user, <code>badger</code>.</p>
    3.31                    </body>
    3.32                  </html>
    3.33 -            """ % (deployment_url, deployment_url), ContentType("text/html")),
    3.34 +            """ % deployment_url, ContentType("text/html")),
    3.35          u"זרו" :
    3.36              StringResource(u"""
    3.37                  <html>
    3.38                    <head>
    3.39                      <link rel="openid2.provider openid.server" href="%s/login" />
    3.40 -                    <link rel="openid2.local_id openid.delegate" href="%s/זרו" />
    3.41 +                    <link rel="openid2.local_id openid.delegate" href="זרו" />
    3.42                      <title>Home Page for זרו</title>
    3.43                    </head>
    3.44                    <body>
    3.45                      <p>Home page for the OpenID authenticated user, <code>זרו</code>.</p>
    3.46                    </body>
    3.47                  </html>
    3.48 -            """ % (deployment_url, deployment_url), ContentType("text/html", "iso-8859-1")),
    3.49 +            """ % deployment_url, ContentType("text/html", "iso-8859-1")),
    3.50          "vole" :
    3.51              StringResource("""
    3.52                  <html>
    3.53                    <head>
    3.54                      <link rel="openid2.provider openid.server" href="%s/login" />
    3.55 -                    <link rel="openid2.local_id openid.delegate" href="%s/vole" />
    3.56 +                    <link rel="openid2.local_id openid.delegate" href="vole" />
    3.57                      <title>Vole's Home Page</title>
    3.58                    </head>
    3.59                    <body>
    3.60                      <p>Home page for the OpenID authenticated user, <code>vole</code>.</p>
    3.61                    </body>
    3.62                  </html>
    3.63 -            """ % (deployment_url, deployment_url), ContentType("text/html"))
    3.64 +            """ % deployment_url, ContentType("text/html")),
    3.65 +
    3.66 +        # OpenID 2.0 resources.
    3.67 +        # See: http://docs.oasis-open.org/xri/2.0/specs/cd02/xri-resolution-V2.0-cd-02.html#_Ref129424065
    3.68 +        #      ("3.3 Media Types for XRI Resolution")
    3.69 +        # See: http://openid.net/specs/openid-authentication-2_0.html#discovery
    3.70 +        #      ("7.3. Discovery")
    3.71 +
    3.72 +        "badger2" :
    3.73 +            StringResource("""
    3.74 +                <?xml version="1.0"?>
    3.75 +                <Service xmlns="xri://$xrd*($v*2.0)">
    3.76 +                  <Type>http://specs.openid.net/auth/2.0/signon</Type>
    3.77 +                  <URI>%s/login</URI>
    3.78 +                  <LocalID>badger2</LocalID>
    3.79 +                </Service>
    3.80 +            """ % deployment_url, ContentType("application/xrd+xml")),
    3.81 +        u"זרו2" :
    3.82 +            StringResource(u"""
    3.83 +                <?xml version="1.0" encoding="iso-8859-1"?>
    3.84 +                <Service xmlns="xri://$xrd*($v*2.0)">
    3.85 +                  <Type>http://specs.openid.net/auth/2.0/signon</Type>
    3.86 +                  <URI>%s/login</URI>
    3.87 +                  <LocalID>זרו2</LocalID>
    3.88 +                </Service>
    3.89 +            """ % deployment_url, ContentType("application/xrd+xml", "iso-8859-1")),
    3.90 +        "vole2" :
    3.91 +            StringResource("""
    3.92 +                <?xml version="1.0"?>
    3.93 +                <Service xmlns="xri://$xrd*($v*2.0)">
    3.94 +                  <Type>http://specs.openid.net/auth/2.0/signon</Type>
    3.95 +                  <URI>%s/login</URI>
    3.96 +                  <LocalID>vole2</LocalID>
    3.97 +                </Service>
    3.98 +            """ % deployment_url, ContentType("application/xrd+xml")),
    3.99          })
   3.100  
   3.101  # vim: tabstop=4 expandtab shiftwidth=4