Ñò ô†³Kc@sÃdZdgZddkZddkZddkZddkZddklZd„Zddk l Z ddk l Z ddk lZdefd „ƒYZeZd eeeeed „ZdS( sÈ OpenID Authentication (Consumer) OpenID is a distributed authentication system for single sign-on originally developed at/for LiveJournal.com. http://openid.net/ URL. You can have multiple identities in the same way you can have multiple URLs. All OpenID does is provide a way to prove that you own a URL (identity). And it does this without passing around your password, your email address, or anything you don't want it to. There's no profile exchange component at all: your profiile is your identity URL, but recipients of your identity can then learn more about you from any public, semantically interesting documents linked thereunder (FOAF, RSS, Atom, vCARD, etc.). ``Note``: paste.auth.openid requires installation of the Python-OpenID libraries:: http://www.openidenabled.com/ This module is based highly off the consumer.py that Python OpenID comes with. Using the OpenID Middleware =========================== Using the OpenID middleware is fairly easy, the most minimal example using the basic login form thats included:: # Add to your wsgi app creation from paste.auth import open_id wsgi_app = open_id.middleware(wsgi_app, '/somewhere/to/store/openid/data') You will now have the OpenID form available at /oid on your site. Logging in will verify that the login worked. A more complete login should involve having the OpenID middleware load your own login page after verifying the OpenID URL so that you can retain the login information in your webapp (session, cookies, etc.):: wsgi_app = open_id.middleware(wsgi_app, '/somewhere/to/store/openid/data', login_redirect='/your/login/code') Your login code should then be configured to retrieve 'paste.auth.open_id' for the users OpenID URL. If this key does not exist, the user has not logged in. Once the login is retrieved, it should be saved in your webapp, and the user should be redirected to wherever they would normally go after a successful login. tAuthOpenIDHandleriÿÿÿÿN(thttpexceptionscCsti|dƒ}d|fS(Nis"%s"(tcgitescape(tstqs((s6/usr/lib/python2.6/site-packages/paste/auth/open_id.pyt quoteattrAs(t filestore(tconsumer(t appendArgscBsŒeZdZddedd„Zd„Zd„Zd„Zd„Z d„Z d„Z d „Z dd dd d d „Z d„Zd„ZRS(sq This middleware implements OpenID Consumer behavior to authenticate a URL against an OpenID Server. s/oidcCs[ti|ƒ}ti|ƒ|_||_||_||_||_||_ ||_ dS(s÷ Initialize the OpenID middleware ``app`` Your WSGI app to call ``data_store_path`` Directory to store crypto data in for use with OpenID servers. ``auth_prefix`` Location for authentication process/verification ``login_redirect`` Location to load after successful process of login ``catch_401`` If true, then any 401 responses will turn into open ID login requirements. ``url_to_username`` A function called like ``url_to_username(environ, url)``, which should return a string username. If not given, the URL will be the username. N( RtFileOpenIDStoreRtOpenIDConsumert oidconsumertappt auth_prefixtdata_store_pathtlogin_redirectt catch_401turl_to_username(tselfR RRRRRtstore((s6/usr/lib/python2.6/site-packages/paste/auth/open_id.pyt__init__Us     cCsF|di|iƒotd|d|dgƒ}tii|dtdtƒ|dR#R$R%R&RtHTTPTemporaryRedirecttwsgi_application(RRR0R=tapp_itert redir_urltexc((R<R0s6/usr/lib/python2.6/site-packages/paste/auth/open_id.pyR/’s  c Cs.|didƒ}|p|i|dddd|ƒS|i}|i|ƒ\}}|titigjoS|tijo d}nd}|ti|ƒf}|i||ddd|ƒS|ti joH|i |d d |i ƒ}|i ||d |d ƒ} |i || ƒStp td ‚dS(sDProcess the form submission, initating OpenID verification. Rt openid_urls Enter an identity URL to verify.t css_classterrort form_contentssFailed to retrieve %ss.Could not find OpenID information in %stprocessttokent trust_rootRs Not reachedN(tgetR+R t beginAuthRt HTTP_FAILUREt PARSE_ERRORRRtSUCCESSt build_urlRKtconstructRedirecttredirectR&tAssertionError( RR$RFR R9tinfotfmttmessaget return_tot redirect_url((s6/usr/lib/python2.6/site-packages/paste/auth/open_id.pyR,¯s$  c Csƒ|i}|diddƒ}|i||dƒ\}}d}d}|tijo-|o&|}d}|ti|ƒf} nê|tijoÓd}|o¼|}|i o|i |d|ƒ} n|} d|djo|dd| ƒn|i p d }|ti|ƒf} qc||dd <|i |dd <|i |d|d ƒSqmd } nd} |i || ||ƒS(s4Handle the redirect from the OpenID server. RRKRRHsVerification of %s failed.talertRspaste.auth_tkt.set_users…If you had supplied a login redirect path, you would have been redirected there. You have successfully verified %s as your identity.spaste.auth.open_idRRsVerification cancelledsVerification failed.N( R RMt completeAuthR7RtFAILURERRRQRRR R+( RR$R RKR9RVRGRFRWRXtusername((s6/usr/lib/python2.6/site-packages/paste/auth/open_id.pyR-âs6    cKs.ti|d|id|ƒ}t||ƒS(s[Build a URL relative to the server base_url, with the given query parameters added.RR (R)turljoinRR (RR$tactionRtbase((s6/usr/lib/python2.6/site-packages/paste/auth/open_id.pyRR!s!cCs.dd|fg}|dd|ƒd|gS(s9Send a redirect response to the given URL to the browser.s Content-types text/plaintLocationRs 302 REDIRECTsRedirecting to %s(s Content-types text/plain((RR$RZtresponse_headers((s6/usr/lib/python2.6/site-packages/paste/auth/open_id.pyRT'scCsFd}||df}|didƒ}|i||d|ddƒS(s3Render a page with a 404 return code and a message.s5The path %s was not understood by this server.RRRFRHR9s 404 Not Found(RMR+(RR$RWtmsgRF((s6/usr/lib/python2.6/site-packages/paste/auth/open_id.pyR..sR[s200 OKsPython OpenID ConsumercCsdg}|dt|ƒ|ƒ|i||ƒ|o>|did|fƒ|di|ƒ|didƒn|i||ƒ|dS(sRender a page.s Content-types text/htmlRRs
s
(s Content-types text/html(tstrt page_headerR8t page_footer(RR$RXRGRIR9ttitleRc((s6/usr/lib/python2.6/site-packages/paste/auth/open_id.pyR+5s cCs|did||fƒdS(sRender the page headerRsT %s

%s

This example consumer uses the Python OpenID library. It just verifies that the URL that you enter is your identity URL.

N(R8(RR$Rh((s6/usr/lib/python2.6/site-packages/paste/auth/open_id.pyRfCs (cCsH|p d}n|didt|i|dƒƒt|ƒfƒdS(sRender the page footerRRsí
Identity URL:
tverifyN(R8RRR(RR$RI((s6/usr/lib/python2.6/site-packages/paste/auth/open_id.pyRgos  N(t__name__t __module__t__doc__R7R&RR2R/R,R-RRRTR.R+RfRg(((s6/usr/lib/python2.6/site-packages/paste/auth/open_id.pyROs "   3 ?     ,s/oidc CsÊddkl} ddkl} | |ƒ}|o#t|tƒo| i|ƒ}n| |ƒ}t|d|d|d|d|d|pdƒ} |o,dd k l } | i | |d |ƒ} n| S( Niÿÿÿÿ(tasbool(t import_stringRRRRR(tauth_tktt logout_path( tpaste.deploy.convertersRmt paste.utilRnt isinstancet basestringt eval_importRR7t paste.authRotmake_auth_tkt_middleware( R t global_confRRRRRtapply_auth_tkttauth_tkt_logout_pathRmRntnew_appRo((s6/usr/lib/python2.6/site-packages/paste/auth/open_id.pytmake_open_id_middlewareƒs    (Rlt__all__RR)R't paste.requestR#RRt openid.storeRtopenid.consumerRtopenid.oidutilR tobjectRt middlewareR7R&R|(((s6/usr/lib/python2.6/site-packages/paste/auth/open_id.pyt6s&      ÿ3