Back to index

plone3  3.1.7
Public Member Functions | Public Attributes | Static Public Attributes
plone.openid.plugins.oid.OpenIdPlugin Class Reference
Inheritance diagram for plone.openid.plugins.oid.OpenIdPlugin:
Inheritance graph
[legend]
Collaboration diagram for plone.openid.plugins.oid.OpenIdPlugin:
Collaboration graph
[legend]

List of all members.

Public Member Functions

def __init__
def getTrustRoot
def getConsumer
def extractOpenIdServerResponse
def initiateChallenge
def extractCredentials
def authenticateCredentials
def enumerateUsers

Public Attributes

 title
 store

Static Public Attributes

string meta_type = "OpenID plugin"
tuple security = ClassSecurityInfo()

Detailed Description

OpenID authentication plugin.

Definition at line 33 of file oid.py.


Constructor & Destructor Documentation

def plone.openid.plugins.oid.OpenIdPlugin.__init__ (   self,
  id,
  title = None 
)

Definition at line 40 of file oid.py.

00040 
00041     def __init__(self, id, title=None):
00042         self._setId(id)
00043         self.title=title
00044         self.store=ZopeStore()
00045 

Here is the call graph for this function:

Here is the caller graph for this function:


Member Function Documentation

Definition at line 135 of file oid.py.

00135 
00136     def authenticateCredentials(self, credentials):
00137         if not credentials.has_key("openid.source"):
00138             return None
00139 
00140         if credentials["openid.source"]=="server":
00141             consumer=self.getConsumer()
00142             
00143             # remove the extractor key that PAS adds to the credentials,
00144             # or python-openid will complain
00145             query = credentials.copy()
00146             del query['extractor']
00147             
00148             result=consumer.complete(query, self.REQUEST.ACTUAL_URL)
00149             identity=result.identity_url
00150             
00151             if result.status==SUCCESS:
00152                 self._getPAS().updateCredentials(self.REQUEST,
00153                         self.REQUEST.RESPONSE, identity, "")
00154                 return (identity, identity)
00155             else:
00156                 logger.info("OpenId Authentication for %s failed: %s",
00157                                 identity, result.message)
00158 
00159         return None
00160 

Here is the call graph for this function:

def plone.openid.plugins.oid.OpenIdPlugin.enumerateUsers (   self,
  id = None,
  login = None,
  exact_match = False,
  sort_by = None,
  max_results = None,
  kw 
)
Slightly evil enumerator.

This is needed to be able to get PAS to return a user which it should
be able to handle but who can not be enumerated.

We do this by checking for the exact kind of call the PAS getUserById
implementation makes

Definition at line 163 of file oid.py.

00163 
00164             sort_by=None, max_results=None, **kw):
00165         """Slightly evil enumerator.
00166 
00167         This is needed to be able to get PAS to return a user which it should
00168         be able to handle but who can not be enumerated.
00169 
00170         We do this by checking for the exact kind of call the PAS getUserById
00171         implementation makes
00172         """
00173         if id and login and id!=login:
00174             return None
00175 
00176         if (id and not exact_match) or kw:
00177             return None
00178 
00179         key=id and id or login
00180 
00181         if not (key.startswith("http:") or key.startswith("https:")):
00182             return None
00183 
00184         return [ {
00185                     "id" : key,
00186                     "login" : key,
00187                     "pluginid" : self.getId(),
00188                 } ]
00189 
00190 
00191 
00192 classImplements(OpenIdPlugin, IOpenIdExtractionPlugin, IAuthenticationPlugin,
00193                 IUserEnumerationPlugin)
00194 
00195 

Here is the caller graph for this function:

This method performs the PAS credential extraction.

It takes either the zope cookie and extracts openid credentials
from it, or a redirect from an OpenID server.

Definition at line 118 of file oid.py.

00118 
00119     def extractCredentials(self, request):
00120         """This method performs the PAS credential extraction.
00121 
00122         It takes either the zope cookie and extracts openid credentials
00123         from it, or a redirect from an OpenID server.
00124         """
00125         creds={}
00126         identity=request.form.get("__ac_identity_url", None)
00127         if identity is not None and identity != "":
00128             self.initiateChallenge(identity)
00129             return creds
00130             
00131         self.extractOpenIdServerResponse(request, creds)
00132         return creds
00133 

Here is the call graph for this function:

Process incoming redirect from an OpenId server.

The redirect is detected by looking for the openid.mode
form parameters. If it is found the creds parameter is
cleared and filled with the found credentials.

Definition at line 57 of file oid.py.

00057 
00058     def extractOpenIdServerResponse(self, request, creds):
00059         """Process incoming redirect from an OpenId server.
00060 
00061         The redirect is detected by looking for the openid.mode
00062         form parameters. If it is found the creds parameter is
00063         cleared and filled with the found credentials.
00064         """
00065 
00066         mode=request.form.get("openid.mode", None)
00067         if mode=="id_res":
00068             # id_res means 'positive assertion' in OpenID, more commonly
00069             # described as 'positive authentication'
00070             creds.clear()
00071             creds["openid.source"]="server"
00072             creds["janrain_nonce"]=request.form.get("janrain_nonce")
00073             for (field,value) in request.form.iteritems():
00074                 if field.startswith("openid.") or field.startswith("openid1_"):
00075                     creds[field]=request.form[field]
00076         elif mode=="cancel":
00077             # cancel is a negative assertion in the OpenID protocol,
00078             # which means the user did not authorize correctly.
00079             pass
00080 

Here is the caller graph for this function:

Definition at line 52 of file oid.py.

00052 
00053     def getConsumer(self):
00054         session=self.REQUEST["SESSION"]
00055         return Consumer(session, self.store)
00056 

Here is the caller graph for this function:

Definition at line 46 of file oid.py.

00046 
00047     def getTrustRoot(self):
00048         pas=self._getPAS()
00049         site=aq_parent(pas)
00050         return site.absolute_url()
00051 

Here is the call graph for this function:

Here is the caller graph for this function:

def plone.openid.plugins.oid.OpenIdPlugin.initiateChallenge (   self,
  identity_url,
  return_to = None 
)

Definition at line 82 of file oid.py.

00082 
00083     def initiateChallenge(self, identity_url, return_to=None):
00084         consumer=self.getConsumer()
00085         try:
00086             auth_request=consumer.begin(identity_url)
00087         except DiscoveryFailure, e:
00088             logger.info("openid consumer discovery error for identity %s: %s",
00089                     identity_url, e[0])
00090             return
00091         except KeyError, e:
00092             logger.info("openid consumer error for identity %s: %s",
00093                     identity_url, e.why)
00094             pass
00095             
00096         if return_to is None:
00097             return_to=self.REQUEST.form.get("came_from", None)
00098         if not return_to or 'janrain_nonce' in return_to:
00099             # The conditional on janrain_nonce here is to handle the case where
00100             # the user logs in, logs out, and logs in again in succession.  We
00101             # were ending up with duplicate open ID variables on the second response
00102             # from the OpenID provider, which was breaking the second login.
00103             return_to=self.getTrustRoot()
00104 
00105         url=auth_request.redirectURL(self.getTrustRoot(), return_to)
00106 
00107         # There is evilness here: we can not use a normal RESPONSE.redirect
00108         # since further processing of the request will happily overwrite
00109         # our redirect. So instead we raise a Redirect exception, However
00110         # raising an exception aborts all transactions, which means our
00111         # session changes are not stored. So we do a commit ourselves to
00112         # get things working.
00113         # XXX this also f**ks up ZopeTestCase
00114         transaction.commit()
00115         raise Redirect, url
00116 

Here is the call graph for this function:

Here is the caller graph for this function:


Member Data Documentation

string plone.openid.plugins.oid.OpenIdPlugin.meta_type = "OpenID plugin" [static]

Definition at line 37 of file oid.py.

tuple plone.openid.plugins.oid.OpenIdPlugin.security = ClassSecurityInfo() [static]

Definition at line 38 of file oid.py.

Definition at line 43 of file oid.py.

Definition at line 42 of file oid.py.


The documentation for this class was generated from the following file: