libs/django_authopenid/util.py

   1 # -*- coding: utf-8 -*-
   2 from openid.store.interface import OpenIDStore
   3 from openid.association import Association as OIDAssociation
   4 from openid.extensions import sreg
   5 import openid.store
   6
   7 from django.db.models.query import Q
   8 from django.conf import settings
   9 from django.http import str_to_unicode
  10
  11
  12 # needed for some linux distributions like debian
  13 try:
  14     from openid.yadis import xri
  15 except:
  16     from yadis import xri
  17
  18 import time, base64, md5, operator
  19 import urllib
  20
  21 from models import Association, Nonce
  22
  23 __all__ = ['OpenID', 'DjangoOpenIDStore', 'from_openid_response', 'clean_next']
  24
  25 DEFAULT_NEXT = getattr(settings, 'OPENID_REDIRECT_NEXT', '/')
  26 def clean_next(next):
  27     if next is None:
  28         return DEFAULT_NEXT
  29     next = str_to_unicode(urllib.unquote(next), 'utf-8')
  30     next = next.strip()
  31     if next.startswith('/'):
  32         return next
  33     return DEFAULT_NEXT
  34
  35 class OpenID:
  36     def __init__(self, openid_, issued, attrs=None, sreg_=None):
  37         self.openid = openid_
  38         self.issued = issued
  39         self.attrs = attrs or {}
  40         self.sreg = sreg_ or {}
  41         self.is_iname = (xri.identifierScheme(openid_) == 'XRI')
  42
  43     def __repr__(self):
  44         return '<OpenID: %s>' % self.openid
  45
  46     def __str__(self):
  47         return self.openid
  48
  49 class DjangoOpenIDStore(OpenIDStore):
  50     def __init__(self):
  51         self.max_nonce_age = 6 * 60 * 60 # Six hours
  52
  53     def storeAssociation(self, server_url, association):
  54         assoc = Association(
  55             server_url = server_url,
  56             handle = association.handle,
  57             secret = base64.encodestring(association.secret),
  58             issued = association.issued,
  59             lifetime = association.issued,
  60             assoc_type = association.assoc_type
  61         )
  62         assoc.save()
  63
  64     def getAssociation(self, server_url, handle=None):
  65         assocs = []
  66         if handle is not None:
  67             assocs = Association.objects.filter(
  68                 server_url = server_url, handle = handle
  69             )
  70         else:
  71             assocs = Association.objects.filter(
  72                 server_url = server_url
  73             )
  74         if not assocs:
  75             return None
  76         associations = []
  77         for assoc in assocs:
  78             association = OIDAssociation(
  79                 assoc.handle, base64.decodestring(assoc.secret), assoc.issued,
  80                 assoc.lifetime, assoc.assoc_type
  81             )
  82             if association.getExpiresIn() == 0:
  83                 self.removeAssociation(server_url, assoc.handle)
  84             else:
  85                 associations.append((association.issued, association))
  86         if not associations:
  87             return None
  88         return associations[-1][1]
  89
  90     def removeAssociation(self, server_url, handle):
  91         assocs = list(Association.objects.filter(
  92             server_url = server_url, handle = handle
  93         ))
  94         assocs_exist = len(assocs) > 0
  95         for assoc in assocs:
  96             assoc.delete()
  97         return assocs_exist
  98
  99     def useNonce(self, server_url, timestamp, salt):
 100         if abs(timestamp - time.time()) > openid.store.nonce.SKEW:
 101             return False
 102
 103         query = [
 104                 Q(server_url__exact=server_url),
 105                 Q(timestamp__exact=timestamp),
 106                 Q(salt__exact=salt),
 107         ]
 108         try:
 109             ononce = Nonce.objects.get(reduce(operator.and_, query))
 110         except Nonce.DoesNotExist:
 111             ononce = Nonce(
 112                     server_url=server_url,
 113                     timestamp=timestamp,
 114                     salt=salt
 115             )
 116             ononce.save()
 117             return True
 118
 119         ononce.delete()
 120
 121         return False
 122
 123     def cleanupNonce(self):
 124         Nonce.objects.filter(timestamp<int(time.time()) - nonce.SKEW).delete()
 125
 126     def cleanupAssociations(self):
 127         Association.objects.extra(where=['issued + lifetimeint<(%s)' % time.time()]).delete()
 128
 129     def getAuthKey(self):
 130         # Use first AUTH_KEY_LEN characters of md5 hash of SECRET_KEY
 131         return md5.new(settings.SECRET_KEY).hexdigest()[:self.AUTH_KEY_LEN]
 132
 133     def isDumb(self):
 134         return False
 135
 136 def from_openid_response(openid_response):
 137     """ return openid object from response """
 138     issued = int(time.time())
 139     sreg_resp = sreg.SRegResponse.fromSuccessResponse(openid_response) \
 140             or []
 141
 142     return OpenID(
 143         openid_response.identity_url, issued, openid_response.signed_fields,
 144          dict(sreg_resp)
 145     )