Changeset 4100 for TI12-security


Ignore:
Timestamp:
04/08/08 17:06:32 (11 years ago)
Author:
pjkersha
Message:

ndg.security.server.wsgi.openid_provider: fix to enable identifier_select support. - Feature in OpenID 2.0 that allows the user to enter their home site URL rather than their OpenID at the Relying Party.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/openid_provider.py

    r4090 r4100  
    213213            return self._showAboutPage() 
    214214 
    215         if request.mode in ["checkid_immediate", "checkid_setup"]: 
     215        # Check mode is one of "checkid_immediate", "checkid_setup" 
     216        if request.mode in server.BROWSER_REQUEST_MODES: 
    216217            return self._handleCheckIDRequest(request) 
    217218        else: 
     
    237238            else: 
    238239                identity = request.identity 
     240                 
     241            if self.user is None: 
     242                self.user = identity.split('/')[-1] 
    239243 
    240244            trust_root = request.trust_root 
     
    243247 
    244248            response = self._identityApproved(request, identity) 
    245  
    246249        elif 'no' in self.query: 
    247250            # TODO: Check 'no' response is OK - no causes AuthKit's Relying  
     
    426429    def _writeUserHeader(self): 
    427430        if self.user is None: 
     431            # TODO: Refactor this out when replaced with beaker.session /  
     432            # AuthKit 
     433            import time 
    428434            t1970 = time.gmtime(0) 
    429435            expires = time.strftime( 
     
    501507        # XXX: This may break if there are any synonyms for id_url_base, 
    502508        # such as referring to it by IP address or a CNAME. 
    503         assert request.identity.startswith(id_url_base), \ 
    504                repr((request.identity, id_url_base)) 
     509         
     510        # TODO: OpenID 2.0 Allows request.identity to be set to  
     511        # http://specs.openid.net/auth/2.0/identifier_select.  See, 
     512        # http://openid.net/specs/openid-authentication-2_0.html.  This code 
     513        # implements this overriding the behaviour of the example code on 
     514        # which this is based.  - Check is the example code based on OpenID 1.0 
     515        # and therefore wrong for this behaviour? 
     516#        assert request.identity.startswith(id_url_base), \ 
     517#               repr((request.identity, id_url_base)) 
    505518        expected_user = request.identity[len(id_url_base):] 
    506519 
     
    534547            </form> 
    535548            '''%fdata 
     549             
    536550        elif expected_user == self.user: 
    537551            msg = '''\ 
Note: See TracChangeset for help on using the changeset viewer.