File: //opt/alt/python27/lib/python2.7/site-packages/paste/auth/open_id.pyo
��
a��Nc������������@���s����d��Z��d��g��Z��d��d��l��Z��d��d��l��Z��d��d��l��Z��d��d��l��Z��d��d��l��m��Z���d�����Z��d��d��l �m
�Z
��d��d��l��m��Z���d��d��l
�m��Z���d��e��f��d �������YZ��e��Z��d
�e��e��e��e��e��d�����Z��d��S(����s����
OpenID Authentication (Consumer)
OpenID is a distributed authentication system for single sign-on originally
developed at/for LiveJournal.com.
http://openid.net/
URL. You can have multiple identities in the same way you can have multiple
URLs. All OpenID does is provide a way to prove that you own a URL (identity).
And it does this without passing around your password, your email address, or
anything you don't want it to. There's no profile exchange component at all:
your profiile is your identity URL, but recipients of your identity can then
learn more about you from any public, semantically interesting documents
linked thereunder (FOAF, RSS, Atom, vCARD, etc.).
``Note``: paste.auth.openid requires installation of the Python-OpenID
libraries::
http://www.openidenabled.com/
This module is based highly off the consumer.py that Python OpenID comes with.
Using the OpenID Middleware
===========================
Using the OpenID middleware is fairly easy, the most minimal example using the
basic login form thats included::
# Add to your wsgi app creation
from paste.auth import open_id
wsgi_app = open_id.middleware(wsgi_app, '/somewhere/to/store/openid/data')
You will now have the OpenID form available at /oid on your site. Logging in will
verify that the login worked.
A more complete login should involve having the OpenID middleware load your own
login page after verifying the OpenID URL so that you can retain the login
information in your webapp (session, cookies, etc.)::
wsgi_app = open_id.middleware(wsgi_app, '/somewhere/to/store/openid/data',
login_redirect='/your/login/code')
Your login code should then be configured to retrieve 'paste.auth.open_id' for
the users OpenID URL. If this key does not exist, the user has not logged in.
Once the login is retrieved, it should be saved in your webapp, and the user
should be redirected to wherever they would normally go after a successful
login.
t����AuthOpenIDHandleri����N(����t����httpexceptionsc������������C���s����t��j��|��d�����}��d��|��f���S(����Ni����s����"%s"(����t����cgit����escape(����t����st����qs(����(����sC���/opt/alt/python27/lib/python2.7/site-packages/paste/auth/open_id.pyt ���quoteattrA���s��������(����t ���filestore(����t����consumer(����t
���appendArgsc������������B���s����e��Z��d��Z��d��d��e��d��d�����Z��d�����Z��d�����Z��d�����Z��d�����Z �d�����Z
�d�����Z��d ����Z��d��d
�d��d��d��d
����Z
�d�����Z��d�����Z��RS(����sq���
This middleware implements OpenID Consumer behavior to authenticate a
URL against an OpenID Server.
s����/oidc������������C���s[���t��j��|�����}��t��j��|�����|��_��|��|��_��|��|��_��|��|��_��|��|��_��|��|��_ �|��|��_
�d��S(����s����
Initialize the OpenID middleware
``app``
Your WSGI app to call
``data_store_path``
Directory to store crypto data in for use with OpenID servers.
``auth_prefix``
Location for authentication process/verification
``login_redirect``
Location to load after successful process of login
``catch_401``
If true, then any 401 responses will turn into open ID login
requirements.
``url_to_username``
A function called like ``url_to_username(environ, url)``, which should
return a string username. If not given, the URL will be the username.
N(����R����t����FileOpenIDStoreR����t����OpenIDConsumert����oidconsumert����appt����auth_prefixt����data_store_patht����login_redirectt ���catch_401t����url_to_username(����t����selfR
���R����R����R����R����R����t����store(����(����sC���/opt/alt/python27/lib/python2.7/site-packages/paste/auth/open_id.pyt����__init__U���s���������� � � � � �c������������C���s;���|��d���j��|��j�����r��t��d��|��d��|��d��g�����}��t��j��j��|��d��t��d��t�����|��d��<t��j��|��j��d��|��d������}��t �j �|�����|��d �<t��t��j��j
�|��������|��d
�<|��d ��d���}��|��d��k��s��|���r��|��j��|�����S|��d
�k��r��|��j��|�����S|��d��k��r��|��j
�|�����S|��j��|�����Sn)�|��j��r'�|��j��|��|�����S|��j��|��|�����Sd��S(����Nt ���PATH_INFOt����environt����startt����bodyt����with_path_infot����with_query_stringt����base_urlt����t
���parsed_urit����queryi����t����/s����/verifys����/process(����t
���startswithR����t����dictt����pastet����requestt
���construct_urlt����Falset����ret����subt����urlparset����parse_querystringt����rendert ���do_verifyt
���do_processt ���not_foundR����t����catch_401_app_callR
���(����R����R����t����start_responseR$���t����path(����(����sC���/opt/alt/python27/lib/python2.7/site-packages/paste/auth/open_id.pyt����__call__y���s$�����������
�����������
���
���
��� ���c����������������s����g�����d��������f��d�����}��|��j��|��|�����}�����r��z��t��|������Wd��t��|��d�����r`�|��j������n��Xt��j��j��|��d��t��d��t�����}��t �j
�|�����}��|��j��|��������S|��Sd��S(����sV���
Call the application, and redirect if the app returns a 401 response
c����������������sL���t��|��j��d��d��������d��k��r8����j��d������d�����}��|��S���|��|��|�����Sd��S(����Ni����i����c������������S���s����d��S(����N(����(����t����v(����(����sC���/opt/alt/python27/lib/python2.7/site-packages/paste/auth/open_id.pyt����dummy_writer����s������(����t����intt����splitt����Nonet����append(����t����statust����headerst����exc_infoR4���(����R0���t����was_401(����sC���/opt/alt/python27/lib/python2.7/site-packages/paste/auth/open_id.pyt����replacement_start_response����s
�������
� ���Nt����closeR����R����(����R7���R
���t����listt����hasattrR>���R#���R$���R%���R&���R����t����HTTPTemporaryRedirectt����wsgi_application(����R����R����R0���R=���t����app_itert ���redir_urlt����exc(����(����R0���R<���sC���/opt/alt/python27/lib/python2.7/site-packages/paste/auth/open_id.pyR/�������s���������
�������������� �����c����
�������C���s����|��d���j��d�����}��|��s5�|��j��|��d��d��d��d��|�����S|��j��}��|��j��|�����\��}��}��|��t��j��t��j��g��k��r��|��t��j��k��r��d��}��n��d��}��|��t��j��|�����f���}��|��j��|��|��d��d��d��|�����S|��t��j �k��r��|��j
�|��d �d
�|��j�����}��|��j��|��|��d��|��d������} �|��j
�|��| ����Sd
�S(����sD���Process the form submission, initating OpenID verification.
R����t
���openid_urls ���Enter an identity URL to verify.t ���css_classt����errort
���form_contentss����Failed to retrieve <q>%s</q>s.���Could not find OpenID information in <q>%s</q>t����processt����tokent
���trust_rootR����N(����t����getR+���R����t ���beginAuthR����t����HTTP_FAILUREt����PARSE_ERRORR����R����t����SUCCESSt ���build_urlRK���t����constructRedirectt����redirect(
���R����R$���RF���R����R9���t����infot����fmtt����messaget ���return_tot����redirect_url(����(����sC���/opt/alt/python27/lib/python2.7/site-packages/paste/auth/open_id.pyR,�������s$�����������
� ������� �����������������c������������C���sv���|��j��}��|��d���j��d��d�����}��|��j��|��|��d������\��}��}��d��}��d��}��|��t��j��k��r��|��r��|��}��d��}��|��t��j��|�����f���} �n��|��t��j��k��rZ�d��}��|��rQ�|��}��|��j �r��|��j �|��d���|�����}
�n��|��}
�d��|��d���k��r��|��d���d���|
�����n��|��j
�s��d �}��|��t��j��|�����f���} �qW�|��|��d���d
�<|��j
�|��d���d��<|��j��|��d���|��d������Sq`�d
�} �n��d��} �|��j��|��| �|��|�����S(����s4���Handle the redirect from the OpenID server.
R����RK���R����RH���s����Verification of %s failed.t����alertR����s����paste.auth_tkt.set_users����If you had supplied a login redirect path, you would have been redirected there. You have successfully verified %s as your identity.s����paste.auth.open_idR����R����s����Verification cancelleds����Verification failed.N(
���R����RM���t����completeAuthR7���R����t����FAILURER����R����RQ���R����R����R
���R+���(����R����R$���R����RK���R9���RU���RG���RF���RV���RW���t����username(����(����sC���/opt/alt/python27/lib/python2.7/site-packages/paste/auth/open_id.pyR-�������s6����� ������������������������� ��������� ����������� ���c������������K���s.���t��j��|��d���|��j��d���|������}��t��|��|�����S(����s[���Build a URL relative to the server base_url, with the given
query parameters added.R����R ���(����R)���t����urljoinR����R ���(����R����R$���t����actionR����t����base(����(����sC���/opt/alt/python27/lib/python2.7/site-packages/paste/auth/open_id.pyRR���!���s������!�c������������C���s.���d��d��|��f��g��}��|��d���d��|������d��|���g��S(����s9���Send a redirect response to the given URL to the browser.s����Content-types
���text/plaint����LocationR����s����302 REDIRECTs����Redirecting to %s(����s����Content-types
���text/plain(����(����R����R$���RY���t����response_headers(����(����sC���/opt/alt/python27/lib/python2.7/site-packages/paste/auth/open_id.pyRT���'���s������������c������������C���sF���d��}��|��|��d���f���}��|��d���j��d�����}��|��j��|��|��d��|��d��d�����S(����s3���Render a page with a 404 return code and a message.s5���The path <q>%s</q> was not understood by this server.R����R����RF���RH���R9���s
���404 Not Found(����RM���R+���(����R����R$���RV���t����msgRF���(����(����sC���/opt/alt/python27/lib/python2.7/site-packages/paste/auth/open_id.pyR.���.���s������������RZ���s����200 OKs����Python OpenID Consumerc������������C���s����d��g��}��|��d���t��|�����|������|��j��|��|������|��rs�|��d���j��d��|��f�������|��d���j��|������|��d���j��d������n��|��j��|��|������|��d���S(����s����Render a page.s����Content-types ���text/htmlR����R����s����<div class='%s'>s����</div>(����s����Content-types ���text/html(����t����strt����page_headerR8���t����page_footer(����R����R$���RW���RG���RI���R9���t����titleRb���(����(����sC���/opt/alt/python27/lib/python2.7/site-packages/paste/auth/open_id.pyR+���5���s������ ���������������c������������C���s����|��d���j��d��|��|��f�������d��S(����s����Render the page headerR����sT���<html>
<head><title>%s</title></head>
<style type="text/css">
* {
font-family: verdana,sans-serif;
}
body {
width: 50em;
margin: 1em;
}
div {
padding: .5em;
}
table {
margin: none;
padding: none;
}
.alert {
border: 1px solid #e7dc2b;
background: #fff888;
}
.error {
border: 1px solid #ff0000;
background: #ffaaaa;
}
#verify-form {
border: 1px solid #777777;
background: #dddddd;
margin-top: 1em;
padding-bottom: 0em;
}
</style>
<body>
<h1>%s</h1>
<p>
This example consumer uses the <a
href="http://openid.schtuff.com/">Python OpenID</a> library. It
just verifies that the URL that you enter is your identity URL.
</p>
N(����R8���(����R����R$���Rg���(����(����sC���/opt/alt/python27/lib/python2.7/site-packages/paste/auth/open_id.pyRe���C���s������
(c������������C���sF���|��s��d��}��n��|��d���j��d��t��|��j��|��d��������t��|�����f�������d��S(����s����Render the page footerR����R����s���� <div id="verify-form">
<form method="get" action=%s>
Identity URL:
<input type="text" name="openid_url" value=%s />
<input type="submit" value="Verify" />
</form>
</div>
</body>
</html>
t����verifyN(����R8���R����RR���(����R����R$���RI���(����(����sC���/opt/alt/python27/lib/python2.7/site-packages/paste/auth/open_id.pyRf���o���s�������� �
N(����t����__name__t
���__module__t����__doc__R7���R&���R����R2���R/���R,���R-���RR���RT���R.���R+���Re���Rf���(����(����(����sC���/opt/alt/python27/lib/python2.7/site-packages/paste/auth/open_id.pyR����O���s�������������" � � 3 ? � � � ��
,s����/oidc ���
�������C���s����d��d��l��m��} ��d��d��l��m��}
��| �|�����}��|��rS�t��|��t�����rS�|
�j��|�����}��n��| �|�����}��t��|��d��|��d��|��d��|��d��|��d��|��p��d�����}��|��r��d��d �l �m
�}���|��j��|��|��d
�|�����}��n��|��S(����Ni����(����t����asbool(����t
���import_stringR����R����R����R����R����(����t����auth_tktt����logout_path(����t����paste.deploy.convertersRl���t
���paste.utilRm���t
���isinstancet
���basestringt����eval_importR����R7���t
���paste.authRn���t����make_auth_tkt_middleware(
���R
���t����global_confR����R����R����R����R����t����apply_auth_tktt����auth_tkt_logout_pathRl���Rm���t����new_appRn���(����(����sC���/opt/alt/python27/lib/python2.7/site-packages/paste/auth/open_id.pyt����make_open_id_middleware����s����������������������������������(����Rk���t����__all__R����R)���R'���t
���paste.requestR#���R����R����t����openid.storeR����t����openid.consumerR����t����openid.oidutilR ���t����objectR����t
���middlewareR7���R&���R{���(����(����(����sC���/opt/alt/python27/lib/python2.7/site-packages/paste/auth/open_id.pyt����<module>6���s&����� �����������
���������3������������