1 """openid.py: an openid library for web.py
5 - This will create a file called .openid_secret_key in the
6 current directory with your secret key in it. If someone
7 has access to this file they can log in as any user. And
8 if the app can't find this file for any reason (e.g. you
9 moved the app somewhere else) then each currently logged
10 in user will get logged out.
12 - State must be maintained through the entire auth process
13 -- this means that if you have multiple web.py processes
14 serving one set of URLs or if you restart your app often
15 then log ins will fail. You have to replace sessions and
16 store for things to work.
18 - We set cookies starting with "openid_".
25 import __init__ as web
26 import openid.consumer.consumer
27 import openid.store.memstore
30 store = openid.store.memstore.MemoryStore()
34 secret = file('.openid_secret_key').read()
37 secret = os.urandom(20)
38 file('.openid_secret_key', 'w').write(secret)
41 def _hmac(identity_url):
42 return hmac.new(_secret(), identity_url).hexdigest()
44 def _random_session():
52 oid_hash = web.cookies().get('openid_identity_hash', '').split(',', 1)
54 oid_hash, identity_url = oid_hash
55 if oid_hash == _hmac(identity_url):
63 <form method="post" action="%s">
64 <img src="http://openid.net/login-bg.gif" alt="OpenID" />
66 <input type="hidden" name="action" value="logout" />
67 <input type="hidden" name="return_to" value="%s" />
68 <button type="submit">log out</button>
69 </form>''' % (openid_loc, oid, web.ctx.fullpath)
72 <form method="post" action="%s">
73 <input type="text" name="openid" value=""
74 style="background: url(http://openid.net/login-bg.gif) no-repeat; padding-left: 18px; background-position: 0 50%%;" />
75 <input type="hidden" name="return_to" value="%s" />
76 <button type="submit">log in</button>
77 </form>''' % (openid_loc, web.ctx.fullpath)
80 web.setcookie('openid_identity_hash', '', expires=-1)
84 # unlike the usual scheme of things, the POST is actually called
86 i = web.input(return_to='/')
87 if i.get('action') == 'logout':
89 return web.redirect(i.return_to)
91 i = web.input('openid', return_to='/')
94 sessions[n] = {'webpy_return_to': i.return_to}
96 c = openid.consumer.consumer.Consumer(sessions[n], store)
98 f = a.redirectURL(web.ctx.home, web.ctx.home + web.ctx.fullpath)
100 web.setcookie('openid_session_id', n)
101 return web.redirect(f)
104 n = web.cookies('openid_session_id').openid_session_id
105 web.setcookie('openid_session_id', '', expires=-1)
106 return_to = sessions[n]['webpy_return_to']
108 c = openid.consumer.consumer.Consumer(sessions[n], store)
109 a = c.complete(web.input(), web.ctx.home + web.ctx.fullpath)
111 if a.status.lower() == 'success':
112 web.setcookie('openid_identity_hash', _hmac(a.identity_url) + ',' + a.identity_url)
115 return web.redirect(return_to)