/usr/share/pyshared/MoinMoin/auth/botbouncer.py is in python-moinmoin 1.9.3-1ubuntu2.3.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 | # -*- coding: iso-8859-1 -*-
"""
MoinMoin - botbouncer.com verifier for OpenID login
@copyright: 2007 MoinMoin:JohannesBerg
@license: GNU GPL, see COPYING for details.
"""
from MoinMoin import user
from MoinMoin.auth import BaseAuth, CancelLogin, ContinueLogin, MultistageRedirectLogin
from urllib import urlopen, quote_plus
class BotBouncer(BaseAuth):
name = 'botbouncer'
def __init__(self, apikey):
BaseAuth.__init__(self)
self.apikey = apikey
def login(self, request, user_obj, **kw):
if kw.get('multistage'):
uid = request.session.get('botbouncer.uid', None)
if not uid:
return CancelLogin(None)
openid = request.session['botbouncer.id']
del request.session['botbouncer.id']
del request.session['botbouncer.uid']
user_obj = user.User(request, uid, auth_method='openid',
auth_username=openid)
if not user_obj or not user_obj.valid:
return ContinueLogin(user_obj)
if user_obj.auth_method != 'openid':
return ContinueLogin(user_obj)
openid_id = user_obj.auth_username
_ = request.getText
try:
url = "http://botbouncer.com/api/info?openid=%s&api_key=%s" % (
quote_plus(openid_id), self.apikey)
data = urlopen(url).read().strip()
except IOError:
return CancelLogin(_('Could not contact botbouncer.com.'))
data = data.split(':')
if len(data) != 2 or data[0] != 'verified':
return CancelLogin('botbouncer.com verification failed, probably invalid API key.')
if data[1].lower() == 'true':
# they proved they are human already
return ContinueLogin(user_obj)
# tell them to verify at bot bouncer first
request.session['botbouncer.id'] = openid_id
request.session['botbouncer.uid'] = user_obj.id
goto = "http://botbouncer.com/captcha/queryuser?return_to=%%return_form&openid=%s" % (
quote_plus(request.session['botbouncer.id']))
return MultistageRedirectLogin(goto)
|