/usr/share/pyshared/social_auth/backends/browserid.py is in python-django-social-auth 0.7.23-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 | """
BrowserID support
"""
from urllib import urlencode
from django.contrib.auth import authenticate
from django.utils import simplejson
from social_auth.backends import SocialAuthBackend, BaseAuth
from social_auth.utils import log, dsa_urlopen
from social_auth.exceptions import AuthFailed, AuthMissingParameter
# BrowserID verification server
BROWSER_ID_SERVER = 'https://verifier.login.persona.org/verify'
class BrowserIDBackend(SocialAuthBackend):
"""BrowserID authentication backend"""
name = 'browserid'
def get_user_id(self, details, response):
"""Use BrowserID email as ID"""
return details['email']
def get_user_details(self, response):
"""Return user details, BrowserID only provides Email."""
# {'status': 'okay',
# 'audience': 'localhost:8000',
# 'expires': 1328983575529,
# 'email': 'name@server.com',
# 'issuer': 'login.persona.org'}
email = response['email']
return {'username': email.split('@', 1)[0],
'email': email,
'fullname': '',
'first_name': '',
'last_name': ''}
def extra_data(self, user, uid, response, details):
"""Return users extra data"""
return {
'audience': response['audience'],
'issuer': response['issuer']
}
# Auth classes
class BrowserIDAuth(BaseAuth):
"""BrowserID authentication"""
AUTH_BACKEND = BrowserIDBackend
def auth_complete(self, *args, **kwargs):
"""Completes loging process, must return user instance"""
if not 'assertion' in self.data:
raise AuthMissingParameter(self, 'assertion')
data = urlencode({
'assertion': self.data['assertion'],
'audience': self.request.get_host()
})
try:
response = simplejson.load(dsa_urlopen(BROWSER_ID_SERVER,
data=data))
except ValueError:
log('error', 'Could not load user data from BrowserID.',
exc_info=True)
else:
if response.get('status') == 'failure':
log('debug', 'Authentication failed.')
raise AuthFailed(self)
kwargs.update({
'auth': self,
'response': response,
self.AUTH_BACKEND.name: True
})
return authenticate(*args, **kwargs)
# Backend definition
BACKENDS = {
'browserid': BrowserIDAuth
}
|