From 27c8ad5ce30b62125effd9457da7d97ebb4979cc Mon Sep 17 00:00:00 2001 From: Andrew Mleczko Date: Tue, 10 Jan 2012 11:28:40 +0100 Subject: [PATCH 1/4] update consumer to work with google app domains --- openid/consumer/consumer.py | 28 +++++++++++++++++++++++----- 1 file changed, 23 insertions(+), 5 deletions(-) diff --git a/openid/consumer/consumer.py b/openid/consumer/consumer.py index 52057494..6893d788 100644 --- a/openid/consumer/consumer.py +++ b/openid/consumer/consumer.py @@ -921,9 +921,15 @@ def _verifyDiscoveryResultsOpenID2(self, resp_msg, endpoint): # again. This covers not using sessions, OP identifier # endpoints and responses that didn't match the original # request. + if to_match.server_url.startswith(u'https://www.google.com/a/'): + import urllib + claimed_id = u'https://www.google.com/accounts/o8/user-xrds?uri=%s' % urllib.quote_plus(to_match.claimed_id) + else: + claimed_id = to_match.claimed_id + if not endpoint: oidutil.log('No pre-discovered information supplied.') - endpoint = self._discoverAndVerify(to_match.claimed_id, [to_match]) + endpoint = self._discoverAndVerify(claimed_id, [to_match]) else: # The claimed ID matches, so we use the endpoint that we # discovered in initiation. This should be the most common @@ -936,7 +942,7 @@ def _verifyDiscoveryResultsOpenID2(self, resp_msg, endpoint): str(e)) oidutil.log("Attempting discovery to verify endpoint") endpoint = self._discoverAndVerify( - to_match.claimed_id, [to_match]) + claimed_id, [to_match]) # The endpoint we return should have the claimed ID from the # message we just verified, fragment and all. @@ -1006,16 +1012,28 @@ def _verifyDiscoverySingle(self, endpoint, to_match): # Fragments do not influence discovery, so we can't compare a # claimed identifier with a fragment to discovered information. - defragged_claimed_id, _ = urldefrag(to_match.claimed_id) + if to_match.server_url.startswith(u'https://www.google.com/a/'): + import urllib + claimed_id = u'https://www.google.com/accounts/o8/user-xrds?uri=%s' % urllib.quote_plus(to_match.claimed_id) + else: + claimed_id = to_match.claimed_id + + defragged_claimed_id, _ = urldefrag(claimed_id) if defragged_claimed_id != endpoint.claimed_id: raise ProtocolError( 'Claimed ID does not match (different subjects!), ' 'Expected %s, got %s' % (defragged_claimed_id, endpoint.claimed_id)) - if to_match.getLocalID() != endpoint.getLocalID(): + if to_match.server_url.startswith(u'https://www.google.com/a/'): + import urllib + local_id = u'https://www.google.com/accounts/o8/user-xrds?uri=%s' % urllib.quote_plus(to_match.local_id) + else: + local_id = to_match.getLocalID() + + if local_id != endpoint.getLocalID(): raise ProtocolError('local_id mismatch. Expected %s, got %s' % - (to_match.getLocalID(), endpoint.getLocalID())) + (local_id, endpoint.getLocalID())) # If the server URL is None, this must be an OpenID 1 # response, because op_endpoint is a required parameter in From 0195345273f49fc66981dd16529e488d0ebf6983 Mon Sep 17 00:00:00 2001 From: Andrew Mleczko Date: Tue, 7 May 2013 10:32:33 +0200 Subject: [PATCH 2/4] update versions --- setup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.py b/setup.py index 9e03e5fb..ccb16edc 100644 --- a/setup.py +++ b/setup.py @@ -9,7 +9,7 @@ if 'sdist' in sys.argv: os.system('./admin/makedoc') -version = '[library version:2.2.5]'[17:-1] +version = '[library version:2.2.6POR]'[17:-1] setup( name='python-openid', From e750de867fd8e2f3fe64767057ce483ee227c82a Mon Sep 17 00:00:00 2001 From: Andrew Mleczko Date: Tue, 7 May 2013 12:46:06 +0200 Subject: [PATCH 3/4] fix IP providers --- openid/consumer/consumer.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/openid/consumer/consumer.py b/openid/consumer/consumer.py index 90233c29..d13d04f5 100644 --- a/openid/consumer/consumer.py +++ b/openid/consumer/consumer.py @@ -195,7 +195,8 @@ from openid import fetchers from openid.consumer.discover import discover, OpenIDServiceEndpoint, \ - DiscoveryFailure, OPENID_1_0_TYPE, OPENID_1_1_TYPE, OPENID_2_0_TYPE + DiscoveryFailure, OPENID_1_0_TYPE, OPENID_1_1_TYPE, OPENID_2_0_TYPE, \ + OPENID_IDP_2_0_TYPE from openid.message import Message, OPENID_NS, OPENID2_NS, OPENID1_NS, \ IDENTIFIER_SELECT, no_default, BARE_NS from openid import cryptutil @@ -931,6 +932,9 @@ def _verifyDiscoveryResultsOpenID2(self, resp_msg, endpoint): if not endpoint: logging.info('No pre-discovered information supplied.') endpoint = self._discoverAndVerify(to_match.claimed_id, [to_match]) + elif endpoint.isOPIdentifier(): + logging.info('Pre-discovered information based on OP-ID; need to rediscover.') + endpoint = self._discoverAndVerify(claimed_id, [to_match]) else: # The claimed ID matches, so we use the endpoint that we # discovered in initiation. This should be the most common From 3fbb46213e6d4b3d95a67609bc4c50fa386c955b Mon Sep 17 00:00:00 2001 From: Andrew Mleczko Date: Tue, 7 May 2013 13:00:11 +0200 Subject: [PATCH 4/4] update version --- setup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.py b/setup.py index ccb16edc..6d56bc31 100644 --- a/setup.py +++ b/setup.py @@ -9,7 +9,7 @@ if 'sdist' in sys.argv: os.system('./admin/makedoc') -version = '[library version:2.2.6POR]'[17:-1] +version = '[library version:2.2.6.1POR]'[17:-1] setup( name='python-openid',