add support to sign in with mozilla persona

2013-09-29 13:00:06 +00:00 · 2013-09-29 13:00:06 +00:00 · a04711e94c
commit a04711e94c
parent 8f3aa15eb4
8 changed files with 218 additions and 1 deletions
--- a/pandora/user/persona.py
+++ b/pandora/user/persona.py
@ -0,0 +1,88 @@
+# -*- coding: utf-8 -*-
+# vi:si:et:sw=4:sts=4:ts=4
+
+from django.conf import settings
+from django.utils.http import same_origin
+from django.core.exceptions import ImproperlyConfigured
+from django.contrib.auth.models import User
+from django.contrib import auth
+try:
+    from django.utils.encoding import smart_bytes
+except ImportError:
+    from django.utils.encoding import smart_str as smart_bytes
+
+from ox.django.shortcuts import json_response
+from ox.utils import json
+import requests
+
+import models
+
+
+def signin(request):
+    data = json.loads(request.POST['data'])
+    response = json_response({
+        'errors': {
+            'email': 'Failed to verify email'
+        }
+    })
+    verification_data = verify(request, data['assertion'])
+    if verification_data:
+        email = verification_data['email']
+        username = data.get('username')
+        qs = User.objects.filter(email__iexact=email)
+        if qs.count() == 0:
+            if not username:
+                response = json_response({
+                    'errors': {
+                        'username': 'New user, please provide username'
+                    }
+                })
+                return response
+            user = User()
+            user.email = email
+            user.username = username
+            user.save()
+        else:
+            user = qs[0]
+        if user.is_active:
+            request.session['ui'] = '{}'
+            #fixme. use custom backend instead?
+            user.backend = 'django.contrib.auth.backends.ModelBackend'
+            auth.login(request, user)
+            user_json = models.init_user(user, request)
+            response = json_response({
+                'user': user_json
+            })
+        else:
+            response = json_response({
+                'errors': {
+                    'email': 'User Disabled'
+                }
+            })
+    return response
+
+def get_audience(request):
+    try:
+        audiences = settings.BROWSERID_AUDIENCES
+    except AttributeError:
+        raise ImproperlyConfigured('Required setting BROWSERID_AUDIENCES not found!')
+
+    protocol = 'https' if request.is_secure() else 'http'
+    host = '%s://%s' % (protocol, request.get_host())
+    for audience in audiences:
+        if same_origin(host, audience):
+            return audience
+
+    raise ImproperlyConfigured('No audience could be found in BROWSERID_AUDIENCES for host `{0}`.'
+                               .format(host))
+
+def verify(request, assertion):
+    audience = get_audience(request)
+    data = {'assertion': assertion, 'audience': audience}
+    resp = requests.post('https://verifier.login.persona.org/verify', data=data, verify=True)
+    if resp.ok:
+        verification_data = json.loads(resp.content)
+        if verification_data['status'] == 'okay':
+            return verification_data
+    return None
+
--- a/pandora/user/views.py
+++ b/pandora/user/views.py
@ -23,6 +23,7 @@ from item import utils

 import models
 from decorators import capability_required_json
+import persona

 def signin(request):
    '''
@ -42,7 +43,9 @@ def signin(request):
        }
    '''
    data = json.loads(request.POST['data'])
-    if 'username' in data and 'password' in data:
+    if 'assertion' in data:
+        response = persona.signin(request)
+    elif 'username' in data and 'password' in data:
        data['username'] = data['username'].strip()
        if settings.AUTH_CHECK_USERNAME:
            qs = User.objects.filter(username__iexact=data['username'])