bbangert / velruse Goto Github PK
View Code? Open in Web Editor NEWSimplifying third-party authentication for web applications.
Home Page: http://packages.python.org/velruse/index.html
License: MIT License
Simplifying third-party authentication for web applications.
Home Page: http://packages.python.org/velruse/index.html
License: MIT License
Hi,
I faced a Google auth2 failure when trying to connect using my Google account.
Problem was that 'name' was not present in data (velruse/providers/google_oauth2.py around line 170 to get displayname).
I suggest to test if name is present, else to set email in displayname
Don't know why, but depending on account, seems that name is not always present (I only needed email by the way).
this raise an exception.
Since Google OAuth 1.0 is deprecated (see https://developers.google.com/accounts/docs/OAuth), velruse would benefit from a OAuth 2.0 implementation for Google (https://developers.google.com/accounts/docs/OAuth2). It is also much easier to implement and maintain than the OpenID + OAuth hybrid.
I have written a provider called "google2" in my branch (naktinis@7c75a1c) if it would be of any help. I can create a pull request, or simply leave it to you as a working example.
@cd34 put a number of comments in
Pylons/pyramid#212 (comment) related to a hard-to-replicate bug using velruse related to its use of the "requests" library. I'm just opening this ticket so we can start talking about it in the right place.
Currently there is no add_google_login_from_settings
, add_yahoo_login_from_settings
or add_openid_login_from_settings
because the storage
parameter needs to be programmatically defined. What I would propose is a separate API that creates a shared openid store within velruse (because the python-openid package should only require one store for multiple providers).
def add_openid_storage(config, storage, name='default'):
def add_openid_storage_from_settings(config, prefix='openid_storage.'):
The second function would probably support pre-defined python-openid storage mechanisms from https://github.com/openid/python-openid/tree/master/openid/store. This would mean that it'd use openid_storage.type
and other openid_storage.*
settings to create one of the storage mechanisms.
From here, the OpenIDProvider
would be updated to use this storage mechanism.
Allow custom providers via a setuptools entry point velruse.providers
. This would allow the standalone app to easily contain custom providers if they are all installed on the PYTHONPATH.
Another take on this implementation is #53 and may also be a good way to go.
Linkedin returns 500 error with reason "INKApi Error"
In earlier version with oauth2 it worked fine. I did'n find any reason on linkedin site.
May be reason is using port in my dev site address but i'm not sure.
Actually linkedin use OAuth2.0 and support old OAuth1.0a i guess (or may be not, I did't find any message about it)
So, my html form looks like this:
"""
"""
server2 is only locally accessible.
Authentication appears to work, but the information returned when the token is looked up in the velruse store comes back as:
{'status': 'fail', 'reason': {'code': 0, 'description': 'Missing parameter'}}
...which isn't very helpful :-S
What's happening here and how can we make this information more useful?
I have done a lot of work on velruse and splitted my last pull request in small chunks.
Feel free to speak with me on irc (kiorky on #pyramid (freenode))
Those pull requests must be assembled in a logical and dependant order:
Since velruse is normalising profile data: imho it makes sense to convert the birthday to a datetime.date instance, instead of the YYYY-MM-DD string it is now.
The following dependencies are missing from setup:
python-memcached should be an optional dependency depending on whether memcached is required or not (same should apply to redis etc)
Login breaks with Pyramid 1.2. It appears that Pyramid expects the provider login view method to have a different number of arguments. Which version of Pyramid did you test your examples against?
File "<...>/pyramid-1.2-py2.6.egg/pyramid/config/views.py", line 319, in viewresult_to_response
result = view(context, request)
TypeError: login() takes exactly 2 arguments (3 given)
Title pretty much says it all. Pyramid runs on Python3, so can Velruse be ported?
initial authorize call requires to use "state" param otherwise github throws in response 404
I installed the current state of velruse, including #70, wanted to try the example pyramid app (i.e. pserve example.ini, with a gtihub provider setup in example.ini) and got the following error below, it seems the config.include behavior doesn't work for me, but I cannot figure out why. Can someone help?
File "/home/jasper/Projects/velruse-tut/env/local/lib/python2.7/site-packages/paste/deploy/util.py", line 56, in fix_call
val = callable(_args, *_kw)
File "/home/jasper/Projects/velruse-tut/env/local/lib/python2.7/site-packages/myapp/init.py", line 72, in main
config.add_github_login_from_settings(prefix='github.')
File "/home/jasper/Projects/velruse-tut/env/local/lib/python2.7/site-packages/pyramid/config/init.py", line 775, in getattr
raise AttributeError(name)
AttributeError: add_github_login_from_settings
pip freeze:
Beaker==1.6.3
Chameleon==2.9.0
Mako==0.7.0
MarkupSafe==0.15
PasteDeploy==1.5.0
PyYAML==3.10
Routes==1.13
WebOb==1.2
anykeystore==0.2
certifi==0.0.8
chardet==1.0.1
distribute==0.6.19
httplib2==0.7.4
nose==1.1.2
oauth2==1.5.211
oauthlib==0.1.3
pyasn1==0.1.3
pyramid==1.3.2
python-openid==2.2.5
repoze.lru==0.5
requests==0.13.0
rsa==3.0.1
translationstring==1.1
venusian==1.0a6
wsgiref==0.1.2
zope.deprecation==4.0.0
zope.interface==4.0.1
If I use Google Authentication, whether on a two-factor google account or a newly created account, I receive a url of https://accounts.google.com/o/openid2/auth?st=xlRUpXQSC...
with:
The page you requested is invalid.
date: Fri, 25 Nov 2011 23:31:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 400 Bad Request
x-xss-protection: 1; mode=block
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
expires: Fri, 25 Nov 2011 23:31:03 GMT
cache-control: private, max-age=0
version: HTTP/1.1
400 Bad Request
I'm using the following development.ini, with velruse installed from:
easy_install -U https://github.com/bbangert/velruse/tarball/master
The domain is resolvable, the key and domain are set up in Google, removing the keys and relying on Google OpenID results in the same. Brand new virtualenv with only pyramid and velruse installed. I am not using any Google scopes for additional permissions, I did test via their control panel and it does properly authenticate for Google Calendar. Velruse prior to the dev version works with the same parameters (though in CONFIG.yaml).
Can someone do a sanity check to tell me if I've missed some option, or, whether Google authentication works/does not work?
Thanks.
my development.ini:
[app:veltest]
use = egg:veltest
pyramid.reload_templates = true
pyramid.debug_authorization = false
pyramid.debug_notfound = false
pyramid.debug_routematch = false
pyramid.debug_templates = true
pyramid.default_locale_name = en
pyramid.includes =
pyramid_tm
sqlalchemy.url = sqlite:///%(here)s/veltest.db
[server:main]
use = egg:Paste#http
host = 0.0.0.0
port = 8080
[loggers]
keys = root, veltest, sqlalchemy
[handlers]
keys = console
[formatters]
keys = generic
[logger_root]
level = INFO
handlers = console
[logger_veltest]
level = DEBUG
handlers =
qualname = veltest
[logger_sqlalchemy]
level = INFO
handlers =
qualname = sqlalchemy.engine
[handler_console]
class = StreamHandler
args = (sys.stderr,)
level = NOTSET
formatter = generic
[formatter_generic]
format = %(asctime)s %(levelname)-5.5s [%(name)s][%(threadName)s] %(message)s
[filter:exc]
use=egg:WebError#evalerror
[pipeline:pveltest]
pipeline = exc veltest
[composite:main]
use = egg:Paste#urlmap
/ = pveltest
/velruse = velruse
[app:velruse]
velruse.end_point = http://pch1.mia.mydomain.com:8080/auth/apex_callback
velruse.store = velruse.store.sqlstore
velruse.store.url = mysql://sflh:s1s2s3@localhost/sflh?use_unicode=0&charset=utf8
velruse.openid.store = openid.store.memstore:MemoryStore
velruse.openid.realm = http://pch1.mia.mydomain.com
velruse.providers =
velruse.providers.google
velruse.google.consumer_key = pch1.mia.mydomain.com
velruse.google.consumer_secret = qn53zdxtB0qO96Es_AE-3KZH
use = egg:velruse
beaker.session.data_dir = %(here)s/data/sdata
beaker.session.lock_dir = %(here)s/data/slock
beaker.session.key = velruse
beaker.session.secret = somesecret
beaker.session.type = cookie
beaker.session.validate_key = STRONG_KEY_HERE
beaker.session.cookie_domain = .mydomain.com
I'd like to add (feature request) before and after login view events (hook points).
Events on login are useful when using velruse as a plugin or possibly for extending the application. It allows the plugin user to modify/capture information before or after the login view is called; and this is important because there is no way to modify the login view without subclassing the provider. For example, after the login view is hit, one could capture the referrer location so that they could send the authenticated user back to where they came from.
An example implementation can be found at: mmulich@7b52085
When creating a new virtual environment, upon startup:
from Crypto.Cipher import AES
failed due to pycrypto not being installed.
I got No module named providers
when trying the pyramid_plugin with the feature.api-revamp branch. Is it normal?
I set up my environment like this:
virtualenv velruse
cd velruse
source bin/activate
git clone https://github.com/bbangert/velruse.git
cd velruse
git branch feature.api-revamp
python setup.py install
cd examples/pyramid_plugin
python setup.py develop
I ran pserve :
$ pserve example.ini
Traceback (most recent call last):
File "/home/bruno/velruse/bin/pserve", line 8, in <module>
load_entry_point('pyramid==1.3', 'console_scripts', 'pserve')()
File "/home/bruno/velruse/local/lib/python2.7/site-packages/pyramid-1.3-py2.7.egg/pyramid/scripts/pserve.py", line 47, in main
return command.run()
File "/home/bruno/velruse/local/lib/python2.7/site-packages/pyramid-1.3-py2.7.egg/pyramid/scripts/pserve.py", line 290, in run
relative_to=base, global_conf=vars)
File "/home/bruno/velruse/local/lib/python2.7/site-packages/pyramid-1.3-py2.7.egg/pyramid/scripts/pserve.py", line 318, in loadapp
return loadapp(app_spec, name=name, relative_to=relative_to, **kw)
File "/home/bruno/velruse/local/lib/python2.7/site-packages/PasteDeploy-1.5.0-py2.7.egg/paste/deploy/loadwsgi.py", line 247, in loadapp
return loadobj(APP, uri, name=name, **kw)
File "/home/bruno/velruse/local/lib/python2.7/site-packages/PasteDeploy-1.5.0-py2.7.egg/paste/deploy/loadwsgi.py", line 272, in loadobj
return context.create()
File "/home/bruno/velruse/local/lib/python2.7/site-packages/PasteDeploy-1.5.0-py2.7.egg/paste/deploy/loadwsgi.py", line 710, in create
return self.object_type.invoke(self)
File "/home/bruno/velruse/local/lib/python2.7/site-packages/PasteDeploy-1.5.0-py2.7.egg/paste/deploy/loadwsgi.py", line 146, in invoke
return fix_call(context.object, context.global_conf, **context.local_conf)
File "/home/bruno/velruse/local/lib/python2.7/site-packages/PasteDeploy-1.5.0-py2.7.egg/paste/deploy/util.py", line 56, in fix_call
val = callable(*args, **kw)
File "/home/bruno/velruse/velruse/examples/pyramid_plugin/myapp/__init__.py", line 67, in main
config.include('velruse.providers.facebook')
File "/home/bruno/velruse/local/lib/python2.7/site-packages/pyramid-1.3-py2.7.egg/pyramid/config/__init__.py", line 709, in include
c = self.maybe_dotted(callable)
File "/home/bruno/velruse/local/lib/python2.7/site-packages/pyramid-1.3-py2.7.egg/pyramid/config/__init__.py", line 810, in maybe_dotted
return self.name_resolver.maybe_resolve(dotted)
File "/home/bruno/velruse/local/lib/python2.7/site-packages/pyramid-1.3-py2.7.egg/pyramid/path.py", line 318, in maybe_resolve
return self._resolve(dotted, package)
File "/home/bruno/velruse/local/lib/python2.7/site-packages/pyramid-1.3-py2.7.egg/pyramid/path.py", line 325, in _resolve
return self._zope_dottedname_style(dotted, package)
File "/home/bruno/velruse/local/lib/python2.7/site-packages/pyramid-1.3-py2.7.egg/pyramid/path.py", line 374, in _zope_dottedname_style
__import__(used)
ImportError: No module named providers
Say your app is using a cookie based session factory and the user has cookies disabled on their browser, then the following code raises a CSRFError:
if request.GET.get('state') != request.session.get('state'):
raise CSRFError(
'CSRF Validation check failed. Request state %s is not '
'the same as session state %s' % (
request.GET.get('state'), request.session.get('state')))
request.session.get('state')
will always be None
for this user. This results in a 500 error when they try to login.
Facebook scopes are supposed to be comma-separated. Google scopes are space-separated. Currently, velruse just assumes you know this and have properly formatted the scope string. It'd be great to not have to know this.
velruse should have a 'dummy' mode for use with ppl developing apps using velruse. This would allow one to avoid hitting the internet or third-parties which can have difficult setup procedures requiring world-resolveable DNS names. In that case, hitting the velruse app for sign-in would automatically return a 'fake user' rather than going through a third-party sign-in process.
Okay, same YAML config:
Store:
Type: velruse.store.memstore:MemoryStore
OpenID:
Realm: http://http://pythonjobs.chrisw.info/
Endpoint Regex: http://http://pythonjobs.chrisw.info/loggedin
Yahoo: true
OpenID Store:
Type: openid.store.memstore:MemoryStore
"""
html form submission is:
"""
"""
I get:
File "/home/chris/buildout-eggs/Beaker-1.5.4-py2.6.egg/beaker/middleware.py", line 152, in call
return self.wrap_app(environ, session_start_response)
File "/home/chris/velruse/velruse/app.py", line 198, in call
return self.configprovider(environ, start_response)
File "/home/chris/velruse/velruse/utils.py", line 109, in call
return getattr(self, action)(req, **kwargs)
File "/home/chris/velruse/velruse/providers/openidconsumer.py", line 276, in login
self.update_authrequest(req, authrequest)
File "/home/chris/velruse/velruse/providers/yahoo.py", line 68, in _update_authrequest
authrequest.addExtension(oauth_request)
File "/home/chris/buildout-eggs/python_openid-2.2.5-py2.6.egg/openid/consumer/consumer.py", line 1493, in addExtension
extension_request.toMessage(self.message)
File "/home/chris/buildout-eggs/python_openid-2.2.5-py2.6.egg/openid/extension.py", line 45, in toMessage
message.updateArgs(self.ns_uri, self.getExtensionArgs())
File "/home/chris/buildout-eggs/python_openid-2.2.5-py2.6.egg/openid/message.py", line 471, in updateArgs
self.setArg(namespace, k, v)
File "/home/chris/buildout-eggs/python_openid-2.2.5-py2.6.egg/openid/message.py", line 476, in setArg
assert value is not None
AssertionError
...from:
http://pythonjobs.chrisw.info/velruse/yahoo/auth
What am I doing wrong?
There may be many reasons when ThirdPartyFailure raises, eg. generaly it's used in providers when response code from provider is not 200.
Well, eg.
Looking at velruse source i can see no way to catch such en exceptions in my own code, so i can not display human readable message and show it to user - instead ugly 500 appears.
Shouldn't be some way added to catch ThirdPartyFailure eg, just the way velruse.AuthenticationDenied view is set up?
I get a KeyError
stating the key 'end_point'
cannot be found in the session dictionary This occurs on Chrome 12+ and IE9 for all providers I've tested (Google and Twitter), but not Firefox. I believe this may be an inconsistency between browsers on when the cookie is set for the Beaker sessions (or I'm doing something very wrong).
I will investigate this issue and hopefully submit a pull request when I figure it out.
Provide a way to change the return URL (endpoint) for a login attempt on a per-login basis via a GET or POST parameter.
Hi,
When trying to use the pyramid_plugin demo & Twitter, I'm getting the following traceback:
velruse.exceptions.ThirdPartyFailure
ThirdPartyFailure: Status 401: <?xml version="1.0" encoding="UTF-8"?>
<hash>
<error>Desktop applications only support the oauth_callback value 'oob'</error>
<request>/oauth/request_token</request>
</hash>
I clone the master and when i try to run the flask app example i encounter with this error:
Traceback (most recent call last):
File "myapp.py", line 8, in
from velruse.app import make_velruse_app
ImportError: cannot import name make_velruse_app
I ran into a similar issue to Pylons/pyramid#212 however, I don't know if my situation is merely the same symptom but a separate cause.
In this case, in provider/twitter.py:
r = requests.get(REQUEST_URL, headers=oauth_request.to_header())
modifies the request object which causes Mac based Webkit browsers to have a problem due to the corruption and high order bits in the request. Firefox 8/9 appear to have no issue.
save_request = copy.copy(request)
r = requests.get(REQUEST_URL, headers=oauth_request.to_header())
request = copy.copy(save_request)
The above fix hides the bug and allows it to work, but, something in requests is changing a mutable that Pyramid is depending on.
is the commit on my local branch that 'fixes' it, however, I'm not sure I really like the fix as it only covers up a problem in a dependency. I can submit a pull if you would like, but, it isn't "The Right Fix". It is possible that the issue is in paster as requests does start a new urllib3 connection pool and perhaps that is creating a leak.
I noticed that callback URLs (I've only tested with Google) include a double slash immediately after the domain, as in:
http://domain.com//login/google/callback
This is mostly okay, but it's caused issues in one of my browser plugins which monitors certain callback URLs, so that it knows when the OpenID auth dance is over.
I realize that this is minor, but it'd be great if it was fixed nevertheless.
Website was working properly, but from past few days it started throwing error message "The HTTP request was forbidden with client authentication scheme 'Anonymous'" .
Saw same issue here: http://social.msdn.microsoft.com/Forums/onedrive/en-US/577aa2de-9409-405a-835f-327e06965f52/oauth-service-down?forum=messengerconnect
Changed auth and token url as mentioned in the above url, but still not able to use Live ID.
If something goes wrong and csrf fails (which is not always in case of fraud), it would be much friendly to raise Bad Request 400 error instead of Python exception that results in 500.
I would to allow about registration and authentication via social networks but want to handle what happens when it comes back differently.
There is no way to currently know where the auth was initiated.
It might be useful to see a list of configured providers in an application. This should be done using Pyramid's 1.3+ introspection API.
There is also an outstanding question of whether the list of providers should be introspectable via a URL in the standalone application. I'm having difficulty seeing why this would be useful because it is entirely specific to velruse.
For consistency, routes for bitbucket should start like '/login'
velruse.bitbucket-login --> /bitbucket/login
velruse.bitbucket-callback --> /bitbucket/login/callback
velruse.openid-url --> /login/openid
velruse.openid-callback --> /login/openid/callback
velruse.github-login --> /login/github
velruse.github-callback --> /login/github/callback
velruse.twitter-login --> /login/twitter
velruse.twitter-callback --> /login/twitter/callback
velruse.yahoo-url --> /login/yahoo
velruse.yahoo-callback --> /login/yahoo/callback
velruse.linkedin-login --> /login/linkedin
velruse.linkedin-callback --> /login/linkedin/callback
velruse.live-login --> /login/live
velruse.live-callback --> /login/live/callback
velruse.facebook-login --> /login/facebook
velruse.facebook-callback --> /login/facebook/callback
velruse.google_oauth2-login --> /login/google_oauth2
velruse.google_oauth2-callback --> /login/google_oauth2/callback
I noticed in some providers like Facebook and QQ the unique ID is stored in 'userid' while providers that use OpenID (Google, Yahoo, etc) store the unique ID in 'username'.
Shouldn't those all be changed to use one common key?
Okay, so trying the following YAML config:
"""
Store:
Type: velruse.store.memstore:MemoryStore
OpenID:
Realm: http://http://pythonjobs.chrisw.info/
Endpoint Regex: http://http://pythonjobs.chrisw.info/loggedin
Yahoo: true
OpenID Store:
Type: openid.store.memstore:MemoryStore
"""
...and the following submitting form:
I get the following error:
"""
Sorry! There is an error with the request we received from the website you are trying to use. Please try again in a few minutes. If this error persists please contact the site administrator. Learn more..
"""
...from the following Yahoo url:
https://open.login.yahooapis.com/openid/op/auth
What am I going wrong?
Hi,
I was wondering if you could configure the email to be returned from linkedin and also make the route consistent.
Following is a diff of the requested changes.
Thanks!
diff --git a/providers/linkedin.py b/providers/linkedin.py
index 17c69d5..ce9915b 100644
--- a/providers/linkedin.py
+++ b/providers/linkedin.py
@@ -44,8 +44,8 @@ def add_linkedin_login_from_settings(config, prefix='velruse.linkedin.'):
def add_linkedin_login(config,
consumer_key,
consumer_secret,
- login_path='/linkedin/login',
- callback_path='/linkedin/login/callback',
+ login_path='/login/linkedin',
+ callback_path='/login/linkedin/callback',
name='linkedin'):
"""
Add a Last.fm login provider to the application.
@@ -129,7 +129,7 @@ class LinkedInProvider(object):
secret=cred['oauthAccessTokenSecret'])
client = oauth.Client(consumer, token)
profile_url = 'http://api.linkedin.com/v1/people/~'
- profile_url += ':(first-name,last-name,id,date-of-birth,picture-url)'
+ profile_url += ':(first-name,last-name,id,date-of-birth,picture-url,email-address)'
profile_url += '?format=json'
resp, content = client.request(profile_url)
@@ -139,8 +139,8 @@ class LinkedInProvider(object):
# Setup the normalized contact info
profile = {}
profile['displayName'] = data['firstName'] + data['lastName']
+ profile['verifiedEmail'] = data['emailAddress']
profile['name'] = {
'givenName': data['firstName'],
'familyName': data['lastName'],
If user doesn't have name specified in their profile - it will result in :
File "/home/errormator/python/lib/python2.7/site-packages/velruse/providers/github.py", line 149, in callback
profile['displayName'] = data['name']
KeyError: 'name'
Hello,
As of yesterday I started noticing the following in Apache's error.log. I am able to reproduce. There have not been any code changes recently, so I am under the assumption that something changed with Twitter's API.
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/werkzeug/wsgi.py", line 471, in __call__
return app(environ, start_response)
File "/usr/local/lib/python2.7/dist-packages/pyramid/router.py", line 251, in __call__
response = self.invoke_subrequest(request, use_tweens=True)
File "/usr/local/lib/python2.7/dist-packages/pyramid/router.py", line 227, in invoke_subrequest
response = handle_request(request)
File "/usr/local/lib/python2.7/dist-packages/pyramid/tweens.py", line 21, in excview_tween
response = handler(request)
File "/usr/local/lib/python2.7/dist-packages/pyramid/router.py", line 117, in handle_request
root = root_factory(request)
File "/usr/local/lib/python2.7/dist-packages/velruse/providers/twitter.py", line 158, in callback
offset = float(data['utc_offset']) / 3600
TypeError: float() argument must be a string or a number
As of now, velruse consider the email from facebook verified if the the verified boolean in the payload is true (
velruse/velruse/providers/facebook.py
Line 145 in 8ea6a19
According to the facebook documentation, verified is true if the user verified is email OR his phone number OR gave a valid credit card.
Thus, the email given by the facebook api can't be considered verified.
Source, and some security concerns associated to this : http://stackoverflow.com/questions/10651900/potential-security-issue-with-facebook-login.
velruse does not use nose anywhere, but it still depends on it.
Hi,
I face an authentication error with an openid provider (openid.com) that usually works on other sites (not velruse related).
My colleagues could login with google or other openids in our app, but I fails with mine (*.myopenid.com)
Here is stack log.
Any way to debug/fix this?
Thanks
2013-02-19 18:08:34,894 ERROR [gunicorn.error][GreenThread-83] Error handling request Traceback (most recent call last): File "/root/mobyle2/local/lib/python2.7/site-packages/gunicorn/workers/async.py", line 45, in handle self.handle_request(listener, req, client, addr) File "/root/mobyle2/local/lib/python2.7/site-packages/gunicorn/workers/async.py", line 93, in handle_request respiter = self.wsgi(environ, resp.start_response) File "/root/mobyle2/local/lib/python2.7/site-packages/newrelic-1.10.0.28/newrelic/api/web_transaction.py", line 765, in __call__ result = application(environ, _start_response) File "/root/mobyle2/local/lib/python2.7/site-packages/newrelic-1.10.0.28/newrelic/api/object_wrapper.py", line 220, in __call__ self._nr_instance, args, kwargs) File "/root/mobyle2/local/lib/python2.7/site-packages/newrelic-1.10.0.28/newrelic/api/function_trace.py", line 93, in literal_wrapper return wrapped(*args, **kwargs) File "/root/mobyle2/local/lib/python2.7/site-packages/pyramid/router.py", line 251, in __call__ response = self.invoke_subrequest(request, use_tweens=True) File "/root/mobyle2/local/lib/python2.7/site-packages/pyramid/router.py", line 227, in invoke_subrequest response = handle_request(request) File "/root/mobyle2/local/lib/python2.7/site-packages/pyramid/tweens.py", line 21, in excview_tween response = handler(request) File "/root/mobyle2/local/lib/python2.7/site-packages/pyramid/router.py", line 117, in handle_request root = root_factory(request) File "/root/mobyle2/local/lib/python2.7/site-packages/velruse/providers/openid.py", line 246, in callback raise ThirdPartyFailure("No OpenID Session has begun.") ThirdPartyFailure: No OpenID Session has begun.
Sorry for the cryptic title :P
Basically, if you create an OpenID login form and post "dummy" as URL, it causes an exception rather than sending you to the authentication error screen. This is probably true for other login providers, but it's extremely bad for OpenID since exceptions aren't handled in anyway.
Basically, everything during OpenIDConsumer.login -process should be catched i think.
the following fails when len(h) == 1
https://github.com/bbangert/velruse/blob/master/velruse/providers/facebook_.py#L48
OpenID uses AuthenticationComplete class rather than OpenIDAuthenticationComplete.
(Check OpenID consumer, row 120)
In velruse.providers.google_oauth2, using velruse.google.scope = 'opend profile' provides the following keys:
>> data.keys()
[u'family_name', u'name', u'picture', u'locale', u'gender', u'birthday', u'link', u'given_name', u'id']
Since email is not available, data['email'] raises KeyError
http://packages.python.org/velruse/providers.html#id5 auth' in html snippet
http://packages.python.org/velruse/providers.html#id7 auth' in html snippet
http://packages.python.org/velruse/providers.html#id9 auth' in html snippet
http://packages.python.org/velruse/providers.html#id11 auth' in html snippet
http://packages.python.org/velruse/modules/app.html
Store:
Redis: true
Should be:
Store:
Type: Redis (or Memory)
http://packages.python.org/velruse/modules/providers/facebook.html
Says: Handle Twitter OAuth
Here's a common use case for which I can't find an elegant solution :
On each page of my application, there is a small login form. Once the person is logged in, I want to redirect him to the page he logged from.
I have found two solutions :
return request.registry.velruse_providers['github'].login(request)
).Both solutions fell ugly because I have add another view to my application. In the first case /mylogin/{provider} redirects to /login/{provider}. In the second case, /login/{provider} is just plain ignored.
One solution that seems clean would be to give the possibility to add callbacks or hooks to be called at the beginning of the login views. This would enable one to do any required work and information storage before the login process.
Those hooks would have the ability provide extra data that would be stored in the session during the authentication, then returned as part of AuthenticationComplete, or in the store in the case of the standalone application.
A hook providing simple referer storage would be provided.
Please tell me if you think that solution is ok. If you agree, or if you think code will explain much better than this unclear wall of text, I'll code this.
currently all callback functions for all providers are extracting different info from the response returned by providers.
For example, facebook.py extracts timezone,gender and birthday and append them into profile while tiwtter extract some different, extra data like addresses.
I am not sure how to override the callback function on the fly to extract additional data from the response to the profile variable as they are hard coded before the view get the profile.
Is it better just return the raw response to the view by context?
That way the view can do whatever it wants to the response rather than a harde coded profile with limited and inconsistent data?
Thanks
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.