Request account verification in the AX request.

5e92a310 · James Tait · 75be5e3c · 5e92a310 · 5e92a310 · 5e92a310
Commit 5e92a310 authored Apr 03, 2013 by James Tait
Hide whitespace changes
Inline Side-by-side

Showing with 39 additions and 18 deletions

django_openid_auth/auth.py
+6 -1

django_openid_auth/tests/test_auth.py
+13 -6

django_openid_auth/tests/test_views.py
+6 -0

django_openid_auth/views.py
+14 -11

No files found.
--- a/django_openid_auth/auth.py
+++ b/django_openid_auth/auth.py
@@ -104,6 +104,7 @@ class OpenIDBackend:

    def _extract_user_details(self, openid_response):
        email = fullname = first_name = last_name = nickname = None
+        verified = 'no'
        sreg_response = sreg.SRegResponse.fromSuccessResponse(openid_response)
        if sreg_response:
            email = sreg_response.get('email')
@@ -134,6 +135,8 @@ class OpenIDBackend:
                'http://axschema.org/namePerson/last', last_name)
            nickname = fetch_response.getSingle(
                'http://axschema.org/namePerson/friendly', nickname)
+            verified = fetch_response.getSingle(
+                'http://ns.login.ubuntu.com/2013/validation/account', verified)

        if fullname and not (first_name or last_name):
            # Django wants to store first and last names separately,
@@ -146,7 +149,9 @@ class OpenIDBackend:
                first_name = u''
                last_name = fullname

-        return dict(email=email, nickname=nickname,
+        verified = verified != 'no'
+
+        return dict(email=email, nickname=nickname, account_verified=verified,
                    first_name=first_name, last_name=last_name)

    def _get_preferred_username(self, nickname, email):

--- a/django_openid_auth/tests/test_auth.py
+++ b/django_openid_auth/tests/test_auth.py
@@ -66,17 +66,21 @@ class OpenIDBackendTests(TestCase):
        self.assertEqual(data, {"nickname": "someuser",
                                "first_name": "Some",
                                "last_name": "User",
-                                "email": "foo@example.com"})
+                                "email": "foo@example.com",
+                                "account_verified": False})

    def make_response_ax(self, schema="http://axschema.org/",
-        fullname="Some User", nickname="someuser", email="foo@example.com",
-        first=None, last=None):
+            fullname="Some User", nickname="someuser", email="foo@example.com",
+            first=None, last=None, verified=True):
        endpoint = OpenIDServiceEndpoint()
        message = Message(OPENID2_NS)
        attributes = [
            ("nickname", schema + "namePerson/friendly", nickname),
            ("fullname", schema + "namePerson", fullname),
            ("email", schema + "contact/email", email),
+            ("account_verified",
+             "http://ns.login.ubuntu.com/2013/validation/account",
+             "token_via_email" if verified else "no")
            ]
        if first:
            attributes.append(
@@ -101,7 +105,8 @@ class OpenIDBackendTests(TestCase):
        self.assertEqual(data, {"nickname": "someuser",
                                "first_name": "Some",
                                "last_name": "User",
-                                "email": "foo@example.com"})
+                                "email": "foo@example.com",
+                                "account_verified": True})

    def test_extract_user_details_ax_split_name(self):
        # Include fullname too to show that the split data takes
@@ -114,7 +119,8 @@ class OpenIDBackendTests(TestCase):
        self.assertEqual(data, {"nickname": "someuser",
                                "first_name": "Some",
                                "last_name": "User",
-                                "email": "foo@example.com"})
+                                "email": "foo@example.com",
+                                "account_verified": True})

    def test_extract_user_details_ax_broken_myopenid(self):
        response = self.make_response_ax(
@@ -126,7 +132,8 @@ class OpenIDBackendTests(TestCase):
        self.assertEqual(data, {"nickname": "someuser",
                                "first_name": "Some",
                                "last_name": "User",
-                                "email": "foo@example.com"})
+                                "email": "foo@example.com",
+                                "account_verified": True})

    def test_update_user_details_long_names(self):
        response = self.make_response_ax()

--- a/django_openid_auth/tests/test_views.py
+++ b/django_openid_auth/tests/test_views.py
@@ -1163,6 +1163,9 @@ class RelyingPartyTests(TestCase):
                'http://schema.openid.net/namePerson'))
        self.assertTrue(fetch_request.has_key(
                'http://schema.openid.net/namePerson/friendly'))
+        # Account verification:
+        self.assertTrue(fetch_request.has_key(
+                'http://ns.login.ubuntu.com/2013/validation/account'))

        # Build up a response including AX data.
        openid_response = openid_request.answer(True)
@@ -1175,6 +1178,9 @@ class RelyingPartyTests(TestCase):
            'http://axschema.org/namePerson/last', 'Lastname')
        fetch_response.addValue(
            'http://axschema.org/namePerson/friendly', 'someuser')
+        fetch_response.addValue(
+            'http://ns.login.ubuntu.com/2013/validation/account',
+            'token_via_email')
        openid_response.addExtension(fetch_response)
        response = self.complete(openid_response)
        self.assertRedirects(response, 'http://testserver/getuser/')

--- a/django_openid_auth/views.py
+++ b/django_openid_auth/views.py
@@ -188,17 +188,20 @@ def login_begin(request, template_name='openid/login.html',
        # first/last components since some providers offer one but not
        # the other.
        for (attr, alias) in [
-            ('http://axschema.org/contact/email', 'email'),
-            ('http://axschema.org/namePerson', 'fullname'),
-            ('http://axschema.org/namePerson/first', 'firstname'),
-            ('http://axschema.org/namePerson/last', 'lastname'),
-            ('http://axschema.org/namePerson/friendly', 'nickname'),
-            # The myOpenID provider advertises AX support, but uses
-            # attribute names from an obsolete draft of the
-            # specification.  We request them for compatibility.
-            ('http://schema.openid.net/contact/email', 'old_email'),
-            ('http://schema.openid.net/namePerson', 'old_fullname'),
-            ('http://schema.openid.net/namePerson/friendly', 'old_nickname')]:
+                ('http://axschema.org/contact/email', 'email'),
+                ('http://axschema.org/namePerson', 'fullname'),
+                ('http://axschema.org/namePerson/first', 'firstname'),
+                ('http://axschema.org/namePerson/last', 'lastname'),
+                ('http://axschema.org/namePerson/friendly', 'nickname'),
+                # The myOpenID provider advertises AX support, but uses
+                # attribute names from an obsolete draft of the
+                # specification.  We request them for compatibility.
+                ('http://schema.openid.net/contact/email', 'old_email'),
+                ('http://schema.openid.net/namePerson', 'old_fullname'),
+                ('http://schema.openid.net/namePerson/friendly',
+                 'old_nickname'),
+                ('http://ns.login.ubuntu.com/2013/validation/account',
+                 'account_verified')]:
            fetch_request.add(ax.AttrInfo(attr, alias=alias, required=True))
        openid_request.addExtension(fetch_request)
    else: