Request account verification in the AX request.

django_openid_auth/auth.py

@@ -104,6 +104,7 @@ class OpenIDBackend:
 
     def _extract_user_details(self, openid_response):
         email = fullname = first_name = last_name = nickname = None
+        verified = 'no'
         sreg_response = sreg.SRegResponse.fromSuccessResponse(openid_response)
         if sreg_response:
             email = sreg_response.get('email')
@@ -134,6 +135,8 @@ class OpenIDBackend:
                 'http://axschema.org/namePerson/last', last_name)
             nickname = fetch_response.getSingle(
                 'http://axschema.org/namePerson/friendly', nickname)
+            verified = fetch_response.getSingle(
+                'http://ns.login.ubuntu.com/2013/validation/account', verified)
 
         if fullname and not (first_name or last_name):
             # Django wants to store first and last names separately,
@@ -146,7 +149,9 @@ class OpenIDBackend:
                 first_name = u''
                 last_name = fullname
 
-        return dict(email=email, nickname=nickname,
+        verified = verified != 'no'
+
+        return dict(email=email, nickname=nickname, account_verified=verified,
                     first_name=first_name, last_name=last_name)
 
     def _get_preferred_username(self, nickname, email):

django_openid_auth/tests/test_auth.py

@@ -66,17 +66,21 @@ class OpenIDBackendTests(TestCase):
         self.assertEqual(data, {"nickname": "someuser",
                                 "first_name": "Some",
                                 "last_name": "User",
-                                "email": "foo@example.com"})
+                                "email": "foo@example.com",
+                                "account_verified": False})
 
     def make_response_ax(self, schema="http://axschema.org/",
             fullname="Some User", nickname="someuser", email="foo@example.com",
-        first=None, last=None):
+            first=None, last=None, verified=True):
         endpoint = OpenIDServiceEndpoint()
         message = Message(OPENID2_NS)
         attributes = [
             ("nickname", schema + "namePerson/friendly", nickname),
             ("fullname", schema + "namePerson", fullname),
             ("email", schema + "contact/email", email),
+            ("account_verified",
+             "http://ns.login.ubuntu.com/2013/validation/account",
+             "token_via_email" if verified else "no")
             ]
         if first:
             attributes.append(
@@ -101,7 +105,8 @@ class OpenIDBackendTests(TestCase):
         self.assertEqual(data, {"nickname": "someuser",
                                 "first_name": "Some",
                                 "last_name": "User",
-                                "email": "foo@example.com"})
+                                "email": "foo@example.com",
+                                "account_verified": True})
 
     def test_extract_user_details_ax_split_name(self):
         # Include fullname too to show that the split data takes
@@ -114,7 +119,8 @@ class OpenIDBackendTests(TestCase):
         self.assertEqual(data, {"nickname": "someuser",
                                 "first_name": "Some",
                                 "last_name": "User",
-                                "email": "foo@example.com"})
+                                "email": "foo@example.com",
+                                "account_verified": True})
 
     def test_extract_user_details_ax_broken_myopenid(self):
         response = self.make_response_ax(
@@ -126,7 +132,8 @@ class OpenIDBackendTests(TestCase):
         self.assertEqual(data, {"nickname": "someuser",
                                 "first_name": "Some",
                                 "last_name": "User",
-                                "email": "foo@example.com"})
+                                "email": "foo@example.com",
+                                "account_verified": True})
 
     def test_update_user_details_long_names(self):
         response = self.make_response_ax()

django_openid_auth/tests/test_views.py

@@ -1163,6 +1163,9 @@ class RelyingPartyTests(TestCase):
                 'http://schema.openid.net/namePerson'))
         self.assertTrue(fetch_request.has_key(
                 'http://schema.openid.net/namePerson/friendly'))
+        # Account verification:
+        self.assertTrue(fetch_request.has_key(
+                'http://ns.login.ubuntu.com/2013/validation/account'))
 
         # Build up a response including AX data.
         openid_response = openid_request.answer(True)
@@ -1175,6 +1178,9 @@ class RelyingPartyTests(TestCase):
             'http://axschema.org/namePerson/last', 'Lastname')
         fetch_response.addValue(
             'http://axschema.org/namePerson/friendly', 'someuser')
+        fetch_response.addValue(
+            'http://ns.login.ubuntu.com/2013/validation/account',
+            'token_via_email')
         openid_response.addExtension(fetch_response)
         response = self.complete(openid_response)
         self.assertRedirects(response, 'http://testserver/getuser/')

django_openid_auth/views.py

@@ -198,7 +198,10 @@ def login_begin(request, template_name='openid/login.html',
                 # specification.  We request them for compatibility.
                 ('http://schema.openid.net/contact/email', 'old_email'),
                 ('http://schema.openid.net/namePerson', 'old_fullname'),
-            ('http://schema.openid.net/namePerson/friendly', 'old_nickname')]:
+                ('http://schema.openid.net/namePerson/friendly',
+                 'old_nickname'),
+                ('http://ns.login.ubuntu.com/2013/validation/account',
+                 'account_verified')]:
             fetch_request.add(ax.AttrInfo(attr, alias=alias, required=True))
         openid_request.addExtension(fetch_request)
     else: