Ñò ÅEBMc @s•ddkZddkZddkZddkZddkZddkZddkZeiZddk l Z ddk l Z l Z ddklZde ifd„ƒYZedƒZeidZd Zeied Ze ieeƒZeeƒe_d „Zd eiifd „ƒYZdefd„ƒYZdefd„ƒYZdeiifd„ƒYZ e!djoddk"Z"e"i#ƒndS(iÿÿÿÿN(tserver(tMessaget OPENID2_NS(tFileOpenIDStoretTornadoArgumentDecodercBseZd„ZRS(cCsDh}x(|iƒD]\}}|d||>> quoteattr("a b < > & c d") '"a b < > & c d"' is"%s"s""N(tcgitescape(tstqs((s'/usr/local/www/weave/openid_handlers.pyt quoteattr*s t OpenIDHandlercBseZd„Zd„ZRS(cCsm|iiidƒ}|oM|idƒ}t|ƒdjo'ti|dƒ}|idƒ}|SndS(Nt Authorizationt iit:(trequesttheaderstgettsplittlentbase64t decodestringtNone(Rtauthttokenstupstrtup((s'/usr/local/www/weave/openid_handlers.pyt getBasicAuth:s cCsºyti|ƒ}WnBtij o3}|iiƒ}|idti|ƒƒdSX|i |i ƒx-|i i ƒD]\}}|i ||ƒqxW|io|i|iƒndS(s*Encode an OpenID response and write it outs 
%s
N(t OpenIDServertencodeResponseRt EncodingErrortresponsetencodeToKVFormt showErrorPageRRt set_statustcodeRt iteritemst set_headertbodytwrite(RR)t webresponsetwhyttexttheadertvalue((s'/usr/local/www/weave/openid_handlers.pytdisplayResponseDs  (R RR%R7(((s'/usr/local/www/weave/openid_handlers.pyR8s tOpenIDServerEndpointcBs>eZd„Zd„Zd„Zd„Zd„Zd„ZRS(cCsÖ|iƒ}|o |dnd|_tid|ƒyti|iiƒ}Wn&t i j o}|i |ƒdSX|djo|i ƒdS|i djo|i|ƒnti|ƒ}|i |ƒdS(Nis Got user %stcheckid_immediatet checkid_setup(R9R:(R%R tusertloggingterrorR&t decodeRequestRR Rt ProtocolErrorR7t showAboutPagetmodethandleCheckIDRequestt handleRequest(RtuserpassRR3R)((s'/usr/local/www/weave/openid_handlers.pyRYs    cCsÑ|i|i|iƒ}|o=tid|i|ifƒ|i|ƒ}|i|ƒnr|io=tid|i|ifƒ|it ƒ}|i|ƒn+tid|i|ifƒ|i |ƒdS(Ns"Request for %s by %s is authorizedsAImmediate request for %s by %s is not authorized: answering falsesASetup request for %s by %s is not authorized: showing decide page( t isAuthorizedtidentityt trust_rootR<R=tapprovedR7t immediatetanswertFalsetshowDecidePage(RRt is_authorizedR)((s'/usr/local/www/weave/openid_handlers.pyRBzs cCss|idjotS|t|ijotS||f}tid|tii|ƒfƒtii|ƒdj S(s‰Given an identity and a trust root, return True if that identity has already indicated authorization approval for the given trust root.s"self.server.approved.get(%s) is %sN( R;R RKt USER_ID_BASER<R=R&RHR(Rt identity_urlRGR ((s'/usr/local/www/weave/openid_handlers.pyRE‹s #cs„tid}d„‰‡fd†}tidfd g}dig}|D]\}}||||ƒqK~ƒ}|idƒdS( Nt openidservercSs)t|ƒ}ti|ƒ}d||fS(Ns%s(RRR(turlturl_attrturl_text((s'/usr/local/www/weave/openid_handlers.pytlinkžs csdˆ|ƒ|fS(Ns
%s
%s
((RQR4(RT(s'/usr/local/www/weave/openid_handlers.pytterm£ssMozilla Weave Identity Servershttp://www.openid.net/sthe official OpenID Web sitetsƒMozilla Weave Identity Server

This is the Mozilla Weave Identity Server.

(shttp://www.openid.net/sthe official OpenID Web site(t server_configtexternal_base_urltjoinR1(Rt endpoint_urlRUt resourcest_[1]RQR4tresource_markup((RTs'/usr/local/www/weave/openid_handlers.pyR@›s    9cCs!|iddƒ|idƒdS(NsWWW-AuthenticatesBasic realm="weave"i‘(R/R,(R((s'/usr/local/www/weave/openid_handlers.pytsendAuthenticationChallenge°scCsßtidƒ|iƒoB|iotiiddƒ‚qÛtidƒ|iƒdSn€|iptidƒ|iƒdS|i|ijo |i dƒ|i d|i |ifƒ|i d ƒ|i d t |i ƒd ƒ|i d t |iƒd ƒ|i d t |i ƒd ƒ|i dt |i ƒd ƒ|i dtdƒ|i dƒ|i dƒ|i dƒ|i dƒ|i dƒn>|i dƒ|i d|i |i|ifƒ|i dƒdS(s³The user has been directed to the IdP by another site, and will be asked to make an authorization decision. He may not have an active session, so we may not know who he is. The RP may have sent him to us with a different identity than the one we think he holds. We need to deal with all of that. The RP may have sent him with the IDENTIFIER_SELECT identity, which means that the user should be allowed to choose one. sShowing decide paget500sIDSelect isn't supported yetsGReached decide page for ID select but no active user: sending challengeNs=Reached decide page without a current user: sending challengesUMozilla Weave Identity Server: Authorize Sites

The website at

%s

has asked for permission to confirm your identity as %s. s,
s' s% sR
s
s
sY
s

The website at

%s

has asked for permission to confirm your identity as %s. You are currently logged into Weave as %s.sK

Uh oh! There's no way to tell your browser to change over. Bummer!

(R<R=tidSelectR;ttornadothttpt HTTPErrorR^RFR1RGRt return_tot assoc_handletSERVER_ENDPOINT(RR((s'/usr/local/www/weave/openid_handlers.pyRLµs<               (R RRRBRER@R^RL(((s'/usr/local/www/weave/openid_handlers.pyR8Xs  !    tOpenIDAllowEndpointcBs&eZdd„Zd„Zd„ZRS(cCs|itd|ƒ}|S(NRF(RJtTrue(RRt identifierR)((s'/usr/local/www/weave/openid_handlers.pyRHøscCsHtii|ƒ}h|id6}tii||ƒ}|i|ƒdS(Ntnickname(tsregt SRegRequesttfromOpenIDRequestR;t SRegResponsetextractResponset addExtension(RRR)tsreg_reqt sreg_datat sreg_resp((s'/usr/local/www/weave/openid_handlers.pytaddSRegResponseýs  c Csò|iƒ}|o |dnd|_|ip|iƒdS|iidd}|iidd}|iidd}d|iijo|iiddnd}d|iijo|iiddnd}d|iijo|iiddnd}ti|||d|d|ƒ}tt ƒ|_ d|iijo|iiddd jnt } d |jo!| on|i ||ƒ} nJd t jo|it ƒ} n*tid t fƒtiid dƒ‚|i| ƒdS(NitgotroottidRdRet op_endpointtremembertyess%Yes, allow this site to know who I amtnosstrange allow post. %rt400sStrange Allow Post(R%R R;R^RR RtCheckIDRequestRRtmessageRKRHtqueryRJR<R=RatwebRcR7( RRDRuRvRwRdReRxRRyR)((s'/usr/local/www/weave/openid_handlers.pytpost s.   ...!4  N(R RR RHRtR(((s'/usr/local/www/weave/openid_handlers.pyRg÷s  tOpenIDUserEndpointcBseZd„ZRS(cCs~ti|iiƒdti}dtid|}||}tid|}d}|id||d||ffƒdS(Ns+s0s/yadis/s/openid/RVsNIdentity Page for %s%s%ss)

This is an identity page for %s.

%s(R<R=RtpathRWRXR1(RtuserIDtlink_tagt yadis_loc_tagt disco_tagstidenttmsg((s'/usr/local/www/weave/openid_handlers.pyR6s   (R RR(((s'/usr/local/www/weave/openid_handlers.pyR‚5st__main__($ttornado.httpserverRattornado.ioloopt tornado.webRRRWR<taccountt openid.serverRtopenid.messageRRtopenid.store.filestoreRRRtstoreRXRftUSER_ID_PATH_PREFIXRNtServerR&tdecoderRR€tRequestHandlerRR8RgR‚R tdoctestttestmod(((s'/usr/local/www/weave/openid_handlers.pyts2            Ÿ>#