Changeset 5041

Timestamp:

26/02/09 12:27:31 (12 years ago)

Author:

pjkersha

Message:

Fix to accommodate AuthKit? OpenID URL handling. - Strip out return to query arg from HTTP_REFERER so that AuthKit? doesn't mistake it for a non-OpenID query.

File:

• TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/openid/relyingparty/__init__.py (modified) (5 diffs)

TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/openid/relyingparty/__init__.py

@@ -16 +16 @@
 import httplib # to get official status code messages
 import urllib # decode quoted URI in query arg
-from urlparse import urlparse
+from urlparse import urlsplit, urlunsplit
 
 from paste.request import parse_querystring, parse_formvars
@@ -23 +23 @@
 
 from ndg.security.server.wsgi import NDGSecurityMiddlewareBase
+from ndg.security.server.wsgi.authn import AuthNRedirectMiddleware
 from ndg.security.common.utils.classfactory import instantiateClass
 
@@ -105 +106 @@
                                                 "AuthOpenIDHandler in the "
                                                 "WSGI stack")
-            
+        
+        # Check for return to argument in query key value pairs
+        self._return2URIKey = AuthNRedirectMiddleware.return2URIArgName + '='
+    
         super(OpenIDRelyingPartyMiddleware, self).__init__(authKitApp, 
                                                            global_conf, 
@@ -131 +135 @@
             params = dict(parse_formvars(environ))
         
-        referer = urllib.unquote(params.get('ndg.security.r', ''))
-        refererPathInfo = urlparse(referer)[2]
-        if referer and \
-           not refererPathInfo.endswith(self._authKitVerifyPath) and \
-           not refererPathInfo.endswith(self._authKitProcessPath):
+        quotedReferrer=params.get(AuthNRedirectMiddleware.return2URIArgName,'')
+        referrer = urllib.unquote(quotedReferrer)
+        referrerPathInfo = urlsplit(referrer)[2]
+        if referrer and \
+           not referrerPathInfo.endswith(self._authKitVerifyPath) and \
+           not referrerPathInfo.endswith(self._authKitProcessPath):
             # Set-up for authkit.authenticate.open_id.AuthOpenIDHandler.process
-            session['referer'] = referer
+            session['referer'] = referrer
             session.save()
-                
+            
+        if self._return2URIKey in environ.get('HTTP_REFERER', ''):
+            # Remove return to arg to avoid interfering with AuthKit OpenID
+            # processing
+            splitURI = urlsplit(environ['HTTP_REFERER'])
+            query = splitURI[3]
+            
+            filteredQuery = '&'.join([arg for arg in query.split('&')
+                                if not arg.startswith(self._return2URIKey)])
+            
+            environ['HTTP_REFERER'] = urlunsplit(splitURI[:3] + \
+                                                 (filteredQuery,) + \
+                                                 splitURI[4:])
+
         if self.signoutPath is not None and self.pathInfo == self.signoutPath:
             # TODO: Redirect to referrer ...
-            referer = session.get(
+            referrer = session.get(
                         'ndg.security.server.wsgi.openid.relyingparty.referer')
-            if referer is not None:
+            if referrer is not None:
                 def setRedirectResponse(status, header, exc_info=None):
-                    header.extend([('Location', referer)])
-                    return start_response('302 %s' % httplib.responses[302], 
+                    header.extend([('Location', referrer)])
+                    return start_response(self.getStatusMessage(302), 
                                           header,
                                           exc_info)
@@ -153 +171 @@
                 return self._app(environ, setRedirectResponse)
             else:
-                log.debug('No referer set for redirect following logout')
+                log.debug('No referrer set for redirect following logout')
                 
         # Set a return to address following logout.