~canonical-isd-hackers/canonical-identity-provider/sst-changes

« back to all changes in this revision

Viewing changes to doctests/stories/openid/per-version/sso-workflow-authorize.txt

Committer: Danny Tamez
Date: 2010-04-21 15:29:24 UTC
Revision ID: danny.tamez@canonical.com-20100421152924-lq1m92tstk2iz75a

Canonical SSO Provider (Open Source) - Initial Commit

files added:

LICENSE

__init__.py

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/pycompat

debian/rules

doctests

doctests/openidhelpers.py

doctests/runner.py

doctests/setup.py

doctests/stories

doctests/stories/api-authentications.txt

doctests/stories/api-workflows.txt

doctests/stories/branded-rp.txt

doctests/stories/openid

doctests/stories/openid/_read-only-mode.txt

doctests/stories/openid/basics.txt

doctests/stories/openid/copyright.txt

doctests/stories/openid/delegated-identity.txt

doctests/stories/openid/directed-identity.txt

doctests/stories/openid/discovery.txt

doctests/stories/openid/insane-trust-root.txt

doctests/stories/openid/max-auth-age.txt

doctests/stories/openid/mismatched-trust-root.txt

doctests/stories/openid/offsite-form-post.txt

doctests/stories/openid/per-version

doctests/stories/openid/per-version/logout-during-login.txt

doctests/stories/openid/per-version/openid-teams-private-membership.txt

doctests/stories/openid/per-version/openid-teams.txt

doctests/stories/openid/per-version/referer-cookie.txt

doctests/stories/openid/per-version/restricted-sreg.txt

doctests/stories/openid/per-version/sso-auto-authorize.txt

doctests/stories/openid/per-version/sso-workflow-authorize.txt

doctests/stories/openid/per-version/sso-workflow-complete.txt

doctests/stories/openid/per-version/sso-workflow-login.txt

doctests/stories/openid/per-version/sso-workflow-register.txt

doctests/stories/openid/per-version/sso-workflow-reset-password.txt

doctests/stories/openid/per-version/sso-workflow-switch-user.txt

doctests/stories/openid/per-version/switch-user-twice.txt

doctests/stories/openid/pre-authorization.txt

doctests/stories/sso-server

doctests/stories/sso-server/_edit-emails.txt

doctests/stories/sso-server/home-page.txt

doctests/stories/sso-server/rate-limit.txt

doctests/stories/sso-server/standalone-login.txt

doctests/utils.py

identityprovider

identityprovider/__init__.py

identityprovider/admin.py

identityprovider/auth.py

identityprovider/backend

identityprovider/backend/__init__.py

identityprovider/backend/base.py

identityprovider/backend/old

identityprovider/backend/old/__init__.py

identityprovider/backend/old/base.py

identityprovider/branding.py

identityprovider/const.py

identityprovider/context_processors.py

identityprovider/decorators.py

identityprovider/fields.py

identityprovider/forms.py

identityprovider/locale

identityprovider/locale/de

identityprovider/locale/de/LC_MESSAGES

identityprovider/locale/de/LC_MESSAGES/django.mo

identityprovider/locale/de/LC_MESSAGES/django.po

identityprovider/locale/es_AR

identityprovider/locale/es_AR/LC_MESSAGES

identityprovider/locale/es_AR/LC_MESSAGES/django.mo

identityprovider/locale/es_AR/LC_MESSAGES/django.po

identityprovider/locale/he

identityprovider/locale/he/LC_MESSAGES

identityprovider/locale/he/LC_MESSAGES/django.mo

identityprovider/locale/he/LC_MESSAGES/django.po

identityprovider/locale/hu

identityprovider/locale/hu/LC_MESSAGES

identityprovider/locale/hu/LC_MESSAGES/django.mo

identityprovider/locale/hu/LC_MESSAGES/django.po

identityprovider/locale/pl

identityprovider/locale/pl/LC_MESSAGES

identityprovider/locale/pl/LC_MESSAGES/django.mo

identityprovider/locale/pl/LC_MESSAGES/django.po

identityprovider/locale/sw

identityprovider/locale/sw/LC_MESSAGES

identityprovider/locale/sw/LC_MESSAGES/django.po

identityprovider/management

identityprovider/management/__init__.py

identityprovider/management/commands

identityprovider/management/commands/__init__.py

identityprovider/management/commands/readonly.py

identityprovider/management/commands/sqlcachedflush.py

identityprovider/management/commands/sqlcachedloaddata.py

identityprovider/media

identityprovider/media/blue-fade-to-grey.gif

identityprovider/media/body-bg.png

identityprovider/media/btn-alt-cap.png

identityprovider/media/btn-alt.png

identityprovider/media/btn-cap.png

identityprovider/media/btn.png

identityprovider/media/error-large.png

identityprovider/media/error.png

identityprovider/media/help-large.gif

identityprovider/media/info-large.png

identityprovider/media/launchpad

identityprovider/media/launchpad/favicon.ico

identityprovider/media/launchpad/styles.css

identityprovider/media/logo.png

identityprovider/media/logout-bar-bg.gif

identityprovider/media/passwordhint.js

identityprovider/media/reset.css

identityprovider/media/tick-large.png

identityprovider/media/tooltip-tail.gif

identityprovider/media/trash-icon.gif

identityprovider/media/ubuntu

identityprovider/media/ubuntu-sso-logo.png

identityprovider/media/ubuntu/favicon.ico

identityprovider/media/ubuntu/styles.css

identityprovider/media/warning-large.png

identityprovider/middleware

identityprovider/middleware/__init__.py

identityprovider/middleware/csrf.py

identityprovider/middleware/dbfailover.py

identityprovider/middleware/exception.py

identityprovider/middleware/useraccount.py

identityprovider/middleware/xrds.py

identityprovider/models

identityprovider/models/__init__.py

identityprovider/models/account.py

identityprovider/models/api.py

identityprovider/models/authtoken.py

identityprovider/models/captcha.py

identityprovider/models/const.py

identityprovider/models/emailaddress.py

identityprovider/models/fixtures

identityprovider/models/fixtures/lp_account.json

identityprovider/models/fixtures/lp_accountpassword.json

identityprovider/models/fixtures/lp_emailaddress_noperson.json

identityprovider/models/fixtures/multiple_associations.json

identityprovider/models/fixtures/test.json

identityprovider/models/metamodels.py

identityprovider/models/oauthtoken.py

identityprovider/models/openidmodels.py

identityprovider/models/person.py

identityprovider/models/sql

identityprovider/models/sql/account.identityprovider.backend.sql

identityprovider/models/team.py

identityprovider/readonly.py

identityprovider/signed.py

identityprovider/teams.py

identityprovider/templates

identityprovider/templates/404.html

identityprovider/templates/500.html

identityprovider/templates/account

identityprovider/templates/account/confirm_new_email.html

identityprovider/templates/account/deactivated.html

identityprovider/templates/account/delete_email.html

identityprovider/templates/account/edit-emails.html

identityprovider/templates/account/edit.html

identityprovider/templates/account/new_email.html

identityprovider/templates/admin

identityprovider/templates/admin/readonly.html

identityprovider/templates/admin/readonly.txt

identityprovider/templates/admin/readonly_confirm.html

identityprovider/templates/consumer

identityprovider/templates/consumer/index.html

identityprovider/templates/consumer/request_form.html

identityprovider/templates/decide.html

identityprovider/templates/email

identityprovider/templates/email/email-validation-token.txt

identityprovider/templates/email/forgottenpassword.txt

identityprovider/templates/email/impersonate-warning.txt

identityprovider/templates/email/newuser.txt

identityprovider/templates/email/validate-email.txt

identityprovider/templates/invalid_identifier.html

identityprovider/templates/launchpad

identityprovider/templates/launchpad/base.html

identityprovider/templates/launchpad/registration

identityprovider/templates/launchpad/registration/login.html

identityprovider/templates/limitexceeded.html

identityprovider/templates/openidapplication-xrds.xml

identityprovider/templates/person-xrds.xml

identityprovider/templates/person.html

identityprovider/templates/preauth_fail.html

identityprovider/templates/readonly.html

identityprovider/templates/registration

identityprovider/templates/registration/bad_token.html

identityprovider/templates/registration/confirm_new_account.html

identityprovider/templates/registration/email_sent.html

identityprovider/templates/registration/forgot_password.html

identityprovider/templates/registration/logout.html

identityprovider/templates/registration/new_account.html

identityprovider/templates/registration/reset_password.html

identityprovider/templates/registration/token.html

identityprovider/templates/server_info.html

identityprovider/templates/set_language.html

identityprovider/templates/static

identityprovider/templates/static/description.html

identityprovider/templates/static/faq.html

identityprovider/templates/twocols.html

identityprovider/templates/ubuntu

identityprovider/templates/ubuntu/base.html

identityprovider/templates/ubuntu/registration

identityprovider/templates/ubuntu/registration/login.html

identityprovider/templates/untrusted.html

identityprovider/templates/widgets

identityprovider/templates/widgets/last_auth_sites.html

identityprovider/templates/widgets/launchpad

identityprovider/templates/widgets/launchpad/logout-button.html

identityprovider/templates/widgets/recaptcha.html

identityprovider/templates/widgets/trusted_rp.html

identityprovider/templates/widgets/ubuntu

identityprovider/templates/widgets/ubuntu/logout-button.html

identityprovider/templates/widgets/unknown_rp.html

identityprovider/tests

identityprovider/tests/__init__.py

identityprovider/tests/mockdb.py

identityprovider/tests/test_admin.py

identityprovider/tests/test_auth.py

identityprovider/tests/test_captcha.py

identityprovider/tests/test_command_readonly.py

identityprovider/tests/test_dbfailover.py

identityprovider/tests/test_fields.py

identityprovider/tests/test_forms.py

identityprovider/tests/test_loginservice.py

identityprovider/tests/test_middleware.py

identityprovider/tests/test_models_account.py

identityprovider/tests/test_models_authtoken.py

identityprovider/tests/test_models_oauthtoken.py

identityprovider/tests/test_models_openidmodels.py

identityprovider/tests/test_readonly.py

identityprovider/tests/test_signed.py

identityprovider/tests/test_static.py

identityprovider/tests/test_utils.py

identityprovider/tests/test_views_account.py

identityprovider/tests/test_views_consumer.py

identityprovider/tests/test_views_server.py

identityprovider/tests/test_views_ui.py

identityprovider/tests/test_views_utils.py

identityprovider/tests/test_widgets.py

identityprovider/tests/test_xrds.py

identityprovider/tests/utils.py

identityprovider/urls.py

identityprovider/utils.py

identityprovider/views

identityprovider/views/__init__.py

identityprovider/views/account.py

identityprovider/views/consumer.py

identityprovider/views/errors.py

identityprovider/views/readonly.py

identityprovider/views/server.py

identityprovider/views/testing.py

identityprovider/views/ui.py

identityprovider/views/utils.py

identityprovider/webservice

identityprovider/webservice/__init__.py

identityprovider/webservice/forms.py

identityprovider/webservice/interfaces.py

identityprovider/webservice/models.py

identityprovider/webservice/site.zcml

identityprovider/widgets.py

identityprovider/wsgi.py

mockservice

mockservice/api-authentications.txt

mockservice/api-workflows.txt

mockservice/mockserver.py

mockservice/wadl.xml

offline_pages

offline_pages/offline-maintenance-lp-haproxy.html

offline_pages/offline-maintenance-lp.html

offline_pages/offline-maintenance-sso-haproxy.html

offline_pages/offline-maintenance-sso.html

offline_pages/offline-unplanned-lp-haproxy.html

offline_pages/offline-unplanned-lp.html

offline_pages/offline-unplanned-sso-haproxy.html

offline_pages/offline-unplanned-sso.html

po/django

po/django/de.po

po/django/django.pot

po/django/es.po

po/django/he.po

po/django/hu.po

po/django/pl.po

scripts

scripts/test

setup.py

third-party

third-party/django

third-party/django-openid

third-party/django-openid/LICENSE

third-party/django/LICENSE

third-party/mock

third-party/mock/LICENSE

third-party/python-openid

third-party/python-openid/LICENSE

third-party/python-openid/NOTICE

wsgi_test_server.py

wsgiserver.py

Show diffs side-by-side

added added

removed removed

doctests/stories/openid/per-version/sso-workflow-authorize.txt

GNU Affero General Public License version 3 (see the file LICENSE).

= Launchpad Single-Signon Workflow: Authorize =

If a user has logged into Launchpad and then wants to log in to a

Launchpad-SSO web site, they are not prompted for a password.

First we will set up the helper view that lets us test the final

portion of the authentication process:

>>> from openid.consumer.consumer import Consumer

>>> from openid.fetchers import setDefaultFetcher

>>> from openid.store.memstore import MemoryStore

>>> from canonical.signon.testing.openidhelpers import (

... complete_from_browser, make_identifier_select_endpoint,

... PublisherFetcher)

>>> setDefaultFetcher(PublisherFetcher())

The authentication process is started by the relying party issuing a

checkid_setup request, sending the user to Launchpad. We will

authenticate before starting the login procedure:

>>> browser.open('http://openid.launchpad.dev/+login')

>>> browser.getControl(name='email').value = 'mark@example.com'

>>> browser.getControl(name='password').value = 'test'

>>> browser.getControl(name='continue').click()

>>> openid_store = MemoryStore()

>>> consumer = Consumer(session={}, store=openid_store)

>>> request = consumer.beginWithoutDiscovery(

... make_identifier_select_endpoint(PROTOCOL_URI))

# Use localhost instead of launchpad.dev because Launchpad is not

# recorded as an OpenIDRPSummary.

>>> browser.open(request.redirectURL(

... 'http://localhost/', 'http://localhost/+openid-consumer'))

Each OpenID authentication is recorded as an OpenIDRPSummary. This user

has not ever used Launchpad to authenticate with a relying party.

>>> from identityprovider.models import OpenIDRPSummary

>>> summaries = OpenIDRPSummary.objects.filter(

... openid_identifier='http://openid.launchpad.dev/+id/mark_oid')

>>> summaries.count()

At this point, the user is presented with a form asking if they want

to authenticate to the relying party

>>> print browser.title

Authenticate to http://localhost/

By clicking the "Sign In" button, the user is returned to the relying

party with their identity URL:

>>> browser.getControl(name='yes', index=0).click()

>>> print browser.url

http://localhost/+openid-consumer?...

>>> info = complete_from_browser(

... consumer, browser, 'http://openid.launchpad.dev/+id/mark_oid')

>>> print info.status

success

>>> print info.endpoint.claimed_id

http://openid.launchpad.dev/+id/mark_oid

The authentication was recorded. There is a summary showing that the

user has used the replying part once.

>>> summaries = OpenIDRPSummary.objects.filter(

... openid_identifier='http://openid.launchpad.dev/+id/mark_oid')

>>> for summary in summaries:

... summary.openid_identifier

... summary.trust_root

... summary.total_logins

u'http://openid.launchpad.dev/+id/mark_oid'

u'http://localhost/'

== Declining to Authenticate ==

Alternatively, the user could have declined to authenticate. This

time, we will cancel the authentication request:

>>> request = consumer.beginWithoutDiscovery(

... make_identifier_select_endpoint(PROTOCOL_URI))

>>> browser.open(request.redirectURL(

... 'http://launchpad.dev/', 'http://launchpad.dev/+openid-consumer'))

>>> print browser.title

Authenticate to http://launchpad.dev/

>>> browser.getLink(url="+cancel").click()

>>> print browser.url

http://launchpad.dev/+openid-consumer?...

>>> info = complete_from_browser(

... consumer, browser, 'http://openid.launchpad.dev/+id/mark_oid')

>>> print info.status

100

cancel

101

102

103

== Cleanup ==

104

105

>>> setDefaultFetcher(None)

106

>>> summaries = OpenIDRPSummary.objects.filter(

107

... openid_identifier='http://openid.launchpad.dev/+id/mark_oid')

108

>>> summaries.delete()

Older »