~ubuntuone-pqm-team/canonical-identity-provider/trunk

« back to all changes in this revision

Viewing changes to doctests/stories/openid/per-version/sso-auto-authorize.txt

Committer: Danny Tamez
Date: 2010-04-21 15:29:24 UTC
Revision ID: danny.tamez@canonical.com-20100421152924-lq1m92tstk2iz75a

Canonical SSO Provider (Open Source) - Initial Commit

files added:

LICENSE

__init__.py

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/pycompat

debian/rules

doctests

doctests/openidhelpers.py

doctests/runner.py

doctests/setup.py

doctests/stories

doctests/stories/api-authentications.txt

doctests/stories/api-workflows.txt

doctests/stories/branded-rp.txt

doctests/stories/openid

doctests/stories/openid/_read-only-mode.txt

doctests/stories/openid/basics.txt

doctests/stories/openid/copyright.txt

doctests/stories/openid/delegated-identity.txt

doctests/stories/openid/directed-identity.txt

doctests/stories/openid/discovery.txt

doctests/stories/openid/insane-trust-root.txt

doctests/stories/openid/max-auth-age.txt

doctests/stories/openid/mismatched-trust-root.txt

doctests/stories/openid/offsite-form-post.txt

doctests/stories/openid/per-version

doctests/stories/openid/per-version/logout-during-login.txt

doctests/stories/openid/per-version/openid-teams-private-membership.txt

doctests/stories/openid/per-version/openid-teams.txt

doctests/stories/openid/per-version/referer-cookie.txt

doctests/stories/openid/per-version/restricted-sreg.txt

doctests/stories/openid/per-version/sso-auto-authorize.txt

doctests/stories/openid/per-version/sso-workflow-authorize.txt

doctests/stories/openid/per-version/sso-workflow-complete.txt

doctests/stories/openid/per-version/sso-workflow-login.txt

doctests/stories/openid/per-version/sso-workflow-register.txt

doctests/stories/openid/per-version/sso-workflow-reset-password.txt

doctests/stories/openid/per-version/sso-workflow-switch-user.txt

doctests/stories/openid/per-version/switch-user-twice.txt

doctests/stories/openid/pre-authorization.txt

doctests/stories/sso-server

doctests/stories/sso-server/_edit-emails.txt

doctests/stories/sso-server/home-page.txt

doctests/stories/sso-server/rate-limit.txt

doctests/stories/sso-server/standalone-login.txt

doctests/utils.py

identityprovider

identityprovider/__init__.py

identityprovider/admin.py

identityprovider/auth.py

identityprovider/backend

identityprovider/backend/__init__.py

identityprovider/backend/base.py

identityprovider/backend/old

identityprovider/backend/old/__init__.py

identityprovider/backend/old/base.py

identityprovider/branding.py

identityprovider/const.py

identityprovider/context_processors.py

identityprovider/decorators.py

identityprovider/fields.py

identityprovider/forms.py

identityprovider/locale

identityprovider/locale/de

identityprovider/locale/de/LC_MESSAGES

identityprovider/locale/de/LC_MESSAGES/django.mo

identityprovider/locale/de/LC_MESSAGES/django.po

identityprovider/locale/es_AR

identityprovider/locale/es_AR/LC_MESSAGES

identityprovider/locale/es_AR/LC_MESSAGES/django.mo

identityprovider/locale/es_AR/LC_MESSAGES/django.po

identityprovider/locale/he

identityprovider/locale/he/LC_MESSAGES

identityprovider/locale/he/LC_MESSAGES/django.mo

identityprovider/locale/he/LC_MESSAGES/django.po

identityprovider/locale/hu

identityprovider/locale/hu/LC_MESSAGES

identityprovider/locale/hu/LC_MESSAGES/django.mo

identityprovider/locale/hu/LC_MESSAGES/django.po

identityprovider/locale/pl

identityprovider/locale/pl/LC_MESSAGES

identityprovider/locale/pl/LC_MESSAGES/django.mo

identityprovider/locale/pl/LC_MESSAGES/django.po

identityprovider/locale/sw

identityprovider/locale/sw/LC_MESSAGES

identityprovider/locale/sw/LC_MESSAGES/django.po

identityprovider/management

identityprovider/management/__init__.py

identityprovider/management/commands

identityprovider/management/commands/__init__.py

identityprovider/management/commands/readonly.py

identityprovider/management/commands/sqlcachedflush.py

identityprovider/management/commands/sqlcachedloaddata.py

identityprovider/media

identityprovider/media/blue-fade-to-grey.gif

identityprovider/media/body-bg.png

identityprovider/media/btn-alt-cap.png

identityprovider/media/btn-alt.png

identityprovider/media/btn-cap.png

identityprovider/media/btn.png

identityprovider/media/error-large.png

identityprovider/media/error.png

identityprovider/media/help-large.gif

identityprovider/media/info-large.png

identityprovider/media/launchpad

identityprovider/media/launchpad/favicon.ico

identityprovider/media/launchpad/styles.css

identityprovider/media/logo.png

identityprovider/media/logout-bar-bg.gif

identityprovider/media/passwordhint.js

identityprovider/media/reset.css

identityprovider/media/tick-large.png

identityprovider/media/tooltip-tail.gif

identityprovider/media/trash-icon.gif

identityprovider/media/ubuntu

identityprovider/media/ubuntu-sso-logo.png

identityprovider/media/ubuntu/favicon.ico

identityprovider/media/ubuntu/styles.css

identityprovider/media/warning-large.png

identityprovider/middleware

identityprovider/middleware/__init__.py

identityprovider/middleware/csrf.py

identityprovider/middleware/dbfailover.py

identityprovider/middleware/exception.py

identityprovider/middleware/useraccount.py

identityprovider/middleware/xrds.py

identityprovider/models

identityprovider/models/__init__.py

identityprovider/models/account.py

identityprovider/models/api.py

identityprovider/models/authtoken.py

identityprovider/models/captcha.py

identityprovider/models/const.py

identityprovider/models/emailaddress.py

identityprovider/models/fixtures

identityprovider/models/fixtures/lp_account.json

identityprovider/models/fixtures/lp_accountpassword.json

identityprovider/models/fixtures/lp_emailaddress_noperson.json

identityprovider/models/fixtures/multiple_associations.json

identityprovider/models/fixtures/test.json

identityprovider/models/metamodels.py

identityprovider/models/oauthtoken.py

identityprovider/models/openidmodels.py

identityprovider/models/person.py

identityprovider/models/sql

identityprovider/models/sql/account.identityprovider.backend.sql

identityprovider/models/team.py

identityprovider/readonly.py

identityprovider/signed.py

identityprovider/teams.py

identityprovider/templates

identityprovider/templates/404.html

identityprovider/templates/500.html

identityprovider/templates/account

identityprovider/templates/account/confirm_new_email.html

identityprovider/templates/account/deactivated.html

identityprovider/templates/account/delete_email.html

identityprovider/templates/account/edit-emails.html

identityprovider/templates/account/edit.html

identityprovider/templates/account/new_email.html

identityprovider/templates/admin

identityprovider/templates/admin/readonly.html

identityprovider/templates/admin/readonly.txt

identityprovider/templates/admin/readonly_confirm.html

identityprovider/templates/consumer

identityprovider/templates/consumer/index.html

identityprovider/templates/consumer/request_form.html

identityprovider/templates/decide.html

identityprovider/templates/email

identityprovider/templates/email/email-validation-token.txt

identityprovider/templates/email/forgottenpassword.txt

identityprovider/templates/email/impersonate-warning.txt

identityprovider/templates/email/newuser.txt

identityprovider/templates/email/validate-email.txt

identityprovider/templates/invalid_identifier.html

identityprovider/templates/launchpad

identityprovider/templates/launchpad/base.html

identityprovider/templates/launchpad/registration

identityprovider/templates/launchpad/registration/login.html

identityprovider/templates/limitexceeded.html

identityprovider/templates/openidapplication-xrds.xml

identityprovider/templates/person-xrds.xml

identityprovider/templates/person.html

identityprovider/templates/preauth_fail.html

identityprovider/templates/readonly.html

identityprovider/templates/registration

identityprovider/templates/registration/bad_token.html

identityprovider/templates/registration/confirm_new_account.html

identityprovider/templates/registration/email_sent.html

identityprovider/templates/registration/forgot_password.html

identityprovider/templates/registration/logout.html

identityprovider/templates/registration/new_account.html

identityprovider/templates/registration/reset_password.html

identityprovider/templates/registration/token.html

identityprovider/templates/server_info.html

identityprovider/templates/set_language.html

identityprovider/templates/static

identityprovider/templates/static/description.html

identityprovider/templates/static/faq.html

identityprovider/templates/twocols.html

identityprovider/templates/ubuntu

identityprovider/templates/ubuntu/base.html

identityprovider/templates/ubuntu/registration

identityprovider/templates/ubuntu/registration/login.html

identityprovider/templates/untrusted.html

identityprovider/templates/widgets

identityprovider/templates/widgets/last_auth_sites.html

identityprovider/templates/widgets/launchpad

identityprovider/templates/widgets/launchpad/logout-button.html

identityprovider/templates/widgets/recaptcha.html

identityprovider/templates/widgets/trusted_rp.html

identityprovider/templates/widgets/ubuntu

identityprovider/templates/widgets/ubuntu/logout-button.html

identityprovider/templates/widgets/unknown_rp.html

identityprovider/tests

identityprovider/tests/__init__.py

identityprovider/tests/mockdb.py

identityprovider/tests/test_admin.py

identityprovider/tests/test_auth.py

identityprovider/tests/test_captcha.py

identityprovider/tests/test_command_readonly.py

identityprovider/tests/test_dbfailover.py

identityprovider/tests/test_fields.py

identityprovider/tests/test_forms.py

identityprovider/tests/test_loginservice.py

identityprovider/tests/test_middleware.py

identityprovider/tests/test_models_account.py

identityprovider/tests/test_models_authtoken.py

identityprovider/tests/test_models_oauthtoken.py

identityprovider/tests/test_models_openidmodels.py

identityprovider/tests/test_readonly.py

identityprovider/tests/test_signed.py

identityprovider/tests/test_static.py

identityprovider/tests/test_utils.py

identityprovider/tests/test_views_account.py

identityprovider/tests/test_views_consumer.py

identityprovider/tests/test_views_server.py

identityprovider/tests/test_views_ui.py

identityprovider/tests/test_views_utils.py

identityprovider/tests/test_widgets.py

identityprovider/tests/test_xrds.py

identityprovider/tests/utils.py

identityprovider/urls.py

identityprovider/utils.py

identityprovider/views

identityprovider/views/__init__.py

identityprovider/views/account.py

identityprovider/views/consumer.py

identityprovider/views/errors.py

identityprovider/views/readonly.py

identityprovider/views/server.py

identityprovider/views/testing.py

identityprovider/views/ui.py

identityprovider/views/utils.py

identityprovider/webservice

identityprovider/webservice/__init__.py

identityprovider/webservice/forms.py

identityprovider/webservice/interfaces.py

identityprovider/webservice/models.py

identityprovider/webservice/site.zcml

identityprovider/widgets.py

identityprovider/wsgi.py

mockservice

mockservice/api-authentications.txt

mockservice/api-workflows.txt

mockservice/mockserver.py

mockservice/wadl.xml

offline_pages

offline_pages/offline-maintenance-lp-haproxy.html

offline_pages/offline-maintenance-lp.html

offline_pages/offline-maintenance-sso-haproxy.html

offline_pages/offline-maintenance-sso.html

offline_pages/offline-unplanned-lp-haproxy.html

offline_pages/offline-unplanned-lp.html

offline_pages/offline-unplanned-sso-haproxy.html

offline_pages/offline-unplanned-sso.html

po/django

po/django/de.po

po/django/django.pot

po/django/es.po

po/django/he.po

po/django/hu.po

po/django/pl.po

scripts

scripts/test

setup.py

third-party

third-party/django

third-party/django-openid

third-party/django-openid/LICENSE

third-party/django/LICENSE

third-party/mock

third-party/mock/LICENSE

third-party/python-openid

third-party/python-openid/LICENSE

third-party/python-openid/NOTICE

wsgi_test_server.py

wsgiserver.py

Show diffs side-by-side

added added

removed removed

doctests/stories/openid/per-version/sso-auto-authorize.txt

GNU Affero General Public License version 3 (see the file LICENSE).

= Single-Signon Workflow: Automatic Authorization =

For sites that are intended to look like an integrated part of

Canonical's single sign on system, we would like to avoid actively

asking the user to authenticate to the site.

As the user is likely to consider the sites to be part of a single

larger system, it just causes confusion.

First we will set up the helper view that lets us test the final

portion of the authentication process:

>>> from openid.consumer.consumer import Consumer

>>> from openid.fetchers import setDefaultFetcher

>>> from openid.store.memstore import MemoryStore

>>> from canonical.signon.testing.openidhelpers import (

... complete_from_browser, make_identifier_select_endpoint,

... PublisherFetcher)

>>> setDefaultFetcher(PublisherFetcher())

Next we'll set up the trust root we're using to have its requests

automatically authorized:

>>> from identityprovider.models import OpenIDRPConfig

>>> rpconfig = OpenIDRPConfig.objects.create(

... trust_root='http://launchpad.dev/',

... displayname='Test RP', description='A test RP',

... auto_authorize=True)

If we are not logged in, automatically authorized sites act the same

as normal ones, and the user is presented with the login page:

>>> openid_store = MemoryStore()

>>> consumer = Consumer(session={}, store=openid_store)

>>> request = consumer.beginWithoutDiscovery(

... make_identifier_select_endpoint(PROTOCOL_URI))

>>> browser.open(request.redirectURL(

... 'http://launchpad.dev/', 'http://launchpad.dev/+openid-consumer'))

>>> print browser.title

When the user logs in, he will be directed back to the relying party without

requesting for authorization as the trust root has automatic authorization

enabled.

>>> browser.getControl(name='email').value = 'mark@example.com'

>>> browser.getControl(name='password').value = 'test'

>>> browser.getControl(name='continue').click()

>>> print browser.url

http://launchpad.dev/+openid-consumer?...

>>> info = complete_from_browser(

... consumer, browser, 'http://openid.launchpad.dev/+id/mark_oid')

>>> print info.status

success

>>> print info.endpoint.claimed_id

http://openid.launchpad.dev/+id/mark_oid

If the user is already logged in, he will be directed back to the

relying party immediately.