diff options
| author | Sam Thursfield <sam.thursfield@codethink.co.uk> | 2015-01-23 14:35:31 +0000 |
|---|---|---|
| committer | Sam Thursfield <sam.thursfield@codethink.co.uk> | 2015-01-26 11:28:11 +0000 |
| commit | 52d48246f143aff169a4b80b33fcf195cdc3d7a4 (patch) | |
| tree | 32181d87e210c52ca0afc995cab0f2e3b8e8cca4 | |
| parent | e998665365d0cd2d54641154c64a8521de775607 (diff) | |
| download | infrastructure-52d48246f143aff169a4b80b33fcf195cdc3d7a4.tar.gz | |
openid_provider: Give a more helpful error when the user enters wrong OpenID
The message 'You are logged in but do not have OpenID here' is wrong
and confusing for a few reasons. Mainly, the actual error is not that
the user has no OpenIDs, but that the OpenID they tried to use isn't
valid. It's better now.
| -rw-r--r-- | baserock_openid_provider/openid_provider/views.py | 34 |
1 files changed, 30 insertions, 4 deletions
diff --git a/baserock_openid_provider/openid_provider/views.py b/baserock_openid_provider/openid_provider/views.py index ec4cb7a2..6399afcc 100644 --- a/baserock_openid_provider/openid_provider/views.py +++ b/baserock_openid_provider/openid_provider/views.py @@ -132,6 +132,26 @@ def openid_xrds(request, identity=False, id=None): 'endpoints': endpoints, }, context_instance=RequestContext(request), content_type=YADIS_CONTENT_TYPE) + +def url_for_openid(request, openid): + return request.build_absolute_uri( + reverse('openid-provider-identity', args=[openid.openid])) + + +def openid_not_found_error_message(request, identity_url): + ids = request.user.openid_set + if ids.count() == 0: + message = "You have no OpenIDs configured. Contact the administrator." + else: + id_urls = [url_for_openid(request, id) for id in ids.iterator()] + id_urls = ', '.join(id_urls) + if ids.count() != 1: + message = "You somehow have multiple OpenIDs: " + id_urls + else: + message = "Your OpenID URL is: " + id_urls + return "You do not have the OpenID '%s'. %s" % (identity_url, message) + + def openid_decide(request): """ The page that asks the user if they really want to sign in to the site, and @@ -151,8 +171,10 @@ def openid_decide(request): openid = openid_get_identity(request, orequest.identity) if openid is None: - return error_page( - request, "You are signed in but you don't have OpenID here!") + # User should only ever have one OpenID, created for them when they + # registered. + message = openid_not_found_error_message(request, orequest.identity) + return error_page(request, message) if request.method == 'POST' and request.POST.get('decide_page', False): if request.POST.get('allow', False): @@ -246,9 +268,13 @@ def openid_get_identity(request, identity_url): - if user has no default one, return any - in other case return None! """ + logger.debug('Looking for %s in user %s set of OpenIDs %s', + identity_url, request.user, request.user.openid_set) for openid in request.user.openid_set.iterator(): - if identity_url == request.build_absolute_uri( - reverse('openid-provider-identity', args=[openid.openid])): + logger.debug( + 'Comparing: %s with %s', identity_url, + url_for_openid(request, openid)) + if identity_url == url_for_openid(request, openid): return openid if identity_url == 'http://specs.openid.net/auth/2.0/identifier_select': # no claim was made, choose user default openid: |