I clone the master and when i try to run the flask app example i encounter with this error:
Traceback (most recent call last):
File "myapp.py", line 8, in
from velruse.app import make_velruse_app
ImportError: cannot import name make_velruse_app

Allow custom providers via a setuptools entry point velruse.providers. This would allow the standalone app to easily contain custom providers if they are all installed on the PYTHONPATH.

Another take on this implementation is #53 and may also be a good way to go.

Facebook scopes are supposed to be comma-separated. Google scopes are space-separated. Currently, velruse just assumes you know this and have properly formatted the scope string. It'd be great to not have to know this.

Say your app is using a cookie based session factory and the user has cookies disabled on their browser, then the following code raises a CSRFError:

        if request.GET.get('state') != request.session.get('state'):
            raise CSRFError(
                'CSRF Validation check failed. Request state %s is not '
                'the same as session state %s' % (
                    request.GET.get('state'), request.session.get('state')))

request.session.get('state') will always be None for this user. This results in a 500 error when they try to login.

• Is a there a recommended way of catching that error and handling it nicely?
• If not, is this a bug?

Hello,

As of yesterday I started noticing the following in Apache's error.log. I am able to reproduce. There have not been any code changes recently, so I am under the assumption that something changed with Twitter's API.

 Traceback (most recent call last):
   File "/usr/local/lib/python2.7/dist-packages/werkzeug/wsgi.py", line 471, in __call__
     return app(environ, start_response)
   File "/usr/local/lib/python2.7/dist-packages/pyramid/router.py", line 251, in __call__
     response = self.invoke_subrequest(request, use_tweens=True)
   File "/usr/local/lib/python2.7/dist-packages/pyramid/router.py", line 227, in invoke_subrequest
     response = handle_request(request)
   File "/usr/local/lib/python2.7/dist-packages/pyramid/tweens.py", line 21, in excview_tween
     response = handler(request)
   File "/usr/local/lib/python2.7/dist-packages/pyramid/router.py", line 117, in handle_request
     root = root_factory(request)
   File "/usr/local/lib/python2.7/dist-packages/velruse/providers/twitter.py", line 158, in callback
     offset = float(data['utc_offset']) / 3600
 TypeError: float() argument must be a string or a number

I'd like to add (feature request) before and after login view events (hook points).

Events on login are useful when using velruse as a plugin or possibly for extending the application. It allows the plugin user to modify/capture information before or after the login view is called; and this is important because there is no way to modify the login view without subclassing the provider. For example, after the login view is hit, one could capture the referrer location so that they could send the authenticated user back to where they came from.

An example implementation can be found at: mmulich@7b52085

It might be useful to see a list of configured providers in an application. This should be done using Pyramid's 1.3+ introspection API.

There is also an outstanding question of whether the list of providers should be introspectable via a URL in the standalone application. I'm having difficulty seeing why this would be useful because it is entirely specific to velruse.

@cd34 put a number of comments in
Pylons/pyramid#212 (comment) related to a hard-to-replicate bug using velruse related to its use of the "requests" library. I'm just opening this ticket so we can start talking about it in the right place.

When creating a new virtual environment, upon startup:

from Crypto.Cipher import AES

failed due to pycrypto not being installed.

Currently there is no add_google_login_from_settings, add_yahoo_login_from_settings or add_openid_login_from_settings because the storage parameter needs to be programmatically defined. What I would propose is a separate API that creates a shared openid store within velruse (because the python-openid package should only require one store for multiple providers).

def add_openid_storage(config, storage, name='default'):

def add_openid_storage_from_settings(config, prefix='openid_storage.'):

The second function would probably support pre-defined python-openid storage mechanisms from https://github.com/openid/python-openid/tree/master/openid/store. This would mean that it'd use openid_storage.type and other openid_storage.* settings to create one of the storage mechanisms.

From here, the OpenIDProvider would be updated to use this storage mechanism.

As of now, velruse consider the email from facebook verified if the the verified boolean in the payload is true (

According to the facebook documentation, verified is true if the user verified is email OR his phone number OR gave a valid credit card.

Thus, the email given by the facebook api can't be considered verified.

Source, and some security concerns associated to this : http://stackoverflow.com/questions/10651900/potential-security-issue-with-facebook-login.

the following fails when len(h) == 1
https://github.com/bbangert/velruse/blob/master/velruse/providers/facebook_.py#L48

If user doesn't have name specified in their profile - it will result in :

File "/home/errormator/python/lib/python2.7/site-packages/velruse/providers/github.py", line 149, in     callback
profile['displayName'] = data['name']
KeyError: 'name'

Hi,
I face an authentication error with an openid provider (openid.com) that usually works on other sites (not velruse related).

My colleagues could login with google or other openids in our app, but I fails with mine (*.myopenid.com)

Here is stack log.

Any way to debug/fix this?

Thanks

2013-02-19 18:08:34,894 ERROR [gunicorn.error][GreenThread-83] Error handling request
Traceback (most recent call last):
  File "/root/mobyle2/local/lib/python2.7/site-packages/gunicorn/workers/async.py", line 45, in handle
    self.handle_request(listener, req, client, addr)
  File "/root/mobyle2/local/lib/python2.7/site-packages/gunicorn/workers/async.py", line 93, in handle_request
    respiter = self.wsgi(environ, resp.start_response)
  File "/root/mobyle2/local/lib/python2.7/site-packages/newrelic-1.10.0.28/newrelic/api/web_transaction.py", line 765, in __call__
    result = application(environ, _start_response)
  File "/root/mobyle2/local/lib/python2.7/site-packages/newrelic-1.10.0.28/newrelic/api/object_wrapper.py", line 220, in __call__
    self._nr_instance, args, kwargs)
  File "/root/mobyle2/local/lib/python2.7/site-packages/newrelic-1.10.0.28/newrelic/api/function_trace.py", line 93, in literal_wrapper
    return wrapped(*args, **kwargs)
  File "/root/mobyle2/local/lib/python2.7/site-packages/pyramid/router.py", line 251, in __call__
    response = self.invoke_subrequest(request, use_tweens=True)
  File "/root/mobyle2/local/lib/python2.7/site-packages/pyramid/router.py", line 227, in invoke_subrequest
    response = handle_request(request)
  File "/root/mobyle2/local/lib/python2.7/site-packages/pyramid/tweens.py", line 21, in excview_tween
    response = handler(request)
  File "/root/mobyle2/local/lib/python2.7/site-packages/pyramid/router.py", line 117, in handle_request
    root = root_factory(request)
  File "/root/mobyle2/local/lib/python2.7/site-packages/velruse/providers/openid.py", line 246, in callback
    raise ThirdPartyFailure("No OpenID Session has begun.")
ThirdPartyFailure: No OpenID Session has begun.

Okay, so trying the following YAML config:

"""

Store:
Type: velruse.store.memstore:MemoryStore

OpenID:
Realm: http://http://pythonjobs.chrisw.info/
Endpoint Regex: http://http://pythonjobs.chrisw.info/loggedin

Yahoo: true

OpenID Store:
Type: openid.store.memstore:MemoryStore
"""

...and the following submitting form:

I get the following error:
"""
Sorry! There is an error with the request we received from the website you are trying to use. Please try again in a few minutes. If this error persists please contact the site administrator. Learn more..
"""

...from the following Yahoo url:

https://open.login.yahooapis.com/openid/op/auth

What am I going wrong?

I noticed in some providers like Facebook and QQ the unique ID is stored in 'userid' while providers that use OpenID (Google, Yahoo, etc) store the unique ID in 'username'.

Shouldn't those all be changed to use one common key?

Provide a way to change the return URL (endpoint) for a login attempt on a per-login basis via a GET or POST parameter.

OpenID uses AuthenticationComplete class rather than OpenIDAuthenticationComplete.

(Check OpenID consumer, row 120)

velruse should have a 'dummy' mode for use with ppl developing apps using velruse. This would allow one to avoid hitting the internet or third-parties which can have difficult setup procedures requiring world-resolveable DNS names. In that case, hitting the velruse app for sign-in would automatically return a 'fake user' rather than going through a third-party sign-in process.

https://developers.google.com/accounts/docs/OpenID#shutdown-timetable

I would to allow about registration and authentication via social networks but want to handle what happens when it comes back differently.

There is no way to currently know where the auth was initiated.

Hi,
When trying to use the pyramid_plugin demo & Twitter, I'm getting the following traceback:

velruse.exceptions.ThirdPartyFailure

ThirdPartyFailure: Status 401: <?xml version="1.0" encoding="UTF-8"?>
<hash>
  <error>Desktop applications only support the oauth_callback value 'oob'</error>
  <request>/oauth/request_token</request>
</hash>

So, my html form looks like this:

"""

"""

server2 is only locally accessible.

Authentication appears to work, but the information returned when the token is looked up in the velruse store comes back as:

{'status': 'fail', 'reason': {'code': 0, 'description': 'Missing parameter'}}

...which isn't very helpful :-S

What's happening here and how can we make this information more useful?

initial authorize call requires to use "state" param otherwise github throws in response 404

In velruse.providers.google_oauth2, using velruse.google.scope = 'opend profile' provides the following keys:

>> data.keys()
[u'family_name', u'name', u'picture', u'locale', u'gender', u'birthday', u'link', u'given_name', u'id']

Since email is not available, data['email'] raises KeyError

I installed the current state of velruse, including #70, wanted to try the example pyramid app (i.e. pserve example.ini, with a gtihub provider setup in example.ini) and got the following error below, it seems the config.include behavior doesn't work for me, but I cannot figure out why. Can someone help?

File "/home/jasper/Projects/velruse-tut/env/local/lib/python2.7/site-packages/paste/deploy/util.py", line 56, in fix_call
val = callable(_args, *_kw)
File "/home/jasper/Projects/velruse-tut/env/local/lib/python2.7/site-packages/myapp/init.py", line 72, in main
config.add_github_login_from_settings(prefix='github.')
File "/home/jasper/Projects/velruse-tut/env/local/lib/python2.7/site-packages/pyramid/config/init.py", line 775, in getattr
raise AttributeError(name)
AttributeError: add_github_login_from_settings

pip freeze:

Beaker==1.6.3
Chameleon==2.9.0
Mako==0.7.0
MarkupSafe==0.15
PasteDeploy==1.5.0
PyYAML==3.10
Routes==1.13
WebOb==1.2
anykeystore==0.2
certifi==0.0.8
chardet==1.0.1
distribute==0.6.19
httplib2==0.7.4
nose==1.1.2
oauth2==1.5.211
oauthlib==0.1.3
pyasn1==0.1.3
pyramid==1.3.2
python-openid==2.2.5
repoze.lru==0.5
requests==0.13.0
rsa==3.0.1
translationstring==1.1
venusian==1.0a6
wsgiref==0.1.2
zope.deprecation==4.0.0
zope.interface==4.0.1

If I use Google Authentication, whether on a two-factor google account or a newly created account, I receive a url of https://accounts.google.com/o/openid2/auth?st=xlRUpXQSC...

with:

The page you requested is invalid.

date: Fri, 25 Nov 2011 23:31:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 400 Bad Request
x-xss-protection: 1; mode=block
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
expires: Fri, 25 Nov 2011 23:31:03 GMT
cache-control: private, max-age=0
version: HTTP/1.1

400 Bad Request

I'm using the following development.ini, with velruse installed from:

easy_install -U https://github.com/bbangert/velruse/tarball/master

The domain is resolvable, the key and domain are set up in Google, removing the keys and relying on Google OpenID results in the same. Brand new virtualenv with only pyramid and velruse installed. I am not using any Google scopes for additional permissions, I did test via their control panel and it does properly authenticate for Google Calendar. Velruse prior to the dev version works with the same parameters (though in CONFIG.yaml).

Can someone do a sanity check to tell me if I've missed some option, or, whether Google authentication works/does not work?

Thanks.

my development.ini:

[app:veltest]
use = egg:veltest

pyramid.reload_templates = true
pyramid.debug_authorization = false
pyramid.debug_notfound = false
pyramid.debug_routematch = false
pyramid.debug_templates = true
pyramid.default_locale_name = en
pyramid.includes =
pyramid_tm

pyramid_debugtoolbar

sqlalchemy.url = sqlite:///%(here)s/veltest.db

[server:main]
use = egg:Paste#http
host = 0.0.0.0
port = 8080

Begin logging configuration

[loggers]
keys = root, veltest, sqlalchemy

[handlers]
keys = console

[formatters]
keys = generic

[logger_root]
level = INFO
handlers = console

[logger_veltest]
level = DEBUG
handlers =
qualname = veltest

[logger_sqlalchemy]
level = INFO
handlers =
qualname = sqlalchemy.engine

"level = INFO" logs SQL queries.

"level = DEBUG" logs SQL queries and results.

"level = WARN" logs neither. (Recommended for production systems.)

[handler_console]
class = StreamHandler
args = (sys.stderr,)
level = NOTSET
formatter = generic

[formatter_generic]
format = %(asctime)s %(levelname)-5.5s [%(name)s][%(threadName)s] %(message)s

End logging configuration

[filter:exc]
use=egg:WebError#evalerror

[pipeline:pveltest]
pipeline = exc veltest

[composite:main]
use = egg:Paste#urlmap
/ = pveltest
/velruse = velruse

[app:velruse]
velruse.end_point = http://pch1.mia.mydomain.com:8080/auth/apex_callback
velruse.store = velruse.store.sqlstore
velruse.store.url = mysql://sflh:s1s2s3@localhost/sflh?use_unicode=0&charset=utf8
velruse.openid.store = openid.store.memstore:MemoryStore
velruse.openid.realm = http://pch1.mia.mydomain.com

velruse.providers =
velruse.providers.google

velruse.google.consumer_key = pch1.mia.mydomain.com
velruse.google.consumer_secret = qn53zdxtB0qO96Es_AE-3KZH

use = egg:velruse

config_file = %(here)s/CONFIG.yaml

beaker.session.data_dir = %(here)s/data/sdata
beaker.session.lock_dir = %(here)s/data/slock
beaker.session.key = velruse
beaker.session.secret = somesecret
beaker.session.type = cookie
beaker.session.validate_key = STRONG_KEY_HERE
beaker.session.cookie_domain = .mydomain.com

The following dependencies are missing from setup:

• routes
• python-memcached

python-memcached should be an optional dependency depending on whether memcached is required or not (same should apply to redis etc)

currently all callback functions for all providers are extracting different info from the response returned by providers.

For example, facebook.py extracts timezone,gender and birthday and append them into profile while tiwtter extract some different, extra data like addresses.

I am not sure how to override the callback function on the fly to extract additional data from the response to the profile variable as they are hard coded before the view get the profile.

Is it better just return the raw response to the view by context?
That way the view can do whatever it wants to the response rather than a harde coded profile with limited and inconsistent data?

Thanks

Title pretty much says it all. Pyramid runs on Python3, so can Velruse be ported?

I noticed that callback URLs (I've only tested with Google) include a double slash immediately after the domain, as in:

http://domain.com//login/google/callback

This is mostly okay, but it's caused issues in one of my browser plugins which monitors certain callback URLs, so that it knows when the OpenID auth dance is over.

I realize that this is minor, but it'd be great if it was fixed nevertheless.

There may be many reasons when ThirdPartyFailure raises, eg. generaly it's used in providers when response code from provider is not 200.

Well, eg.
Looking at velruse source i can see no way to catch such en exceptions in my own code, so i can not display human readable message and show it to user - instead ugly 500 appears.

Shouldn't be some way added to catch ThirdPartyFailure eg, just the way velruse.AuthenticationDenied view is set up?

The problem

Here's a common use case for which I can't find an elegant solution :

On each page of my application, there is a small login form. Once the person is logged in, I want to redirect him to the page he logged from.

Existing solution

I have found two solutions :

• Having a view that registers the page to which the user is to be redirected (redirect_to) into the session, depending on the referer. This view then redirect to the velruse view.
• Having a view that registers redirect_to into the sessions, then call directly the code of velruse's views (something like return request.registry.velruse_providers['github'].login(request)).

Both solutions fell ugly because I have add another view to my application. In the first case /mylogin/{provider} redirects to /login/{provider}. In the second case, /login/{provider} is just plain ignored.

Proposed solution

One solution that seems clean would be to give the possibility to add callbacks or hooks to be called at the beginning of the login views. This would enable one to do any required work and information storage before the login process.

Those hooks would have the ability provide extra data that would be stored in the session during the authentication, then returned as part of AuthenticationComplete, or in the store in the case of the standalone application.

A hook providing simple referer storage would be provided.

Please tell me if you think that solution is ok. If you agree, or if you think code will explain much better than this unclear wall of text, I'll code this.

I ran into a similar issue to Pylons/pyramid#212 however, I don't know if my situation is merely the same symptom but a separate cause.

In this case, in provider/twitter.py:

r = requests.get(REQUEST_URL, headers=oauth_request.to_header())

modifies the request object which causes Mac based Webkit browsers to have a problem due to the corruption and high order bits in the request. Firefox 8/9 appear to have no issue.

save_request = copy.copy(request)
r = requests.get(REQUEST_URL, headers=oauth_request.to_header())
request = copy.copy(save_request)

The above fix hides the bug and allows it to work, but, something in requests is changing a mutable that Pyramid is depending on.

cd34@bc0ff12

is the commit on my local branch that 'fixes' it, however, I'm not sure I really like the fix as it only covers up a problem in a dependency. I can submit a pull if you would like, but, it isn't "The Right Fix". It is possible that the issue is in paster as requests does start a new urllib3 connection pool and perhaps that is creating a leak.

I have done a lot of work on velruse and splitted my last pull request in small chunks.
Feel free to speak with me on irc (kiorky on #pyramid (freenode))

Those pull requests must be assembled in a logical and dependant order:

• documentation #44
• [MERGED] includeme_convention #45
  • providers_hook #53
    • introspectable_configuration #47
      • introspectable_providers #48
• openid_autoconfiguration #46
  • contextual_endpoint #51
    • ldap_provider #50
• introspectable_configuration / ldap_provider
  • introspectable_ldap_provider #49

Since velruse is normalising profile data: imho it makes sense to convert the birthday to a datetime.date instance, instead of the YYYY-MM-DD string it is now.

For consistency, routes for bitbucket should start like '/login'

velruse.bitbucket-login --> /bitbucket/login
velruse.bitbucket-callback --> /bitbucket/login/callback

velruse.openid-url --> /login/openid
velruse.openid-callback --> /login/openid/callback
velruse.github-login --> /login/github
velruse.github-callback --> /login/github/callback
velruse.twitter-login --> /login/twitter
velruse.twitter-callback --> /login/twitter/callback
velruse.yahoo-url --> /login/yahoo
velruse.yahoo-callback --> /login/yahoo/callback
velruse.linkedin-login --> /login/linkedin
velruse.linkedin-callback --> /login/linkedin/callback
velruse.live-login --> /login/live
velruse.live-callback --> /login/live/callback
velruse.facebook-login --> /login/facebook
velruse.facebook-callback --> /login/facebook/callback
velruse.google_oauth2-login --> /login/google_oauth2
velruse.google_oauth2-callback --> /login/google_oauth2/callback

Hi,
I faced a Google auth2 failure when trying to connect using my Google account.

Problem was that 'name' was not present in data (velruse/providers/google_oauth2.py around line 170 to get displayname).

I suggest to test if name is present, else to set email in displayname

Don't know why, but depending on account, seems that name is not always present (I only needed email by the way).

this raise an exception.

Since Google OAuth 1.0 is deprecated (see https://developers.google.com/accounts/docs/OAuth), velruse would benefit from a OAuth 2.0 implementation for Google (https://developers.google.com/accounts/docs/OAuth2). It is also much easier to implement and maintain than the OpenID + OAuth hybrid.

I have written a provider called "google2" in my branch (naktinis@7c75a1c) if it would be of any help. I can create a pull request, or simply leave it to you as a working example.

Linkedin returns 500 error with reason "INKApi Error"

In earlier version with oauth2 it worked fine. I did'n find any reason on linkedin site.
May be reason is using port in my dev site address but i'm not sure.

Actually linkedin use OAuth2.0 and support old OAuth1.0a i guess (or may be not, I did't find any message about it)

http://packages.python.org/velruse/providers.html#id5 auth' in html snippet
http://packages.python.org/velruse/providers.html#id7 auth' in html snippet
http://packages.python.org/velruse/providers.html#id9 auth' in html snippet
http://packages.python.org/velruse/providers.html#id11 auth' in html snippet

http://packages.python.org/velruse/modules/app.html

Store:
Redis: true

Should be:

Store:
Type: Redis (or Memory)

http://packages.python.org/velruse/modules/providers/facebook.html

Says: Handle Twitter OAuth

Login breaks with Pyramid 1.2. It appears that Pyramid expects the provider login view method to have a different number of arguments. Which version of Pyramid did you test your examples against?

File "<...>/pyramid-1.2-py2.6.egg/pyramid/config/views.py", line 319, in viewresult_to_response
    result = view(context, request)
TypeError: login() takes exactly 2 arguments (3 given)

I got No module named providers when trying the pyramid_plugin with the feature.api-revamp branch. Is it normal?

I set up my environment like this:

virtualenv velruse
cd velruse
source bin/activate
git clone https://github.com/bbangert/velruse.git
cd velruse
git branch feature.api-revamp
python setup.py install
cd examples/pyramid_plugin
python setup.py develop

I ran pserve :

$ pserve example.ini 
Traceback (most recent call last):
  File "/home/bruno/velruse/bin/pserve", line 8, in <module>
    load_entry_point('pyramid==1.3', 'console_scripts', 'pserve')()
  File "/home/bruno/velruse/local/lib/python2.7/site-packages/pyramid-1.3-py2.7.egg/pyramid/scripts/pserve.py", line 47, in main
    return command.run()
  File "/home/bruno/velruse/local/lib/python2.7/site-packages/pyramid-1.3-py2.7.egg/pyramid/scripts/pserve.py", line 290, in run
    relative_to=base, global_conf=vars)
  File "/home/bruno/velruse/local/lib/python2.7/site-packages/pyramid-1.3-py2.7.egg/pyramid/scripts/pserve.py", line 318, in loadapp
    return loadapp(app_spec, name=name, relative_to=relative_to, **kw)
  File "/home/bruno/velruse/local/lib/python2.7/site-packages/PasteDeploy-1.5.0-py2.7.egg/paste/deploy/loadwsgi.py", line 247, in loadapp
    return loadobj(APP, uri, name=name, **kw)
  File "/home/bruno/velruse/local/lib/python2.7/site-packages/PasteDeploy-1.5.0-py2.7.egg/paste/deploy/loadwsgi.py", line 272, in loadobj
    return context.create()
  File "/home/bruno/velruse/local/lib/python2.7/site-packages/PasteDeploy-1.5.0-py2.7.egg/paste/deploy/loadwsgi.py", line 710, in create
    return self.object_type.invoke(self)
  File "/home/bruno/velruse/local/lib/python2.7/site-packages/PasteDeploy-1.5.0-py2.7.egg/paste/deploy/loadwsgi.py", line 146, in invoke
    return fix_call(context.object, context.global_conf, **context.local_conf)
  File "/home/bruno/velruse/local/lib/python2.7/site-packages/PasteDeploy-1.5.0-py2.7.egg/paste/deploy/util.py", line 56, in fix_call
    val = callable(*args, **kw)
  File "/home/bruno/velruse/velruse/examples/pyramid_plugin/myapp/__init__.py", line 67, in main
    config.include('velruse.providers.facebook')
  File "/home/bruno/velruse/local/lib/python2.7/site-packages/pyramid-1.3-py2.7.egg/pyramid/config/__init__.py", line 709, in include
    c = self.maybe_dotted(callable)
  File "/home/bruno/velruse/local/lib/python2.7/site-packages/pyramid-1.3-py2.7.egg/pyramid/config/__init__.py", line 810, in maybe_dotted
    return self.name_resolver.maybe_resolve(dotted)
  File "/home/bruno/velruse/local/lib/python2.7/site-packages/pyramid-1.3-py2.7.egg/pyramid/path.py", line 318, in maybe_resolve
    return self._resolve(dotted, package)
  File "/home/bruno/velruse/local/lib/python2.7/site-packages/pyramid-1.3-py2.7.egg/pyramid/path.py", line 325, in _resolve
    return self._zope_dottedname_style(dotted, package)
  File "/home/bruno/velruse/local/lib/python2.7/site-packages/pyramid-1.3-py2.7.egg/pyramid/path.py", line 374, in _zope_dottedname_style
    __import__(used)
ImportError: No module named providers

Website was working properly, but from past few days it started throwing error message "The HTTP request was forbidden with client authentication scheme 'Anonymous'" .

Saw same issue here: http://social.msdn.microsoft.com/Forums/onedrive/en-US/577aa2de-9409-405a-835f-327e06965f52/oauth-service-down?forum=messengerconnect

Changed auth and token url as mentioned in the above url, but still not able to use Live ID.

velruse does not use nose anywhere, but it still depends on it.

Sorry for the cryptic title :P

Basically, if you create an OpenID login form and post "dummy" as URL, it causes an exception rather than sending you to the authentication error screen. This is probably true for other login providers, but it's extremely bad for OpenID since exceptions aren't handled in anyway.

Basically, everything during OpenIDConsumer.login -process should be catched i think.

Hi,

I was wondering if you could configure the email to be returned from linkedin and also make the route consistent.

Following is a diff of the requested changes.

Thanks!

diff --git a/providers/linkedin.py b/providers/linkedin.py
index 17c69d5..ce9915b 100644
--- a/providers/linkedin.py
+++ b/providers/linkedin.py
@@ -44,8 +44,8 @@ def add_linkedin_login_from_settings(config, prefix='velruse.linkedin.'):
 def add_linkedin_login(config,
                        consumer_key,
                        consumer_secret,
-                       login_path='/linkedin/login',
-                       callback_path='/linkedin/login/callback',
+                       login_path='/login/linkedin',
+                       callback_path='/login/linkedin/callback',
                        name='linkedin'):
     """
     Add a Last.fm login provider to the application.
@@ -129,7 +129,7 @@ class LinkedInProvider(object):
                             secret=cred['oauthAccessTokenSecret'])
         client = oauth.Client(consumer, token)
         profile_url = 'http://api.linkedin.com/v1/people/~'
-        profile_url += ':(first-name,last-name,id,date-of-birth,picture-url)'
+        profile_url += ':(first-name,last-name,id,date-of-birth,picture-url,email-address)'
         profile_url += '?format=json'
         resp, content = client.request(profile_url)

@@ -139,8 +139,8 @@ class LinkedInProvider(object):

         # Setup the normalized contact info
         profile = {}
         profile['displayName'] = data['firstName'] + data['lastName']
+        profile['verifiedEmail'] = data['emailAddress']
         profile['name'] = {
             'givenName': data['firstName'],
             'familyName': data['lastName'],

If something goes wrong and csrf fails (which is not always in case of fraud), it would be much friendly to raise Bad Request 400 error instead of Python exception that results in 500.

I get a KeyError stating the key 'end_point' cannot be found in the session dictionary This occurs on Chrome 12+ and IE9 for all providers I've tested (Google and Twitter), but not Firefox. I believe this may be an inconsistency between browsers on when the cookie is set for the Beaker sessions (or I'm doing something very wrong).

I will investigate this issue and hopefully submit a pull request when I figure it out.

Okay, same YAML config:

Store:
Type: velruse.store.memstore:MemoryStore

OpenID:
Realm: http://http://pythonjobs.chrisw.info/
Endpoint Regex: http://http://pythonjobs.chrisw.info/loggedin

Yahoo: true

OpenID Store:
Type: openid.store.memstore:MemoryStore
"""

html form submission is:
"""

"""

I get:

File "/home/chris/buildout-eggs/Beaker-1.5.4-py2.6.egg/beaker/middleware.py", line 152, in call
return self.wrap_app(environ, session_start_response)
File "/home/chris/velruse/velruse/app.py", line 198, in call
return self.configprovider(environ, start_response)
File "/home/chris/velruse/velruse/utils.py", line 109, in call
return getattr(self, action)(req, **kwargs)
File "/home/chris/velruse/velruse/providers/openidconsumer.py", line 276, in login
self.update_authrequest(req, authrequest)
File "/home/chris/velruse/velruse/providers/yahoo.py", line 68, in _update_authrequest
authrequest.addExtension(oauth_request)
File "/home/chris/buildout-eggs/python_openid-2.2.5-py2.6.egg/openid/consumer/consumer.py", line 1493, in addExtension
extension_request.toMessage(self.message)
File "/home/chris/buildout-eggs/python_openid-2.2.5-py2.6.egg/openid/extension.py", line 45, in toMessage
message.updateArgs(self.ns_uri, self.getExtensionArgs())
File "/home/chris/buildout-eggs/python_openid-2.2.5-py2.6.egg/openid/message.py", line 471, in updateArgs
self.setArg(namespace, k, v)
File "/home/chris/buildout-eggs/python_openid-2.2.5-py2.6.egg/openid/message.py", line 476, in setArg
assert value is not None
AssertionError

...from:

http://pythonjobs.chrisw.info/velruse/yahoo/auth

What am I doing wrong?