a start towards support openid for google domains/apps

this requires patches to python-openid as well, which are not yet complete

linkdrop/controllers/account.py

@@ -116,7 +116,8 @@ OAuth authorization api.
         try:
             user = auth.verify()
             account = user['profile']['accounts'][0]
-    
+            if not user.get('oauth_token') and not user.get('oauth_token_secret'):
+                raise Exception('Unable to get OAUTH access')
             acct = self._get_or_create_account(provider, account['userid'], account['username'])
             acct.profile = user['profile']
             acct.oauth_token = user.get('oauth_token', None)

linkdrop/lib/oauth/google_.py

@@ -52,7 +52,12 @@ from linkdrop.lib.oauth.openidconsumer import ax_attributes, alternate_ax_attrib
 from linkdrop.lib.oauth.openidconsumer import OpenIDResponder
 from linkdrop.lib.oauth.base import get_oauth_config
 
-GOOGLE_OAUTH = 'https://www.google.com/accounts/OAuthGetAccessToken'
+def _get_google_access_url():
+    id = request.POST.get('openid_identifier')#, 'g.caraveo.com')
+    if id:
+        return 'https://www.google.com/a/%s/OAuthGetAccessToken' % id
+    else:
+        return 'https://www.google.com/accounts/OAuthGetAccessToken'
 
 domain = 'google.com'
 
@@ -71,6 +76,8 @@ class responder(OpenIDResponder):
 
     def _lookup_identifier(self, identifier):
         """Return the Google OpenID directed endpoint"""
+        if identifier:
+            return "https://www.google.com/accounts/o8/site-xrds?hd=%s" % (identifier)
         return "https://www.google.com/accounts/o8/id"
     
     def _update_authrequest(self, authrequest):
@@ -109,12 +116,15 @@ class responder(OpenIDResponder):
             authrequest.addExtension(ui_request)
         return None
     
+    def _update_verify(self, consumer):
+        pass
+
     def _get_access_token(self, request_token):
         """Retrieve the access token if OAuth hybrid was used"""
         consumer = oauth.Consumer(self.consumer_key, self.consumer_secret)
         token = oauth.Token(key=request_token, secret='')
         client = oauth.Client(consumer, token)
-        resp, content = client.request(GOOGLE_OAUTH, "POST")
+        resp, content = client.request(_get_google_access_url(), "POST")
         if resp['status'] != '200':
             return None
         return dict(urlparse.parse_qsl(content))

linkdrop/lib/oauth/openidconsumer.py

@@ -259,7 +259,7 @@ class OpenIDResponder():
         # Load default parameters that all Auth Responders take
         session['end_point_success'] = request.POST.get('end_point_success', self.config.get('oauth_success'))
         fail_uri = session['end_point_auth_failure'] = request.POST.get('end_point_auth_failure', self.config.get('oauth_failure'))
-        openid_url = request.POST.get('openid_identifier')
+        openid_url = request.POST.get('openid_identifier')#, 'g.caraveo.com')
         
         # Let inherited consumers alter the openid identifier if desired
         openid_url = self._lookup_identifier(openid_url)
@@ -303,6 +303,9 @@ class OpenIDResponder():
             return authrequest.htmlMarkup(realm=request.application_url, return_to=return_to, 
                                           immediate=False)
     
+    def _update_verify(self, consumer):
+        pass
+
     def verify(self):
         """Handle incoming redirect from OpenID Provider"""
         log_debug = self.log_debug
@@ -315,6 +318,7 @@ class OpenIDResponder():
         
         # Setup the consumer and parse the information coming back
         oidconsumer = consumer.Consumer(openid_session, self.openid_store)
+        self._update_verify(oidconsumer)
         return_to = url(controller='account', action="verify", provider=self.provider,
                            qualified=True)
         info = oidconsumer.complete(request.params, return_to)