Appengine Authentifizierung gegen Google Apps

do_openid_login.py

#!/usr/bin/env python
# encoding: utf-8
"""
do_openid_login.py

Created by Maximillian Dornseif on 2010-09-24.
Copyright (c) 2010 HUDORA. All rights reserved.
"""


from google.appengine.api.users import get_current_user, create_login_url
ALLOWED_DOMAINS = ['example.com', 'company.local']


class OpenIdLoginHandler(webapp.RequestHandler):
  def get(self):
    continue_url = self.request.GET.get('continue')
    openid_url = None
    for domain in ALLOWED_DOMAINS:
        if self.request.GET.get('%s.x' % domain):
            openid_url = 'https://www.google.com/accounts/o8/site-xrds?hd=%s' % domain
    logging.info("Openid %s" % openid_url)
    if not openid_url:
        # Render Template with Login form
        path = os.path.join(os.path.dirname(__file__), 'templates', 'login.html')
        self.response.out.write(template.render(path, {'continue': continue_url,
                                                     'doamins:' ALLOWED_DOMAINS}))
    else:
        # Hand over Authentication Processing to Google
        self.redirect(users.create_login_url(continue_url, None, openid_url))


def main():
    application = webapp.WSGIApplication([
        ('', OpenIdLoginHandler),
        ], debug=False)
    util.run_wsgi_app(application)


if __name__ == '__main__':
    main()

login.html

<html>
 <head>
  <title>Log in with Google Apps</title>
 </head>
 <body style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; color: black; background-color: white; margin:50px 0px; padding:0px; text-align:center;">
  <div style="margin-left: 10%; margin-right: 10%;">
   <h1 style="font-size: 90px; font-style: normal; font-weight: bold; letter-spacing: -6px; ">Login</h1>
   <form method="get" action="/_ah/login_required">
    <p>Bitte klicken Sie auf Ihr Unternehmen!</p>
    {% if continue %}
      <input type="hidden" name="continue" value="{{continue|escape}}" />
    {% endif %}
    {% for domanin in domains %}
        <input type="image" src='/static/gappsauth/{{ domanin }}.png' width='200' style="padding:15px;" name="{{ domanin }}"><br/>
    {% endfor %}
   </form>
  </div>
 </body>
</html>

main.py

# ...
class Handler(webapp.RequestHandler, OpenIdMixin):
  def get(self):
    aktueller_nutzer = self.get_user()
    if not aktueller_nutzer:
      return  # login redirect is active, don't display any content
    # do something, render template
    template_values = {'foo': 'bar'}
    path = os.path.join(os.path.dirname(__file__), 'templates/index.html')
    self.response.out.write(template.render(path, template_values))
# ...

openid_mixin.py

#!/usr/bin/env python
# encoding: utf-8
"""
openid_mixin.py

Created by Maximillian Dornseif on 2010-09-24.
Copyright (c) 2010 HUDORA. All rights reserved.
"""

from google.appengine.api import users

class OpenIdMixin(object):
  def get_user(self):
    """This method forces login via OpenID."""
    
    user = users.get_current_user()
    if not user:
      self.redirect(self.create_openid_url(self.request.url))
      return None
    return user
  
  def create_openid_url(self, continue_url):
    continue_url = urlparse.urljoin(self.request.url, continue_url)
    return "/_ah/login_required?continue=%s" % urllib.quote(continue_url)