http://hdknr.ubu/blog/openid/ でXRDをサポートしていないから、らしいです。(@kthrtty)
出力しているテンプレートを見る。
hdknr@LennyOne:~/python-openid-2.2.4/examples/djopenid$ vi templates/server/trust.html
{% ifequal trust_root_valid "DISCOVERY_FAILED" %}
<p>The site <tt>{{ trust_root|escape }}</tt> has requested verification
of your OpenID. However, <tt>{{ trust_root|escape }}</tt> does not
implement OpenID 2.0’s relying party verification mechanism. Please use
extra caution in deciding whether to release information to this party,
and ask <tt>{{ trust_root|escape }}</tt> to implement relying party
verification for your future transactions.</p>
{% include "server/pape_request_info.html" %}
{% endifequal %}
対応するヴューの処理
hdknr@LennyOne:~/python-openid-2.2.4/examples/djopenid$ vi server/views.py
from openid.server.trustroot import verifyReturnTo
def showDecidePage(request, openid_request):
"""
Render a page to the user so a trust decision can be made.
@type openid_request: openid.server.server.CheckIDRequest
"""
trust_root = openid_request.trust_root #### RELM
return_to = openid_request.return_to #### RETURN_TO
try:
# Stringify because template’s ifequal can only compare to strings.
trust_root_valid = verifyReturnTo(trust_root, return_to) \
and "Valid" or "Invalid"
except DiscoveryFailure, err:
trust_root_valid = "DISCOVERY_FAILED"
except HTTPFetchingError, err:
trust_root_valid = "Unreachable"
pape_request = pape.Request.fromOpenIDRequest(openid_request)
return direct_to_template(
request,
‘server/trust.html’,
{’trust_root’: trust_root,
‘trust_handler_url’:getViewURL(request, processTrustResult),
‘trust_root_valid’: trust_root_valid,
‘pape_request’: pape_request,
実際は次のように呼び出し。
verifyReturnTo(http://hdknr.ubu/blog/openid/,
http://hdknr.ubu/blog/openid/?openid=consumer&janrain_nonce=2009-07-01T07%3A40%3A59Z9ns9Iw&openid1_claimed_id=http%3A%2F%
2Fhdknr.deb%2Fserver%2Fuser%2F)
_vrfyでDiscoveryFailureが発生。
def verifyReturnTo(realm_str, return_to, _vrfy=getAllowedReturnURLs):
"""Verify that a return_to URL is valid for the given realm.
This function builds a discovery URL, performs Yadis discovery on
it, makes sure that the URL does not redirect, parses out the
return_to URLs, and finally checks to see if the current return_to
URL matches the return_to.
@raises DiscoveryFailure: When Yadis discovery fails
@returns: True if the return_to URL is valid for the realm
@since: 2.1.0
"""
realm = TrustRoot.parse(realm_str)
if realm is None:
# The realm does not parse as a URL pattern
return False
try:
allowable_urls = _vrfy(realm.buildDiscoveryURL())
except RealmVerificationRedirected, err:
oidutil.log(str(err))
return False
if returnToMatches(allowable_urls, return_to):
return True
else:
oidutil.log("Failed to validate return_to %r for realm %r, was not "
"in %s" % (return_to, realm_str, allowable_urls))
return False
デフォルトでは、_vrfyがgetAllowedReturnURLs関数。
from openid.yadis import services
def getAllowedReturnURLs(relying_party_url):
(rp_url_after_redirects, return_to_urls) = services.getServiceEndpoints(
relying_party_url, _extractReturnURL) #ここでだめな模様。
if rp_url_after_redirects != relying_party_url:
# Verification caused a redirect
raise RealmVerificationRedirected(
relying_party_url, rp_url_after_redirects)
return return_to_urls
yadis/service.py
def getServiceEndpoints(input_url, flt=None):
result = discover(input_url)
try:
endpoints = applyFilter(result.normalized_uri,
result.response_text, flt)
except XRDSError, err:
raise DiscoveryFailure(str(err), None)
return (result.normalized_uri, endpoints)
def applyFilter(normalized_uri, xrd_data, flt=None):
flt = mkFilter(flt)
et = parseXRDS(xrd_data) #<—– ここで例外。
endpoints = []
for service_element in iterServices(et):
endpoints.extend(
flt.getServiceEndpoints(normalized_uri, service_element))
return endpoints
yadis/etxrd.py どうやらtext(xrd_data)がElementTreeでXMLにパースできないもよう。
なぜならばWordPressのトップページがHTMLだから。
def parseXRDS(text):
"""Parse the given text as an XRDS document.
@return: ElementTree containing an XRDS document
@raises XRDSError: When there is a parse error or the document does
not contain an XRDS.
"""
try:
element = ElementTree.XML(text)
except XMLError, why:
exc = XRDSError(‘Error parsing document as XML’) #<——— ここ
exc.reason = why
raise exc
else:
tree = ElementTree.ElementTree(element)
if not isXRDS(tree):
raise XRDSError(‘Not an XRDS document’)
return tree
ということです。
WordPressでリクエストヘッダーを見てみると。 ( index.php にデバックコードを入れる)
root@ubuntu-vbox:/home/sites/hdknr.ubu/wordpress_blog_openid# !ta
tail -f /var/log/messages
Jul 1 17:40:40 ubuntu-vbox OpenID[9446]: APACHE REQUEST HEADER:Accept-Encoding:identity
Jul 1 17:40:40 ubuntu-vbox OpenID[9446]: APACHE REQUEST HEADER:Host:hdknr.ubu
Jul 1 17:40:40 ubuntu-vbox OpenID[9446]: APACHE REQUEST HEADER:Connection:close
Jul 1 17:40:40 ubuntu-vbox OpenID[9446]: APACHE REQUEST HEADER:Accept:text/html; q=0.3, application/xhtml+xml; q=0.5, application/xrds+xml
Jul 1 17:40:40 ubuntu-vbox OpenID[9446]: APACHE REQUEST HEADER:User-Agent:python-openid/2.2.1 (linux2) Python-urllib/2.5
ですので、Acceptにapplication/xrds+xmlがしていされたら、WordPressのトップページでXRDSをダウンロードするようにすれば対応可能でしょう。