from mod_python import apache,util
from urllib import urlencode
from urllib2 import *
from urlparse import *
from HTMLParser import HTMLParser

class IdPageParser(HTMLParser):
    id_server = None
    def handle_starttag(self, tag, attrs):
	if tag == 'link':
	    attrs_dict = dict(attrs)
	    if attrs_dict.get('rel') == 'openid.server':
		self.id_server = attrs_dict.get('href')

def authenhandler(req):
    try:
	if req.parsed_uri[7] != None:
	    qargs = util.parse_qs(req.parsed_uri[7])
	    if 'openid.mode' not in qargs or qargs['openid.mode'][0] != 'id_res':
		return apache.OK
	    if 'openid.user_setup_url' in qargs:
		util.redirect(req, qargs['openid.user_setup_url'][0])
		return apache.OK
	    return apache.OK

	user = req.user
	tmp = urlparse(user)
	if tmp[0] == '': user = 'http://'+tmp[2]
	if user[-1] != '/': user += '/'
	parser = IdPageParser()
	parser.feed(urlopen(user).read())
	parser.close()
	id_server = parser.id_server
	if id_server == None:
	    return apache.HTTP_UNAUTHORIZED
	args = {'openid.return_to':'http://'+req.hostname+req.unparsed_uri,
		'openid.is_identity':user,
		'openid.post_grant':'return'}
	options = req.get_options()
	if 'trust_root' in options:
	    args['openid.trust_root'] = options['trust_root']

	con = '?'
	if '?' in id_server: con = '&'
	util.redirect(req, id_server+con+urlencode(args))
    except URLError, err:
	req.log_error(str(err), apache.APLOG_ERR)
	return apache.HTTP_INTERNAL_SERVER_ERROR
    return apache.OK