def login(request): init_third_party_session(request) force_login = request.GET.get('force_login', settings.TWITTER_AUTH_FORCE_LOGIN) consumer = oauth.Consumer(settings.TWITTER_TOKEN, settings.TWITTER_SECRET) client = oauth.Client(consumer) resp, content = client.request(request_token_url, "GET") if resp['status'] != '200': messages.error(request, 'Invalid Twitter response') logger.error("Invalid twitter response %s", resp) return HttpResponseRedirect(reverse('edit_profile')) oa_resp = dict(cgi.parse_qsl(content)) if 'status' in oa_resp and oa_resp['status'] != '200': messages.error(request, 'Invalid Twitter response') logger.error("Invalid twitter response %s", resp) return HttpResponseRedirect(reverse('edit_profile')) request.session['request_token'] = dict(cgi.parse_qsl(content)) params = { 'oauth_token': request.session['request_token']['oauth_token'], } if force_login: params['force_login'] = 1 if request.GET.get('key', None): request.session['pending_key'] = request.GET.get('key') if request.GET.get('next', None): request.session['next_url'] = request.GET.get('next') url = "%s?%s" % (authenticate_url, urllib.urlencode(params)) return HttpResponseRedirect(url)
def commitPayment(self, userId, payerId, token, amt, itemId): returnObj = {} if identity.verifyUser(userId): postDetails = { 'USER': common.UID, 'PWD': common.PASSWORD, 'SIGNATURE': common.SIG, 'METHOD': 'DoExpressCheckoutPayment', 'VERSION': common.VER, 'AMT': amt, 'TOKEN': token, 'PAYERID': payerId, 'PAYMENTACTION': 'Sale' }; response = common.curl(common.URLBASE, postDetails) #HACK: On sandbox the first request will fail - we need to wait for 2 seconds and then try again if response == False: time.sleep(2) response = dict(cgi.parse_qsl(common.curl(common.URLBASE, postDetails))) else: response = dict(cgi.parse_qsl(response)) returnObj['transactionId'] = response["PAYMENTINFO_0_TRANSACTIONID"] returnObj['orderTime'] = response["PAYMENTINFO_0_ORDERTIME"] returnObj['paymentStatus'] = response["PAYMENTINFO_0_PAYMENTSTATUS"] returnObj['itemId'] = itemId returnObj['userId'] = userId identity.recordPayment(returnObj) return json.write(returnObj)
def test_bucket_GET_max_keys(self): class FakeApp(object): def __call__(self, env, start_response): self.query_string = env['QUERY_STRING'] start_response('200 OK', []) return '[]' fake_app = FakeApp() local_app = swift3.filter_factory({})(fake_app) bucket_name = 'junk' req = Request.blank('/%s' % bucket_name, environ={'REQUEST_METHOD': 'GET', 'QUERY_STRING': 'max-keys=5'}, headers={'Authorization': 'AWS test:tester:hmac'}) resp = local_app(req.environ, lambda *args: None) dom = xml.dom.minidom.parseString("".join(resp)) self.assertEquals(dom.getElementsByTagName('MaxKeys')[0]. childNodes[0].nodeValue, '5') args = dict(cgi.parse_qsl(fake_app.query_string)) self.assert_(args['limit'] == '6') req = Request.blank('/%s' % bucket_name, environ={'REQUEST_METHOD': 'GET', 'QUERY_STRING': 'max-keys=5000'}, headers={'Authorization': 'AWS test:tester:hmac'}) resp = local_app(req.environ, lambda *args: None) dom = xml.dom.minidom.parseString("".join(resp)) self.assertEquals(dom.getElementsByTagName('MaxKeys')[0]. childNodes[0].nodeValue, '1000') args = dict(cgi.parse_qsl(fake_app.query_string)) self.assertEquals(args['limit'], '1001')
def parse_parameters(request): """ Parse request parameters in a gds.burp.Burp request/response object. @param request: A gds.burp.Burp request/response object. @return: A dict containing parameters and values from query string, body and multipart/form-data. @rtype: dict """ parameters = {} if request.url.query: parameters['query'] = dict(cgi.parse_qsl(request.url.query)) content_type = request.get_request_header('Content-Type') if 'amf' in content_type.lower(): # Don't even try to parse a binary AMF request return elif 'multipart/form-data' in content_type.lower(): boundary = re.search(FORM_DATA, content_type).group(1) params = parse_multipart_form(request.get_request_body(), boundary) parameters['multipart_form'] = params elif 'json' in content_type.lower(): parameters['json'] = json.loads(request.get_request_body()) elif request.get_request_body(): parameters['body'] = dict(cgi.parse_qsl(request.get_request_body())) return parameters
def _build_signature_base_string(oauth_params, http_method, http_url, http_data): normalized_http_method = http_method.upper() url_parts = urlparse.urlsplit(http_url) scheme = url_parts.scheme host = url_parts.hostname port = url_parts.port if port is not None: if not ((port == 80 and scheme == 'http') or (port == 443 and scheme == 'https')): host += ':' + str(port) path = url_parts.path if not path: path = '/' normalized_http_url = scheme + '://' + host + path params = list(oauth_params) if url_parts.query: params.extend(cgi.parse_qsl(url_parts.query, True)) if http_data: params.extend(cgi.parse_qsl(http_data, True)) params = [(escape(k), escape(v)) for k, v in params] params.sort() normalized_params = '&'.join(k + '=' + v for k, v in params) return escape(normalized_http_method) + '&' + escape(normalized_http_url) + '&' + escape(normalized_params)
def getAccess(): # create the OAuth consumer credentials consumer = oauth.Consumer('bzj2pmrs283kepwbgu58aw47','xJSZwBZxFp') # make the initial request for the request token client = oauth.Client(consumer) response, content = client.request('http://api.rdio.com/oauth/request_token', 'POST', urllib.urlencode({'oauth_callback':'oob'})) parsed_content = dict(cgi.parse_qsl(content)) request_token = oauth.Token(parsed_content['oauth_token'], parsed_content['oauth_token_secret']) # ask the user to authorize this application print 'Authorize this application at: %s?oauth_token=%s' % (parsed_content['login_url'], parsed_content['oauth_token']) oauth_verifier = raw_input('Enter the PIN / OAuth verifier: ').strip() # associate the verifier with the request token request_token.set_verifier(oauth_verifier) # upgrade the request token to an access token client = oauth.Client(consumer, request_token) response, content = client.request('http://api.rdio.com/oauth/access_token', 'POST') parsed_content = dict(cgi.parse_qsl(content)) print(parsed_content) access_token = oauth.Token(parsed_content['oauth_token'], parsed_content['oauth_token_secret']) print access_token # make an authenticated API call client = oauth.Client(consumer, access_token) response = client.request('http://api.rdio.com/1/', 'POST', urllib.urlencode({'method': 'currentUser'})) print response[1]
def test_bucket_GET_max_keys(self): class FakeApp(object): def __call__(self, env, start_response): self.query_string = env["QUERY_STRING"] start_response("200 OK", []) return "[]" fake_app = FakeApp() local_app = swift3.filter_factory({})(fake_app) bucket_name = "junk" req = Request.blank( "/%s" % bucket_name, environ={"REQUEST_METHOD": "GET", "QUERY_STRING": "max-keys=5"}, headers={"Authorization": "AWS test:tester:hmac"}, ) resp = local_app(req.environ, lambda *args: None) dom = xml.dom.minidom.parseString("".join(resp)) self.assertEquals(dom.getElementsByTagName("MaxKeys")[0].childNodes[0].nodeValue, "5") args = dict(cgi.parse_qsl(fake_app.query_string)) self.assert_(args["limit"] == "6") req = Request.blank( "/%s" % bucket_name, environ={"REQUEST_METHOD": "GET", "QUERY_STRING": "max-keys=5000"}, headers={"Authorization": "AWS test:tester:hmac"}, ) resp = local_app(req.environ, lambda *args: None) dom = xml.dom.minidom.parseString("".join(resp)) self.assertEquals(dom.getElementsByTagName("MaxKeys")[0].childNodes[0].nodeValue, "1000") args = dict(cgi.parse_qsl(fake_app.query_string)) self.assertEquals(args["limit"], "1001")
def register(self, oauth_token=None, oauth_secret=None, pin=None, callbackurl = None): #CONSUMER oauth_consumer = oauth2.Consumer(key=self.settings['CONSUMER_KEY'], secret=self.settings['CONSUMER_SECRET']) if oauth_token: #REGISTER FINAL STEP token = oauth2.Token(oauth_token, oauth_secret) token.set_verifier(pin) oauth_client = oauth2.Client(oauth_consumer, token) resp, content = oauth_client.request(self.settings['ACCESS_TOKEN_URL'], method='POST', body='oauth_verifier=%s' % pin) access_token = dict(cgi.parse_qsl(content)) #CHECK RESPONSE if resp['status'] != '200': return False else: return access_token else: #REGISTER FIRST STEP oauth_client = oauth2.Client(oauth_consumer) resp, content = oauth_client.request(self.settings['REQUEST_TOKEN_URL'], 'POST', body='oauth_callback=%s' % callbackurl) #CHECK RESPONSE if resp['status'] != '200': return False else: request_token = dict(cgi.parse_qsl(content)) return {"url": "%s?oauth_token=%s" % (self.settings['AUTHORIZATION_URL'], request_token['oauth_token']), "data": request_token}
def test_bucket_GET_max_keys(self): bucket_name = 'junk' req = Request.blank('/%s?max-keys=5' % bucket_name, environ={'REQUEST_METHOD': 'GET'}, headers={'Authorization': 'AWS test:tester:hmac', 'Date': self.get_date_header()}) status, headers, body = self.call_s3api(req) elem = fromstring(body, 'ListBucketResult') self.assertEqual(elem.find('./MaxKeys').text, '5') _, path = self.swift.calls[-1] _, query_string = path.split('?') args = dict(cgi.parse_qsl(query_string)) self.assertEqual(args['limit'], '6') req = Request.blank('/%s?max-keys=5000' % bucket_name, environ={'REQUEST_METHOD': 'GET'}, headers={'Authorization': 'AWS test:tester:hmac', 'Date': self.get_date_header()}) status, headers, body = self.call_s3api(req) elem = fromstring(body, 'ListBucketResult') self.assertEqual(elem.find('./MaxKeys').text, '5000') _, path = self.swift.calls[-1] _, query_string = path.split('?') args = dict(cgi.parse_qsl(query_string)) self.assertEqual(args['limit'], '1001')
def test_bucket_GET_max_keys(self): bucket_name = 'junk' req = Request.blank('/%s' % bucket_name, environ={'REQUEST_METHOD': 'GET', 'QUERY_STRING': 'max-keys=5'}, headers={'Authorization': 'AWS test:tester:hmac'}) status, headers, body = self.call_swift3(req) elem = fromstring(body) self.assertEquals(elem.find('./MaxKeys').text, '5') _, path = self.swift.calls[-1] _, query_string = path.split('?') args = dict(cgi.parse_qsl(query_string)) self.assert_(args['limit'] == '6') req = Request.blank('/%s' % bucket_name, environ={'REQUEST_METHOD': 'GET', 'QUERY_STRING': 'max-keys=5000'}, headers={'Authorization': 'AWS test:tester:hmac'}) status, headers, body = self.call_swift3(req) elem = fromstring(body) self.assertEquals(elem.find('./MaxKeys').text, '1000') _, path = self.swift.calls[-1] _, query_string = path.split('?') args = dict(cgi.parse_qsl(query_string)) self.assertEquals(args['limit'], '1001')
def do_POST(self): if self.path.find('?') != -1: self.path, parms = self.path.split('?',1) else: parms = '' self.query_string = self.rfile.read(int(self.headers['Content-Length'])) self.args = dict(cgi.parse_qsl(self.query_string)) urlparms = dict(cgi.parse_qsl(parms)) try: if urlparms['json']: jsonrequest = True self.args["json"] = 1 except: jsonrequest = False # add key for benefit of called script self.args["method"] = "POST" self.path = self.path[1:] # strip off leading / # so it is available to the called script self.args["query_string"] = self.query_string ''' self.send_response(200) self.send_header('Content-type', 'text/html') self.end_headers() self.wfile.write('<html><head><title>Post page</title></head><body>') self.wfile.write("<p>Location is %s</p>" % (self.path)) self.wfile.write("<p>args are %s</p>" % (self.args)) self.wfile.write("</pre>") self.wfile.write('</body></html>') ''' # check that file is there before running if os.path.isfile(self.path) and self.path[-2:] == "py": # run the script self.send_response(200) if jsonrequest: self.send_header('Content-type', 'application/json') else: self.send_header('Content-type', 'text/html') self.end_headers() # redirect output to browser stdsave = sys.stdout sys.stdout = self.wfile execfile(self.path, self.args) sys.stdout = stdsave # put back else: # not found self.send_response(404) self.send_header('Content-type', 'text/html') self.end_headers() infile = open("404", "r") self.wfile.write( infile.read() ) infile.close()
def fetch(self): self.genre="Review" try: for i in range(2): print 'Inside i for loop...' self.parent_uri = self.currenturi conn = HTTPConnection() data1 = dict(parse_qsl(self.currenturi.split('?')[-1])) conn.createrequest(self.currenturi,data=data1) res = conn.fetch().read() temp_soup = BeautifulSoup(res) if i==1: print i break #This is to find out the no. of pages for the reviews..... #nop=no. of pages... count = float(temp_soup.find('span',id='revCountTot').renderContents().strip()) temp_nop = count/25 nop=int(math.ceil(temp_nop)) print 'No. of pages....:::' print nop temp_data = str(temp_soup.find('div', 'revSort').find('option',attrs={'title':'newest'})['value']) add_last = '&storeId=10153&callType=AJAX&methodType=GET&shcAJAX=1&pagination=true&offset=' for j in range(1,(nop+1)): print 'inside j for loop....' current_uri = 'http://www.sears.com/shc/s/RatingsAndReviewsCmd?'+temp_data+add_last+str(j) print '*************************************' print current_uri #self.soup = BeautifulSoup(urlopen(current_uri).read()) for k in range(2): print 'inside k for loop....' new_conn = HTTPConnection() data2 = dict(parse_qsl(current_uri.split('?')[-1])) new_conn.createrequest(current_uri,data=data2) res = new_conn.fetch().read() self.soup = BeautifulSoup(res) if k==1: print k break self.__addReviews() if j==nop: print j break except: #self.task.status['fetch_status']=False log.exception(self.log_msg('Exception in fetch')) return True
def update_tokens(): # fake urls for the test server (matches ones in server.py) REQUEST_TOKEN_URL = 'http://%s:%s/api/oauth/request_token/' % (SERVER, PORT) ACCESS_TOKEN_URL = 'http://%s:%s/api/oauth/access_token/' % (SERVER, PORT) AUTHORIZE_URL = 'http://%s:%s/api/oauth/authorize/' % (SERVER, PORT) # key and secret granted by the service provider for this consumer application - same as the MockOAuthDataStore client = oauth.Client(consumer) # Step 1: Get a request token. This is a temporary token that is used for # having the user authorize an access token and to sign the request to obtain # said access token. resp, content = client.request(REQUEST_TOKEN_URL, "GET") if resp['status'] != '200': raise Exception("Invalid response %s." % resp['status']) request_token = dict(cgi.parse_qsl(content)) # Step 2: Redirect to the provider. Since this is a CLI script we do not # redirect. In a web application you would redirect the user to the URL # below. print "\nThis app needs to contact the server and to do that it needs your permission.\nIn order to do that, please visit the following website:\n\n %s\n\nAfter you grant permission, a PIN (a 18 characters string) will be shown to you.\nYou then need to copy and paste that PIN in this window, and press enter.\n\nThis is a one-time action. If you need to do this again, use the 'auth' command.\n" % ("%s?oauth_token=%s" % (AUTHORIZE_URL, request_token['oauth_token'])) # After the user has granted access to you, the consumer, the provider will # redirect you to whatever URL you have told them to redirect to. You can # usually define this in the oauth_callback argument as well. oauth_verifier = raw_input('PIN: ') if len(oauth_verifier) != 18: print "\nWrong PIN. Abort" exit(0) # Step 3: Once the consumer has redirected the user back to the oauth_callback # URL you can request the access token the user has approved. You use the # request token to sign this request. After this is done you throw away the # request token and use the access token returned. You should store this # access token somewhere safe, like a database, for future use. token = oauth.Token(request_token['oauth_token'], request_token['oauth_token_secret']) token.set_verifier(oauth_verifier) client = oauth.Client(consumer, token) resp, content = client.request(ACCESS_TOKEN_URL, "POST") access_token = dict(cgi.parse_qsl(content)) if not os.path.exists(os.path.expanduser("~/.intigos")): os.makedirs(os.path.expanduser("~/.intigos")) path = os.path.expanduser("~/.intigos/tokens") f = open(path, "w") f.write("%s\n%s" % (access_token['oauth_token'],access_token['oauth_token_secret'])) print "\nAuthentication Complete."
def update_tokens(): # fake urls for the test server (matches ones in server.py) REQUEST_TOKEN_URL = 'http://%s:%s/api/oauth/request_token/' % (SERVER, PORT) ACCESS_TOKEN_URL = 'http://%s:%s/api/oauth/access_token/' % (SERVER, PORT) AUTHORIZE_URL = 'http://%s:%s/api/oauth/authorize/' % (SERVER, PORT) # key and secret granted by the service provider for this consumer application - same as the MockOAuthDataStore client = oauth.Client(consumer) # Step 1: Get a request token. This is a temporary token that is used for # having the user authorize an access token and to sign the request to obtain # said access token. resp, content = client.request(REQUEST_TOKEN_URL, "GET") if resp['status'] != '200': raise Exception("Invalid response %s." % resp['status']) request_token = dict(cgi.parse_qsl(content)) # Step 2: Redirect to the provider. Since this is a CLI script we do not # redirect. In a web application you would redirect the user to the URL # below. print "Plesae, go to the following link in your browser:" print "%s?oauth_token=%s" % (AUTHORIZE_URL, request_token['oauth_token']) print # After the user has granted access to you, the consumer, the provider will # redirect you to whatever URL you have told them to redirect to. You can # usually define this in the oauth_callback argument as well. accepted = 'n' while accepted.lower() != 'y' or accepted.lower() != 'Y': accepted = raw_input('Have you authorized me? (y/n) ') oauth_verifier = raw_input('Please paste here the key you were given ') # Step 3: Once the consumer has redirected the user back to the oauth_callback # URL you can request the access token the user has approved. You use the # request token to sign this request. After this is done you throw away the # request token and use the access token returned. You should store this # access token somewhere safe, like a database, for future use. token = oauth.Token(request_token['oauth_token'], request_token['oauth_token_secret']) token.set_verifier(oauth_verifier) client = oauth.Client(consumer, token) resp, content = client.request(ACCESS_TOKEN_URL, "POST") access_token = dict(cgi.parse_qsl(content)) if not os.path.exists(os.path.expanduser("~/.intigos")): os.makedirs(os.path.expanduser("~/.intigos")) path = os.path.expanduser("~/.intigos/tokens") f = open(path, "w") f.write("%s\n%s" % (access_token['oauth_token'],access_token['oauth_token_secret'])) print "\nAuthentication Complete."
def do_POST(self): scheme, netloc, path, params, query, fragment = urlparse.urlparse(self.path) kws = {} contentLength = int(self.headers.get('Content-Length', 0)) if contentLength > 0: contentLength = max(contentLength, self.maxContentLength) postdata = self.rfile.read(contentLength) self.updatekws(kws, cgi.parse_qsl(postdata, True)) self.updatekws(kws, cgi.parse_qsl(query, True)) self.do('POST', path, kws)
def test_deprecated_parse_qsl(self): # this func is moved to urlparse, this is just a sanity check if due_to_ironpython_bug("http://ironpython.codeplex.com/workitem/28171"): self.assertEqual([('a', 'A1'), ('b', 'B2'), ('B', 'B3')], cgi.parse_qsl('a=A1&b=B2&B=B3')) else: with check_warnings(('cgi.parse_qsl is deprecated, use urlparse.' 'parse_qsl instead', PendingDeprecationWarning)): self.assertEqual([('a', 'A1'), ('b', 'B2'), ('B', 'B3')], cgi.parse_qsl('a=A1&b=B2&B=B3'))
def get_post_thumbnail(video_src, default_img=None): if video_src.find('vimeo.com') != -1: clip_id = dict(cgi.parse_qsl(urlparse.urlparse(video_src).query)).get('clip_id') resp = json.load(urllib2.urlopen(urllib2.Request('http://vimeo.com/api/v2/video/%s.json'%clip_id, headers={'User-Agent':'ColumnsAgent'}))) return unicode(resp[0]['thumbnail_small']) elif video_src.find('youtube.com') != -1: parsed_url = urlparse.urlparse(video_src) clip_id = dict(cgi.parse_qsl(parsed_url.query)).get('v', parsed_url.path.split('/')[-1].split('&')[0]) return unicode("http://img.youtube.com/vi/%s/default.jpg" % clip_id) else: return default_img
def LogIn(sender): if not Prefs['rdio_user'] or not Prefs['rdio_pass']: return MessageContainer('Credentials', 'Please enter your username and password.') elif len(Prefs['rdio_user']) == 0 or len(Prefs['rdio_pass']) == 0: return MessageContainer('Credentials', 'Please enter your username and password.') # create the OAuth consumer credentials CONSUMER = oauth.Consumer(CONSUMER_KEY, CONSUMER_SECRET) client = oauth.Client(CONSUMER) response, content = client.request('http://api.rdio.com/oauth/request_token', 'POST', urllib.urlencode({'oauth_callback':'oob'})) parsed_content = dict(cgi.parse_qsl(content)) REQUEST_TOKEN = oauth.Token(parsed_content['oauth_token'], parsed_content['oauth_token_secret']) AUTH_URL = '%s?oauth_token=%s' % (parsed_content['login_url'], parsed_content['oauth_token']) response = HTTP.Request(AUTH_URL) if response.content.find('login') > -1: postValues = {'username':Prefs['rdio_user'], 'password': Prefs['rdio_pass'], 'remember_me': '1'} LOGIN_URL = 'https://www.rdio.com/signin/?next=/oauth/authorize?oauth_token=%s' % parsed_content['oauth_token'] response = HTTP.Request(LOGIN_URL, values=postValues) if response.content.find('<li>auth</li>') > -1: return MessageContainer('Credentials', 'Invalid username/password.') elif response.content.find('login') > -1: return MessageContainer('Error', 'Couldn\'t log in.') xmlObject = HTML.ElementFromString(response.content) verifier = xmlObject.xpath("//input[@name='verifier']")[0].value postValues = {'oauth_token':parsed_content['oauth_token'], 'verifier':verifier, 'approve': ''} response = HTTP.Request(AUTH_URL, values=postValues) if response.content.find(verifier) == -1: return MessageContainer('Error', 'Problem obtaining pin.') # associate the verifier with the request token REQUEST_TOKEN.set_verifier(verifier) # upgrade the request token to an access token client = oauth.Client(CONSUMER, REQUEST_TOKEN) response, content = client.request('http://api.rdio.com/oauth/access_token', 'POST') parsed_content = dict(cgi.parse_qsl(content)) ACCESS_TOKEN = oauth.Token(parsed_content['oauth_token'], parsed_content['oauth_token_secret']) Data.SaveObject('AccessToken', ACCESS_TOKEN) loggedInResult = CheckLoggedIn() if loggedInResult == 'True' or loggedInResult == 'Free': SavePlaybackToken() else: return MessageContainer('Error', 'Problem logging in.')
def load_query( self ): if not hasattr(self, "query"): self.query = {} if self.request.method == "GET": self.parsed_uri = urlparse.urlparse(self.request.path_qs) for k, v in cgi.parse_qsl(self.parsed_uri[4]): self.query[k] = v.decode('utf-8') elif self.request.method == "POST": post_data = self.request.body for k, v in cgi.parse_qsl(post_data): self.query[k] = v
def query(self, params, write = False, maxlagtries = 0, format='json'): global CJ self.maxlagtries = maxlagtries self.format = format if self.format != ('json' or 'xml'): self.format = 'json' #silently change it self.write = write self.params = params if type(self.params) == type({}): self.params['format'] = self.format self.pformat = 'dict' elif type(self.params) == type(''): self.params = dict(cgi.parse_qsl(self.params)) self.params['format'] = self.format self.pformat = 'dict' elif type(self.params) == type(u''): self.params = dict(cgi.parse_qsl(self.params)) self.params['format'] = self.format self.pformat = 'dict' else: raise APIError('Invalid Parameter format') if self.write: if self.pformat == 'dict': self.params['maxlag'] = self.maxlag elif self.pformat == 'str': self.params += '&maxlag=%s' %self.maxlag if self.pformat == 'dict': self.encodeparams = urlencode(self.params) else: self.encodeparams = self.params if self.debug and not (write or login): print self.encodeparams self.headers = { "Content-type": "application/x-www-form-urlencoded", "User-agent": config.username, "Content-length": len(self.encodeparams), } if not self.api: self.api = self.wiki.getAPI() if gzip: self.headers['Accept-Encoding'] = 'gzip' self.opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(CJ)) urllib2.install_opener(self.opener) self.request = urllib2.Request(self.api, self.encodeparams, self.headers) # print 'Querying API' try: del url except UnboundLocalError: 0 #nothing try: self.response = urllib2.urlopen(self.request) except urllib2.URLError, e: raise APIError('urllib2.URLError:' + str(e))
def __call__(self, environ, start_response): path = environ["PATH_INFO"] qs = environ["QUERY_STRING"] if path == "/": # Step 1: Get a request token. This is a temporary token that is used for # having the user authorize an access token and to sign the request to obtain # said access token. appuri = application_uri(environ) if not appuri.endswith("/"): appuri += "/" oauth_callback = "%scallback" % appuri url = "%s?%s" % (self.request_token_url, urllib.urlencode({"oauth_callback": oauth_callback})) client = self.oauth.Client(self.consumer) resp, content = client.request(url, "GET") if resp["status"] != "200": raise Exception("Invalid response %s." % resp["status"]) request_token = dict(parse_qsl(content)) if "oauth_callback_confirmed" not in request_token or request_token["oauth_callback_confirmed"] != "true": raise Exception("Oauth callback must be confirmed.") self.request_tokens[request_token["oauth_token"]] = request_token # Step 2: Redirect to the provider. redirect_url = "%s?oauth_token=%s" % (self.authorize_url, request_token["oauth_token"]) start_response("302 Found", [("Location", redirect_url)]) return [] elif path == "/callback": qsdict = dict(parse_qsl(qs)) if qsdict["oauth_token"] not in self.request_tokens: raise Exception("invalid token: %s" % self.request_tokens) request_token = self.request_tokens[qsdict["oauth_token"]] del self.request_tokens[qsdict["oauth_token"]] token = self.oauth.Token(request_token["oauth_token"], request_token["oauth_token_secret"]) token.set_verifier(qsdict["oauth_verifier"]) client = self.oauth.Client(self.consumer, token) resp, content = client.request(self.access_token_url, "POST") if resp["status"] != "200": raise Exception("Invalid response %s." % resp["status"]) access_token = dict(parse_qsl(content)) environ["oauth.access_token"] = access_token return self.onsuccess(environ, start_response) start_response("404 Not Found", [("Content-Type", "text/plain")]) return ["path not found: %s" % path]
def _assert_same_urls(url1, url2): # The URL may have key/value parameters after the '?' # The order of these parameters is not defined split1 = urlparse.urlsplit(url1) split2 = urlparse.urlsplit(url2) assert split1[:3] == split2[:3], (split1[:3], split2[:3]) d1 = dict(cgi.parse_qsl(split1[3])) d2 = dict(cgi.parse_qsl(split2[3])) for d in (d1, d2): if "tool" in d: del d["tool"] if "email" in d: del d["email"] assert d1 == d2, (d1, d2)
def fetch(self): """ Fetches all the search data for a given self.currenturi and returns fetched_status depending on the success and faliure of the task """ try: self.genre = 'review' self.search_result_count = 0 if self.__linkedinAuth(): self.group_id = dict(cgi.parse_qsl(self.task.instance_data['uri'].split('?')[-1])).get('gid') self.keyword_term = dict(cgi.parse_qsl(self.task.instance_data['uri'])).get('keywords') self.category_id = dict(cgi.parse_qsl(self.task.instance_data['uri'])).get('categoryID') if self.__createSiteUrl(): res=self._getHTML(self.currenturi) if res: self.rawpage=res['result'] self._setCurrentPage() else: log.debug(self.log_msg("Could not set the search page url")) return False if self.group_id: try: self.currenturi = 'http://www.linkedin.com' + self.soup.find('a',title='See all general discussions')['href'] res=self._getHTML(self.currenturi) self.rawpage=res['result'] self._setCurrentPage() self.__fetchGroupDetails() return True except: log.info(self.log_msg('Exception while fetching data')) return False if self.__getParentPage(): self.url_list = [] self.__iterateSearchPages() for link in self.url_list: self.currenturi = link res=self._getHTML(self.currenturi) if res: self.rawpage=res['result'] self._setCurrentPage() self.__getQuestionData(self.keyword_term + str(self.category_id)) else: log.debug(self.log_msg("Could not set the search page url")) return False if len(self.pages)>0: log.debug(self.log_msg("%d Linkedin search results for uri %s added to self.pages" %(len(self.pages),self.task.instance_data['uri']))) else: log.debug(self.log_msg("No Linkedin search results fetched for uri %s" %(self.task.instance_data['uri']))) return True except: log.exception(self.log_msg("Exception occured while fetching data")) return False
def parse_request(path, request_body): request_params = {} if '?' in path: path, params = path.split('?', 1) params = cgi.parse_qsl(params) request_params.update(params) if request_body: params = cgi.parse_qsl(request_body) request_params.update(params) return path, request_params
def do_GET(self): authorization = self.headers.get('authorization') if (authorization == None): self.send_response(401) self.send_header('WWW-Authenticate', 'Basic realm="Siebel Srvrmgr"') self.end_headers() logger.error( "Missing auth header" ) self.wfile.write('Authentication failure') return else: (kind, data) = authorization.split(' ') if (kind == 'Basic'): (username, _, password) = b64decode(data).partition(':') if (username != config_props["web.username"] or password != config_props["web.password"]): self.send_response(403) self.send_header('WWW-Authenticate', 'Basic realm="Siebel Srvrmgr"') self.end_headers() logger.error( "Invalid auth header: %s -- %s" % (username,password) ) self.wfile.write('Authentication failure - Wrong user/password') return if self.path.find('?') != -1: self.urlPath, self.query_string = self.path.split('?', 1) else: self.urlPath = self.path self.query_string = 'server=' + config_props.get("svc.mgmt.default.host", "UNKNOWN") logger.debug ("For path: %s the url is: %s and query is: %s" % (self.path,self.urlPath,self.query_string)) if self.urlPath == config_props["web.path"]: qsl = dict(cgi.parse_qsl(self.query_string)) logger.debug(qsl) servers = dict(cgi.parse_qsl(config_props["siebel.mgmt.server.map"])) #logger.debug(servers) hostServer = qsl.get("server", "UNKNOWN").upper() isFullMetrics = qsl.get("isFullMetrics", "FALSE").upper() == "TRUE" siebel_server = servers.get(hostServer, "UNKNOWN") if siebel_server == "UNKNOWN": self.send_error(500, "Missing valid server parameter: " + hostServer) else: self.send_response(200) self.send_header("Content-type", "text/plain") self.end_headers() logger.info("About to collect statistics for host: %s of siebel server: %s" % (hostServer,siebel_server)) stats = getStatistics(siebel_server,hostServer, isFullMetrics) self.wfile.write(stats) else: self.send_error(404, "Requested resource not found")
def twitter_auth(request): profile = request.profile if profile.tw_token and profile.tw_token_secret: # We have already authorized user # Probably should check to see if the tokens are still valid.. auth_response = HttpResponse() auth_response.content = return_self_closing_page() return auth_response auth_token = request.GET.get("oauth_token",None) # Check if we're operating as callback if auth_token: oauth_consumer = oauth.Consumer(key=getattr(settings, 'TWITTER_API_KEY'), secret=getattr(settings, 'TWITTER_SECRET_KEY')) oauth_client = oauth.Client(oauth_consumer) resp = oauth_client.request('https://api.twitter.com/oauth/access_token', method='POST', body='oauth_token=%s' % (auth_token)) content = dict(cgi.parse_qsl(resp.content)) profile.tw_token = content['oauth_token'] profile.tw_token_secret = content['oauth_token_secret'] profile.tw_auth = True profile.put() auth_response = HttpResponse() auth_response.content = return_self_closing_page() return auth_response signature_method = oauth.SignatureMethod_HMAC_SHA1() oauth_consumer = oauth.Consumer(key=getattr(settings, 'TWITTER_API_KEY'), secret=getattr(settings, 'TWITTER_SECRET_KEY')) oauth_client = oauth.Client(oauth_consumer) resp = oauth_client.request('https://api.twitter.com/oauth/request_token', 'GET') content = dict(cgi.parse_qsl(resp.content)) redirect_uri = request.build_absolute_uri() redirect_uri = redirect_uri.split("?")[0] auth_url = '%s?oauth_token=%s&oauth_callback=%s' % ('https://api.twitter.com/oauth/authorize', content['oauth_token'], redirect_uri) return HttpResponseRedirect(auth_url)
def _deleteAnnotation(self): """Deletes an Annotation.""" params = {} params.update(parse_qsl(self.request['QUERY_STRING'])) if self.request.environment.has_key('wsgi.input'): params.update(parse_qsl(self.request.environment['wsgi.input'].read())) annotation_id = params.get('id', None) annotation = self.getAnnotation(annotation_id) if annotation and annotation.quote_authorid == self.getAuthenticatedUserId(): session = Session() session.delete(annotation) self.request.response.setStatus('NoContent') return self.request.response.setStatus('BadRequest') # No id
def make_async_request(self, url, token="", secret="", additional_params=None, protected=False, method=urlfetch.GET): """Make Request. Make an authenticated request to any OAuth protected resource. If protected is equal to True, the Authorization: OAuth header will be set. A urlfetch response object is returned. """ (scm, netloc, path, params, query, _) = urlparse.urlparse(url) url = None query_params = None if query: query_params = dict([(k,v) for k,v in parse_qsl(query)]) additional_params.update(query_params) url = urlparse.urlunparse(('https', netloc, path, params, '', '')) payload = self.prepare_request(url, token, secret, additional_params, method) if method == urlfetch.GET: url = "%s?%s" % (url, payload) payload = None headers = {"Authorization": "OAuth"} if protected else {} rpc = urlfetch.create_rpc(deadline=10.0) urlfetch.make_fetch_call(rpc, url, method=method, headers=headers, payload=payload) return rpc
def getCookies(self): raw_cookies = self.env.get('HTTP_COOKIE') if raw_cookies: cookies = cgi.parse_qsl(raw_cookies) return {key.strip(): val for key, val in cookies} else: return {}
def descCov_url(self, service_url): """Return a describe coverage url @type service_url: string @param service_url: base url of WCS service @rtype: string @return: getCapabilities URL """ qs = [] if service_url.find('?') != -1: qs = cgi.parse_qsl(service_url.split('?')[1]) params = [x[0] for x in qs] if 'service' not in params: qs.append(('service', 'WCS')) if 'request' not in params: qs.append(('request', 'DescribeCoverage')) if 'version' not in params: qs.append(('version', self.version)) if self.version == '1.0.0': if 'coverage' not in params: qs.append(('coverage', self.identifier)) elif self.version == '1.1.0' or self.version == '1.1.1': #NOTE: WCS 1.1.0 is ambigous about whether it should be identifier #or identifiers (see tables 9, 10 of specification) if 'identifiers' not in params: qs.append(('identifiers', self.identifier)) if 'identifier' not in params: qs.append(('identifier', self.identifier)) qs.append(('format', 'text/xml')) urlqs = urlencode(tuple(qs)) return service_url.split('?')[0] + '?' + urlqs
def alter_query(url, param_dict): if not param_dict: return url from urllib import urlencode from urlparse import urlparse, urlunparse from cgi import parse_qsl bits = urlparse(url) qdict = parse_qsl(bits.query) qdict = [v for v in qdict if v[0] not in param_dict] for k, v in param_dict.items(): if v: qdict.append((k, v)) newqs = urlencode(qdict) altered = (bits.scheme, bits.netloc, bits.path, bits.params, newqs, bits.fragment) url = urlunparse(altered) return url
def __call__(self, uri): # urlparse doesnt understand zeo URLs so force to something that doesn't break uri = uri.replace('zeo://', 'http://', 1) (scheme, netloc, path, query, frag) = urlparse.urlsplit(uri) if netloc: # TCP URL if ':' in netloc: host, port = netloc.split(':') port = int(port) else: host = netloc port = 9991 args = ((host, port), ) else: # Unix domain socket URL path = os.path.normpath(path) args = (path, ) kw = dict(cgi.parse_qsl(query)) kw = self.interpret_kwargs(kw) dbkw = get_dbkw(kw) items = kw.items() items.sort() dbitems = dbkw.items() dbitems.sort() key = (args, tuple(items), tuple(dbitems)) if 'demostorage' in kw: kw.pop('demostorage') def factory(): from ZEO.ClientStorage import ClientStorage from ZODB.DB import DB from ZODB.DemoStorage import DemoStorage demostorage = DemoStorage(base=ClientStorage(*args, **kw)) return DB(demostorage, **dbkw) #pragma NO COVERAGE else: def factory(): from ZEO.ClientStorage import ClientStorage from ZODB.DB import DB clientstorage = ClientStorage(*args, **kw) return DB(clientstorage, **dbkw) #pragma NO COVERAGE return key, args, kw, factory
def authentification(self, consumer_key, consumer_secret, login, password, tokensFile): """ Must be call in order to generate authentification tokens for further use. Rely on login and password from user Input: -'consumer_key' and 'consumer_secret' (given by gomiso when you create an application) -'login' and 'password' from the user -'tokensFile': file holder for tokens Output: -'True' or 'False' based on if the authentification was successful or not -A file named 'tokens' is created with user's tokens """ self.consumer_credentials['key'] = consumer_key self.consumer_credentials['secret'] = consumer_secret if os.path.isfile(tokensFile) != True: consumer = oauth.Consumer(self.consumer_credentials['key'], self.consumer_credentials['secret']) client = oauth.Client(consumer) client.authorizations params = {} params["x_auth_username"] = login params["x_auth_password"] = password params["x_auth_mode"] = 'client_auth' client.set_signature_method = oauth.SignatureMethod_HMAC_SHA1() resp, token = client.request('https://gomiso.com/oauth/access_token', method='POST', body=urllib.urlencode(params)) if resp['status'] != '401': self.access_tokens = dict(cgi.parse_qsl(token)) f = open(tokensFile, 'w') f.write(self.access_tokens['oauth_token']) f.write('\n') f.write(self.access_tokens['oauth_token_secret']) f.write('\n') f.close() return True else: return False else: f = open(tokensFile, 'r') self.access_tokens['oauth_token'] = f.readline().rstrip('\n') self.access_tokens['oauth_token_secret'] = f.readline().rstrip('\n') f.close() return True
def send_request(self, client=None, url=None, method='GET', params=None, **kwargs): url, body = self.normalize_url_and_params(url, params) response, content = client.request(url, method, body=body, **kwargs) if response['status'] == '200': parsed_response = dict(cgi.parse_qsl(content)) #todo: validate parsed response. For now #a simple check for the dictionary emptiness if parsed_response: return parsed_response else: raise OAuthError( 'error obtaining request token {}'.format(content)) else: raise OAuthError('response is {}'.format(response))
def _parse_rfc1738_args(name): """ parse url str into options code orig from sqlalchemy.engine.url """ pattern = re.compile( r''' (\w+):// (?: ([^:/]*) (?::([^/]*))? @)? (?: ([^/:]*) (?::([^/]*))? )? (?:/(.*))? ''', re.X) m = pattern.match(name) if m is not None: (name, username, password, host, port, database) = m.group(1, 2, 3, 4, 5, 6) if database is not None: tokens = database.split(r"?", 2) database = tokens[0] query = (len(tokens) > 1 and dict(cgi.parse_qsl(tokens[1])) or None) if query is not None: query = dict([(k.encode('ascii'), query[k]) for k in query]) else: query = None opts = { 'username': username, 'password': password, 'host': host, 'port': port, 'database': database, 'query': query } if opts['password'] is not None: opts['password'] = urllib.unquote_plus(opts['password']) return (name, opts) else: raise ValueError("Could not parse rfc1738 URL from string '%s'" % name)
def post(self, environ, start_response): LOG.info("post: environ=%s", environ) inpt = environ['wsgi.input'] length = int(environ.get('CONTENT_LENGTH', 0)) x = inpt.read(length) q = dict(cgi.parse_qsl(x)) try: node_id = q['i'] deploy_key = q['k'] address = q['a'] port = q.get('p', '3260') iqn = q['n'] lun = q.get('l', '1') except KeyError as e: start_response('400 Bad Request', [('Content-type', 'text/plain')]) return "parameter '%s' is not defined" % e context = ironic_context.get_admin_context() d = db.bm_node_get(context, node_id) if d['deploy_key'] != deploy_key: start_response('400 Bad Request', [('Content-type', 'text/plain')]) return 'key is not match' params = {'address': address, 'port': port, 'iqn': iqn, 'lun': lun, 'image_path': d['image_path'], 'pxe_config_path': d['pxe_config_path'], 'root_mb': int(d['root_mb']), 'swap_mb': int(d['swap_mb']), } # Restart worker, if needed if not self.worker.isAlive(): self.worker = Worker() self.worker.start() LOG.info("request is queued: node %s, params %s", node_id, params) QUEUE.put((node_id, params)) # Requests go to Worker.run() start_response('200 OK', [('Content-type', 'text/plain')]) return ''
def _createAnnotation(self): """ Create annotation from POST. """ # TODO: do something useful with 'access'. Plone already # enforces security based on ownership, so access is 'private' # by default. 'public' access could mean sharing the annotation # with the 'Anonymous' role, though a more restrictive # implementation such as 'Member' or 'MemberOfParliament' # probably makes more sense. params = { 'url': '', 'block-range': '', 'xpath-range': '', 'note': '', 'access': '', 'action': '', 'quote': '', 'quote_title': '', 'quote_author': '', 'link': '', } # TODO: Don't treat query string and body parameters as equivalent. # Query string parameters should identify the resources, while # parameters in the body should specify the action to take. params.update(self.REQUEST) params.update(parse_qsl(self.REQUEST.QUERY_STRING)) sequenceRange = SequenceRange(params['sequence-range']) xpathRange = XPathRange(params['xpath-range']) params['start_block'] = sequenceRange.start.getPaddedPathStr() params['start_xpath'] = xpathRange.start.getPathStr() params['start_word'] = xpathRange.start.words params['start_char'] = xpathRange.start.chars params['end_block'] = sequenceRange.end.getPaddedPathStr() params['end_xpath'] = xpathRange.end.getPathStr() params['end_word'] = xpathRange.end.words params['end_char'] = xpathRange.end.chars del params['sequence-range'] del params['xpath-range'] plone = getToolByName(self, 'portal_url').getPortalObject() obj_id = plone.generateUniqueId('Annotation') new_id = self.invokeFactory('Annotation', id=obj_id, **params) self.REQUEST.RESPONSE.setStatus('Created') return new_id
def strip_cgi_param(url, param): """ Returns a (stripped_url, value) with 'param' removed from the url and its value returned as value (or None if it wasn't present.) If it was present but not assigned, value is ''. If multiple instances of param are present, all are stripped but the value of the last one is returned. """ parts = urlparse.urlsplit(url) params = cgi.parse_qsl(parts[3], keep_blank_values=True) value = [None] def is_match(item): if item[0] == param: value[0] = item[1] return False return True params = filter(is_match, params) return (urlparse.urlunsplit( (parts[0], parts[1], parts[2], urllib.urlencode(params), parts[4])), value[0])
def test_bucket_GET_with_nonascii_queries(self): bucket_name = 'junk' req = Request.blank( '/%s?delimiter=\xef\xbc\xa1&marker=\xef\xbc\xa2&' 'prefix=\xef\xbc\xa3' % bucket_name, environ={'REQUEST_METHOD': 'GET'}, headers={'Authorization': 'AWS test:tester:hmac', 'Date': self.get_date_header()}) status, headers, body = self.call_s3api(req) elem = fromstring(body, 'ListBucketResult') self.assertEqual(elem.find('./Prefix').text, '\xef\xbc\xa3') self.assertEqual(elem.find('./Marker').text, '\xef\xbc\xa2') self.assertEqual(elem.find('./Delimiter').text, '\xef\xbc\xa1') _, path = self.swift.calls[-1] _, query_string = path.split('?') args = dict(cgi.parse_qsl(query_string)) self.assertEqual(args['delimiter'], '\xef\xbc\xa1') self.assertEqual(args['marker'], '\xef\xbc\xa2') self.assertEqual(args['prefix'], '\xef\xbc\xa3')
def capabilities_url(self, service_url): """ Return a capabilities url """ qs = [] if service_url.find('?') != -1: qs = cgi.parse_qsl(service_url.split('?')[1]) params = [x[0] for x in qs] if 'service' not in params: qs.append(('service', 'SOS')) if 'request' not in params: qs.append(('request', 'GetCapabilities')) if 'acceptVersions' not in params: qs.append(('acceptVersions', self.version)) urlqs = urlencode(tuple(qs)) return service_url.split('?')[0] + '?' + urlqs
def test_bucket_GET_v2_passthroughs(self): bucket_name = 'junk' req = Request.blank( '/%s?list-type=2&delimiter=a&start-after=b&prefix=c' % bucket_name, environ={'REQUEST_METHOD': 'GET'}, headers={'Authorization': 'AWS test:tester:hmac', 'Date': self.get_date_header()}) status, headers, body = self.call_s3api(req) elem = fromstring(body, 'ListBucketResult') self.assertEqual(elem.find('./Prefix').text, 'c') self.assertEqual(elem.find('./StartAfter').text, 'b') self.assertEqual(elem.find('./Delimiter').text, 'a') _, path = self.swift.calls[-1] _, query_string = path.split('?') args = dict(cgi.parse_qsl(query_string)) self.assertEqual(args['delimiter'], 'a') # "start-after" is converted to "marker" self.assertEqual(args['marker'], 'b') self.assertEqual(args['prefix'], 'c')
def get_oauth_token(self): """Returns the oauth access token.""" if self._oauth_token is None: resp, content = self._client.request( TWITTER_ACCESS_TOKEN_URL + '?', 'POST', body=urlencode({ 'x_auth_username': self.username.encode('utf-8'), 'x_auth_password': self.password.encode('utf-8'), 'x_auth_mode': 'client_auth' }), headers={'Content-Type': 'application/x-www-form-urlencoded'} ) if resp['status'] != '200': raise RuntimeError('unable to login to Twitter') data = dict(parse_qsl(content)) self._oauth_token = data['oauth_token'] self._oauth_token_secret = data['oauth_token_secret'] return self._oauth.Token(self._oauth_token, self._oauth_token_secret)
def do_proxy(self, method): orig_url = self.request.url orig_body = self.request.body new_url, new_path = self.convert_url(orig_url) if new_path == '/' or new_path == '': global gtap_message gtap_message = gtap_message.replace('#gtap_version#', gtap_version) return success_output(self, gtap_message) username, password = self.parse_auth_header(self.request.headers) user_access_token = None callback_url = "%s/oauth/verify" % self.request.host_url client = oauth.TwitterClient(CONSUMER_KEY, CONSUMER_SECRET, callback_url) if username is None: protected = False user_access_token, user_access_secret = '', '' else: protected = True user_access_token, user_access_secret = client.get_access_from_db( username, password) if user_access_token is None: return error_output(self, 'Can not find this user from db') additional_params = dict([(k, v) for k, v in parse_qsl(orig_body)]) use_method = urlfetch.GET if method == 'GET' else urlfetch.POST try: data = client.make_request(url=new_url, token=user_access_token, secret=user_access_secret, method=use_method, protected=protected, additional_params=additional_params) except Exception, error_message: logging.debug(error_message) error_output(self, content=error_message)
def readability_authenticated(request): token = oauth.Token(request.session['request_token']['oauth_token'], request.session['request_token']['oauth_token_secret']) token.set_verifier(request.GET['oauth_verifier']) client = oauth.Client(consumer, token) resp, content = client.request(ACCESS_TOKEN_URL, "GET") if resp['status'] != '200': raise Exception("Invalid response from Readability") access_token = dict(cgi.parse_qsl(content)) token = oauth.Token(access_token['oauth_token'], access_token['oauth_token_secret']) client = oauth.Client(consumer, token) req = client.request(CURRENT_USER_URL, 'GET') req_json = json.loads(req[1]) username = req_json['username'] user = '' try: user = User.objects.get(username=username) except User.DoesNotExist: user = User.objects.create_user(username, '*****@*****.**' % username, access_token['oauth_token_secret']) profile = UserProfile() profile.user = user profile.oauth_token = access_token['oauth_token'] profile.oauth_secret = access_token['oauth_token_secret'] profile.is_public = False profile.save() user = authenticate(username=user.get_profile().user, password=user.get_profile().oauth_secret) login(request, user) return HttpResponseRedirect("/profile/" + username)
def GetAuthorizationUri(self, redirect_uri, scopes, extra_params=None): """Gets the OAuth2 authorization URI and the specified scope(s). Applications should navigate/redirect the user's user agent to this URI. The user will be shown an approval UI requesting the user to approve access of this client to the requested scopes under the identity of the authenticated end user. The application should expect the user agent to be redirected to the specified redirect_uri after the user's approval/disapproval. Installed applications may use the special redirect_uri 'urn:ietf:wg:oauth:2.0:oob' to indicate that instead of redirecting the browser, the user be shown a confirmation page with a verification code. The application should query the user for this code. Args: redirect_uri: Either the string 'urn:ietf:wg:oauth:2.0:oob' for a non-web-based application, or a URI that handles the callback from the authorization server. scopes: A list of strings specifying the OAuth scopes the application requests access to. extra_params: Optional dictionary of additional parameters to be passed to the OAuth2 authorization URI. Returns: The authorization URI for the specified scopes as a string. """ request = { 'response_type': 'code', 'client_id': self.client_id, 'redirect_uri': redirect_uri, 'scope': ' '.join(scopes), } if extra_params: request.update(extra_params) url_parts = list(urlparse.urlparse(self.provider.authorization_uri)) # 4 is the index of the query part request.update(dict(cgi.parse_qsl(url_parts[4]))) url_parts[4] = urllib.urlencode(request) return urlparse.urlunparse(url_parts)
def _parse_rfc1738_args(name): pattern = re.compile( r''' (?P<name>[\w\+]+):// (?: (?P<username>[^:/]*) (?::(?P<password>[^/]*))? @)? (?: (?P<host>[^/:]*) (?::(?P<port>[^/]*))? )? (?:/(?P<database>.*))? ''', re.X) m = pattern.match(name) if m is not None: components = m.groupdict() if components['database'] is not None: tokens = components['database'].split('?', 2) components['database'] = tokens[0] query = (len(tokens) > 1 and dict(cgi.parse_qsl(tokens[1]))) or None # start Py2K # if query is not None: # query = dict((k.encode('ascii'), query[k]) for k in query) # end Py2K else: query = None components['query'] = query if components['password'] is not None: components['password'] = urllib.parse.unquote_plus( components['password']) name = components.pop('name') return URL(name, **components) else: raise exc.ArgumentError( "Could not parse rfc1738 URL from string '%s'" % name)
def do_GET(self): try: self.parsed_uri = urlparse(self.path) self.query = {} for k, v in cgi.parse_qsl(self.parsed_uri[4]): self.query[k] = v print "GET query = %s" % str(self.query) print "GET headers = %s" % str(self.headers) self.setUser() path = self.parsed_uri[2].lower() if path == '/': self.showMainPage() elif path == '/openidserver': self.serverEndPoint(self.query) elif path == '/login': self.showLoginPage('/', '/') elif path == '/loginsubmit': self.doLogin() elif path.startswith('/id/'): self.showIdPage(path) elif path.startswith('/yadis/'): self.showYadis(path[7:]) elif path == '/serveryadis': self.showServerYadis() else: self.send_response(404) self.end_headers() except (KeyboardInterrupt, SystemExit): raise except: self.send_response(500) self.send_header('Content-type', 'text/html') self.end_headers() self.wfile.write(cgitb.html(sys.exc_info(), context=10))
def get_oauth_access_token(self): request_token = self.get_oauth_token() token = oauth.Token( request_token['oauth_token'], request_token['oauth_token_secret'], ) token.set_verifier(self.get_oauth_verifier()) client = self.get_oauth_client( token=token) #oauth.Client(self.get_oauth_consumer(), token) url = '%s?%s' % (self.get_oauth_access_endpoint(), urllib.urlencode( self.get_oauth_access_endpoint_params())) resp, content = client.request(url, 'GET') if resp['status'] != '200': print content raise Exception('Could not get access token from %s: HTTP %s' % (url, resp['status'])) token = dict(cgi.parse_qsl(content)) return token
def receive(self, msg): if self.failure: return self.failure if hasattr(urlparse, 'parse_qsl'): data = dict(urlparse.parse_qsl(msg)) else: data = dict(cgi.parse_qsl(msg)) assert data['username'] assert data['password'] if 'type' not in data and data.get('customer_vault', None) == 'add_customer': self.validate_payment_info(data) return self.simple_vault_store(data) try: assert data['type'] in ('auth', 'sale', 'capture', 'void', 'refund') except: print data raise return getattr(self, data['type'])(data)
def get_id_from_url(url, base_url): """ Returns the id of a bug given a correctly-formatted URL, e.g.: https://bugzilla.mozilla.org/show_bug.cgi?id=490130 otherwise, returns None. """ path, query = urllib.splitquery(url) if not path.startswith(base_url): return None try: data = cgi.parse_qsl(query) except: return None remote_tracker_id = None for key, value in data: if key == 'id': return value return None
def do_POST(self): self.getEnv() self.parsed_uri = urlparse(self.path) content_length = int(self.headers['Content-Length']) post_data = self.rfile.read(content_length) self.query = {} for k, v in cgi.parse_qsl(post_data): self.query[k] = v path = self.parsed_uri[2] if path == '/openidserver': self.serverEndPoint(self.query) elif path == '/allow': self.handleAllow(self.query) elif path == '/update': self.updateParams(self.query) else: raise ValueError('404 Not Found: {0}'.format(path))
def twitter_auth_url(): callback_uri = urls.absurl("/redirects/twitter/") oauth = OAuth1( settings.TWITTER_CONSUMER_KEY, settings.TWITTER_CONSUMER_SECRET, callback_uri=callback_uri) r = requests.post(url=twitter_request_token_url, auth=oauth) if r.status_code != 200: raise TwitterVerificationError('Invalid response from Twitter.') as_bytes = dict(cgi.parse_qsl(r.content)) token_b = as_bytes[b'oauth_token'] token_secret_b = as_bytes[b'oauth_token_secret'] request_token = {} request_token['oauth_token'] = token_b.decode('utf-8') request_token['oauth_token_secret'] = token_secret_b.decode('utf-8') session['request_token'] = request_token url = '{}?oauth_token={}'.format( twitter_authenticate_url, request_token['oauth_token']) return VerificationServiceResponse({'url': url})
def twitter_login(request): # Step 1. Get a request token from Twitter. resp, content = client.request(request_token_url, "GET") print "============ twitter_login ==========" if resp['status'] != '200': raise Exception("Invalid response from Twitter.") print "============ twitter_login aytu ==========" if request.user.is_authenticated(): "========== hi user --=====" # Step 2. Store the request token in a session for later use. request.session['request_token'] = dict(cgi.parse_qsl(content)) # Step 3. Redirect the user to the authentication URL. url = "%s?oauth_token=%s" % ( authenticate_url, request.session['request_token']['oauth_token']) print "=====url====", url return HttpResponseRedirect("/authenticated")
def _get_new_token(self, request_url, *args, **kwargs): """ Internal method that gets a new token from the request_url and sets it to self.token on success. """ resp, content = self.client.request( request_url, "POST", body=urlencode({'oauth_callback': self.callback})) #resp, content = self.client.request(request_url, *args, **kwargs) if resp["status"] != "200": print "Vimeo token error: " + repr(resp) + " - " + repr(content) if self._is_success(resp): new_token = dict(cgi.parse_qsl(content)) self.token = oauth2.Token(new_token["oauth_token"], new_token["oauth_token_secret"]) self.client = oauth2.Client(self.consumer, self.token)
def __init__(self, name, repmess='status'): try: self.qstring = dict( cgi.parse_qsl(os.environ['REQUEST_URI'].split('?')[1])) except IndexError: self.qstring = {} except KeyError: self.qstring = {} self.name = name try: self.location = os.environ['SCRIPT_FILENAME'] except KeyError: self.location = '' try: self.urllocation = 'http://toolserver.org' + os.environ[ 'SCRIPT_NAME'] except KeyError: self.urllocation = '' self.repmess = repmess
def do_GET(self): url_tuple = urlparse.urlsplit(self.path) params = dict(cgi.parse_qsl(url_tuple[3])) req = url_tuple[2] session = self.GetSession(params) self._params = params try: cls, op = self.parse_req(req) except: self.log_error('Bad request: %s', req) self.return_error(400, 'bad request') return if (cls in DataService.classes_keys): with error_handler(self): DataService.classes[cls].GET(self, session, params, op) else: self.log_error('Bad GET: %s', self.path) self.return_error(400, 'bad request')
def scan(self, response, log, browser): """ Takes a response object and checks if there the context matches. If it matches, this scanners handle() method is called with the reponse as the first argument, and any match groups from regular expressions as subsequent arguments in the order they are parsed (see urlparse.ParseResult._fields for field order). Raises NoMatch if not, otherwise calls handle If context does not match, NoMatch is raised """ uri = urlparse.urlparse(response.url) results = [] for field in uri._fields: regex = self.patterns[field] val = getattr(uri, field, '') match = regex.search(val) if match is None: raise NoMatch(response.url, field, val, regex) results.extend(match.groups()) if self.query_patterns: queries = cgi.parse_qsl(uri.query) for patterns in self.query_patterns: for query in queries: matches = [] for regex, val in zip(patterns, query): match = regex.search(val) if match is None: break matches.append(match) if len(matches) == 2: for match in matches: results.extend(match.groups()) break else: raise NoMatch(response.url, 'query', uri.query, *patterns) return self.handle(response, log, browser, *results)
def clean_url(self, url): # stolen from urlparse.urlsplit(), which doesn't handle # splitting frags correctly netloc = query = fragment = '' i = url.find(':') scheme = url[:i].lower() url = url[i + 1:] if url[:2] == '//': delim = len(url) for c in '/?#': wdelim = url.find(c, 2) if wdelim >= 0: delim = min(delim, wdelim) netloc, url = url[2:delim], url[delim:] if '#' in url: try: url, fragment = self.get_frag_re.search(url).groups() except: pass if '?' in url: url, query = url.split('?', 1) ### now for memebots normalizing.. # make hostname lowercase and remove www netloc = netloc.lower() netloc = urlparse.unquote(netloc).replace('+', ' ') if netloc.startswith('www.') and len(netloc) > 4: netloc = netloc[4:] if netloc.endswith('.') and len(netloc) > 1: netloc = netloc[:-1] # all urls have trailing slash if url == '': url = '/' url = urlparse.unquote(url).replace('+', ' ') # remove empty query settings, these are usually form artifacts # and put them in order try: query = urlencode( [item for item in sorted(parse_qsl(query)) if item[1]]) except Exception, e: query = ''
def xauth(consumer_key, consumer_secret, username, password, base_url_template=DEFAULT_BASE_URL_TEMPLATE): """Returns an OAuth token that can be used with clients.ReaderClient. :param consumer_key: Readability consumer key :param consumer_secret: Readability consumer secret :param username: A username :param password: A password :param base_url_template: Template for generating Readability API urls. """ # fetch oauth token from server consumer = oauth2.Consumer(consumer_key, consumer_secret) client = oauth2.Client(consumer) client.add_credentials(username, password) client.authorizations params = {} params['x_auth_username'] = username params['x_auth_password'] = password params['x_auth_mode'] = 'client_auth' client.set_signature_method = oauth2.SignatureMethod_HMAC_SHA1() url = base_url_template.format(ACCESS_TOKEN_URL) logger.debug('POST to %s.', url) r, content = client.request(url, method='POST', body=urllib.urlencode(params)) token = dict(parse_qsl(content)) try: token = (token['oauth_token'], token['oauth_token_secret']) except KeyError: raise Exception('Invalid Credentials.') return token
def do_GET(self): """Dispatching logic. There are three paths defined: / - Display an empty form asking for an identity URL to verify /verify - Handle form submission, initiating OpenID verification /process - Handle a redirect from an OpenID server Any other path gets a 404 response. This function also parses the query parameters. If an exception occurs in this function, a traceback is written to the requesting browser. """ try: self.parsed_uri = urllib.parse.urlparse(self.path) self.query = {} for k, v in cgi.parse_qsl(self.parsed_uri[4]): self.query[k] = v path = self.parsed_uri[2] if path == '/': self.render() elif path == '/verify': self.doVerify() elif path == '/process': self.doProcess() elif path == '/affiliate': self.doAffiliate() else: self.notFound() except (KeyboardInterrupt, SystemExit): raise except: self.send_response(500) self.send_header('Content-type', 'text/html') self.setSessionCookie() self.end_headers() self.wfile.write( bytes(cgitb.html(sys.exc_info(), context=10), 'utf-8'))