def debug_oauth(request, **kwargs):
from smart.accesscontrol.oauth_servers import OAUTH_SERVER
ret = "Details of your request: \n\n"
ret += "Method: %s\n"%request.method
ret += "URL: %s\n"%request.build_absolute_uri()
ret += "Headers:\n"
for k,v in request.META.iteritems():
if k.startswith("HTTP"):
ret += "%s: %s"%(k,v)
ret += "\n"
try:
oauth_request = OAUTH_SERVER.extract_oauth_request(djangoutils.extract_request(request))
ret += "OAuth Debugging: \n\n"
ret += "SBS: \n"
sbs = oauth_request.get_signature_base_string()
ret += sbs
ret += "Expected Signature: \n"
ret += oauth.SIGNATURE_METHODS['HMAC-SHA1'].sign(sbs, oauth_request.consumer, oauth_request.token)
ret += "Your Signature: \n"
ret += oauth_request.signature
except oauth.OAuthError as e:
import traceback
ret += "An error occurred:\n"
ret += traceback.format_exc()
return HttpResponse(ret, "text/plain")
def request_token(request):
""" Get a new request token, bound to a record if desired.
request.POST may contain:
* *smart_record_id*: The record to which to bind the request token.
Will return :http:statuscode:`200` with the request token on success,
:http:statuscode:`401` if the oauth signature on the request was missing
or faulty.
Will raise on bad signature.
"""
# ask the oauth server to generate a request token given the HTTP request
try:
# we already have the oauth_request in context, so we don't get
# it again
app = request.principal
request_token = OAUTH_SERVER.generate_request_token(
request.oauth_request,
record_id=request.POST.get("smart_record_id", None),
offline_capable=request.POST.get("offline", False),
)
return HttpResponse(request_token.to_string(), mimetype="text/plain")
except oauth.OAuthError, e:
traceback.print_exc(file=sys.stderr)
def request_token_approve(request, request_token):
rt = ReqToken.objects.get(token = request_token)
record_id=request.POST.get('record_id', None)
offline = request.POST.get('offline', False)
# requesting offline but request token doesn't allow it? Bust!
if offline and not rt.offline_capable:
raise PermissionDenied
record = rt.record
if (record_id and rt.record and record_id != rt.record.record_id):
raise PermissionDenied("Request token pre-bound record %s != post variable %s"%(record.record_id, record_id))
if (not (rt.record or record_id)):
raise Exception("Must have a record bound to token or a record_id passed in to authorize.")
if not record:
record = Record.objects.get(id=record_id)
# authorize the request token
request_token = OAUTH_SERVER.authorize_request_token(rt.token, record=record, account = request.principal, offline = offline)
# where to redirect to + parameters
redirect_url = AppActivity.objects.get(app=request_token.app, name="after_auth").url
redirect_url += "?oauth_token=%s&oauth_verifier=%s" % (request_token.token, request_token.verifier)
# redirect to the request token's callback, or if null the PHA's default callback
return HttpResponse(urllib.urlencode({'location': redirect_url}))
def debug_oauth(request, **kwargs):
from smart.accesscontrol.oauth_servers import OAUTH_SERVER
ret = "Details of your request: \n\n"
ret += "Method: %s\n" % request.method
ret += "URL: %s\n" % request.build_absolute_uri()
ret += "Headers:\n"
for k, v in request.META.iteritems():
if k.startswith("HTTP"):
ret += "%s: %s" % (k, v)
ret += "\n"
try:
oauth_request = OAUTH_SERVER.extract_oauth_request(
djangoutils.extract_request(request))
ret += "OAuth Debugging: \n\n"
ret += "SBS: \n"
sbs = oauth_request.get_signature_base_string()
ret += sbs
ret += "Expected Signature: \n"
ret += oauth.SIGNATURE_METHODS['HMAC-SHA1'].sign(
sbs, oauth_request.consumer, oauth_request.token)
ret += "Your Signature: \n"
ret += oauth_request.signature
except oauth.OAuthError as e:
import traceback
ret += "An error occurred:\n"
ret += traceback.format_exc()
return HttpResponse(ret, "text/plain")
def exchange_token(request):
# ask the oauth server to exchange a request token into an access token
# this will check proper oauth for this action
try:
access_token = OAUTH_SERVER.exchange_request_token(request.oauth_request)
return HttpResponse(access_token.to_string(), mimetype="text/plain")
except oauth.OAuthError, e:
traceback.print_exc(file=sys.stderr)
def exchange_token(request):
# ask the oauth server to exchange a request token into an access token
# this will check proper oauth for this action
try:
access_token = OAUTH_SERVER.exchange_request_token(request.oauth_request)
# an exception can be raised if there is a bad signature (or no signature) in the request
except:
raise PermissionDenied()
return HttpResponse(access_token.to_string(), mimetype='text/plain')
def exchange_token(request):
# ask the oauth server to exchange a request token into an access token
# this will check proper oauth for this action
try:
access_token = OAUTH_SERVER.exchange_request_token(
request.oauth_request)
# an exception can be raised if there is a bad signature (or no signature) in the request
except:
raise PermissionDenied()
return HttpResponse(access_token.to_string(), mimetype='text/plain')
def request_token_approve(request, request_token):
rt = ReqToken.objects.get(token=request_token)
record_id = request.POST.get("record_id")
offline = request.POST.get("offline", False)
# requesting offline but request token doesn't allow it? Bust!
if offline and not rt.offline_capable:
raise PermissionDenied
# different record id? You wish!
if record_id and rt.record and record_id != rt.record.record_id:
raise PermissionDenied(
"Request token pre-bound record %s doesn't match post variable %s" % (rt.record.record_id, record_id)
)
# no record reference at all? Crash and burn
if not (rt.record or record_id):
raise Exception("Must have a record bound to token or a record_id passed in to authorize")
# no oauth_callback defined? Not a chance
manifest = simplejson.loads(rt.app.manifest)
if "oauth_callback" not in manifest:
raise Exception("This app does not define an oauth_callback, cannot authorize")
# get the callback -- must be in the manifest, we do not use the one
# provided in the request header.
# callback = request_token.oauth_callback or request_token.app.callback_url
callback = manifest["oauth_callback"]
record = rt.record
if not record:
record = Record.objects.get(id=record_id)
# authorize the request token and redirect
request_token = OAUTH_SERVER.authorize_request_token(
rt.token, record=record, account=request.principal, offline=offline
)
redirect_url = "%s?oauth_token=%s&oauth_verifier=%s" % (callback, request_token.token, request_token.verifier)
return HttpResponse(urllib.urlencode({"location": redirect_url}))
def request_token(request):
"""
the request-token request URL
"""
# ask the oauth server to generate a request token given the HTTP request
try:
# we already have the oauth_request in context, so we don't get it again
app = request.principal
request_token = OAUTH_SERVER.generate_request_token(request.oauth_request,
record_id = request.POST.get('record_id', None),
offline_capable = request.POST.get('offline', False))
return HttpResponse(request_token.to_string(), mimetype='text/plain')
except oauth.OAuthError, e:
import sys, traceback
traceback.print_exc(file=sys.stderr)
# an exception can be raised if there is a bad signature (or no signature) in the request
raise PermissionDenied()
def request_token(request):
"""
the request-token request URL
"""
# ask the oauth server to generate a request token given the HTTP request
try:
# we already have the oauth_request in context, so we don't get it again
app = request.principal
request_token = OAUTH_SERVER.generate_request_token(
request.oauth_request,
record_id=request.POST.get('record_id', None),
offline_capable=request.POST.get('offline', False))
return HttpResponse(request_token.to_string(), mimetype='text/plain')
except oauth.OAuthError, e:
import sys, traceback
traceback.print_exc(file=sys.stderr)
# an exception can be raised if there is a bad signature (or no signature) in the request
raise PermissionDenied()
def request_token_approve(request, request_token):
rt = ReqToken.objects.get(token=request_token)
record_id = request.POST.get('record_id', None)
offline = request.POST.get('offline', False)
# requesting offline but request token doesn't allow it? Bust!
if offline and not rt.offline_capable:
raise PermissionDenied
record = rt.record
if (record_id and rt.record and record_id != rt.record.record_id):
raise PermissionDenied(
"Request token pre-bound record %s != post variable %s" %
(record.record_id, record_id))
if (not (rt.record or record_id)):
raise Exception(
"Must have a record bound to token or a record_id passed in to authorize."
)
if not record:
record = Record.objects.get(id=record_id)
# authorize the request token
request_token = OAUTH_SERVER.authorize_request_token(
rt.token, record=record, account=request.principal, offline=offline)
# where to redirect to + parameters
redirect_url = AppActivity.objects.get(app=request_token.app,
name="after_auth").url
redirect_url += "?oauth_token=%s&oauth_verifier=%s" % (
request_token.token, request_token.verifier)
# redirect to the request token's callback, or if null the PHA's default callback
return HttpResponse(urllib.urlencode({'location': redirect_url}))
