def user_authorization(request, form_class=AuthorizeRequestTokenForm):
if 'oauth_token' not in request.REQUEST:
return HttpResponseBadRequest('No request token specified.')
oauth_request = get_oauth_request(request)
try:
request_token = store.get_request_token(request, oauth_request,
request.REQUEST['oauth_token'])
except InvalidTokenError:
logging.info('Oauth error: could not authorize user %s with token %s' %
(request.user, request.REQUEST['oauth_token']))
return HttpResponseBadRequest('Invalid request token.')
consumer = store.get_consumer_for_request_token(request, oauth_request,
request_token)
if request.method == 'POST':
form = form_class(request.POST)
if request.session.get('oauth',
'') == request_token.key and form.is_valid():
request.session['oauth'] = ''
if form.cleaned_data['authorize_access']:
request_token = store.authorize_request_token(
request, oauth_request, request_token)
args = {'oauth_token': request_token.key}
else:
args = {'error': _('Access not granted by user.')}
if request_token.callback is not None and request_token.callback != OUT_OF_BAND:
response = HttpResponseRedirect(
'%s&%s' %
(request_token.get_callback_url(), urlencode(args)))
else:
# try to get custom callback view
callback_view_str = getattr(
settings, OAUTH_CALLBACK_VIEW,
'oauth_provider.views.fake_callback_view')
try:
callback_view = get_callable(callback_view_str)
except AttributeError:
raise Exception, "%s view doesn't exist." % callback_view_str
response = callback_view(request, **args)
else:
response = send_oauth_error(oauth.Error(_('Action not allowed.')))
else:
# try to get custom authorize view
authorize_view_str = getattr(
settings, OAUTH_AUTHORIZE_VIEW,
'oauth_provider.views.default_authorize_view')
try:
authorize_view = get_callable(authorize_view_str)
except AttributeError:
raise Exception, "%s view doesn't exist." % authorize_view_str
params = oauth_request.get_normalized_parameters()
# set the oauth flag
request.session['oauth'] = request_token.key
response = authorize_view(request, request_token,
request_token.get_callback_url(), params)
return response
def user_authorization(request, form_class=AuthorizeRequestTokenForm):
if 'oauth_token' not in request.REQUEST:
return oauth_error_response('No request token specified.', status_code=httplib.BAD_REQUEST)
oauth_request = get_oauth_request(request)
try:
request_token = store.get_request_token(request, oauth_request, request.REQUEST['oauth_token'])
except InvalidTokenError:
return oauth_error_response('Invalid request token.', status_code=httplib.BAD_REQUEST)
consumer = store.get_consumer_for_request_token(request, oauth_request, request_token)
if request.method == 'POST':
form = form_class(request.POST)
if request.session.get('oauth', '') == request_token.key and form.is_valid():
request.session['oauth'] = ''
if form.cleaned_data['authorize_access']:
request_token.name = form.cleaned_data.get("client_name", getattr(settings, "OAUTH_PROVIDER_TOKEN_DEFAULT_NAME", "Unnamed"))
request_token = store.authorize_request_token(request, oauth_request, request_token)
args = { 'oauth_token': request_token.key }
else:
args = { 'error': _('Access not granted by user.') }
if request_token.callback is not None and request_token.callback != OUT_OF_BAND:
response = HttpResponseRedirect('%s&%s' % (request_token.get_callback_url(), urlencode(args)))
else:
# try to get custom callback view
if request_token.callback == OUT_OF_BAND:
callback_view_str = getattr(settings, OAUTH_PROVIDER_OUT_OF_BAND_CALLBACK_VIEW,
'oauth_provider.views.fake_out_of_band_callback_view')
else:
# try to get custom callback view
callback_view_str = getattr(settings, OAUTH_PROVIDER_CALLBACK_VIEW,
'oauth_provider.views.fake_callback_view')
try:
callback_view = get_callable(callback_view_str)
except AttributeError:
raise Exception, "%s view doesn't exist." % callback_view_str
response = callback_view(request, request_token, **args)
else:
response = oauth_error_response(oauth.Error(_('Action not allowed.')))
else:
# try to get custom authorize view
authorize_view_str = getattr(settings, OAUTH_PROVIDER_AUTHORIZE_VIEW,
'oauth_provider.views.default_authorize_view')
try:
authorize_view = get_callable(authorize_view_str)
except AttributeError:
raise Exception, "%s view doesn't exist." % authorize_view_str
params = oauth_request.get_normalized_parameters()
# set the oauth flag
request.session['oauth'] = request_token.key
response = authorize_view(request, request_token, request_token.get_callback_url(), params)
return response
def user_authorization(request, form_class=AuthorizeRequestTokenForm):
if 'oauth_token' not in request.REQUEST:
return HttpResponseBadRequest('No request token specified.')
oauth_request = get_oauth_request(request)
try:
request_token = store.get_request_token(request, oauth_request, request.REQUEST['oauth_token'])
except InvalidTokenError:
return HttpResponseBadRequest('Invalid request token.')
consumer = store.get_consumer_for_request_token(request, oauth_request, request_token)
if request.method == 'POST':
form = form_class(request.POST)
if request.session.get('oauth', '') == request_token.key and form.is_valid():
request.session['oauth'] = ''
if form.cleaned_data['authorize_access']:
request_token = store.authorize_request_token(request, oauth_request, request_token)
args = { 'oauth_token': request_token }
else:
args = { 'error': _('Access not granted by user.') }
if request_token.callback is not None and request_token.callback != OUT_OF_BAND:
response = HttpResponseRedirect(request_token.get_callback_url(args))
else:
# try to get custom callback view
callback_view_str = getattr(settings, OAUTH_CALLBACK_VIEW,
'oauth_provider.views.fake_callback_view')
try:
callback_view = get_callable(callback_view_str)
except AttributeError:
raise Exception, "%s view doesn't exist." % callback_view_str
response = callback_view(request, **args)
else:
response = send_oauth_error(oauth.Error(_('Action not allowed.')))
else:
# try to get custom authorize view
authorize_view_str = getattr(settings, OAUTH_AUTHORIZE_VIEW,
'oauth_provider.views.fake_authorize_view')
try:
authorize_view = get_callable(authorize_view_str)
except AttributeError:
raise Exception, "%s view doesn't exist." % authorize_view_str
params = oauth_request.get_normalized_parameters()
# set the oauth flag
request.session['oauth'] = request_token.key
response = authorize_view(request, request_token, request_token.get_callback_url(), params)
return response
def user_authorization(request, form_class=AuthorizeRequestTokenForm):
if "oauth_token" not in request.REQUEST:
return HttpResponseBadRequest("No request token specified.")
oauth_request = get_oauth_request(request)
try:
request_token = store.get_request_token(request, oauth_request, request.REQUEST["oauth_token"])
except InvalidTokenError:
return HttpResponseBadRequest("Invalid request token.")
consumer = store.get_consumer_for_request_token(request, oauth_request, request_token)
if request.method == "POST":
form = form_class(request.POST)
if request.session.get("oauth", "") == request_token.key and form.is_valid():
request.session["oauth"] = ""
if form.cleaned_data["authorize_access"]:
request_token = store.authorize_request_token(request, oauth_request, request_token)
args = {"oauth_token": request_token.key}
else:
args = {"error": _("Access not granted by user.")}
if request_token.callback is not None and request_token.callback != OUT_OF_BAND:
response = HttpResponseRedirect("%s&%s" % (request_token.get_callback_url(), urlencode(args)))
else:
# try to get custom callback view
callback_view_str = getattr(settings, OAUTH_CALLBACK_VIEW, "oauth_provider.views.fake_callback_view")
try:
callback_view = get_callable(callback_view_str)
except AttributeError:
raise Exception, "%s view doesn't exist." % callback_view_str
response = callback_view(request, **args)
else:
response = send_oauth_error(oauth.Error(_("Action not allowed.")))
else:
# try to get custom authorize view
authorize_view_str = getattr(settings, OAUTH_AUTHORIZE_VIEW, "oauth_provider.views.fake_authorize_view")
try:
authorize_view = get_callable(authorize_view_str)
except AttributeError:
raise Exception, "%s view doesn't exist." % authorize_view_str
params = oauth_request.get_normalized_parameters()
# set the oauth flag
request.session["oauth"] = request_token.key
response = authorize_view(request, request_token, request_token.get_callback_url(), params)
return response
def user_authorization(request, form_class=AuthorizeRequestTokenForm):
if 'oauth_token' not in request.REQUEST:
return HttpResponseBadRequest('No request token specified.')
oauth_request = get_oauth_request(request)
try:
request_token = store.get_request_token(request, oauth_request,
request.REQUEST['oauth_token'])
except InvalidTokenError:
return HttpResponse('Invalid request token: %s' %
request.REQUEST['oauth_token'],
status=401)
consumer = store.get_consumer_for_request_token(request, oauth_request,
request_token)
# LRS CHANGE - MAKE SURE LOGGED IN USER OWNS THIS CONSUMER
if request.user != consumer.user:
return HttpResponseForbidden('Invalid user for this client.')
if request.method == 'POST':
form = form_class(request.POST)
if request.session.get('oauth',
'') == request_token.key and form.is_valid():
request.session['oauth'] = ''
if form.cleaned_data['authorize_access']:
request_token = store.authorize_request_token(
request, oauth_request, request_token)
args = {'oauth_token': request_token.key}
else:
args = {'error': _('Access not granted by user.')}
if request_token.callback is not None and request_token.callback != OUT_OF_BAND:
callback_url = request_token.get_callback_url(args)
if UNSAFE_REDIRECTS:
response = UnsafeRedirect(callback_url)
else:
response = HttpResponseRedirect(callback_url)
else:
# try to get custom callback view
callback_view_str = getattr(
settings, OAUTH_CALLBACK_VIEW,
'oauth_provider.views.fake_callback_view')
try:
view_callable = get_callable(callback_view_str)
except AttributeError:
raise Exception, "%s view doesn't exist." % callback_view_str
# try to treat it as Class Based View (CBV)
try:
callback_view = view_callable.as_view()
except AttributeError:
# if it appears not to be CBV treat it like FBV
callback_view = view_callable
response = callback_view(request, **args)
else:
response = send_oauth_error(oauth.Error(_('Action not allowed.')))
else:
# try to get custom authorize view
authorize_view_str = getattr(
settings, OAUTH_AUTHORIZE_VIEW,
'oauth_provider.views.fake_authorize_view')
try:
view_callable = get_callable(authorize_view_str)
except AttributeError:
raise Exception, "%s view doesn't exist." % authorize_view_str
# try to treat it as Class Based View (CBV)
try:
authorize_view = view_callable.as_view()
except AttributeError:
# if it appears not to be CBV treat it like FBV
authorize_view = view_callable
params = oauth_request.get_normalized_parameters()
# set the oauth flag
request.session['oauth'] = request_token.key
response = authorize_view(request, request_token,
request_token.get_callback_url(), params)
return response
def user_authorization(request, form_class=AuthorizeRequestTokenForm):
if 'oauth_token' not in request.REQUEST:
return oauth_error_response('No request token specified.',
status_code=httplib.BAD_REQUEST)
oauth_request = get_oauth_request(request)
try:
request_token = store.get_request_token(request, oauth_request,
request.REQUEST['oauth_token'])
except InvalidTokenError:
return oauth_error_response('Invalid request token.',
status_code=httplib.BAD_REQUEST)
consumer = store.get_consumer_for_request_token(request, oauth_request,
request_token)
if request.method == 'POST':
form = form_class(request.POST)
if request.session.get('oauth',
'') == request_token.key and form.is_valid():
request.session['oauth'] = ''
if form.cleaned_data['authorize_access']:
request_token.name = form.cleaned_data.get(
"client_name",
getattr(settings, "OAUTH_PROVIDER_TOKEN_DEFAULT_NAME",
"Unnamed"))
request_token = store.authorize_request_token(
request, oauth_request, request_token)
args = {'oauth_token': request_token.key}
else:
args = {'error': _('Access not granted by user.')}
if request_token.callback is not None and request_token.callback != OUT_OF_BAND:
response = HttpResponseRedirect(
'%s&%s' %
(request_token.get_callback_url(), urlencode(args)))
else:
# try to get custom callback view
if request_token.callback == OUT_OF_BAND:
callback_view_str = getattr(
settings, OAUTH_PROVIDER_OUT_OF_BAND_CALLBACK_VIEW,
'oauth_provider.views.fake_out_of_band_callback_view')
else:
# try to get custom callback view
callback_view_str = getattr(
settings, OAUTH_PROVIDER_CALLBACK_VIEW,
'oauth_provider.views.fake_callback_view')
try:
callback_view = get_callable(callback_view_str)
except AttributeError:
raise Exception, "%s view doesn't exist." % callback_view_str
response = callback_view(request, request_token, **args)
else:
response = oauth_error_response(
oauth.Error(_('Action not allowed.')))
else:
# try to get custom authorize view
authorize_view_str = getattr(
settings, OAUTH_PROVIDER_AUTHORIZE_VIEW,
'oauth_provider.views.default_authorize_view')
try:
authorize_view = get_callable(authorize_view_str)
except AttributeError:
raise Exception, "%s view doesn't exist." % authorize_view_str
params = oauth_request.get_normalized_parameters()
# set the oauth flag
request.session['oauth'] = request_token.key
response = authorize_view(request, request_token,
request_token.get_callback_url(), params)
return response
def user_authorization(request, form_class=AuthorizeRequestTokenForm):
if request.method.lower() == "get":
if "oauth_token" not in request.GET:
return HttpResponseBadRequest("No request token specified.")
incoming_token = request.GET["oauth_token"]
elif request.method.lower() == "post":
if "oauth_token" not in request.POST:
return HttpResponseBadRequest("No request token specified.")
incoming_token = request.POST["oauth_token"]
oauth_request = get_oauth_request(request)
try:
request_token = store.get_request_token(request, oauth_request, incoming_token)
except InvalidTokenError:
return HttpResponse("Invalid request token: %s" % incoming_token, status=401)
consumer = store.get_consumer_for_request_token(request, oauth_request, request_token)
# LRS CHANGE - MAKE SURE LOGGED IN USER OWNS THIS CONSUMER
if request.user != consumer.user:
return HttpResponseForbidden("Invalid user for this client.")
if request.method == "POST":
form = form_class(request.POST)
if request.session.get("oauth", "") == request_token.key and form.is_valid():
request.session["oauth"] = ""
if form.cleaned_data["authorize_access"]:
request_token = store.authorize_request_token(request, oauth_request, request_token)
args = {"oauth_token": request_token.key}
else:
args = {"error": _("Access not granted by user.")}
if request_token.callback is not None and request_token.callback != OUT_OF_BAND:
callback_url = request_token.get_callback_url(args)
if UNSAFE_REDIRECTS:
response = UnsafeRedirect(callback_url)
else:
response = HttpResponseRedirect(callback_url)
else:
# try to get custom callback view
callback_view_str = getattr(settings, OAUTH_CALLBACK_VIEW, "oauth_provider.views.fake_callback_view")
try:
view_callable = get_callable(callback_view_str)
except AttributeError:
raise Exception("%s view doesn't exist." % callback_view_str)
# try to treat it as Class Based View (CBV)
try:
callback_view = view_callable.as_view()
except AttributeError:
# if it appears not to be CBV treat it like FBV
callback_view = view_callable
response = callback_view(request, **args)
else:
response = send_oauth_error(
"https" if request.is_secure() else "http",
get_current_site(request).domain,
oauth.Error(_("Action not allowed.")),
)
else:
# try to get custom authorize view
authorize_view_str = getattr(settings, OAUTH_AUTHORIZE_VIEW, "oauth_provider.views.fake_authorize_view")
try:
view_callable = get_callable(authorize_view_str)
except AttributeError:
raise Exception("%s view doesn't exist." % authorize_view_str)
# try to treat it as Class Based View (CBV)
try:
authorize_view = view_callable.as_view()
except AttributeError:
# if it appears not to be CBV treat it like FBV
authorize_view = view_callable
params = oauth_request.get_normalized_parameters()
# set the oauth flag
request.session["oauth"] = request_token.key
response = authorize_view(request, request_token, request_token.get_callback_url(), params)
return response
def user_authorization(request, form_class=AuthClientForm):
if 'oauth_token' not in request.REQUEST:
return HttpResponseBadRequest('No request token specified.')
oauth_request = get_oauth_request(request)
try:
request_token = store.get_request_token(request, oauth_request, request.REQUEST['oauth_token'])
except InvalidTokenError:
return HttpResponse('Invalid request token: %s' % request.REQUEST['oauth_token'], status=401)
consumer = store.get_consumer_for_request_token(request, oauth_request, request_token)
# LRS CHANGE - MAKE SURE LOGGED IN USER OWNS THIS CONSUMER
if request.user != consumer.user:
return HttpResponseForbidden('Invalid user for this client.')
if request.method == 'POST':
form = form_class(request.POST)
if request.session.get('oauth', '') == request_token.key and form.is_valid():
request.session['oauth'] = ''
if form.cleaned_data['authorize_access']:
request_token = store.authorize_request_token(request, oauth_request, request_token)
args = { 'oauth_token': request_token.key }
else:
args = { 'error': _('Access not granted by user.') }
if request_token.callback is not None and request_token.callback != OUT_OF_BAND:
callback_url = request_token.get_callback_url(args)
if UNSAFE_REDIRECTS:
response = UnsafeRedirect(callback_url)
else:
response = HttpResponseRedirect(callback_url)
else:
# try to get custom callback view
callback_view_str = getattr(settings, OAUTH_CALLBACK_VIEW,
'oauth_provider.views.fake_callback_view')
try:
view_callable = get_callable(callback_view_str)
except AttributeError:
raise Exception, "%s view doesn't exist." % callback_view_str
# try to treat it as Class Based View (CBV)
try:
callback_view = view_callable.as_view()
except AttributeError:
# if it appears not to be CBV treat it like FBV
callback_view = view_callable
response = callback_view(request, **args)
else:
response = send_oauth_error(oauth.Error(_('Action not allowed.')))
else:
# try to get custom authorize view
authorize_view_str = getattr(settings, OAUTH_AUTHORIZE_VIEW,
'oauth_provider.views.fake_authorize_view')
try:
view_callable = get_callable(authorize_view_str)
except AttributeError:
raise Exception, "%s view doesn't exist." % authorize_view_str
# try to treat it as Class Based View (CBV)
try:
authorize_view = view_callable.as_view()
except AttributeError:
# if it appears not to be CBV treat it like FBV
authorize_view = view_callable
params = oauth_request.get_normalized_parameters()
# set the oauth flag
request.session['oauth'] = request_token.key
response = authorize_view(request, request_token, request_token.get_callback_url(), params)
return response
def user_authorization(request, form_class=AuthorizeRequestTokenForm):
if request.method.lower() == 'get':
if 'oauth_token' not in request.GET:
return HttpResponseBadRequest('No request token specified.')
incoming_token = request.GET['oauth_token']
elif request.method.lower() == 'post':
if 'oauth_token' not in request.POST:
return HttpResponseBadRequest('No request token specified.')
incoming_token = request.POST['oauth_token']
oauth_request = get_oauth_request(request)
try:
request_token = store.get_request_token(request, oauth_request,
incoming_token)
except InvalidTokenError:
return HttpResponse('Invalid request token: %s' % incoming_token,
status=401)
consumer = store.get_consumer_for_request_token(request, oauth_request,
request_token)
# LRS CHANGE - MAKE SURE LOGGED IN USER OWNS THIS CONSUMER
# CLATOOLKIT CHANGE - MULTIPLE USERS CAN HAVE MULTIPLE CONSUMERS
if not consumer.attached_to_user(request.user):
return HttpResponseForbidden('Invalid user for this client.')
if request.method == 'POST':
form = form_class(request.POST)
print 'request.session.oauth == request_token.key? %s' % (
request.session.get('oauth', '') == request_token.key)
print 'session: %s and request_token: %s' % (request.session.get(
'oauth', ''), request_token.key)
print 'form valid? %s' % form.is_valid()
if not form.is_valid():
print 'form errors: %s' % form.errors
if request.session.get('oauth',
'') == request_token.key and form.is_valid():
request.session['oauth'] = ''
if form.cleaned_data['authorize_access']:
request_token = store.authorize_request_token(
request, oauth_request, request_token)
args = {
'oauth_token': request_token.key,
'user': request.GET.get('clau', None)
}
else:
args = {'error': _('Access not granted by user.')}
print 'callback url: %s' % (request_token.callback)
# print 'new callback url: %s' % (request_token.callback)
if request_token.callback is not None and request_token.callback != OUT_OF_BAND:
callback_url = request_token.get_callback_url(args)
#cla-user = request.GET.get('clau', None)
#print 'got CLA user: %s' % (cla-user)
if UNSAFE_REDIRECTS:
response = UnsafeRedirect(
callback_url) #+'?user=%s' % cla-user)
else:
response = HttpResponseRedirect(
callback_url) #+'?user=%s' % cla-user)
else:
print "We're in here..."
# try to get custom callback view
callback_view_str = getattr(
settings, OAUTH_CALLBACK_VIEW,
'oauth_provider.views.fake_callback_view')
try:
view_callable = get_callable(callback_view_str)
except AttributeError:
raise Exception("%s view doesn't exist." %
callback_view_str)
# try to treat it as Class Based View (CBV)
try:
callback_view = view_callable.as_view()
except AttributeError:
# if it appears not to be CBV treat it like FBV
callback_view = view_callable
response = callback_view(request, **args)
else:
response = send_oauth_error(
'https' if request.is_secure() else 'http',
get_current_site(request).domain,
oauth.Error(_('Action not allowed.')))
else:
# try to get custom authorize view
authorize_view_str = getattr(
settings, OAUTH_AUTHORIZE_VIEW,
'oauth_provider.views.fake_authorize_view')
try:
view_callable = get_callable(authorize_view_str)
except AttributeError:
raise Exception("%s view doesn't exist." % authorize_view_str)
# try to treat it as Class Based View (CBV)
try:
authorize_view = view_callable.as_view()
except AttributeError:
# if it appears not to be CBV treat it like FBV
authorize_view = view_callable
params = oauth_request.get_normalized_parameters()
# set the oauth flag
request.session['oauth'] = request_token.key
response = authorize_view(request, request_token,
request_token.get_callback_url(), params)
return response
