def wrapperf(request, *args, **kwargs):
user = parse_user_from_request(request)
if user is not None:
request.user = user
return view_f(request, *args, **kwargs)
def wrapperf(request, *args, **kwargs):
user = parse_user_from_request(request)
if user is not None:
request.user = user
return view_f(request, *args, **kwargs)
def wrapperf(request, *args, **kwargs):
user = parse_user_from_request(request) or request.user
if user is not None and not user.is_anonymous():
request.user = user
return view_f(request, *args, **kwargs)
return create_401unauthorized()
def wrapperf(request, *args, **kwargs):
user = parse_user_from_request(request) or request.user
if user is not None and not user.is_anonymous():
request.user = user
return view_f(request, *args, **kwargs)
return create_401unauthorized()
def wrapperf(request, *args, **kwargs):
# Request must have signature and access_key
# parameters
sig = request.REQUEST.get('signature')
if not sig:
sig = request.META.get('HTTP_X_SIGNATURE')
if not sig:
return _missing_request
# Signature may have had "+" changed to spaces so change them
# back
sig = sig.replace(' ', '+')
timestamp = request.REQUEST.get('timestamp')
if not timestamp:
return _missing_request
try:
timestamp = datetime.datetime.strptime(
timestamp, SIG_TIMESTAMP_FORMAT)
expires = timestamp + datetime.timedelta(minutes=15)
if expires < datetime.datetime.now():
return _bad_request
except ValueError:
return _missing_request
if not sig:
return _missing_request
key = request.REQUEST.get('access_key')
if not key:
return _bad_request
try:
cred = APIAccessCredential.objects.get(access_key=key)
except APIAccessCredential.DoesNotExist:
return _bad_request
if not cred.enabled:
return create_401unauthorized()
signed = get_signature_for_request(request, cred.secret_key)
if len(signed) != len(sig):
return _bad_request
# Don't bail early
matches = 0
for (c1, c2) in zip(sig, signed):
matches = (ord(c1) ^ ord(c2)) | matches
if matches == 0:
if cred.user:
user = cred.user
else:
user = parse_user_from_request(request)
if require_login:
if user is None or user.is_anonymous():
return create_401unauthorized()
if user is None:
user = AnonymousUser()
request.user = user
return view_f(request, *args, **kwargs)
else:
return _bad_request
def wrapperf(request, *args, **kwargs):
# Request must have signature and access_key
# parameters
sig = request.REQUEST.get('signature')
if not sig:
sig = request.META.get('HTTP_X_SIGNATURE')
if not sig:
return _missing_request
# Signature may have had "+" changed to spaces so change them
# back
sig = sig.replace(' ', '+')
timestamp = request.REQUEST.get('timestamp')
if not timestamp:
return _missing_request
try:
timestamp = datetime.datetime.strptime(timestamp,
SIG_TIMESTAMP_FORMAT)
expires = timestamp + datetime.timedelta(minutes=15)
if expires < datetime.datetime.now():
return _bad_request
except ValueError:
return _missing_request
if not sig:
return _missing_request
key = request.REQUEST.get('access_key')
if not key:
return _bad_request
try:
cred = APIAccessCredential.objects.get(access_key=key)
except APIAccessCredential.DoesNotExist:
return _bad_request
if not cred.enabled:
return create_401unauthorized()
signed = get_signature_for_request(request, cred.secret_key)
if len(signed) != len(sig):
return _bad_request
# Don't bail early
matches = 0
for (c1, c2) in zip(sig, signed):
matches = (ord(c1) ^ ord(c2)) | matches
if matches == 0:
if cred.user:
user = cred.user
else:
user = parse_user_from_request(request)
if require_login:
if user is None or user.is_anonymous():
return create_401unauthorized()
if user is None:
user = AnonymousUser()
request.user = user
return view_f(request, *args, **kwargs)
else:
return _bad_request
