def __call__(self, request, *args, **kwargs): if self.is_valid_request(request): oauth_request = get_oauth_request(request) consumer = store.get_consumer( request, oauth_request, oauth_request.get_parameter('oauth_consumer_key')) try: token = store.get_access_token( request, oauth_request, consumer, oauth_request.get_parameter('oauth_token')) except InvalidTokenError: return send_oauth_error( Error( _('Invalid access token: %s') % oauth_request.get_parameter('oauth_token'))) try: parameters = self.validate_token(request, consumer, token) except Error, e: return send_oauth_error(e) if self.resource_name and token.resource.name != self.resource_name: return send_oauth_error( Error(_('You are not allowed to access this resource.'))) elif consumer and token: # Hack request.user = token.user return self.view_func(request, *args, **kwargs)
def _check_timestamp(self, timestamp, threshold=300): if timestamp is None: raise Error("The oauth_timestamp parameter is missing.") timestamp = int(timestamp) now = int(time.time()) lapsed = now - timestamp if lapsed > threshold: raise Error( 'Expired timestamp: given %d and now %s has a greater difference than the threshold %d' % (timestamp, now, threshold))
def _check_signature(self, consumer, token): try: nonce = self.oauth_params['oauth_nonce'] except KeyError: raise PartialOAuthRequest('Missing oauth_nonce.') self._check_nonce(nonce) try: timestamp = self.oauth_params['oauth_timestamp'] except KeyError: raise PartialOAuthRequest('Missing oauth_timestamp.') self._check_timestamp(timestamp) try: signature_method = self.application.oauth_signature_methods[ self.oauth_params['oauth_signature_method']]() except KeyError: raise UnknownSignature('Unknown oauth_signature_method.') oauth_req = oauth_request(self.request) try: signature = self.oauth_params['oauth_signature'] except KeyError: raise MissingSignature('The oauth_signature is missing') valid = signature_method.check(oauth_req, consumer, token, signature) if not valid: key, base = signature_method.signing_base(oauth_req, consumer, token) raise Error( ('Invalid signature. Expected signature base string: ' + str(base)), 'sock')
def __call__(self, request, *args, **kwargs): if self.is_valid_request(request): oauth_request = get_oauth_request(request) consumer = store.get_consumer( request, oauth_request, oauth_request.get_parameter('oauth_consumer_key')) consumer.key = str(consumer.key) consumer.secret = str(consumer.secret) try: token = store.get_access_token( request, oauth_request, consumer, oauth_request.get_parameter('oauth_token')) token.key = str(token.key) token.secret = str(token.secret) except InvalidTokenError: return send_oauth_error( Error( _('Invalid access token: %s') % oauth_request.get_parameter('oauth_token'))) try: parameters = self.validate_token(request, consumer, token) except Error, e: return send_oauth_error(e) if consumer and token: request.user = token.user return self.view_func(request, *args, **kwargs)
class CheckOAuth(object): """ Class that checks that the OAuth parameters passes the given test, raising an OAuth error otherwise. If the test is passed, the view function is invoked. We use a class here so that we can define __get__. This way, when a CheckOAuth object is used as a method decorator, the view function is properly bound to its instance. """ def __init__(self, view_func, resource_name): self.view_func = view_func self.resource_name = resource_name update_wrapper(self, view_func) def __get__(self, obj, cls=None): view_func = self.view_func.__get__(obj, cls) return CheckOAuth(view_func, self.resource_name) def __call__(self, request, *args, **kwargs): if self.is_valid_request(request): oauth_request = get_oauth_request(request) consumer = store.get_consumer( request, oauth_request, oauth_request.get_parameter('oauth_consumer_key')) try: token = store.get_access_token( request, oauth_request, consumer, oauth_request.get_parameter('oauth_token')) except InvalidTokenError: return send_oauth_error( Error( _('Invalid access token: %s') % oauth_request.get_parameter('oauth_token'))) try: parameters = self.validate_token(request, consumer, token) except Error, e: return send_oauth_error(e) if self.resource_name and token.resource.name != self.resource_name: return send_oauth_error( Error(_('You are not allowed to access this resource.'))) elif consumer and token: # Hack request.user = token.user return self.view_func(request, *args, **kwargs) return send_oauth_error(Error(_('Invalid request parameters.')))
def oauth_header(self): extracted = {} try: auth_header = self.request.headers['authorization'] if auth_header[:6] == 'OAuth ': auth_header = auth_header.lstrip('OAuth ') try: extracted = oauth2.Request._split_header(auth_header) except Exception, e: log.err() raise Error( 'Unable to parse OAuth parameters from the Authorization Header.' ) except KeyError: pass return extracted
def _check_signature(self, request, consumer, token): """Determines if the request was made with good signing practices""" try: nonce = request.oauth_params['oauth_nonce'] except KeyError: raise PartialOAuthRequest("Missing oauth_nonce.") self._check_nonce(nonce) # was the request made within a predefined window of time try: timestamp = request.oauth_params['oauth_timestamp'] except KeyError: raise PartialOAuthRequest("Missing oauth_timestamp.") self._check_timestamp(timestamp) # TODO: scheme to signature verification (e.g. http to HMAC-SHA1) # get the signature method signature_name = request.oauth_params.get('oauth_signature_method') # get the signing method from the dictionary of known signing methods try: signature_method = self.signature_methods[signature_name] except KeyError: raise UnknownSignature("%s is a signature method unknown to this" " application." % signature_method) # get the signature from the request try: signature = request.oauth_params['oauth_signature'] except KeyError: raise MissingSignature('The oauth_signature is missing.') # validate the signature valid = signature_method.check(request, consumer, token, signature) if not valid: key, base = signature_method.signing_base(request, consumer, token) raise Error( 'Invalid signature. Expected signature base string: %s' % base)
def _raise_oauth_error(*args, **kwargs): from oauth2 import Error raise Error("Some error.")