def parse(request, more_id=None):
r_dict = {}
# Build headers from request in request dict
r_dict = get_headers(request.META, r_dict)
# Traditional authorization should be passed in headers
if 'Authorization' in r_dict:
# OAuth will always be dict, not http auth. Set required fields for oauth module and lrs_auth for authentication
# module
auth_params = r_dict['Authorization']
if auth_params[:6] == 'OAuth ':
# Make sure it has the required/valid oauth headers
if CheckOAuth.is_valid_request(request):
try:
consumer, token, parameters = CheckOAuth.validate_token(request)
except OAuthError, e:
raise OauthUnauthorized(send_oauth_error(e))
# Set consumer and token for authentication piece
r_dict['oauth_consumer'] = consumer
r_dict['oauth_token'] = token
r_dict['lrs_auth'] = 'oauth'
else:
raise OauthUnauthorized(send_oauth_error(OAuthError(_('Invalid request parameters.'))))
# Used for OAuth scope
endpoint = request.path[5:]
# Since we accept with or without / on end
if endpoint.endswith("/"):
endpoint = endpoint[:-1]
r_dict['endpoint'] = endpoint
else:
r_dict['lrs_auth'] = 'http'
def set_authorization(r_dict, request):
auth_params = r_dict['headers']['Authorization']
if auth_params[:6] == 'OAuth ':
# Make sure it has the required/valid oauth headers
if CheckOAuth.is_valid_request(request):
try:
consumer, token, parameters = CheckOAuth.validate_token(
request)
except OAuthError, e:
raise OauthUnauthorized(send_oauth_error(e))
# Set consumer and token for authentication piece
r_dict['auth']['oauth_consumer'] = consumer
r_dict['auth']['oauth_token'] = token
r_dict['auth']['type'] = 'oauth'
else:
raise OauthUnauthorized(
send_oauth_error(
OAuthError(_('Invalid OAuth request parameters.'))))
# Used for OAuth scope
endpoint = request.path[5:]
# Since we accept with or without / on end
if endpoint.endswith("/"):
endpoint = endpoint[:-1]
r_dict['auth']['endpoint'] = endpoint
def __call__(self, request, *args, **kwargs):
if self.is_valid_request(request):
try:
consumer, token, parameters = self.validate_token(request)
except OAuthError, e:
return send_oauth_error(e)
if self.resource_name and token.resource.name != self.resource_name:
return send_oauth_error(OAuthError(_('You are not allowed to access this resource.')))
elif consumer and token:
form = self.form(request.REQUEST)
if form.is_valid():
return self.view(request, form, token.user)
else:
return self.invalid_form(request, form)
def oauth_helper(request):
consumer = request['auth']['oauth_consumer']
token = request['auth']['oauth_token']
# Make sure consumer has been accepted by system
if consumer.status != ACCEPTED:
raise OauthUnauthorized(
send_oauth_error("%s has not been authorized" %
str(consumer.name)))
# make sure the token is an approved access token
if token.token_type != Token.ACCESS or not token.is_approved:
raise OauthUnauthorized(
send_oauth_error("The access token is not valid"))
user = token.user
user_name = user.username
if user.email.startswith('mailto:'):
user_email = user.email
else:
user_email = 'mailto:%s' % user.email
consumer = token.consumer
members = [{
"account": {
"name": consumer.key,
"homePage": "lrs://XAPI/OAuth/token/"
},
"objectType": "Agent",
"oauth_identifier": "anonoauth:%s" % (consumer.key)
}, {
"name": user_name,
"mbox": user_email,
"objectType": "Agent"
}]
kwargs = {
"objectType": "Group",
"member": members,
"oauth_identifier": "anongroup:%s-%s" % (consumer.key, user_email)
}
# create/get oauth group and set in dictionary
oauth_group, created = Agent.objects.oauth_group(**kwargs)
request['auth']['id'] = oauth_group
def set_authorization(r_dict, request):
auth_params = r_dict['headers']['Authorization']
if auth_params[:6] == 'OAuth ':
# Make sure it has the required/valid oauth headers
if CheckOAuth.is_valid_request(request):
try:
consumer, token, parameters = CheckOAuth.validate_token(request)
except OAuthError, e:
raise OauthUnauthorized(send_oauth_error(e))
# Set consumer and token for authentication piece
r_dict['auth']['oauth_consumer'] = consumer
r_dict['auth']['oauth_token'] = token
r_dict['auth']['type'] = 'oauth'
else:
raise OauthUnauthorized(send_oauth_error(OAuthError(_('Invalid OAuth request parameters.'))))
# Used for OAuth scope
endpoint = request.path[5:]
# Since we accept with or without / on end
if endpoint.endswith("/"):
endpoint = endpoint[:-1]
r_dict['auth']['endpoint'] = endpoint
def set_authorization(r_dict, request):
auth_params = r_dict["headers"]["Authorization"]
if auth_params[:6] == "OAuth ":
# Make sure it has the required/valid oauth headers
if CheckOAuth.is_valid_request(request):
try:
consumer, token, parameters = CheckOAuth.validate_token(request)
except OAuthError, e:
raise OauthUnauthorized(send_oauth_error(e))
# Set consumer and token for authentication piece
r_dict["auth"]["oauth_consumer"] = consumer
r_dict["auth"]["oauth_token"] = token
r_dict["auth"]["type"] = "oauth"
else:
raise OauthUnauthorized(send_oauth_error(OAuthError(_("Invalid OAuth request parameters."))))
# Used for OAuth scope
endpoint = request.path[5:]
# Since we accept with or without / on end
if endpoint.endswith("/"):
endpoint = endpoint[:-1]
r_dict["auth"]["endpoint"] = endpoint
def oauth_helper(request):
# Verifies the oauth request
if is_valid_request(request):
# Validates the incoming consumer, token, and params
try:
consumer, token, parameters = validate_token(request)
except OAuthError, e:
raise OauthUnauthorized(send_oauth_error(e))
if consumer and token:
if consumer.status != ACCEPTED:
raise OauthUnauthorized(send_oauth_error("%s has not been authorized" % str(consumer.name)))
# All is the only scope being supported - need to correct the user/auth_id workflow
if token.resource.name.lower() == 'all':
user = token.user
user_name = user.username
user_email = user.email
consumer = token.consumer
members = [
{
"account":{
"name":consumer.key,
"homePage":"/XAPI/OAuth/token/"
},
"objectType": "Agent"
},
{
"name":user_name,
"mbox":user_email,
"objectType": "Agent"
}
]
kwargs = {"objectType":"Group", "member":members}
oauth_group, created = models.group.objects.gen(**kwargs)
oauth_group.save()
request['auth'] = oauth_group
else:
raise BadRequest("Only the 'all' scope is supported.")
def oauth_authorize_wrapper(request):
"""Wraps the actual oauth user_authorization view, providing for a
mechanism for the user to cancel the request."""
if request.POST:
if request.POST.get('cancel', False):
oauth_server, oauth_request = initialize_server_request(request)
try:
token = oauth_server.fetch_request_token(oauth_request)
except OAuthError, err:
return send_oauth_error(err)
application = get_object_or_404(OAuthApplication, consumer=token.consumer)
context = {'oauth_token':token.key, 'application':application}
return render_to_response('oauth_authorize_denied.html', context_instance=RequestContext(request, context))
def oauth_helper(request):
consumer = request['oauth_consumer']
token = request['oauth_token']
# Make sure consumer has been accepted by system
if consumer.status != ACCEPTED:
raise OauthUnauthorized(send_oauth_error("%s has not been authorized" % str(consumer.name)))
# make sure the token is an approved access token
if token.token_type != Token.ACCESS or not token.is_approved:
raise OauthUnauthorized(send_oauth_error("The token is not valid"))
user = token.user
user_name = user.username
if user.email.startswith('mailto:'):
user_email = user.email
else:
user_email = 'mailto:%s' % user.email
consumer = token.consumer
members = [
{
"account":{
"name":consumer.key,
"homePage":"/XAPI/OAuth/token/"
},
"objectType": "Agent",
"oauth_identifier": "Anonymous agent for account %s" % consumer.key
},
{
"name":user_name,
"mbox":user_email,
"objectType": "Agent"
}
]
kwargs = {"objectType":"Group", "member":members,"oauth_identifier": "Anonymous group for %s and %s" % (consumer.key, user_name)}
# create/get oauth group and set in dictionary
oauth_group, created = agent.objects.gen(**kwargs)
request['auth'] = oauth_group
def process_view(self, request, view_func, view_args, view_kwargs):
if default_is_request_api(request):
request.__class__.user = LazyAnonUser()
resource_name = getattr(request, 'oauth_resource_name', None)
if CheckOAuth.is_valid_request(request):
try:
consumer, token, parameters = CheckOAuth.validate_token(request)
except OAuthError, e:
return None
#!! ??return send_oauth_error(e)
if resource_name and token.resource.name != resource_name:
return send_oauth_error(OAuthError(_('You are not allowed to access this resource.')))
elif consumer and token:
if token.user:
request.__class__.user = token.user
class oauth_api_method(object):
def __init__(self, view):
update_wrapper(self, view)
self.view = view
form_name = ''.join(n.capitalize() for n in self.__name__.split('_')) + 'Form'
self.form = getattr(forms, form_name)
def __call__(self, request, *args, **kwargs):
if self.is_valid_request(request):
try:
consumer, token, parameters = self.validate_token(request)
except OAuthError, e:
return send_oauth_error(e)
if self.resource_name and token.resource.name != self.resource_name:
return send_oauth_error(OAuthError(_('You are not allowed to access this resource.')))
elif consumer and token:
form = self.form(request.REQUEST)
if form.is_valid():
return self.view(request, form, token.user)
else:
return self.invalid_form(request, form)
return send_oauth_error(OAuthError(_('Invalid request parameters.')))
def could_not_verify_oauth_request_response(scheme, domain):
send_oauth_error(scheme, domain,
oauth.Error(_('Could not verify OAuth request.')))
def GetInvalidScopeResponse():
return send_oauth_error(
oauth.Error(_('You are not allowed to access this resource.')))
def invalid_params_response(scheme, domain):
send_oauth_error(
oauth.Error(scheme, domain, _('Invalid request parameters.')))
def invalid_scope_response(scheme, domain):
send_oauth_error(
scheme, domain,
oauth.Error(_('You are not allowed to access this resource.')))
"objectType": "Agent"
},
{
"name":user_name,
"mbox":user_email,
"objectType": "Agent"
}
]
kwargs = {"objectType":"Group", "member":members}
oauth_group, created = models.group.objects.gen(**kwargs)
oauth_group.save()
request['auth'] = oauth_group
else:
raise BadRequest("Only the 'all' scope is supported.")
else:
raise OauthUnauthorized(send_oauth_error(OAuthError(_('Invalid request parameters.'))))
def is_valid_request(request):
"""
Checks whether the required parameters are either in
the http-authorization header sent by some clients,
which is by the way the preferred method according to
OAuth spec, but otherwise fall back to `GET` and `POST`.
"""
is_in = lambda l: all((p in l) for p in OAUTH_PARAMETERS_NAMES)
auth_params = request.get("Authorization", [])
return is_in(auth_params)
def validate_token(request):
# Creates the oauth server and request. Verifies the request against server
oauth_server, oauth_request = initialize_server_request(request)
def GetCouldNotVerifyOAuthRequestResponse():
return send_oauth_error(oauth.Error(_('Could not verify OAuth request.')))
def invalid_scope_response(scheme, domain):
send_oauth_error(scheme, domain,
oauth.Error(_('You are not allowed to access this resource.')))
def could_not_verify_oauth_request_response(scheme, domain):
send_oauth_error(scheme, domain,
oauth.Error(_('Could not verify OAuth request.')))
def GetInvalidParamsResponse():
return send_oauth_error(oauth.Error(_('Invalid request parameters.')))
# -*- coding: utf-8 -*-
from django.utils.translation import ugettext as _
from django.http import HttpResponseBadRequest
import oauth2 as oauth
from oauth_provider.utils import send_oauth_error
INVALID_PARAMS_RESPONSE = send_oauth_error(oauth.Error(_('Invalid request parameters.')))
INVALID_CONSUMER_RESPONSE = HttpResponseBadRequest('Invalid Consumer.')
INVALID_SCOPE_RESPONSE = send_oauth_error(oauth.Error(_('You are not allowed to access this resource.')))
COULD_NOT_VERIFY_OAUTH_REQUEST_RESPONSE = send_oauth_error(oauth.Error(_('Could not verify OAuth request.')))
def challenge_response(self):
return send_oauth_error()
def login(self, request):
if CheckOAuth.is_valid_request(request):
try:
consumer, token, parameters = CheckOAuth.validate_token(request)
except OAuthError, e:
return send_oauth_error(e)
from django.utils.translation import ugettext as _
from oauth.oauth import OAuthError
from oauth_provider.decorators import CheckOAuth
from oauth_provider.utils import send_oauth_error
from dapi.auth import AuthBase
class AuthOAuth(AuthBase):
def check_request(self, request):
if CheckOAuth.is_valid_request(request):
try:
CheckOAuth.validate_token(request)
except OAuthError, e:
return send_oauth_error(e)
else:
return send_oauth_error(
OAuthError(_("Invalid request parameters.")))
return None
def check_request(self, request):
if CheckOAuth.is_valid_request(request):
try:
CheckOAuth.validate_token(request)
except OAuthError, e:
return send_oauth_error(e)
from django.utils.translation import ugettext as _
from oauth.oauth import OAuthError
from oauth_provider.decorators import CheckOAuth
from oauth_provider.utils import send_oauth_error
from dapi.auth import AuthBase
class AuthOAuth(AuthBase):
def check_request(self, request):
if CheckOAuth.is_valid_request(request):
try:
CheckOAuth.validate_token(request)
except OAuthError, e:
return send_oauth_error(e)
else:
return send_oauth_error(OAuthError(_("Invalid request parameters.")))
return None
def check_request(self, request):
if CheckOAuth.is_valid_request(request):
try:
CheckOAuth.validate_token(request)
except OAuthError, e:
return send_oauth_error(e)
def invalid_params_response(scheme, domain):
send_oauth_error(
oauth.Error(scheme, domain, _('Invalid request parameters.')))
# -*- coding: utf-8 -*-
from django.utils.translation import ugettext as _
from django.http import HttpResponseBadRequest
import oauth2 as oauth
from oauth_provider.utils import send_oauth_error
INVALID_PARAMS_RESPONSE = send_oauth_error(
oauth.Error(_('Invalid request parameters.')))
INVALID_CONSUMER_RESPONSE = HttpResponseBadRequest('Invalid Consumer.')
INVALID_SCOPE_RESPONSE = send_oauth_error(
oauth.Error(_('You are not allowed to access this resource.')))
COULD_NOT_VERIFY_OAUTH_REQUEST_RESPONSE = send_oauth_error(
oauth.Error(_('Could not verify OAuth request.')))
def challenge():
return send_oauth_error(err)
