def checkUser(self): # 署名の検証を行う. #self.osa_util.checkOAuth() if settings_sub.IS_LOCAL: return try: if self.request.django_request.META.has_key('HTTP_AUTHORIZATION'): oauth_params = self.request.django_request.META['HTTP_AUTHORIZATION'] headers = {} headers.update(self.request.django_request.META) headers['Authorization'] = oauth_params oauth_request = oauth.OAuthRequest.from_request( self.request.method, self.request.url, headers = headers, query_string = self.request.query_string ) sig = oauth_request.get_parameter('oauth_signature') sig_build = oauth.OAuthSignatureMethod_HMAC_SHA1().build_signature(oauth_request, self.osa_util.consumer, None) self.osa_util.logger.trace('sig :' + sig) self.osa_util.logger.trace('sig_build:' + sig_build) if sig == sig_build: self.osa_util.logger.trace('sig_check_ok?:True') else: self.osa_util.logger.trace('sig_check_ok?:False') raise oauth.OAuthError('sig check error!!') else: raise CabaretError(u'署名を確認できません') except: raise CabaretError(u'署名を確認できません')
def test_exception_unicode_includes_user_friendly_message(self): # When the error is an authentication error, the message is more # user-friendly than the default 'Invalid consumer.'. original_exception = oauth.OAuthError('Invalid consumer.') maas_exception = OAuthUnauthorized(original_exception) self.assertThat(str(maas_exception), Contains("Authorization Error: Invalid API key."))
def test_exception_unicode_includes_original_failure_message(self): error_msg = factory.make_name('error-message') original_exception = oauth.OAuthError(error_msg) maas_exception = OAuthUnauthorized(original_exception) self.assertThat( str(maas_exception), Contains("Authorization Error: %r" % error_msg))
def lookup_nonce(self, oauth_consumer, oauth_token, nonce): if oauth_token and oauth_consumer.key == self.consumer.key and ( oauth_token.key == self.request_token.key or token.key == self.access_token.key) and nonce == self.nonce: return self.nonce else: raise oauth.OAuthError('Nonce not found: %s' % str(nonce)) return None
def mark_request_token_used(self, consumer, request_token): """ Mark that this request token has been used. Should fail if it is already used """ if not request_token.authorized_p: raise oauth.OAuthError("request token not authorized") request_token.delete()
def check_and_store_nonce(self, nonce_str): """ store the given nonce in some form to check for later duplicates IMPORTANT: raises an exception if the nonce has already been stored """ nonce, created = models.Nonce.objects.get_or_create(nonce=nonce_str) if not created: raise oauth.OAuthError("Nonce already exists")
def mark_request_token_used(self, consumer, request_token): """ Mark that this request token has been used. Should fail if it is already used """ new_rt = models.ReqToken.objects.get(pha=consumer, token=request_token.token) # authorized? if not new_rt.authorized: raise oauth.OAuthError("Request Token not Authorized") new_rt.delete()
def unauthorized(e): log.error('Error accessing resource %r', self.endpoint) code = getattr(e, 'code', 0) emsg = getattr(e, 'message', None) if code or (emsg == 'conn_fail'): is_error = True early_return = True headers = getattr(e, 'headers', {}) opensocial_err = headers.get('x-opensocial-error') if emsg == "conn_fail": log.error("\tconnection error occurred") elif code == 404: log.error("\tResource %r does not exist.", self.endpoint) elif code == 401: log.error('\tPermissions error accessing resource %r: %r', self.endpoint, e) early_return = not (opensocial_err is None or opensocial_err in REAUTHORIZE_ERROR_MESSAGES) if hasattr(e, 'document') and isinstance( e.document, basestring): try: json_error_info = json.loads(e.document) except Exception: pass else: if 'timestamp' in json_error_info.get( 'statusDescription', '').lower(): log.error( "\tGot timestamp message from error response: %r", json_error_info) early_return = True is_error = True e = oauth.OAuthError( oauth_data={ 'oauth_problem': 'timestamp_refused' }) elif code == 409: is_error = False log.error('\tConflict while performing action: %r', self.endpoint) else: log.error( '\tError is being handled as non-fatal. code = %r', code) if opensocial_err is not None: log.error( "\tadditionally, an opensocial error was encountered: %r", opensocial_err) if early_return: if is_error: log.info("callback.error = %r", callback.error) return callback.error(e) else: return callback.success(e) etxt = '' if hasattr(e, 'read'): etxt = e.read() if not etxt: etxt = repr(e) log.error("\terror text = %r", etxt) if not client.allow_authenticate(): log.info('authenticate not allowed') return client.authenticate_start() client.authorize_token( error=auth_error, success=lambda results: (client.token_authorized(results), client.fetch_access_token( error=auth_error, success=lambda results: (client.access_token_fetched(results), client.request(url, method=method, data=data, error=callback.error, success=lambda resp: callback.success( resp.document), **kw)))))
def check_signature(self, oauth_request, consumer, token, signature): if is_root(consumer, token) and not settings.API_ALLOW_ROOT_HMAC_SHA1: raise oauth.OAuthError("Invalid consumer") return super(JeOAuthSignatureMethod_HMAC_SHA1, self).check_signature(oauth_request, consumer, token, signature)