def authorize_token():
try:
oauth_server, oauth_request = initialize_server_request(request)
if oauth_server is None:
raise OAuthError('Invalid request parameters.')
# get the request token
token = oauth_server.fetch_request_token(oauth_request)
oauth_map = OAuthMap.get_from_request_token(token.key_)
if not oauth_map:
raise OAuthError("Unable to find oauth_map from request token "
"during authorization.")
# Get user from oauth map using either FB or Google access token
user_data = oauth_map.get_user_data()
if not user_data:
raise OAuthError("User not logged in during authorize_token "
"process.")
# For now we don't require user intervention to authorize our tokens,
# since the user already authorized FB/Google. If we need to do this
# for security reasons later, there's no reason we can't.
token = oauth_server.authorize_token(token, user_data.user)
oauth_map.verifier = token.verifier
oauth_map.put()
return custom_scheme_redirect(
oauth_map.callback_url_with_request_token_params(
include_verifier=True))
except OAuthError, e:
return oauth_error_response(e)
def access_token():
oauth_server, oauth_request = initialize_server_request(request)
if oauth_server is None:
return oauth_error_response(OAuthError('Invalid request parameters.'))
try:
# Create our access token
token = oauth_server.fetch_access_token(oauth_request)
if not token:
return oauth_error_response(OAuthError("Cannot find corresponding "
"access token."))
# Grab the mapping of access tokens to our identity providers
oauth_map = OAuthMap.get_from_request_token(
oauth_request.get_parameter("oauth_token"))
if not oauth_map:
return oauth_error_response(OAuthError("Cannot find oauth mapping "
"for request token."))
oauth_map.access_token = token.key_
oauth_map.access_token_secret = token.secret
oauth_map.put()
except OAuthError, e:
return oauth_error_response(e)
def test_post_using_auth_in_body_content_type_and_application_x_www_form_urlencoded(self):
"""Opposite of test_that_initialize_server_request_when_custom_content_type,
If content type is application/x-www-form-urlencoded, post data should be added to params,
and it affects signature
"""
self._request_token()
self._authorize_and_access_token_using_form()
data={"foo": "bar"}
content_type = "application/x-www-form-urlencoded"
querystring = self.__make_querystring_with_HMAC_SHA1("POST", "/path/to/post", data, content_type)
#we're just using the request, don't bother faking sending it
rf = RequestFactory()
request = rf.post(querystring, urllib.urlencode(data), content_type)
#this is basically a "remake" of the relevant parts of OAuthAuthentication in django-rest-framework
oauth_request = utils.get_oauth_request(request)
consumer_key = oauth_request.get_parameter('oauth_consumer_key')
consumer = oauth_provider_store.get_consumer(request, oauth_request, consumer_key)
token_param = oauth_request.get_parameter('oauth_token')
token = oauth_provider_store.get_access_token(request, oauth_request, consumer, token_param)
oauth_server, oauth_request = utils.initialize_server_request(request)
#check that this does not throw an oauth.Error
oauth_server.verify_request(oauth_request, consumer, token)
def authorize_token():
try:
oauth_server, oauth_request = initialize_server_request(request)
if oauth_server is None:
raise OAuthError('Invalid request parameters.')
# get the request token
token = oauth_server.fetch_request_token(oauth_request)
oauth_map = OAuthMap.get_from_request_token(token.key_)
if not oauth_map:
raise OAuthError("Unable to find oauth_map from request token "
"during authorization.")
# Get user from oauth map using either FB or Google access token
user_data = oauth_map.get_user_data()
if not user_data:
raise OAuthError("User not logged in during authorize_token "
"process.")
# For now we don't require user intervention to authorize our tokens,
# since the user already authorized FB/Google. If we need to do this
# for security reasons later, there's no reason we can't.
token = oauth_server.authorize_token(token, user_data.user)
oauth_map.verifier = token.verifier
oauth_map.put()
return custom_scheme_redirect(
oauth_map.callback_url_with_request_token_params(
include_verifier=True))
except OAuthError, e:
return oauth_error_response(e)
def access_token():
oauth_server, oauth_request = initialize_server_request(request)
if oauth_server is None:
return oauth_error_response(OAuthError('Invalid request parameters.'))
try:
# Create our access token
token = oauth_server.fetch_access_token(oauth_request)
if not token:
return oauth_error_response(
OAuthError("Cannot find corresponding "
"access token."))
# Grab the mapping of access tokens to our identity providers
oauth_map = OAuthMap.get_from_request_token(
oauth_request.get_parameter("oauth_token"))
if not oauth_map:
return oauth_error_response(
OAuthError("Cannot find oauth mapping "
"for request token."))
oauth_map.access_token = token.key_
oauth_map.access_token_secret = token.secret
oauth_map.put()
except OAuthError, e:
return oauth_error_response(e)
def test_that_initialize_server_request_when_custom_content_type(self):
"""Chceck if post data is not included in params when constent type
is not application/x-www-form-urlencoded. It would cause problems only when signature method is
HMAC-SHA1
"""
data = json.dumps({"data": {"foo": "bar"}})
content_type = "application/json"
querystring = self._make_querystring_with_HMAC_SHA1("POST", "/path/to/post", data, content_type)
#we're just using the request, don't bother faking sending it
rf = RequestFactory()
request = rf.post(querystring, data, content_type)
#this is basically a "remake" of the relevant parts of OAuthAuthentication in django-rest-framework
oauth_request = utils.get_oauth_request(request)
consumer_key = oauth_request.get_parameter('oauth_consumer_key')
consumer = oauth_provider_store.get_consumer(request, oauth_request, consumer_key)
token_param = oauth_request.get_parameter('oauth_token')
token = oauth_provider_store.get_access_token(request, oauth_request, consumer, token_param)
oauth_server, oauth_request = utils.initialize_server_request(request)
#check that this does not throw an oauth.Error
oauth_server.verify_request(oauth_request, consumer, token)
def test_that_initialize_server_request_when_custom_content_type(self):
"""Chceck if post data is not included in params when constent type
is not application/x-www-form-urlencoded. It would cause problems only when signature method is
HMAC-SHA1
"""
data = json.dumps({"data": {"foo": "bar"}})
content_type = "application/json"
querystring = self.__make_querystring_with_HMAC_SHA1("POST", "/path/to/post", data, content_type)
#we're just using the request, don't bother faking sending it
rf = RequestFactory()
request = rf.post(querystring, data, content_type)
#this is basically a "remake" of the relevant parts of OAuthAuthentication in django-rest-framework
oauth_request = utils.get_oauth_request(request)
consumer_key = oauth_request.get_parameter('oauth_consumer_key')
consumer = oauth_provider_store.get_consumer(request, oauth_request, consumer_key)
token_param = oauth_request.get_parameter('oauth_token')
token = oauth_provider_store.get_access_token(request, oauth_request, consumer, token_param)
oauth_server, oauth_request = utils.initialize_server_request(request)
#check that this does not throw an oauth.Error
oauth_server.verify_request(oauth_request, consumer, token)
def test_post_using_auth_in_body_content_type_and_application_x_www_form_urlencoded(self):
"""Opposite of test_that_initialize_server_request_when_custom_content_type,
If content type is application/x-www-form-urlencoded, post data should be added to params,
and it affects signature
"""
self._request_token()
self._authorize_and_access_token_using_form()
data = {"foo": "bar"}
content_type = "application/x-www-form-urlencoded"
querystring = self._make_querystring_with_HMAC_SHA1("POST", "/path/to/post", data, content_type)
#we're just using the request, don't bother faking sending it
rf = RequestFactory()
request = rf.post(querystring, urllib.urlencode(data), content_type)
# this is basically a "remake" of the relevant parts of
# OAuthAuthentication in django-rest-framework
oauth_request = utils.get_oauth_request(request)
consumer_key = oauth_request.get_parameter('oauth_consumer_key')
consumer = oauth_provider_store.get_consumer(request, oauth_request, consumer_key)
token_param = oauth_request.get_parameter('oauth_token')
token = oauth_provider_store.get_access_token(request, oauth_request, consumer, token_param)
oauth_server, oauth_request = utils.initialize_server_request(request)
#check that this does not throw an oauth.Error
oauth_server.verify_request(oauth_request, consumer, token)
def access_token():
oauth_server, oauth_request = initialize_server_request(request)
if oauth_server is None:
return oauth_error_response(OAuthError('Invalid request parameters.'))
try:
# Create our access token
token = oauth_server.fetch_access_token(oauth_request)
if not token:
return oauth_error_response(OAuthError("Cannot find corresponding access token."))
# Grab the mapping of access tokens to our identity providers
oauth_map = OAuthMap.get_from_request_token(oauth_request.get_parameter("oauth_token"))
if not oauth_map:
return oauth_error_response(OAuthError("Cannot find oauth mapping for request token."))
oauth_map.access_token = token.key_
oauth_map.access_token_secret = token.secret
oauth_map.put()
# Flush the "apply phase" of the above put() to ensure that subsequent
# retrievals of this OAuthmap returns fresh data. GAE's HRD can
# otherwise take a second or two to propagate the data, and the
# client may use the access token quicker than that.
oauth_map = OAuthMap.get(oauth_map.key())
except OAuthError, e:
return oauth_error_response(e)
def request_token():
oauth_server, oauth_request = initialize_server_request(request)
if oauth_server is None:
return oauth_error_response(OAuthError('Invalid request parameters.'))
try:
# Create our request token
token = oauth_server.fetch_request_token(oauth_request)
except OAuthError, e:
return oauth_error_response(e)
def request_token():
oauth_server, oauth_request = initialize_server_request(request)
if oauth_server is None:
return oauth_error_response(OAuthError('Invalid request parameters.'))
try:
# Create our request token
token = oauth_server.fetch_request_token(oauth_request)
except OAuthError, e:
return oauth_error_response(e)
def oauth_authorize_wrapper(request):
"""Wraps the actual oauth user_authorization view, providing for a
mechanism for the user to cancel the request."""
if request.POST:
if request.POST.get('cancel', False):
oauth_server, oauth_request = initialize_server_request(request)
try:
token = oauth_server.fetch_request_token(oauth_request)
except OAuthError, err:
return send_oauth_error(err)
application = get_object_or_404(OAuthApplication, consumer=token.consumer)
context = {'oauth_token':token.key, 'application':application}
return render_to_response('oauth_authorize_denied.html', context_instance=RequestContext(request, context))
def validate_token(request):
# Creates the oauth server and request. Verifies the request against server
oauth_server, oauth_request = initialize_server_request(request)
return oauth_server.verify_request(oauth_request)
def validate_token(request):
oauth_server, oauth_request = initialize_server_request(request)
return oauth_server.verify_request(oauth_request)
