def api_nexus_message_nonce(request): session = DBSession() auth_header = {} if ('Authorization' in request.headers): auth_header = {'Authorization': request.headers['Authorization']} # make temp request to get our header parameters req = oauth2.Request.from_request( request.method, request.url, headers = auth_header, parameters = dict([(k,v) for k,v in request.params.iteritems()])) consumer = ConsumerKeySecret.getByConsumerKey(req.get("oauth_consumer_key")) if (consumer is False): return {"Error": "No record for the key and secret found."} token = Token.getByToken(req.get("oauth_token")) if (token is False): return {"Error": "No record for the token key and token secret found."} req = oauth2.Request.from_consumer_and_token(consumer, token = token, http_method = request.method, http_url = request.url, parameters = dict([(k, v) for k,v in req.iteritems()])) try: oauth_server.verify_request(req, consumer, token) except oauth2.Error, e: return {"Oauth error": str(e)}
def api_do_authorize_token(request): session = DBSession() matchdict = request.matchdict appType = matchdict.get("appType", "") # First check that the logged in user is the holder of this token given_token = request.params.get("token") token = Token.getByToken(given_token) consumer = ConsumerKeySecret.getByConsumerID(token.consumer_key_secret.id) if (not consumer): request.session.flash(_("Unable to find consumer key in the database; this should never happen!")) return HTTPFound(location = route_url("home", request)) if (token): if (token.consumer_key_secret.user.id != request.logged_in): request.session.flash(_("Attempt to use an authorization token that does not belong to you.")) return HTTPFound(location = route_url("home", request)) else: request.session.flash(_("Malformed authorization token parameters.")) return HTTPFound(location = route_url("home", request)) # Generate a new token to replace this now non-useful authorization token randomData = hashlib.sha1(str(random.random())).hexdigest() key = generateRandomKey() secret = generateRandomKey() token.token = key token.token_secret = secret token.consumer_id = consumer.id token.timestamp = time.time() token.setAccessType() if (appType == "android"): token.callback_url = token.callback_url + "?oauth_token=%s&oauth_token_secret=%s" % (token.token, token.token_secret) session.add(token) return HTTPFound(location = token.callback_url)
def api_authorize_token(request): session = DBSession() matchdict = request.matchdict appType = matchdict.get("appType", "") # First check that the logged in user is the holder of this token token = Token.getByToken(request.params.get("oauth_token")) consumer = ConsumerKeySecret.getByConsumerKey(request.params.get("oauth_consumer_key")) if (token): if (token.consumer_key_secret.user.id != request.logged_in): request.session.flash(_("Attempt to use an authorization token that does not belong to you.")) return HTTPFound(location = route_url("home", request)) else: request.session.flash(_("Malformed authorization token parameters.")) return HTTPFound(location = route_url("home", request)) #fs = AuthorizeTokenFieldSet().bind(token, session = session, data = request.POST or None) return dict(title = _("Authorization application to post to Nexus"), token = token.token, token_secret = token.token_secret, callback_url = token.callback_url, appType = appType)