def OAuthCheckAccessResource(cls): from indico.modules.oauth.db import ConsumerHolder, AccessTokenHolder, OAuthServer oauth_request = oauth.Request.from_request(request.method, request.base_url, request.headers, parameters=create_flat_args()) Logger.get('oauth.resource').info(oauth_request) try: now = nowutc() consumer_key = oauth_request.get_parameter('oauth_consumer_key') if not ConsumerHolder().hasKey(consumer_key): raise OAuthError('Invalid Consumer Key', 401) consumer = ConsumerHolder().getById(consumer_key) token = oauth_request.get_parameter('oauth_token') if not token or not AccessTokenHolder().hasKey(token): raise OAuthError('Invalid Token', 401) access_token = AccessTokenHolder().getById(token) oauth_consumer = oauth.Consumer(consumer.getId(), consumer.getSecret()) OAuthServer.getInstance().verify_request(oauth_request, oauth_consumer, access_token.getToken()) if access_token.getConsumer().getId() != oauth_consumer.key: raise OAuthError('Invalid Consumer Key', 401) elif (now - access_token.getTimestamp()) > timedelta(seconds=Config.getInstance().getOAuthAccessTokenTTL()): raise OAuthError('Expired Token', 401) return access_token except oauth.Error, e: if e.message.startswith("Invalid Signature"): raise OAuthError("Invalid Signature", 401) else: raise OAuthError(e.message, 400)
def OAuthCheckAccessResource(cls, req, query_string): from indico.modules.oauth.db import ConsumerHolder, AccessTokenHolder, OAuthServer oauth_request = oauth.Request.from_request(req.get_method(),req.construct_url(req.get_uri()), headers=req.headers_in, query_string=urlencode(query_string)) Logger.get('oauth.resource').info(oauth_request) try: now = time.time() consumer_key = oauth_request.get_parameter('oauth_consumer_key') if not ConsumerHolder().hasKey(consumer_key): raise OAuthError('Invalid Consumer Key' , apache.HTTP_UNAUTHORIZED) consumer = ConsumerHolder().getById(consumer_key) token = oauth_request.get_parameter('oauth_token') if not token or not AccessTokenHolder().hasKey(token): raise OAuthError('Invalid Token', apache.HTTP_UNAUTHORIZED) access_token = AccessTokenHolder().getById(token) oauth_consumer = oauth.Consumer(consumer.getId(), consumer.getSecret()) OAuthServer.getInstance().verify_request(oauth_request, oauth_consumer, access_token.getToken()) if access_token.getConsumer().getId() != oauth_consumer.key: raise OAuthError('Invalid Consumer Key' , apache.HTTP_UNAUTHORIZED) elif (now - access_token.getTimestamp()) > Config.getInstance().getOAuthAccessTokenTTL(): raise OAuthError('Expired Token', apache.HTTP_UNAUTHORIZED) return access_token except oauth.Error, e: if e.message.startswith("Invalid Signature"): raise OAuthError("Invalid Signature", apache.HTTP_UNAUTHORIZED) else: raise OAuthError(e.message, apache.HTTP_BAD_REQUEST)
def getVars(self): wvars = WTemplated.getVars(self) ath = AccessTokenHolder() wvars["formatTimestamp"] = lambda ts: format_datetime( ts, format='d/M/yyyy H:mm') wvars['tokens'] = sorted(ath.getList(), key=lambda t: t.getUser().getId()) return wvars
def _process(self): try: user = self._request_token.getUser() access_tokens = Catalog.getIdx('user_oauth_access_token').get(user.getId()) timestamp = nowutc() if access_tokens is not None: for access_token in list(access_tokens): if access_token.getConsumer().getName() == self._request_token.getConsumer().getName(): access_token.setTimestamp(timestamp) response = {'oauth_token': access_token.getId(), 'oauth_token_secret': access_token.getToken().secret, 'user_id': user.getId(), 'oauth_token_ttl': Config.getInstance().getOAuthAccessTokenTTL(), 'oauth_token_expiration_timestamp': access_token.getTimestamp() + timedelta(seconds=Config.getInstance().getOAuthAccessTokenTTL())} return urlencode(response) access_token_key = OAuthUtils.gen_random_string() access_token_secret = OAuthUtils.gen_random_string() access_token = Token(access_token_key, oauth.Token(access_token_key, access_token_secret), timestamp, self._request_token.getConsumer(), user) AccessTokenHolder().add(access_token) response = {'oauth_token': access_token_key, 'oauth_token_secret': access_token_secret, 'user_id': user.getId(), 'oauth_token_ttl': Config.getInstance().getOAuthAccessTokenTTL(), 'oauth_token_expiration_timestamp': access_token.getTimestamp() + timedelta(seconds=Config.getInstance().getOAuthAccessTokenTTL())} return urlencode(response) except oauth.Error, err: raise OAuthError(err.message, 401)
def OAuthCheckAccessResource(cls): from indico.modules.oauth.db import ConsumerHolder, AccessTokenHolder, OAuthServer oauth_request = oauth.Request.from_request( request.method, request.base_url, request.headers, parameters=create_flat_args()) Logger.get('oauth.resource').info(oauth_request) try: now = nowutc() consumer_key = oauth_request.get_parameter('oauth_consumer_key') if not ConsumerHolder().hasKey(consumer_key): raise OAuthError('Invalid Consumer Key', 401) consumer = ConsumerHolder().getById(consumer_key) token = oauth_request.get_parameter('oauth_token') if not token or not AccessTokenHolder().hasKey(token): raise OAuthError('Invalid Token', 401) access_token = AccessTokenHolder().getById(token) oauth_consumer = oauth.Consumer(consumer.getId(), consumer.getSecret()) OAuthServer.getInstance().verify_request(oauth_request, oauth_consumer, access_token.getToken()) if access_token.getConsumer().getId() != oauth_consumer.key: raise OAuthError('Invalid Consumer Key', 401) elif (now - access_token.getTimestamp()) > timedelta( seconds=Config.getInstance().getOAuthAccessTokenTTL()): raise OAuthError('Expired Token', 401) return access_token except oauth.Error, e: if e.message.startswith("Invalid Signature"): raise OAuthError("Invalid Signature", 401) else: raise OAuthError(e.message, 400)
def _getAnswer(self): request_tokens = Catalog.getIdx('user_oauth_request_token').get( self._target.getId()) access_tokens = Catalog.getIdx('user_oauth_access_token').get( self._target.getId()) if request_tokens: for token in list(request_tokens): if token.getConsumer().getName() == self._third_party_app: RequestTokenHolder().remove(token) if access_tokens: for token in list(access_tokens): if token.getConsumer().getName() == self._third_party_app: AccessTokenHolder().remove(token) return True
def getVars(self): wvars = WTemplated.getVars(self) ath = AccessTokenHolder() wvars["formatTimestamp"] = lambda ts: format_datetime(ts, format='d/M/yyyy H:mm') wvars['tokens'] = sorted(ath.getList(), key=lambda t: t.getUser().getId()) return wvars