def verify_plaintext(request, client_secret=None, resource_owner_secret=None): """Verify a PLAINTEXT signature. Per `section 3.4`_ of the spec. .. _`section 3.4`: http://tools.ietf.org/html/rfc5849#section-3.4 """ signature = sign_plaintext(client_secret, resource_owner_secret) return safe_string_equals(signature, request.signature)
def verify_hmac_sha1(request, client_secret=None, resource_owner_secret=None): """Verify a HMAC-SHA1 signature. Per `section 3.4`_ of the spec. .. _`section 3.4`: http://tools.ietf.org/html/rfc5849#section-3.4 To satisfy `RFC2616 section 5.2`_ item 1, the request argument's uri attribute MUST be an absolute URI whose netloc part identifies the origin server or gateway on which the resource resides. Any Host item of the request argument's headers dict attribute will be ignored. .. _`RFC2616 section 5.2`: http://tools.ietf.org/html/rfc2616#section-5.2 """ norm_params = normalize_parameters(request.params) uri = normalize_base_string_uri(request.uri) base_string = construct_base_string(request.http_method, uri, norm_params) signature = sign_hmac_sha1(base_string, client_secret, resource_owner_secret) return safe_string_equals(signature, request.signature)