def parse(request, more_id=None): r_dict = {} # Build headers from request in request dict r_dict = get_headers(request.META, r_dict) # Traditional authorization should be passed in headers if 'Authorization' in r_dict: # OAuth will always be dict, not http auth. Set required fields for oauth module and lrs_auth for authentication # module auth_params = r_dict['Authorization'] if auth_params[:6] == 'OAuth ': # Make sure it has the required/valid oauth headers if CheckOAuth.is_valid_request(request): try: consumer, token, parameters = CheckOAuth.validate_token(request) except OAuthError, e: raise OauthUnauthorized(send_oauth_error(e)) # Set consumer and token for authentication piece r_dict['oauth_consumer'] = consumer r_dict['oauth_token'] = token r_dict['lrs_auth'] = 'oauth' else: raise OauthUnauthorized(send_oauth_error(OAuthError(_('Invalid request parameters.')))) # Used for OAuth scope endpoint = request.path[5:] # Since we accept with or without / on end if endpoint.endswith("/"): endpoint = endpoint[:-1] r_dict['endpoint'] = endpoint else: r_dict['lrs_auth'] = 'http'
def set_authorization(r_dict, request): auth_params = r_dict['headers']['Authorization'] if auth_params[:6] == 'OAuth ': # Make sure it has the required/valid oauth headers if CheckOAuth.is_valid_request(request): try: consumer, token, parameters = CheckOAuth.validate_token( request) except OAuthError, e: raise OauthUnauthorized(send_oauth_error(e)) # Set consumer and token for authentication piece r_dict['auth']['oauth_consumer'] = consumer r_dict['auth']['oauth_token'] = token r_dict['auth']['type'] = 'oauth' else: raise OauthUnauthorized( send_oauth_error( OAuthError(_('Invalid OAuth request parameters.')))) # Used for OAuth scope endpoint = request.path[5:] # Since we accept with or without / on end if endpoint.endswith("/"): endpoint = endpoint[:-1] r_dict['auth']['endpoint'] = endpoint
def __call__(self, request, *args, **kwargs): if self.is_valid_request(request): try: consumer, token, parameters = self.validate_token(request) except OAuthError, e: return send_oauth_error(e) if self.resource_name and token.resource.name != self.resource_name: return send_oauth_error(OAuthError(_('You are not allowed to access this resource.'))) elif consumer and token: form = self.form(request.REQUEST) if form.is_valid(): return self.view(request, form, token.user) else: return self.invalid_form(request, form)
def oauth_helper(request): consumer = request['auth']['oauth_consumer'] token = request['auth']['oauth_token'] # Make sure consumer has been accepted by system if consumer.status != ACCEPTED: raise OauthUnauthorized( send_oauth_error("%s has not been authorized" % str(consumer.name))) # make sure the token is an approved access token if token.token_type != Token.ACCESS or not token.is_approved: raise OauthUnauthorized( send_oauth_error("The access token is not valid")) user = token.user user_name = user.username if user.email.startswith('mailto:'): user_email = user.email else: user_email = 'mailto:%s' % user.email consumer = token.consumer members = [{ "account": { "name": consumer.key, "homePage": "lrs://XAPI/OAuth/token/" }, "objectType": "Agent", "oauth_identifier": "anonoauth:%s" % (consumer.key) }, { "name": user_name, "mbox": user_email, "objectType": "Agent" }] kwargs = { "objectType": "Group", "member": members, "oauth_identifier": "anongroup:%s-%s" % (consumer.key, user_email) } # create/get oauth group and set in dictionary oauth_group, created = Agent.objects.oauth_group(**kwargs) request['auth']['id'] = oauth_group
def set_authorization(r_dict, request): auth_params = r_dict['headers']['Authorization'] if auth_params[:6] == 'OAuth ': # Make sure it has the required/valid oauth headers if CheckOAuth.is_valid_request(request): try: consumer, token, parameters = CheckOAuth.validate_token(request) except OAuthError, e: raise OauthUnauthorized(send_oauth_error(e)) # Set consumer and token for authentication piece r_dict['auth']['oauth_consumer'] = consumer r_dict['auth']['oauth_token'] = token r_dict['auth']['type'] = 'oauth' else: raise OauthUnauthorized(send_oauth_error(OAuthError(_('Invalid OAuth request parameters.')))) # Used for OAuth scope endpoint = request.path[5:] # Since we accept with or without / on end if endpoint.endswith("/"): endpoint = endpoint[:-1] r_dict['auth']['endpoint'] = endpoint
def set_authorization(r_dict, request): auth_params = r_dict["headers"]["Authorization"] if auth_params[:6] == "OAuth ": # Make sure it has the required/valid oauth headers if CheckOAuth.is_valid_request(request): try: consumer, token, parameters = CheckOAuth.validate_token(request) except OAuthError, e: raise OauthUnauthorized(send_oauth_error(e)) # Set consumer and token for authentication piece r_dict["auth"]["oauth_consumer"] = consumer r_dict["auth"]["oauth_token"] = token r_dict["auth"]["type"] = "oauth" else: raise OauthUnauthorized(send_oauth_error(OAuthError(_("Invalid OAuth request parameters.")))) # Used for OAuth scope endpoint = request.path[5:] # Since we accept with or without / on end if endpoint.endswith("/"): endpoint = endpoint[:-1] r_dict["auth"]["endpoint"] = endpoint
def oauth_helper(request): # Verifies the oauth request if is_valid_request(request): # Validates the incoming consumer, token, and params try: consumer, token, parameters = validate_token(request) except OAuthError, e: raise OauthUnauthorized(send_oauth_error(e)) if consumer and token: if consumer.status != ACCEPTED: raise OauthUnauthorized(send_oauth_error("%s has not been authorized" % str(consumer.name))) # All is the only scope being supported - need to correct the user/auth_id workflow if token.resource.name.lower() == 'all': user = token.user user_name = user.username user_email = user.email consumer = token.consumer members = [ { "account":{ "name":consumer.key, "homePage":"/XAPI/OAuth/token/" }, "objectType": "Agent" }, { "name":user_name, "mbox":user_email, "objectType": "Agent" } ] kwargs = {"objectType":"Group", "member":members} oauth_group, created = models.group.objects.gen(**kwargs) oauth_group.save() request['auth'] = oauth_group else: raise BadRequest("Only the 'all' scope is supported.")
def oauth_authorize_wrapper(request): """Wraps the actual oauth user_authorization view, providing for a mechanism for the user to cancel the request.""" if request.POST: if request.POST.get('cancel', False): oauth_server, oauth_request = initialize_server_request(request) try: token = oauth_server.fetch_request_token(oauth_request) except OAuthError, err: return send_oauth_error(err) application = get_object_or_404(OAuthApplication, consumer=token.consumer) context = {'oauth_token':token.key, 'application':application} return render_to_response('oauth_authorize_denied.html', context_instance=RequestContext(request, context))
def oauth_helper(request): consumer = request['oauth_consumer'] token = request['oauth_token'] # Make sure consumer has been accepted by system if consumer.status != ACCEPTED: raise OauthUnauthorized(send_oauth_error("%s has not been authorized" % str(consumer.name))) # make sure the token is an approved access token if token.token_type != Token.ACCESS or not token.is_approved: raise OauthUnauthorized(send_oauth_error("The token is not valid")) user = token.user user_name = user.username if user.email.startswith('mailto:'): user_email = user.email else: user_email = 'mailto:%s' % user.email consumer = token.consumer members = [ { "account":{ "name":consumer.key, "homePage":"/XAPI/OAuth/token/" }, "objectType": "Agent", "oauth_identifier": "Anonymous agent for account %s" % consumer.key }, { "name":user_name, "mbox":user_email, "objectType": "Agent" } ] kwargs = {"objectType":"Group", "member":members,"oauth_identifier": "Anonymous group for %s and %s" % (consumer.key, user_name)} # create/get oauth group and set in dictionary oauth_group, created = agent.objects.gen(**kwargs) request['auth'] = oauth_group
def process_view(self, request, view_func, view_args, view_kwargs): if default_is_request_api(request): request.__class__.user = LazyAnonUser() resource_name = getattr(request, 'oauth_resource_name', None) if CheckOAuth.is_valid_request(request): try: consumer, token, parameters = CheckOAuth.validate_token(request) except OAuthError, e: return None #!! ??return send_oauth_error(e) if resource_name and token.resource.name != resource_name: return send_oauth_error(OAuthError(_('You are not allowed to access this resource.'))) elif consumer and token: if token.user: request.__class__.user = token.user
class oauth_api_method(object): def __init__(self, view): update_wrapper(self, view) self.view = view form_name = ''.join(n.capitalize() for n in self.__name__.split('_')) + 'Form' self.form = getattr(forms, form_name) def __call__(self, request, *args, **kwargs): if self.is_valid_request(request): try: consumer, token, parameters = self.validate_token(request) except OAuthError, e: return send_oauth_error(e) if self.resource_name and token.resource.name != self.resource_name: return send_oauth_error(OAuthError(_('You are not allowed to access this resource.'))) elif consumer and token: form = self.form(request.REQUEST) if form.is_valid(): return self.view(request, form, token.user) else: return self.invalid_form(request, form) return send_oauth_error(OAuthError(_('Invalid request parameters.')))
def could_not_verify_oauth_request_response(scheme, domain): send_oauth_error(scheme, domain, oauth.Error(_('Could not verify OAuth request.')))
def GetInvalidScopeResponse(): return send_oauth_error( oauth.Error(_('You are not allowed to access this resource.')))
def invalid_params_response(scheme, domain): send_oauth_error( oauth.Error(scheme, domain, _('Invalid request parameters.')))
def invalid_scope_response(scheme, domain): send_oauth_error( scheme, domain, oauth.Error(_('You are not allowed to access this resource.')))
"objectType": "Agent" }, { "name":user_name, "mbox":user_email, "objectType": "Agent" } ] kwargs = {"objectType":"Group", "member":members} oauth_group, created = models.group.objects.gen(**kwargs) oauth_group.save() request['auth'] = oauth_group else: raise BadRequest("Only the 'all' scope is supported.") else: raise OauthUnauthorized(send_oauth_error(OAuthError(_('Invalid request parameters.')))) def is_valid_request(request): """ Checks whether the required parameters are either in the http-authorization header sent by some clients, which is by the way the preferred method according to OAuth spec, but otherwise fall back to `GET` and `POST`. """ is_in = lambda l: all((p in l) for p in OAUTH_PARAMETERS_NAMES) auth_params = request.get("Authorization", []) return is_in(auth_params) def validate_token(request): # Creates the oauth server and request. Verifies the request against server oauth_server, oauth_request = initialize_server_request(request)
def GetCouldNotVerifyOAuthRequestResponse(): return send_oauth_error(oauth.Error(_('Could not verify OAuth request.')))
def invalid_scope_response(scheme, domain): send_oauth_error(scheme, domain, oauth.Error(_('You are not allowed to access this resource.')))
def GetInvalidParamsResponse(): return send_oauth_error(oauth.Error(_('Invalid request parameters.')))
# -*- coding: utf-8 -*- from django.utils.translation import ugettext as _ from django.http import HttpResponseBadRequest import oauth2 as oauth from oauth_provider.utils import send_oauth_error INVALID_PARAMS_RESPONSE = send_oauth_error(oauth.Error(_('Invalid request parameters.'))) INVALID_CONSUMER_RESPONSE = HttpResponseBadRequest('Invalid Consumer.') INVALID_SCOPE_RESPONSE = send_oauth_error(oauth.Error(_('You are not allowed to access this resource.'))) COULD_NOT_VERIFY_OAUTH_REQUEST_RESPONSE = send_oauth_error(oauth.Error(_('Could not verify OAuth request.')))
def challenge_response(self): return send_oauth_error()
def login(self, request): if CheckOAuth.is_valid_request(request): try: consumer, token, parameters = CheckOAuth.validate_token(request) except OAuthError, e: return send_oauth_error(e)
from django.utils.translation import ugettext as _ from oauth.oauth import OAuthError from oauth_provider.decorators import CheckOAuth from oauth_provider.utils import send_oauth_error from dapi.auth import AuthBase class AuthOAuth(AuthBase): def check_request(self, request): if CheckOAuth.is_valid_request(request): try: CheckOAuth.validate_token(request) except OAuthError, e: return send_oauth_error(e) else: return send_oauth_error( OAuthError(_("Invalid request parameters."))) return None
def check_request(self, request): if CheckOAuth.is_valid_request(request): try: CheckOAuth.validate_token(request) except OAuthError, e: return send_oauth_error(e)
from django.utils.translation import ugettext as _ from oauth.oauth import OAuthError from oauth_provider.decorators import CheckOAuth from oauth_provider.utils import send_oauth_error from dapi.auth import AuthBase class AuthOAuth(AuthBase): def check_request(self, request): if CheckOAuth.is_valid_request(request): try: CheckOAuth.validate_token(request) except OAuthError, e: return send_oauth_error(e) else: return send_oauth_error(OAuthError(_("Invalid request parameters."))) return None
# -*- coding: utf-8 -*- from django.utils.translation import ugettext as _ from django.http import HttpResponseBadRequest import oauth2 as oauth from oauth_provider.utils import send_oauth_error INVALID_PARAMS_RESPONSE = send_oauth_error( oauth.Error(_('Invalid request parameters.'))) INVALID_CONSUMER_RESPONSE = HttpResponseBadRequest('Invalid Consumer.') INVALID_SCOPE_RESPONSE = send_oauth_error( oauth.Error(_('You are not allowed to access this resource.'))) COULD_NOT_VERIFY_OAUTH_REQUEST_RESPONSE = send_oauth_error( oauth.Error(_('Could not verify OAuth request.')))
def challenge(): return send_oauth_error(err)