def test_check_active_true(self): auth = OAuthAuthentication() # No username/api_key details should fail. self.request.REQUEST = self.request.GET = { 'oauth_consumer_key': '123', 'oauth_nonce': 'abc', 'oauth_signature': '&', 'oauth_signature_method': 'PLAINTEXT', 'oauth_timestamp': str(int(time.time())), 'oauth_token': 'bar', } self.request.META['Authorization'] = 'OAuth ' + ','.join([key+'='+value for key, value in self.request.REQUEST.items()]) resp = auth.is_authenticated(self.request) self.assertFalse(resp)
def test_is_authenticated(self): from oauth_provider.models import Consumer, Token, Resource auth = OAuthAuthentication() request = HttpRequest() request.META['SERVER_NAME'] = 'testsuite' request.META['SERVER_PORT'] = '8080' request.REQUEST = request.GET = {} request.method = "GET" # Invalid request. resp = auth.is_authenticated(request) self.assertEqual(resp.status_code, 401) # No username/api_key details should fail. request.REQUEST = request.GET = { 'oauth_consumer_key': '123', 'oauth_nonce': 'abc', 'oauth_signature': '&', 'oauth_signature_method': 'PLAINTEXT', 'oauth_timestamp': str(int(time.time())), 'oauth_token': 'foo', } user = User.objects.create_user('daniel', '*****@*****.**', 'password') request.META['Authorization'] = 'OAuth ' + ','.join( [key + '=' + value for key, value in request.REQUEST.items()]) resource, _ = Resource.objects.get_or_create( url='test', defaults={'name': 'Test Resource'}) consumer, _ = Consumer.objects.get_or_create(key='123', defaults={ 'name': 'Test', 'description': 'Testing...' }) token, _ = Token.objects.get_or_create(key='foo', token_type=Token.ACCESS, defaults={ 'consumer': consumer, 'resource': resource, 'secret': '', 'user': user, }) resp = auth.is_authenticated(request) self.assertEqual(resp, True) self.assertEqual(request.user.pk, user.pk)
def test_check_active_true(self): auth = OAuthAuthentication() # No username/api_key details should fail. self.request.REQUEST = self.request.GET = { "oauth_consumer_key": "123", "oauth_nonce": "abc", "oauth_signature": "&", "oauth_signature_method": "PLAINTEXT", "oauth_timestamp": str(int(time.time())), "oauth_token": "bar", } self.request.META["Authorization"] = "OAuth " + ",".join( [key + "=" + value for key, value in self.request.REQUEST.items()] ) resp = auth.is_authenticated(self.request) self.assertFalse(resp)
class Meta: queryset = User.objects.all() resource_name = 'users' excludes = [ 'email', 'password', 'is_active', 'is_staff', 'is_superuser' ] authentication = OAuthAuthentication() authorization = DjangoAuthorization()
class MultiAuthentication(object): """ A custom authentication backend that supports anonymous access, OAuth authentication, and API key authentication. """ def __init__(self, **kwargs): super(MultiAuthentication, self).__init__(**kwargs) self.ApiKeyBackend = ApiKeyAuthentication() self.OAuthBackend = OAuthAuthentication() def is_authenticated(self, request, **kwargs): """ Identifies if the user is authenticated to continue or not. Should return either ``True`` if allowed, ``False`` if not or an ``HttpResponse`` if you need something custom. """ if self.ApiKeyBackend.is_valid_request(request): check = self.ApiKeyBackend.is_authenticated(request, **kwargs) if check is True: request._authentication_backend = self.ApiKeyBackend return check if self.OAuthBackend.is_valid_request(request): check = self.OAuthBackend.is_authenticated(request, **kwargs) if check is True: request._authentication_backend = self.OAuthBackend return check else: # Authenticate the request as the anonymous user request.user = User.objects.get(id=ANONYMOUS_USER_ID) return True def get_identifier(self, request): """ Provides a unique string identifier for the requestor. This implementation returns a combination of IP address and hostname. """ try: return request._authentication_backend.get_identifier(request) except AttributeError: return 'nouser'
def test_is_authenticated(self): auth = OAuthAuthentication() # Invalid request. resp = auth.is_authenticated(self.request) self.assertEqual(resp.status_code, 401) # No username/api_key details should fail. self.request.REQUEST = self.request.GET = { 'oauth_consumer_key': '123', 'oauth_nonce': 'abc', 'oauth_signature': '&', 'oauth_signature_method': 'PLAINTEXT', 'oauth_timestamp': str(int(time.time())), 'oauth_token': 'foo', } self.request.META['Authorization'] = 'OAuth ' + ','.join([key+'='+value for key, value in self.request.REQUEST.items()]) resp = auth.is_authenticated(self.request) self.assertEqual(resp, True) self.assertEqual(self.request.user.pk, self.user.pk)
def test_is_authenticated(self): from oauth_provider.models import Consumer, Token, Resource auth = OAuthAuthentication() request = HttpRequest() request.META['SERVER_NAME'] = 'testsuite' request.META['SERVER_PORT'] = '8080' request.REQUEST = request.GET = {} request.method = "GET" # Invalid request. resp = auth.is_authenticated(request) self.assertEqual(resp.status_code, 401) # No username/api_key details should fail. request.REQUEST = request.GET = { 'oauth_consumer_key': '123', 'oauth_nonce': 'abc', 'oauth_signature': '&', 'oauth_signature_method': 'PLAINTEXT', 'oauth_timestamp': str(int(time.time())), 'oauth_token': 'foo', } user = User.objects.create_user('daniel', '*****@*****.**', 'password') request.META['Authorization'] = 'OAuth ' + ','.join([key+'='+value for key, value in request.REQUEST.items()]) resource, _ = Resource.objects.get_or_create(url='test', defaults={ 'name': 'Test Resource' }) consumer, _ = Consumer.objects.get_or_create(key='123', defaults={ 'name': 'Test', 'description': 'Testing...' }) token, _ = Token.objects.get_or_create(key='foo', token_type=Token.ACCESS, defaults={ 'consumer': consumer, 'resource': resource, 'secret': '', 'user': user, }) resp = auth.is_authenticated(request) self.assertEqual(resp, True) self.assertEqual(request.user.pk, user.pk)
def test_is_authenticated(self): auth = OAuthAuthentication() # Invalid request. resp = auth.is_authenticated(self.request) self.assertEqual(resp.status_code, 401) # No username/api_key details should fail. self.request.REQUEST = self.request.GET = { "oauth_consumer_key": "123", "oauth_nonce": "abc", "oauth_signature": "&", "oauth_signature_method": "PLAINTEXT", "oauth_timestamp": str(int(time.time())), "oauth_token": "foo", } self.request.META["Authorization"] = "OAuth " + ",".join( [key + "=" + value for key, value in self.request.REQUEST.items()] ) resp = auth.is_authenticated(self.request) self.assertEqual(resp, True) self.assertEqual(self.request.user.pk, self.user.pk)
def test_whitelisting(self): auth = OAuthAuthentication(whitelisted_methods=['a_method']) # Calling with a whitelisted method_name without credentials should work self.assertEqual(auth.is_authenticated(self.request, method_name='a_method'), True) # Calling any other method should require auth resp = auth.is_authenticated(self.request, method_name='another_method') self.assertEqual(resp.status_code, 401) # No username/api_key details should fail. self.request.REQUEST = self.request.GET = { 'oauth_consumer_key': '123', 'oauth_nonce': 'abc', 'oauth_signature': '&', 'oauth_signature_method': 'PLAINTEXT', 'oauth_timestamp': str(int(time.time())), 'oauth_token': 'foo', } self.request.META['Authorization'] = 'OAuth ' + ','.join([key+'='+value for key, value in self.request.REQUEST.items()]) self.assertEqual(auth.is_authenticated(self.request, method_name='a_method'), True) self.assertEqual(auth.is_authenticated(self.request, method_name='another_method'), True)
def test_is_authenticated(self): from oauth_provider.models import Consumer, Token, Resource auth = OAuthAuthentication() request = HttpRequest() request.META["SERVER_NAME"] = "testsuite" request.META["SERVER_PORT"] = "8080" request.REQUEST = request.GET = {} request.method = "GET" # Invalid request. resp = auth.is_authenticated(request) self.assertEqual(resp.status_code, 401) # No username/api_key details should fail. request.REQUEST = request.GET = { "oauth_consumer_key": "123", "oauth_nonce": "abc", "oauth_signature": "&", "oauth_signature_method": "PLAINTEXT", "oauth_timestamp": str(int(time.time())), "oauth_token": "foo", } user = User.objects.create_user("daniel", "*****@*****.**", "password") request.META["Authorization"] = "OAuth " + ",".join( [key + "=" + value for key, value in request.REQUEST.items()] ) resource, _ = Resource.objects.get_or_create(url="test", defaults={"name": "Test Resource"}) consumer, _ = Consumer.objects.get_or_create(key="123", defaults={"name": "Test", "description": "Testing..."}) token, _ = Token.objects.get_or_create( key="foo", token_type=Token.ACCESS, defaults={"consumer": consumer, "resource": resource, "secret": "", "user": user}, ) resp = auth.is_authenticated(request) self.assertEqual(resp, True) self.assertEqual(request.user.pk, user.pk)
class Meta: queryset = Submission.objects.all() resource_name = 'submission' excludes = ['feedback'] allowed_methods = ['get'] include_absolute_url = True # Rules that enable filtering based on exercise, grader, submitter and grade. filtering = { "exercise": ('exact',), "grader": ('exact',), "submitters": ('exact',), "grade": ALL, "id": ALL } # In this version only superusers are allowed to access # submissions after being authenticated with OAuth authentication = OAuthAuthentication() authorization = SuperuserAuthorization()
def __init__(self, **kwargs): super(MultiAuthentication, self).__init__(**kwargs) self.ApiKeyBackend = ApiKeyAuthentication() self.OAuthBackend = OAuthAuthentication()
class Meta: queryset = Task.objects.all() resource_name = 'tasks' authentication = OAuthAuthentication() authorization = DjangoAuthorization()