Esempio n. 1
0
  def test_tokens(self):
    request_request = oauth.OAuthRequest.from_consumer_and_token(
        self.desktop_consumer,
        http_url="http://%s/api/request_token" % settings.DOMAIN,
        )
    request_request.sign_request(self.sig_hmac, self.desktop_consumer, None)
    response = self.client.get("/api/request_token", request_request.parameters)

    request_token = oauth.OAuthToken.from_string(response.content)

    # cheat and authorize this token using the backend
    api.oauth_authorize_request_token(api.ROOT, 
                                      request_token.key,
                                      actor='*****@*****.**', 
                                      perms="read")

    access_request = oauth.OAuthRequest.from_consumer_and_token(
        self.desktop_consumer,
        request_token,
        http_url="http://%s/api/access_token" % (settings.DOMAIN),
        )
    access_request.sign_request(self.sig_hmac, self.desktop_consumer,
                                request_token)

    response = self.client.get("/api/access_token", access_request.parameters)

    access_token = oauth.OAuthToken.from_string(response.content)
Esempio n. 2
0
    def test_tokens(self):
        request_request = oauth.OAuthRequest.from_consumer_and_token(
            self.desktop_consumer,
            http_url="http://%s/api/request_token" % settings.DOMAIN,
        )
        request_request.sign_request(self.sig_hmac, self.desktop_consumer,
                                     None)
        response = self.client.get("/api/request_token",
                                   request_request.parameters)

        request_token = oauth.OAuthToken.from_string(response.content)

        # cheat and authorize this token using the backend
        api.oauth_authorize_request_token(api.ROOT,
                                          request_token.key,
                                          actor='*****@*****.**',
                                          perms="read")

        access_request = oauth.OAuthRequest.from_consumer_and_token(
            self.desktop_consumer,
            request_token,
            http_url="http://%s/api/access_token" % (settings.DOMAIN),
        )
        access_request.sign_request(self.sig_hmac, self.desktop_consumer,
                                    request_token)

        response = self.client.get("/api/access_token",
                                   access_request.parameters)

        access_token = oauth.OAuthToken.from_string(response.content)
Esempio n. 3
0
def api_authorize(request):
  """
  checks on the request token provided or ask the user enter one
  allows the user to authorize this
  if consumer style is web and a callback is provided redirect to it
    otherwise suggest that the user notify their application that authorization
    has completed
  """
  redirect = urllib.quote(request.get_full_path())

  view = user.get_user_from_cookie_or_legacy_auth(request)
  if view is None:
    logging.info("Redirect: %s " % redirect)
    return http.HttpResponseRedirect("/login?redirect_to=%s" % redirect)
  
  oauth_token = request.REQUEST.get('oauth_token', None)
  if not oauth_token:
    # please enter token page
    pass

  oauth_token_ref = api.oauth_get_request_token(api.ROOT, oauth_token)
  if not oauth_token_ref:
    raise Exception("bad token")

  oauth_consumer_ref = api.oauth_get_consumer(api.ROOT,
                                              oauth_token_ref.consumer)
  if not oauth_consumer_ref:
    raise Exception("bad consumer")
  if "active" != oauth_consumer_ref.status:
    raise Exception("inactive consumer")
  
  perms = request.REQUEST.get('perms', 'read')
  if request.POST:
    # we posted to this page to authorize
    # TODO verify nonce
    validate.nonce(request, "authorize_token")

    api.oauth_authorize_request_token(api.ROOT, oauth_token_ref.key_,
                                      actor=request.user.nick, perms=perms)

    oauth_callback = request.POST.get("oauth_callback", None)
    if oauth_consumer_ref.type == "web":
      if oauth_callback:
        return http.HttpResponseRedirect(oauth_callback)
      elif oauth_consumer_ref.callback_url is not None:
        return http.HttpResponseRedirect(oauth_consumer_ref.callback_url)

    c = template.RequestContext(request, locals())
    t = loader.get_template('api/templates/authorized.html')
    return http.HttpResponse(t.render(c))
  
  perms_pretty = {'read': 'view',
                  'write': 'view and update',
                  'delete': 'view, update and delete'}[perms]

  c = template.RequestContext(request, locals())
  t = loader.get_template('api/templates/authorize.html')
  return http.HttpResponse(t.render(c))
Esempio n. 4
0
def api_authorize(request):
    """
  checks on the request token provided or ask the user enter one
  allows the user to authorize this
  if consumer style is web and a callback is provided redirect to it
    otherwise suggest that the user notify their application that authorization
    has completed
  """
    oauth_token = request.REQUEST.get('oauth_token', None)
    if not oauth_token:
        # please enter token page
        pass

    oauth_token_ref = api.oauth_get_request_token(api.ROOT, oauth_token)
    if not oauth_token_ref:
        raise Exception("bad token")

    oauth_consumer_ref = api.oauth_get_consumer(api.ROOT,
                                                oauth_token_ref.consumer)
    if not oauth_consumer_ref:
        raise Exception("bad consumer")
    if "active" != oauth_consumer_ref.status:
        raise Exception("inactive consumer")

    perms = request.REQUEST.get('perms', 'read')
    if request.POST:
        # we posted to this page to authorize
        # TODO verify nonce
        validate.nonce(request, "authorize_token")

        api.oauth_authorize_request_token(api.ROOT,
                                          oauth_token_ref.key_,
                                          actor=request.user.nick,
                                          perms=perms)

        oauth_callback = request.POST.get("oauth_callback", None)
        if oauth_callback and oauth_consumer_ref.type == "web":
            return http.HttpResponseRedirect(oauth_callback)

        c = template.RequestContext(request, locals())
        t = loader.get_template('api/templates/authorized.html')
        return http.HttpResponse(t.render(c))

    perms_pretty = {
        'read': 'view',
        'write': 'view and update',
        'delete': 'view, update and delete'
    }[perms]

    c = template.RequestContext(request, locals())
    t = loader.get_template('api/templates/authorize.html')
    return http.HttpResponse(t.render(c))
Esempio n. 5
0
def api_authorize(request):
    """
  checks on the request token provided or ask the user enter one
  allows the user to authorize this
  if consumer style is web and a callback is provided redirect to it
    otherwise suggest that the user notify their application that authorization
    has completed
  """
    oauth_token = request.REQUEST.get("oauth_token", None)
    if not oauth_token:
        # please enter token page
        pass

    oauth_token_ref = api.oauth_get_request_token(api.ROOT, oauth_token)
    if not oauth_token_ref:
        raise Exception("bad token")

    oauth_consumer_ref = api.oauth_get_consumer(api.ROOT, oauth_token_ref.consumer)
    if not oauth_consumer_ref:
        raise Exception("bad consumer")
    if "active" != oauth_consumer_ref.status:
        raise Exception("inactive consumer")

    perms = request.REQUEST.get("perms", "read")
    if request.POST:
        # we posted to this page to authorize
        # TODO verify nonce
        validate.nonce(request, "authorize_token")

        api.oauth_authorize_request_token(api.ROOT, oauth_token_ref.key_, actor=request.user.nick, perms=perms)

        oauth_callback = request.POST.get("oauth_callback", None)
        if oauth_callback and oauth_consumer_ref.type == "web":
            return http.HttpResponseRedirect(oauth_callback)

        c = template.RequestContext(request, locals())
        t = loader.get_template("api/templates/authorized.html")
        return http.HttpResponse(t.render(c))

    perms_pretty = {"read": "view", "write": "view and update", "delete": "view, update and delete"}[perms]

    c = template.RequestContext(request, locals())
    t = loader.get_template("api/templates/authorize.html")
    return http.HttpResponse(t.render(c))