def is_authenticated(self, request, **kwargs):
if not settings.SITE_URL:
raise ValueError('SITE_URL is not specified')
auth_header_value = request.META.get('HTTP_AUTHORIZATION')
if (not auth_header_value
and 'oauth_token' not in request.META['QUERY_STRING']):
self.user = AnonymousUser()
log.error('No header')
return self._error('headers')
auth_header = {'Authorization': auth_header_value}
method = getattr(request, 'signed_method', request.method)
oauth = OAuthServer()
if ('oauth_token' in request.META['QUERY_STRING']
or 'oauth_token' in auth_header_value):
# This is 3-legged OAuth.
log.info('Trying 3 legged OAuth')
try:
valid, oauth_request = oauth.verify_request(
request.build_absolute_uri(),
method,
headers=auth_header,
require_resource_owner=True)
except ValueError:
log.error('ValueError on verifying_request', exc_info=True)
return False
if not valid:
log.error(u'Cannot find APIAccess token with that key: %s' %
oauth.attempted_key)
return self._error('headers')
uid = Token.objects.filter(
token_type=ACCESS_TOKEN,
key=oauth_request.resource_owner_key).values_list('user_id',
flat=True)[0]
request.amo_user = UserProfile.objects.select_related('user').get(
pk=uid)
request.user = request.amo_user.user
else:
# This is 2-legged OAuth.
log.info('Trying 2 legged OAuth')
try:
valid, oauth_request = oauth.verify_request(
request.build_absolute_uri(),
method,
headers=auth_header,
require_resource_owner=False)
except ValueError:
log.error('ValueError on verifying_request', exc_info=True)
return False
if not valid:
log.error(u'Cannot find APIAccess token with that key: %s' %
oauth.attempted_key)
return self._error('headers')
uid = Access.objects.filter(
key=oauth_request.client_key).values_list('user_id',
flat=True)[0]
request.amo_user = UserProfile.objects.select_related('user').get(
pk=uid)
request.user = request.amo_user.user
ACLMiddleware().process_request(request)
# We've just become authenticated, time to run the pinning middleware
# again.
#
# TODO: I'd like to see the OAuth authentication move to middleware.
request.API = True # We can be pretty sure we are in the API.
APIPinningMiddleware().process_request(request)
# Persist the user's language.
if (getattr(request, 'amo_user', None)
and getattr(request, 'LANG', None)
and request.amo_user.lang != request.LANG):
request.amo_user.lang = request.LANG
request.amo_user.save()
# But you cannot have one of these roles.
denied_groups = set(['Admins'])
roles = set(request.amo_user.groups.values_list('name', flat=True))
if roles and roles.intersection(denied_groups):
log.info(u'Attempt to use API with denied role, user: %s' %
request.amo_user.pk)
return self._error('roles')
log.info('Successful OAuth with user: %s' % request.user)
return True
def is_authenticated(self, request, **kwargs):
if not settings.SITE_URL:
raise ValueError("SITE_URL is not specified")
auth_header_value = request.META.get("HTTP_AUTHORIZATION")
if not auth_header_value and "oauth_token" not in request.META["QUERY_STRING"]:
self.user = AnonymousUser()
log.error("No header")
return self._error("headers")
auth_header = {"Authorization": auth_header_value}
method = getattr(request, "signed_method", request.method)
oauth = OAuthServer()
if "oauth_token" in request.META["QUERY_STRING"] or "oauth_token" in auth_header_value:
# This is 3-legged OAuth.
log.info("Trying 3 legged OAuth")
try:
valid, oauth_request = oauth.verify_request(
request.build_absolute_uri(), method, headers=auth_header, require_resource_owner=True
)
except ValueError:
log.error("ValueError on verifying_request", exc_info=True)
return False
if not valid:
log.error(u"Cannot find APIAccess token with that key: %s" % oauth.attempted_key)
return self._error("headers")
uid = Token.objects.filter(token_type=ACCESS_TOKEN, key=oauth_request.resource_owner_key).values_list(
"user_id", flat=True
)[0]
request.amo_user = UserProfile.objects.select_related("user").get(pk=uid)
request.user = request.amo_user.user
else:
# This is 2-legged OAuth.
log.info("Trying 2 legged OAuth")
try:
valid, oauth_request = oauth.verify_request(
request.build_absolute_uri(), method, headers=auth_header, require_resource_owner=False
)
except ValueError:
log.error("ValueError on verifying_request", exc_info=True)
return False
if not valid:
log.error(u"Cannot find APIAccess token with that key: %s" % oauth.attempted_key)
return self._error("headers")
uid = Access.objects.filter(key=oauth_request.client_key).values_list("user_id", flat=True)[0]
request.amo_user = UserProfile.objects.select_related("user").get(pk=uid)
request.user = request.amo_user.user
ACLMiddleware().process_request(request)
# We've just become authenticated, time to run the pinning middleware
# again.
#
# TODO: I'd like to see the OAuth authentication move to middleware.
request.API = True # We can be pretty sure we are in the API.
APIPinningMiddleware().process_request(request)
# Persist the user's language.
if (
getattr(request, "amo_user", None)
and getattr(request, "LANG", None)
and request.amo_user.lang != request.LANG
):
request.amo_user.lang = request.LANG
request.amo_user.save()
# But you cannot have one of these roles.
denied_groups = set(["Admins"])
roles = set(request.amo_user.groups.values_list("name", flat=True))
if roles and roles.intersection(denied_groups):
log.info(u"Attempt to use API with denied role, user: %s" % request.amo_user.pk)
return self._error("roles")
log.info("Successful OAuth with user: %s" % request.user)
return True
def is_authenticated(self, request, **kwargs):
if not settings.SITE_URL:
raise ValueError('SITE_URL is not specified')
auth_header_value = request.META.get('HTTP_AUTHORIZATION')
if (not auth_header_value and
'oauth_token' not in request.META['QUERY_STRING']):
self.user = AnonymousUser()
log.error('No header')
return self._error('headers')
auth_header = {'Authorization': auth_header_value}
method = getattr(request, 'signed_method', request.method)
oauth = OAuthServer()
if ('oauth_token' in request.META['QUERY_STRING'] or
'oauth_token' in auth_header_value):
# This is 3-legged OAuth.
log.info('Trying 3 legged OAuth')
try:
valid, oauth_request = oauth.verify_request(
request.build_absolute_uri(),
method, headers=auth_header,
require_resource_owner=True)
except ValueError:
log.error('ValueError on verifying_request', exc_info=True)
return False
if not valid:
log.error(u'Cannot find APIAccess token with that key: %s'
% oauth.attempted_key)
return self._error('headers')
request.user = Token.objects.get(token_type=ACCESS_TOKEN,
key=oauth_request.resource_owner_key).user
else:
# This is 2-legged OAuth.
log.info('Trying 2 legged OAuth')
try:
valid, oauth_request = oauth.verify_request(
request.build_absolute_uri(),
method, headers=auth_header,
require_resource_owner=False)
except ValueError:
log.error('ValueError on verifying_request', exc_info=True)
return False
if not valid:
log.error(u'Cannot find APIAccess token with that key: %s'
% oauth.attempted_key)
return self._error('headers')
request.user = Access.objects.get(
key=oauth_request.client_key).user
ACLMiddleware().process_request(request)
# We've just become authenticated, time to run the pinning middleware
# again.
#
# TODO: I'd like to see the OAuth authentication move to middleware.
request.API = True # We can be pretty sure we are in the API.
APIPinningMiddleware().process_request(request)
# But you cannot have one of these roles.
denied_groups = set(['Admins'])
roles = set(request.amo_user.groups.values_list('name', flat=True))
if roles and roles.intersection(denied_groups):
log.info(u'Attempt to use API with denied role, user: %s'
% request.amo_user.pk)
return self._error('roles')
log.info('Successful OAuth with user: %s' % request.user)
return True
def process_request(self, request):
# For now we only want these to apply to the API.
# This attribute is set in RedirectPrefixedURIMiddleware.
if not getattr(request, 'API', False):
return
if not settings.SITE_URL:
raise ValueError('SITE_URL is not specified')
# Set up authed_from attribute.
if not hasattr(request, 'authed_from'):
request.authed_from = []
auth_header_value = request.META.get('HTTP_AUTHORIZATION')
if (not auth_header_value
and 'oauth_token' not in request.META['QUERY_STRING']):
self.user = AnonymousUser()
log.info('No HTTP_AUTHORIZATION header')
return
# Set up authed_from attribute.
auth_header = {'Authorization': auth_header_value}
method = getattr(request, 'signed_method', request.method)
oauth = OAuthServer()
if ('oauth_token' in request.META['QUERY_STRING']
or 'oauth_token' in auth_header_value):
# This is 3-legged OAuth.
log.info('Trying 3 legged OAuth')
try:
valid, oauth_request = oauth.verify_request(
request.build_absolute_uri(),
method,
headers=auth_header,
require_resource_owner=True)
except ValueError:
log.error('ValueError on verifying_request', exc_info=True)
return
if not valid:
log.error(u'Cannot find APIAccess token with that key: %s' %
oauth.attempted_key)
return
uid = Token.objects.filter(
token_type=ACCESS_TOKEN,
key=oauth_request.resource_owner_key).values_list('user_id',
flat=True)[0]
request.amo_user = UserProfile.objects.select_related('user').get(
pk=uid)
request.user = request.amo_user.user
else:
# This is 2-legged OAuth.
log.info('Trying 2 legged OAuth')
try:
valid, oauth_request = oauth.verify_request(
request.build_absolute_uri(),
method,
headers=auth_header,
require_resource_owner=False)
except ValueError:
log.error('ValueError on verifying_request', exc_info=True)
return
if not valid:
log.error(u'Cannot find APIAccess token with that key: %s' %
oauth.attempted_key)
return
uid = Access.objects.filter(
key=oauth_request.client_key).values_list('user_id',
flat=True)[0]
request.amo_user = UserProfile.objects.select_related('user').get(
pk=uid)
request.user = request.amo_user.user
# But you cannot have one of these roles.
denied_groups = set(['Admins'])
roles = set(request.amo_user.groups.values_list('name', flat=True))
if roles and roles.intersection(denied_groups):
log.info(u'Attempt to use API with denied role, user: %s' %
request.amo_user.pk)
# Set request attributes back to None.
request.user = request.amo_user = None
return
if request.user:
request.authed_from.append('RestOAuth')
log.info('Successful OAuth with user: %s' % request.user)
def process_request(self, request):
# For now we only want these to apply to the API.
# This attribute is set in RedirectPrefixedURIMiddleware.
if not getattr(request, 'API', False):
return
if not settings.SITE_URL:
raise ValueError('SITE_URL is not specified')
# Set up authed_from attribute.
if not hasattr(request, 'authed_from'):
request.authed_from = []
auth_header_value = request.META.get('HTTP_AUTHORIZATION')
if (not auth_header_value and
'oauth_token' not in request.META['QUERY_STRING']):
self.user = AnonymousUser()
log.info('No HTTP_AUTHORIZATION header')
return
# Set up authed_from attribute.
auth_header = {'Authorization': auth_header_value}
method = getattr(request, 'signed_method', request.method)
oauth = OAuthServer()
if ('oauth_token' in request.META['QUERY_STRING'] or
'oauth_token' in auth_header_value):
# This is 3-legged OAuth.
log.info('Trying 3 legged OAuth')
try:
valid, oauth_request = oauth.verify_request(
request.build_absolute_uri(),
method, headers=auth_header,
require_resource_owner=True)
except ValueError:
log.error('ValueError on verifying_request', exc_info=True)
return
if not valid:
log.error(u'Cannot find APIAccess token with that key: %s'
% oauth.attempted_key)
return
uid = Token.objects.filter(
token_type=ACCESS_TOKEN,
key=oauth_request.resource_owner_key).values_list(
'user_id', flat=True)[0]
request.amo_user = UserProfile.objects.select_related(
'user').get(pk=uid)
request.user = request.amo_user.user
else:
# This is 2-legged OAuth.
log.info('Trying 2 legged OAuth')
try:
valid, oauth_request = oauth.verify_request(
request.build_absolute_uri(),
method, headers=auth_header,
require_resource_owner=False)
except ValueError:
log.error('ValueError on verifying_request', exc_info=True)
return
if not valid:
log.error(u'Cannot find APIAccess token with that key: %s'
% oauth.attempted_key)
return
uid = Access.objects.filter(
key=oauth_request.client_key).values_list(
'user_id', flat=True)[0]
request.amo_user = UserProfile.objects.select_related(
'user').get(pk=uid)
request.user = request.amo_user.user
# But you cannot have one of these roles.
denied_groups = set(['Admins'])
roles = set(request.amo_user.groups.values_list('name', flat=True))
if roles and roles.intersection(denied_groups):
log.info(u'Attempt to use API with denied role, user: %s'
% request.amo_user.pk)
# Set request attributes back to None.
request.user = request.amo_user = None
return
if request.user:
request.authed_from.append('RestOAuth')
log.info('Successful OAuth with user: %s' % request.user)
