def cookie_for_token(t):
app=t.share.with_app
try:
activity = AppActivity.objects.get(name="main", app=app)
except AppActivity.DoesNotExist:
activity = AppActivity.objects.get(app=app)
app_index_req = utils.url_request_build(activity.url, "GET", {}, "")
oauth_request = OAuthRequest(app, None, app_index_req, oauth_parameters=t.passalong_params)
oauth_request.sign()
auth = oauth_request.to_header()["Authorization"]
return {'oauth_cookie' : auth}
def signed_header_for_token(t):
app = t.share.with_app
headers = {}
app_index_req = utils.url_request_build(app.index_url, "GET", headers, "")
# sign as a two-legged OAuth request for the app
oauth_request = OAuthRequest(
consumer=app,
token=None, # no access tokens: 2-legged request
http_request=app_index_req,
oauth_parameters=t.passalong_params
)
oauth_request.sign()
auth = oauth_request.to_header()["Authorization"]
return auth
def _compose_auth_header(self, url):
"""Return additional header entries for request to `url`."""
params = {
'oauth_version': "1.0",
'oauth_nonce': generate_nonce(),
'oauth_timestamp': int(time()),
'oauth_token': self.token.key,
'oauth_consumer_key': self.consumer.key,
}
req = OAuthRequest(http_url=url, parameters=params)
req.sign_request(
OAuthSignatureMethod_PLAINTEXT(), self.consumer, self.token)
header = req.to_header()
# Django uses the 'HTTP_AUTHORIZATION' to look up Authorization
# credentials.
header['HTTP_AUTHORIZATION'] = header['Authorization']
return header
def _compose_auth_header(self, url):
"""Return additional header entries for request to `url`."""
params = {
'oauth_version': "1.0",
'oauth_nonce': generate_nonce(),
'oauth_timestamp': int(time()),
'oauth_token': self.token.key,
'oauth_consumer_key': self.consumer.key,
}
req = OAuthRequest(http_url=url, parameters=params)
req.sign_request(OAuthSignatureMethod_PLAINTEXT(), self.consumer,
self.token)
header = req.to_header()
# Django uses the 'HTTP_AUTHORIZATION' to look up Authorization
# credentials.
header['HTTP_AUTHORIZATION'] = header['Authorization']
return header
def signed_header_for_token(t):
app=t.share.with_app
try:
activity = AppActivity.objects.get(name="main", app=app)
except AppActivity.DoesNotExist:
activity = AppActivity.objects.get(app=app)
headers = {}
app_index_req = utils.url_request_build(activity.url, "GET", headers, "")
# sign as a two-legged OAuth request for the app
oauth_request = OAuthRequest(consumer=app,
token=None, # no access tokens: 2-legged request
http_request=app_index_req,
oauth_parameters=t.passalong_params)
oauth_request.sign()
auth = oauth_request.to_header()["Authorization"]
return auth
def signed_header_for_token(t):
app = t.share.with_app
try:
activity = AppActivity.objects.get(name="main", app=app)
except AppActivity.DoesNotExist:
activity = AppActivity.objects.get(app=app)
headers = {}
app_index_req = utils.url_request_build(activity.url, "GET", headers, "")
# sign as a two-legged OAuth request for the app
oauth_request = OAuthRequest(
consumer=app,
token=None, # no access tokens: 2-legged request
http_request=app_index_req,
oauth_parameters=t.passalong_params)
oauth_request.sign()
auth = oauth_request.to_header()["Authorization"]
return auth
def do_webhook(request, webhook_name):
hook = None
headers = {}
# Find the preferred app for this webhook...
try:
hook = AppWebHook.objects.filter(name=webhook_name)[0]
except:
raise Exception("No hook exists with name: '%s'" % webhook_name)
data = request.raw_post_data
if (request.method == 'GET'): data = request.META['QUERY_STRING']
print "requesting web hook", hook.url, request.method, data
hook_req = utils.url_request_build(hook.url, request.method, headers, data)
# If the web hook needs patient context, we've got to generate + pass along tokens
if (hook.requires_patient_context):
app = hook.app
record = request.principal.share.record
account = request.principal.share.authorized_by
# Create a new token for the webhook to access the in-context patient record
token = HELPER_APP_SERVER.generate_and_preauthorize_access_token(
app, record=record, account=account)
# And supply the token details as part of the Authorization header, 2-legged signed
# Using the helper app's consumer token + secret
# (the 2nd parameter =None --> 2-legged OAuth request)
oauth_request = OAuthRequest(app,
None,
hook_req,
oauth_parameters=token.passalong_params)
oauth_request.sign()
for (hname, hval) in oauth_request.to_header().iteritems():
hook_req.headers[hname] = hval
response = utils.url_request(hook.url, request.method, headers, data)
print "GOT,", response
return utils.x_domain(
HttpResponse(response, mimetype='application/rdf+xml'))
def do_webhook(request, webhook_name):
hook = None
headers = {}
# Find the preferred app for this webhook...
try:
hook = AppWebHook.objects.filter(name=webhook_name)[0]
except:
raise Exception("No hook exists with name: '%s'"%webhook_name)
data = request.raw_post_data
if (request.method == 'GET'): data = request.META['QUERY_STRING']
print "requesting web hook", hook.url, request.method, data
hook_req = utils.url_request_build(hook.url, request.method, headers, data)
# If the web hook needs patient context, we've got to generate + pass along tokens
if (hook.requires_patient_context):
app = hook.app
record = request.principal.share.record
account = request.principal.share.authorized_by
# Create a new token for the webhook to access the in-context patient record
token = HELPER_APP_SERVER.generate_and_preauthorize_access_token(app, record=record, account=account)
# And supply the token details as part of the Authorization header, 2-legged signed
# Using the helper app's consumer token + secret
# (the 2nd parameter =None --> 2-legged OAuth request)
oauth_request = OAuthRequest(app, None, hook_req, oauth_parameters=token.passalong_params)
oauth_request.sign()
for (hname, hval) in oauth_request.to_header().iteritems():
hook_req.headers[hname] = hval
response = utils.url_request(hook.url, request.method, headers, data)
print "GOT,", response
return utils.x_domain(HttpResponse(response, mimetype='application/rdf+xml'))
def get_connect_credentials(request, account, pha):
""" Get oAuth credentials for an app to run in Connect or SMART REST mode.
Generates access tokens for *pha* to run against the *record_id* specified in ``request.POST``, authorized by
*account*. Generates 2 tokens: one for SMART Connect use, and one for SMART REST use.
If the app is not yet enabled for the record/carenet, this will return a :http:statuscode:`403`.
"""
carenet = record = None
carenet_id = request.POST.get('carenet_id', None)
record_id = request.POST.get('record_id', None)
if carenet_id:
try:
carenet = Carenet.objects.get(id=carenet_id)
except Carenet.DoesNotExist:
raise Http404
except Carenet.MultipleObjectsReturned:
raise Exception(
"Multiple carenets with same id--database is corrupt")
elif record_id:
try:
record = Record.objects.get(id=record_id)
except Record.DoesNotExist:
raise Http404
except Record.MultipleObjectsReturned:
raise Exception(
"Multiple records with same id--database is corrupt")
# Make sure that the app is enabled
if (record and not PHAShare.objects.filter(record=record, with_pha=pha).exists()) or \
(carenet and not CarenetPHA.objects.filter(carenet=carenet, pha=pha).exists()):
raise PermissionDenied(
"Cannot generate credentials before app is enabled")
# Generate the tokens
from indivo.accesscontrol.oauth_servers import OAUTH_SERVER
rest_token = OAUTH_SERVER.generate_and_preauthorize_access_token(
pha, record=record, carenet=carenet, account=account)
connect_token = OAUTH_SERVER.generate_and_preauthorize_access_token(
pha, record=record, carenet=carenet, account=account)
connect_token.connect_auth_p = True
connect_token.save()
# Generate a 2-legged oauth header for the rest token, based on the pha's start_url
url = utils.url_interpolate(pha.start_url_template, {
'record_id': record_id or '',
'carenet_id': carenet_id or ''
})
request = HTTPRequest("GET", url, HTTPRequest.FORM_URLENCODED_TYPE, '', {})
oauth_params = {
'smart_container_api_base': settings.SITE_URL_PREFIX,
'smart_oauth_token': rest_token.token,
'smart_oauth_token_secret': rest_token.token_secret,
'smart_user_id': account.email,
'smart_app_id': pha.email,
'smart_record_id': record_id,
}
oauth_request = OAuthRequest(
consumer=pha,
token=None, # no access tokens: 2-legged request
http_request=request,
oauth_parameters=oauth_params)
oauth_request.sign()
auth_header = oauth_request.to_header()["Authorization"]
return render_template('connect_credentials', {
'connect_token': connect_token,
'rest_token': rest_token,
'api_base': settings.SITE_URL_PREFIX,
'oauth_header': auth_header,
'app_email': pha.email
},
type='xml')
def get_connect_credentials(request, account, pha):
""" Get oAuth credentials for an app to run in Connect or SMART REST mode.
Generates access tokens for *pha* to run against the *record_id* specified in ``request.POST``, authorized by
*account*. Generates 2 tokens: one for SMART Connect use, and one for SMART REST use.
If the app is not yet enabled for the record/carenet, this will return a :http:statuscode:`403`.
"""
carenet = record = None
carenet_id = request.POST.get('carenet_id', None)
record_id = request.POST.get('record_id', None)
if carenet_id:
try:
carenet=Carenet.objects.get(id=carenet_id)
except Carenet.DoesNotExist:
raise Http404
except Carenet.MultipleObjectsReturned:
raise Exception("Multiple carenets with same id--database is corrupt")
elif record_id:
try:
record = Record.objects.get(id=record_id)
except Record.DoesNotExist:
raise Http404
except Record.MultipleObjectsReturned:
raise Exception("Multiple records with same id--database is corrupt")
# Make sure that the app is enabled
if (record and not PHAShare.objects.filter(record=record, with_pha=pha).exists()) or \
(carenet and not CarenetPHA.objects.filter(carenet=carenet, pha=pha).exists()):
raise PermissionDenied("Cannot generate credentials before app is enabled")
# Generate the tokens
from indivo.accesscontrol.oauth_servers import OAUTH_SERVER
rest_token = OAUTH_SERVER.generate_and_preauthorize_access_token(pha, record=record,
carenet=carenet, account=account)
connect_token = OAUTH_SERVER.generate_and_preauthorize_access_token(pha, record=record,
carenet=carenet, account=account)
connect_token.connect_auth_p = True
connect_token.save()
# Generate a 2-legged oauth header for the rest token, based on the pha's start_url
url = utils.url_interpolate(pha.start_url_template, {'record_id':record_id or '', 'carenet_id':carenet_id or ''})
request = HTTPRequest("GET", url, HTTPRequest.FORM_URLENCODED_TYPE, '', {})
oauth_params = {
'smart_container_api_base': settings.SITE_URL_PREFIX,
'smart_oauth_token': rest_token.token,
'smart_oauth_token_secret': rest_token.token_secret,
'smart_user_id': account.email,
'smart_app_id': pha.email,
'smart_record_id': record_id,
}
oauth_request = OAuthRequest(consumer=pha,
token=None, # no access tokens: 2-legged request
http_request=request,
oauth_parameters=oauth_params)
oauth_request.sign()
auth_header = oauth_request.to_header()["Authorization"]
return render_template('connect_credentials',
{ 'connect_token': connect_token,
'rest_token': rest_token,
'api_base': settings.SITE_URL_PREFIX,
'oauth_header': auth_header,
'app_email':pha.email},
type='xml')