def _log_correct_authorization_header(self, request):
"""
Helper function that logs proper HTTP Authorization header for a given request
Used only in debug situations, this logs the correct Authorization header based on
the request header and body according to OAuth 1 Body signing
Arguments:
request (xblock.django.request.DjangoWebobRequest): Request object to log Authorization header for
Returns:
nothing
"""
sha1 = hashlib.sha1()
sha1.update(request.body)
oauth_body_hash = unicode(base64.b64encode(sha1.digest()))
log.debug("[LTI] oauth_body_hash = {}".format(oauth_body_hash))
client_key, client_secret = self.get_client_key_secret()
client = Client(client_key, client_secret)
mock_request = mock.Mock(
uri=unicode(urllib.unquote(request.url)),
headers=request.headers,
body=u"",
decoded_body=u"",
http_method=unicode(request.method),
)
params = client.get_oauth_params(mock_request)
mock_request.oauth_params = params
mock_request.oauth_params.append((u'oauth_body_hash', oauth_body_hash))
sig = client.get_oauth_signature(mock_request)
mock_request.oauth_params.append((u'oauth_signature', sig))
_, headers, _ = client._render(mock_request) # pylint: disable=protected-access
log.debug("\n\n#### COPY AND PASTE AUTHORIZATION HEADER ####\n{}\n####################################\n\n"
.format(headers['Authorization']))
def _get_authorization_header(request, client_key, client_secret):
"""
Get proper HTTP Authorization header for a given request
Arguments:
request: Request object to log Authorization header for
Returns:
authorization header
"""
sha1 = hashlib.sha1()
body = request.body or ''
sha1.update(body)
oauth_body_hash = unicode(base64.b64encode(
sha1.digest() # pylint: disable=too-many-function-args
))
client = Client(client_key, client_secret)
params = client.get_oauth_params(None)
params.append((u'oauth_body_hash', oauth_body_hash))
mock_request = mock.Mock(
uri=unicode(urllib.unquote(request.url)),
headers=request.headers,
body=u'',
decoded_body=u'',
oauth_params=params,
http_method=unicode(request.method),
)
sig = client.get_oauth_signature(mock_request)
mock_request.oauth_params.append((u'oauth_signature', sig))
_, headers, _ = client._render( # pylint: disable=protected-access
mock_request
)
return headers['Authorization']
def _get_authorization_header(request, client_key, client_secret):
"""
Get proper HTTP Authorization header for a given request
Arguments:
request: Request object to log Authorization header for
Returns:
authorization header
"""
sha1 = hashlib.sha1()
body = request.body or ''
sha1.update(body)
oauth_body_hash = unicode(
base64.b64encode(sha1.digest() # pylint: disable=too-many-function-args
))
client = Client(client_key, client_secret)
params = client.get_oauth_params(None)
params.append((u'oauth_body_hash', oauth_body_hash))
mock_request = mock.Mock(
uri=unicode(urllib.unquote(request.url)),
headers=request.headers,
body=u'',
decoded_body=u'',
oauth_params=params,
http_method=unicode(request.method),
)
sig = client.get_oauth_signature(mock_request)
mock_request.oauth_params.append((u'oauth_signature', sig))
_, headers, _ = client._render( # pylint: disable=protected-access
mock_request)
return headers['Authorization']
def _get_authorization_header(request, client_key, client_secret):
"""
Get proper HTTP Authorization header for a given request
Arguments:
request: Request object to log Authorization header for
Returns:
authorization header
"""
sha1 = hashlib.sha1()
body = request.body or ''
sha1.update(body)
oauth_body_hash = unicode(base64.b64encode(
sha1.digest() # pylint: disable=too-many-function-args
))
client = Client(client_key, client_secret)
params = client.get_oauth_params(request)
params.append((u'oauth_body_hash', oauth_body_hash))
blank_request = Request(urllib.unquote(request.url), http_method=request.method, body='', headers=request.headers, encoding='utf_8')
blank_request.oauth_params = params
blank_request.decoded_body = ''
signature = client.get_oauth_signature(blank_request)
blank_request.oauth_params.append((u'oauth_signature', signature))
headers = client._render( # pylint: disable=protected-access
blank_request
)[1]
return headers['Authorization']
