def api_nexus_message_nonce(request):
session = DBSession()
auth_header = {}
if ('Authorization' in request.headers):
auth_header = {'Authorization': request.headers['Authorization']}
# make temp request to get our header parameters
req = oauth2.Request.from_request(
request.method,
request.url,
headers = auth_header,
parameters = dict([(k,v) for k,v in request.params.iteritems()]))
consumer = ConsumerKeySecret.getByConsumerKey(req.get("oauth_consumer_key"))
if (consumer is False):
return {"Error": "No record for the key and secret found."}
token = Token.getByToken(req.get("oauth_token"))
if (token is False):
return {"Error": "No record for the token key and token secret found."}
req = oauth2.Request.from_consumer_and_token(consumer,
token = token,
http_method = request.method,
http_url = request.url,
parameters = dict([(k, v) for k,v in req.iteritems()]))
try:
oauth_server.verify_request(req, consumer, token)
except oauth2.Error, e:
return {"Oauth error": str(e)}
def api_do_authorize_token(request):
session = DBSession()
matchdict = request.matchdict
appType = matchdict.get("appType", "")
# First check that the logged in user is the holder of this token
given_token = request.params.get("token")
token = Token.getByToken(given_token)
consumer = ConsumerKeySecret.getByConsumerID(token.consumer_key_secret.id)
if (not consumer):
request.session.flash(_("Unable to find consumer key in the database; this should never happen!"))
return HTTPFound(location = route_url("home", request))
if (token):
if (token.consumer_key_secret.user.id != request.logged_in):
request.session.flash(_("Attempt to use an authorization token that does not belong to you."))
return HTTPFound(location = route_url("home", request))
else:
request.session.flash(_("Malformed authorization token parameters."))
return HTTPFound(location = route_url("home", request))
# Generate a new token to replace this now non-useful authorization token
randomData = hashlib.sha1(str(random.random())).hexdigest()
key = generateRandomKey()
secret = generateRandomKey()
token.token = key
token.token_secret = secret
token.consumer_id = consumer.id
token.timestamp = time.time()
token.setAccessType()
if (appType == "android"):
token.callback_url = token.callback_url + "?oauth_token=%s&oauth_token_secret=%s" % (token.token, token.token_secret)
session.add(token)
return HTTPFound(location = token.callback_url)
def api_authorize_token(request):
session = DBSession()
matchdict = request.matchdict
appType = matchdict.get("appType", "")
# First check that the logged in user is the holder of this token
token = Token.getByToken(request.params.get("oauth_token"))
consumer = ConsumerKeySecret.getByConsumerKey(request.params.get("oauth_consumer_key"))
if (token):
if (token.consumer_key_secret.user.id != request.logged_in):
request.session.flash(_("Attempt to use an authorization token that does not belong to you."))
return HTTPFound(location = route_url("home", request))
else:
request.session.flash(_("Malformed authorization token parameters."))
return HTTPFound(location = route_url("home", request))
#fs = AuthorizeTokenFieldSet().bind(token, session = session, data = request.POST or None)
return dict(title = _("Authorization application to post to Nexus"), token = token.token, token_secret = token.token_secret, callback_url = token.callback_url, appType = appType)
