def create_access_token(self, context):
headers = context['headers']
oauth_headers = oauth1.get_oauth_headers(headers)
consumer_id = oauth_headers.get('oauth_consumer_key')
request_token_id = oauth_headers.get('oauth_token')
oauth_verifier = oauth_headers.get('oauth_verifier')
if not consumer_id:
raise exception.ValidationError(
attribute='oauth_consumer_key', target='request')
if not request_token_id:
raise exception.ValidationError(
attribute='oauth_token', target='request')
if not oauth_verifier:
raise exception.ValidationError(
attribute='oauth_verifier', target='request')
req_token = self.oauth_api.get_request_token(
request_token_id)
expires_at = req_token['expires_at']
if expires_at:
now = timeutils.utcnow()
expires = timeutils.normalize_time(
timeutils.parse_isotime(expires_at))
if now > expires:
raise exception.Unauthorized(_('Request token is expired'))
url = oauth1.rebuild_url(context['path'])
access_verifier = oauth1.AccessTokenEndpoint(
request_validator=validator.OAuthValidator(),
token_generator=oauth1.token_generator)
h, b, s = access_verifier.create_access_token_response(
url,
http_method='POST',
body=context['query_string'],
headers=headers)
params = oauth1.extract_non_oauth_params(b)
if len(params) != 0:
msg = _('There should not be any non-oauth parameters')
raise exception.Unauthorized(message=msg)
if req_token['consumer_id'] != consumer_id:
msg = _('provided consumer key does not match stored consumer key')
raise exception.Unauthorized(message=msg)
if req_token['verifier'] != oauth_verifier:
msg = _('provided verifier does not match stored verifier')
raise exception.Unauthorized(message=msg)
if req_token['id'] != request_token_id:
msg = _('provided request key does not match stored request key')
raise exception.Unauthorized(message=msg)
if not req_token.get('authorizing_user_id'):
msg = _('Request Token does not have an authorizing user id')
raise exception.Unauthorized(message=msg)
access_token_duration = CONF.oauth1.access_token_duration
token_ref = self.oauth_api.create_access_token(request_token_id,
access_token_duration)
result = ('oauth_token=%(key)s&oauth_token_secret=%(secret)s'
% {'key': token_ref['id'],
'secret': token_ref['access_secret']})
if CONF.oauth1.access_token_duration:
expiry_bit = '&oauth_expires_at=%s' % (token_ref['expires_at'])
result += expiry_bit
headers = [('Content-Type', 'application/x-www-urlformencoded')]
response = wsgi.render_response(result,
status=(201, 'Created'),
headers=headers)
return response
def create_access_token(self, context):
headers = context["headers"]
oauth_headers = oauth1.get_oauth_headers(headers)
consumer_id = oauth_headers.get("oauth_consumer_key")
request_token_id = oauth_headers.get("oauth_token")
oauth_verifier = oauth_headers.get("oauth_verifier")
if not consumer_id:
raise exception.ValidationError(attribute="oauth_consumer_key", target="request")
if not request_token_id:
raise exception.ValidationError(attribute="oauth_token", target="request")
if not oauth_verifier:
raise exception.ValidationError(attribute="oauth_verifier", target="request")
req_token = self.oauth_api.get_request_token(request_token_id)
expires_at = req_token["expires_at"]
if expires_at:
now = timeutils.utcnow()
expires = timeutils.normalize_time(timeutils.parse_isotime(expires_at))
if now > expires:
raise exception.Unauthorized(_("Request token is expired"))
url = self.base_url(context, context["path"])
access_verifier = oauth1.AccessTokenEndpoint(
request_validator=validator.OAuthValidator(), token_generator=oauth1.token_generator
)
h, b, s = access_verifier.create_access_token_response(
url, http_method="POST", body=context["query_string"], headers=headers
)
params = oauth1.extract_non_oauth_params(b)
if len(params) != 0:
msg = _("There should not be any non-oauth parameters")
raise exception.Unauthorized(message=msg)
if req_token["consumer_id"] != consumer_id:
msg = _("provided consumer key does not match stored consumer key")
raise exception.Unauthorized(message=msg)
if req_token["verifier"] != oauth_verifier:
msg = _("provided verifier does not match stored verifier")
raise exception.Unauthorized(message=msg)
if req_token["id"] != request_token_id:
msg = _("provided request key does not match stored request key")
raise exception.Unauthorized(message=msg)
if not req_token.get("authorizing_user_id"):
msg = _("Request Token does not have an authorizing user id")
raise exception.Unauthorized(message=msg)
access_token_duration = CONF.oauth1.access_token_duration
token_ref = self.oauth_api.create_access_token(request_token_id, access_token_duration)
result = "oauth_token=%(key)s&oauth_token_secret=%(secret)s" % {
"key": token_ref["id"],
"secret": token_ref["access_secret"],
}
if CONF.oauth1.access_token_duration:
expiry_bit = "&oauth_expires_at=%s" % (token_ref["expires_at"])
result += expiry_bit
headers = [("Content-Type", "application/x-www-urlformencoded")]
response = wsgi.render_response(result, status=(201, "Created"), headers=headers)
return response
