def authorize_token(): try: oauth_server, oauth_request = initialize_server_request(request) if oauth_server is None: raise OAuthError('Invalid request parameters.') # get the request token token = oauth_server.fetch_request_token(oauth_request) oauth_map = OAuthMap.get_from_request_token(token.key_) if not oauth_map: raise OAuthError("Unable to find oauth_map from request token " "during authorization.") # Get user from oauth map using either FB or Google access token user_data = oauth_map.get_user_data() if not user_data: raise OAuthError("User not logged in during authorize_token " "process.") # For now we don't require user intervention to authorize our tokens, # since the user already authorized FB/Google. If we need to do this # for security reasons later, there's no reason we can't. token = oauth_server.authorize_token(token, user_data.user) oauth_map.verifier = token.verifier oauth_map.put() return custom_scheme_redirect( oauth_map.callback_url_with_request_token_params( include_verifier=True)) except OAuthError, e: return oauth_error_response(e)
def access_token(): oauth_server, oauth_request = initialize_server_request(request) if oauth_server is None: return oauth_error_response(OAuthError('Invalid request parameters.')) try: # Create our access token token = oauth_server.fetch_access_token(oauth_request) if not token: return oauth_error_response(OAuthError("Cannot find corresponding " "access token.")) # Grab the mapping of access tokens to our identity providers oauth_map = OAuthMap.get_from_request_token( oauth_request.get_parameter("oauth_token")) if not oauth_map: return oauth_error_response(OAuthError("Cannot find oauth mapping " "for request token.")) oauth_map.access_token = token.key_ oauth_map.access_token_secret = token.secret oauth_map.put() except OAuthError, e: return oauth_error_response(e)
def test_post_using_auth_in_body_content_type_and_application_x_www_form_urlencoded(self): """Opposite of test_that_initialize_server_request_when_custom_content_type, If content type is application/x-www-form-urlencoded, post data should be added to params, and it affects signature """ self._request_token() self._authorize_and_access_token_using_form() data={"foo": "bar"} content_type = "application/x-www-form-urlencoded" querystring = self.__make_querystring_with_HMAC_SHA1("POST", "/path/to/post", data, content_type) #we're just using the request, don't bother faking sending it rf = RequestFactory() request = rf.post(querystring, urllib.urlencode(data), content_type) #this is basically a "remake" of the relevant parts of OAuthAuthentication in django-rest-framework oauth_request = utils.get_oauth_request(request) consumer_key = oauth_request.get_parameter('oauth_consumer_key') consumer = oauth_provider_store.get_consumer(request, oauth_request, consumer_key) token_param = oauth_request.get_parameter('oauth_token') token = oauth_provider_store.get_access_token(request, oauth_request, consumer, token_param) oauth_server, oauth_request = utils.initialize_server_request(request) #check that this does not throw an oauth.Error oauth_server.verify_request(oauth_request, consumer, token)
def authorize_token(): try: oauth_server, oauth_request = initialize_server_request(request) if oauth_server is None: raise OAuthError('Invalid request parameters.') # get the request token token = oauth_server.fetch_request_token(oauth_request) oauth_map = OAuthMap.get_from_request_token(token.key_) if not oauth_map: raise OAuthError("Unable to find oauth_map from request token " "during authorization.") # Get user from oauth map using either FB or Google access token user_data = oauth_map.get_user_data() if not user_data: raise OAuthError("User not logged in during authorize_token " "process.") # For now we don't require user intervention to authorize our tokens, # since the user already authorized FB/Google. If we need to do this # for security reasons later, there's no reason we can't. token = oauth_server.authorize_token(token, user_data.user) oauth_map.verifier = token.verifier oauth_map.put() return custom_scheme_redirect( oauth_map.callback_url_with_request_token_params( include_verifier=True)) except OAuthError, e: return oauth_error_response(e)
def access_token(): oauth_server, oauth_request = initialize_server_request(request) if oauth_server is None: return oauth_error_response(OAuthError('Invalid request parameters.')) try: # Create our access token token = oauth_server.fetch_access_token(oauth_request) if not token: return oauth_error_response( OAuthError("Cannot find corresponding " "access token.")) # Grab the mapping of access tokens to our identity providers oauth_map = OAuthMap.get_from_request_token( oauth_request.get_parameter("oauth_token")) if not oauth_map: return oauth_error_response( OAuthError("Cannot find oauth mapping " "for request token.")) oauth_map.access_token = token.key_ oauth_map.access_token_secret = token.secret oauth_map.put() except OAuthError, e: return oauth_error_response(e)
def test_that_initialize_server_request_when_custom_content_type(self): """Chceck if post data is not included in params when constent type is not application/x-www-form-urlencoded. It would cause problems only when signature method is HMAC-SHA1 """ data = json.dumps({"data": {"foo": "bar"}}) content_type = "application/json" querystring = self._make_querystring_with_HMAC_SHA1("POST", "/path/to/post", data, content_type) #we're just using the request, don't bother faking sending it rf = RequestFactory() request = rf.post(querystring, data, content_type) #this is basically a "remake" of the relevant parts of OAuthAuthentication in django-rest-framework oauth_request = utils.get_oauth_request(request) consumer_key = oauth_request.get_parameter('oauth_consumer_key') consumer = oauth_provider_store.get_consumer(request, oauth_request, consumer_key) token_param = oauth_request.get_parameter('oauth_token') token = oauth_provider_store.get_access_token(request, oauth_request, consumer, token_param) oauth_server, oauth_request = utils.initialize_server_request(request) #check that this does not throw an oauth.Error oauth_server.verify_request(oauth_request, consumer, token)
def test_that_initialize_server_request_when_custom_content_type(self): """Chceck if post data is not included in params when constent type is not application/x-www-form-urlencoded. It would cause problems only when signature method is HMAC-SHA1 """ data = json.dumps({"data": {"foo": "bar"}}) content_type = "application/json" querystring = self.__make_querystring_with_HMAC_SHA1("POST", "/path/to/post", data, content_type) #we're just using the request, don't bother faking sending it rf = RequestFactory() request = rf.post(querystring, data, content_type) #this is basically a "remake" of the relevant parts of OAuthAuthentication in django-rest-framework oauth_request = utils.get_oauth_request(request) consumer_key = oauth_request.get_parameter('oauth_consumer_key') consumer = oauth_provider_store.get_consumer(request, oauth_request, consumer_key) token_param = oauth_request.get_parameter('oauth_token') token = oauth_provider_store.get_access_token(request, oauth_request, consumer, token_param) oauth_server, oauth_request = utils.initialize_server_request(request) #check that this does not throw an oauth.Error oauth_server.verify_request(oauth_request, consumer, token)
def test_post_using_auth_in_body_content_type_and_application_x_www_form_urlencoded(self): """Opposite of test_that_initialize_server_request_when_custom_content_type, If content type is application/x-www-form-urlencoded, post data should be added to params, and it affects signature """ self._request_token() self._authorize_and_access_token_using_form() data = {"foo": "bar"} content_type = "application/x-www-form-urlencoded" querystring = self._make_querystring_with_HMAC_SHA1("POST", "/path/to/post", data, content_type) #we're just using the request, don't bother faking sending it rf = RequestFactory() request = rf.post(querystring, urllib.urlencode(data), content_type) # this is basically a "remake" of the relevant parts of # OAuthAuthentication in django-rest-framework oauth_request = utils.get_oauth_request(request) consumer_key = oauth_request.get_parameter('oauth_consumer_key') consumer = oauth_provider_store.get_consumer(request, oauth_request, consumer_key) token_param = oauth_request.get_parameter('oauth_token') token = oauth_provider_store.get_access_token(request, oauth_request, consumer, token_param) oauth_server, oauth_request = utils.initialize_server_request(request) #check that this does not throw an oauth.Error oauth_server.verify_request(oauth_request, consumer, token)
def access_token(): oauth_server, oauth_request = initialize_server_request(request) if oauth_server is None: return oauth_error_response(OAuthError('Invalid request parameters.')) try: # Create our access token token = oauth_server.fetch_access_token(oauth_request) if not token: return oauth_error_response(OAuthError("Cannot find corresponding access token.")) # Grab the mapping of access tokens to our identity providers oauth_map = OAuthMap.get_from_request_token(oauth_request.get_parameter("oauth_token")) if not oauth_map: return oauth_error_response(OAuthError("Cannot find oauth mapping for request token.")) oauth_map.access_token = token.key_ oauth_map.access_token_secret = token.secret oauth_map.put() # Flush the "apply phase" of the above put() to ensure that subsequent # retrievals of this OAuthmap returns fresh data. GAE's HRD can # otherwise take a second or two to propagate the data, and the # client may use the access token quicker than that. oauth_map = OAuthMap.get(oauth_map.key()) except OAuthError, e: return oauth_error_response(e)
def request_token(): oauth_server, oauth_request = initialize_server_request(request) if oauth_server is None: return oauth_error_response(OAuthError('Invalid request parameters.')) try: # Create our request token token = oauth_server.fetch_request_token(oauth_request) except OAuthError, e: return oauth_error_response(e)
def request_token(): oauth_server, oauth_request = initialize_server_request(request) if oauth_server is None: return oauth_error_response(OAuthError('Invalid request parameters.')) try: # Create our request token token = oauth_server.fetch_request_token(oauth_request) except OAuthError, e: return oauth_error_response(e)
def oauth_authorize_wrapper(request): """Wraps the actual oauth user_authorization view, providing for a mechanism for the user to cancel the request.""" if request.POST: if request.POST.get('cancel', False): oauth_server, oauth_request = initialize_server_request(request) try: token = oauth_server.fetch_request_token(oauth_request) except OAuthError, err: return send_oauth_error(err) application = get_object_or_404(OAuthApplication, consumer=token.consumer) context = {'oauth_token':token.key, 'application':application} return render_to_response('oauth_authorize_denied.html', context_instance=RequestContext(request, context))
def validate_token(request): # Creates the oauth server and request. Verifies the request against server oauth_server, oauth_request = initialize_server_request(request) return oauth_server.verify_request(oauth_request)
def validate_token(request): oauth_server, oauth_request = initialize_server_request(request) return oauth_server.verify_request(oauth_request)