def wrapperf(request, *args, **kwargs): user = parse_user_from_request(request) if user is not None: request.user = user return view_f(request, *args, **kwargs)
def wrapperf(request, *args, **kwargs): user = parse_user_from_request(request) or request.user if user is not None and not user.is_anonymous(): request.user = user return view_f(request, *args, **kwargs) return create_401unauthorized()
def wrapperf(request, *args, **kwargs): # Request must have signature and access_key # parameters sig = request.REQUEST.get('signature') if not sig: sig = request.META.get('HTTP_X_SIGNATURE') if not sig: return _missing_request # Signature may have had "+" changed to spaces so change them # back sig = sig.replace(' ', '+') timestamp = request.REQUEST.get('timestamp') if not timestamp: return _missing_request try: timestamp = datetime.datetime.strptime( timestamp, SIG_TIMESTAMP_FORMAT) expires = timestamp + datetime.timedelta(minutes=15) if expires < datetime.datetime.now(): return _bad_request except ValueError: return _missing_request if not sig: return _missing_request key = request.REQUEST.get('access_key') if not key: return _bad_request try: cred = APIAccessCredential.objects.get(access_key=key) except APIAccessCredential.DoesNotExist: return _bad_request if not cred.enabled: return create_401unauthorized() signed = get_signature_for_request(request, cred.secret_key) if len(signed) != len(sig): return _bad_request # Don't bail early matches = 0 for (c1, c2) in zip(sig, signed): matches = (ord(c1) ^ ord(c2)) | matches if matches == 0: if cred.user: user = cred.user else: user = parse_user_from_request(request) if require_login: if user is None or user.is_anonymous(): return create_401unauthorized() if user is None: user = AnonymousUser() request.user = user return view_f(request, *args, **kwargs) else: return _bad_request
def wrapperf(request, *args, **kwargs): # Request must have signature and access_key # parameters sig = request.REQUEST.get('signature') if not sig: sig = request.META.get('HTTP_X_SIGNATURE') if not sig: return _missing_request # Signature may have had "+" changed to spaces so change them # back sig = sig.replace(' ', '+') timestamp = request.REQUEST.get('timestamp') if not timestamp: return _missing_request try: timestamp = datetime.datetime.strptime(timestamp, SIG_TIMESTAMP_FORMAT) expires = timestamp + datetime.timedelta(minutes=15) if expires < datetime.datetime.now(): return _bad_request except ValueError: return _missing_request if not sig: return _missing_request key = request.REQUEST.get('access_key') if not key: return _bad_request try: cred = APIAccessCredential.objects.get(access_key=key) except APIAccessCredential.DoesNotExist: return _bad_request if not cred.enabled: return create_401unauthorized() signed = get_signature_for_request(request, cred.secret_key) if len(signed) != len(sig): return _bad_request # Don't bail early matches = 0 for (c1, c2) in zip(sig, signed): matches = (ord(c1) ^ ord(c2)) | matches if matches == 0: if cred.user: user = cred.user else: user = parse_user_from_request(request) if require_login: if user is None or user.is_anonymous(): return create_401unauthorized() if user is None: user = AnonymousUser() request.user = user return view_f(request, *args, **kwargs) else: return _bad_request