def api_access_token(request):
session = DBSession()
if (not request.logged_in):
request.session.flash(_("You must be logged in."))
return HTTPFound(location = route_url("home", request))
consumer = ConsumerKeySecret.getByUserID(request.logged_in)
if (not consumer):
return HTTPFound(location = route_url("api_request_key", request))
token = Token.getByConsumerID(consumer.id)
if (not token):
request.session.flash(_("Attempt to retrieve an access token that does not belong to you."))
return HTTPFound(location = route_url("home", request))
return dict(title = _("Your token and token secret"), token = token.token, token_secret = token.token_secret)
def api_request_token(request):
session = DBSession()
auth_header = {}
matchdict = request.matchdict
appType = matchdict.get("appType", False)
if ('Authorization' in request.headers):
auth_header = {'Authorization': request.headers['Authorization']}
req = oauth2.Request.from_request(
request.method,
request.url,
headers = auth_header,
parameters = dict([(k,v) for k,v in request.params.iteritems()]))
consumer = ConsumerKeySecret.getByConsumerKey(req.get("oauth_consumer_key"))
#if (request.logged_in != consumer.id):
# request.session.flash(_("You are trying to request a token using credentials that do not belong to you."))
# return HTTPForbidden(location = route_url("home", request))
try:
oauth_server.verify_request(req, consumer, None)
# Check that this user doesn't already have an access token
consumerToken = Token.getByConsumerID(consumer.id)
if consumerToken:
if (consumerToken.token_type == consumerToken.ACCESS):
return Response(simplejson.dumps({'result': route_url('api_access_token', request)}))
elif (consumerToken.token_type == consumerToken.AUTHORIZATION):
# TODO
# Check that the token hasn't already expired
token = oauth2.Token(consumerToken.token, consumerToken.token_secret)
if (appType == "android"):
return Response(token.to_string())
else:
return Response(simplejson.dumps({'result': route_url('api_authorize_token', request, appType = appType) + '?' + token.to_string()}))
nonce = ConsumerNonce.getByNonce(req.get("oauth_nonce"))
if (nonce):
return simplejson.dumps({"error": "Nonce is already registered for an authorization token; please generate another request token, or wait five minutes and try again."})
else:
nonce = ConsumerNonce()
nonce.consumer_id = consumer.id
nonce.timestamp = req.get("oauth_timestamp")
nonce.nonce = req.get("oauth_nonce")
session.add(nonce)
randomData = hashlib.sha1(str(random.random())).hexdigest()
key = generateRandomKey()
secret = generateRandomKey()
token = oauth2.Token(key, secret)
token.callback_confirmed = True
tokenData = Token()
tokenData.token = key
tokenData.token_secret = secret
tokenData.consumer_id = consumer.id
tokenData.timestamp = time.time()
tokenData.callback_url = req.get("oauth_callback")
tokenData.setAuthorizationType()
session.add(tokenData)
if (appType == "android"):
return Response(token.to_string())
elif (appType == "desktop"):
result = {'result': route_url('api_authorize_token', request, appType = appType) + '?' + token.to_string()}
return Response(simplejson.dumps(result))
except oauth2.Error, e:
return Response(simplejson.dumps({"oauth2 error": str(e)}))
