예제 #1
0
    def __call__(self):
        """Create a request token and include its key/secret in the response.

        If the consumer key is empty or the signature doesn't match, respond
        with a 401 status.  If the key is not empty but there's no consumer
        with it, we register a new consumer.
        """
        form = get_oauth_authorization(self.request)
        consumer_key = form.get('oauth_consumer_key')
        if not consumer_key:
            self.request.unauthorized(OAUTH_CHALLENGE)
            return u''

        consumer_set = getUtility(IOAuthConsumerSet)
        consumer = consumer_set.getByKey(consumer_key)
        if consumer is None:
            consumer = consumer_set.new(key=consumer_key)

        if not check_oauth_signature(self.request, consumer, None):
            return u''

        token = consumer.newRequestToken()
        if self.request.headers.get('Accept') == HTTPResource.JSON_TYPE:
            # Don't show the client the DESKTOP_INTEGRATION access
            # level. If they have a legitimate need to use it, they'll
            # already know about it.
            permissions = [
                permission for permission in OAuthPermission.items
                if (permission != OAuthPermission.DESKTOP_INTEGRATION)
                ]
            return self.getJSONRepresentation(
                permissions, token, include_secret=True)
        return u'oauth_token=%s&oauth_token_secret=%s' % (
            token.key, token.secret)
예제 #2
0
    def __call__(self):
        """Create an access token and respond with its key/secret/context.

        If the consumer is not registered, the given token key doesn't exist
        (or is not associated with the consumer), the signature does not match
        or no permission has been granted by the user, respond with a 401.
        """
        form = self.request.form
        consumer = getUtility(IOAuthConsumerSet).getByKey(
            form.get('oauth_consumer_key'))

        if consumer is None:
            self.request.unauthorized(OAUTH_CHALLENGE)
            return u''

        token = consumer.getRequestToken(form.get('oauth_token'))
        if token is None:
            self.request.unauthorized(OAUTH_CHALLENGE)
            return u'No request token specified.'

        if not check_oauth_signature(self.request, consumer, token):
            return u'Invalid OAuth signature.'

        if not token.is_reviewed:
            self.request.unauthorized(OAUTH_CHALLENGE)
            return (
                u"Request token has not yet been reviewed. Try again later.")

        if token.permission == OAuthPermission.UNAUTHORIZED:
            return self._set_status_and_error(
                'End-user refused to authorize request token.')

        try:
            access_token = token.createAccessToken()
        except OAuthValidationError as e:
            return self._set_status_and_error(e)

        context_name = None
        if access_token.context is not None:
            context_name = access_token.context.name
        body = u'oauth_token=%s&oauth_token_secret=%s&lp.context=%s' % (
            access_token.key, access_token.secret, context_name)
        return body