def access_token(request): """ Provides an access token based on a valid verifier and request token """ data = request.headers parsed_tokens = decode_authorization_header(data) if parsed_tokens == dict() or "oauth_token" not in parsed_tokens: error = "Missing required parameter." return json_response({"error": error}, status=400) request.resource_owner_key = parsed_tokens["oauth_consumer_key"] request.oauth_token = parsed_tokens["oauth_token"] request_validator = GMGRequestValidator(data) # Check that the verifier is valid verifier_valid = request_validator.validate_verifier( token=request.oauth_token, verifier=parsed_tokens["oauth_verifier"] ) if not verifier_valid: error = "Verifier code or token incorrect" return json_response({"error": error}, status=401) av = AccessTokenEndpoint(request_validator) tokens = av.create_access_token(request, {}) return form_response(tokens)
def wrapper(request, *args, **kwargs): data = request.headers authorization = decode_authorization_header(data) if authorization == dict(): error = "Missing required parameter." return json_response({"error": error}, status=400) request_validator = GMGRequestValidator() resource_endpoint = ResourceEndpoint(request_validator) valid, r = resource_endpoint.validate_protected_resource_request( uri=request.url, http_method=request.method, body=request.data, headers=dict(request.headers), ) if not valid: error = "Invalid oauth prarameter." return json_response({"error": error}, status=400) # Fill user if not already token = authorization[u"oauth_token"] request.access_token = AccessToken.query.filter_by(token=token).first() if request.access_token is not None and request.user is None: user_id = request.access_token.actor request.user = LocalUser.query.filter_by(id=user_id).first() return controller(request, *args, **kwargs)
def authorize(request): """ Displays a page for user to authorize """ if request.method == "POST": return authorize_finish(request) _ = pass_to_ugettext token = request.args.get("oauth_token", None) if token is None: # no token supplied, display a html 400 this time err_msg = _("Must provide an oauth_token.") return render_400(request, err_msg=err_msg) oauth_request = RequestToken.query.filter_by(token=token).first() if oauth_request is None: err_msg = _("No request token found.") return render_400(request, err_msg) if oauth_request.used: return authorize_finish(request) if oauth_request.verifier is None: orequest = GMGRequest(request) request_validator = GMGRequestValidator() auth_endpoint = AuthorizationEndpoint(request_validator) verifier = auth_endpoint.create_verifier(orequest, {}) oauth_request.verifier = verifier["oauth_verifier"] oauth_request.user = request.user.id oauth_request.save() # find client & build context client = Client.query.filter_by(id=oauth_request.client).first() authorize_form = AuthorizeForm(WTFormData({ "oauth_token": oauth_request.token, "oauth_verifier": oauth_request.verifier })) context = { "user": request.user, "oauth_request": oauth_request, "client": client, "authorize_form": authorize_form, } # AuthorizationEndpoint return render_to_response( request, "mediagoblin/api/authorize.html", context )
def access_token(request): """ Provides an access token based on a valid verifier and request token """ data = request.headers parsed_tokens = decode_authorization_header(data) if parsed_tokens == dict() or "oauth_token" not in parsed_tokens: error = "Missing required parameter." return json_response({"error": error}, status=400) request.resource_owner_key = parsed_tokens["oauth_consumer_key"] request.oauth_token = parsed_tokens["oauth_token"] request_validator = GMGRequestValidator(data) # Check that the verifier is valid verifier_valid = request_validator.validate_verifier( token=request.oauth_token, verifier=parsed_tokens["oauth_verifier"]) if not verifier_valid: error = "Verifier code or token incorrect" return json_response({"error": error}, status=401) av = AccessTokenEndpoint(request_validator) tokens = av.create_access_token(request, {}) return form_response(tokens)
def access_token(request): """ Provides an access token based on a valid verifier and request token """ data = request.headers parsed_tokens = decode_authorization_header(data) if parsed_tokens == dict() or "oauth_token" not in parsed_tokens: error = "Missing required parameter." return json_response({"error": error}, status=400) request.oauth_token = parsed_tokens["oauth_token"] request_validator = GMGRequestValidator(data) av = AccessTokenEndpoint(request_validator) tokens = av.create_access_token(request, {}) return form_response(tokens)
def request_token(request): """ Returns request token """ try: data = decode_request(request) except ValueError: error = "Could not decode data." return json_response({"error": error}, status=400) if data == "": error = "Unknown Content-Type" return json_response({"error": error}, status=400) if not data and request.headers: data = request.headers data = dict(data) # mutableifying authorization = decode_authorization_header(data) if authorization == dict() or u"oauth_consumer_key" not in authorization: error = "Missing required parameter." return json_response({"error": error}, status=400) # check the client_id client_id = authorization[u"oauth_consumer_key"] client = Client.query.filter_by(id=client_id).first() if client == None: # client_id is invalid error = "Invalid client_id" return json_response({"error": error}, status=400) # make request token and return to client request_validator = GMGRequestValidator(authorization) rv = RequestTokenEndpoint(request_validator) tokens = rv.create_request_token(request, authorization) # store the nonce & timestamp before we return back nonce = authorization[u"oauth_nonce"] timestamp = authorization[u"oauth_timestamp"] timestamp = datetime.datetime.fromtimestamp(float(timestamp)) nc = NonceTimestamp(nonce=nonce, timestamp=timestamp) nc.save() return form_response(tokens)
def wrapper(request, *args, **kwargs): data = request.headers authorization = decode_authorization_header(data) if authorization == dict(): error = "Missing required parameter." return json_response({"error": error}, status=400) request_validator = GMGRequestValidator() resource_endpoint = ResourceEndpoint(request_validator) valid, request = resource_endpoint.validate_protected_resource_request( uri=request.url, http_method=request.method, body=request.get_data(), headers=dict(request.headers), ) if not valid: error = "Invalid oauth prarameter." return json_response({"error": error}, status=400) return controller(request, *args, **kwargs)