def _getOAuthRequest(self, http_method, method, parameters={}, headers={}): if http_method == 'POST': url = self.getUrl(method, {}) else: url = self.getUrl(method, parameters) token = oauth.OAuthToken(self.client['tkey'], self.client['tsec']) oauth_request = oauth.OAuthRequest.from_consumer_and_token( self.consumer, token=token, http_method=http_method, http_url=url, parameters=parameters) oauth_request.sign_request(self.signature_method, self.consumer, token) headers.update(oauth_request.to_header()) if http_method == 'POST': headers['Content-Type'] = 'application/x-www-form-urlencoded' postdata = '&'.join(['%s=%s' % (oauth.escape(oauth._utf8_str(k)), oauth.escape(oauth._utf8_str(v))) \ for k, v in oauth_request.parameters.iteritems()]) else: postdata = "" return url, postdata, headers
def create_hmac_hash(request, params, oauth_token_secret): """ hmac_hash生成 """ message = create_message(request, params) shared_key = '%s&%s' % (oauth.escape( settings.CONSUMER_SECRET), oauth.escape(oauth_token_secret)) OutputLog.debug('shared_key: %s' % shared_key) hashed = hmac.new(shared_key, message, hashlib.sha1) return hashed.digest()
def getUrl(self, method, parameters={}): if parameters: encoded_params = "?" + ("&".join([ "%s=%s" % (oauth.escape(k), oauth.escape(v)) for k, v in parameters.iteritems() ])) else: encoded_params = "" return 'http://%s/api/%s%s' % (self.app['host'], method, encoded_params)
def create_hmac_hash(request, params, oauth_token_secret): """ hmac_hash生成 """ message = create_message(request, params) shared_key = '%s&%s' % (oauth.escape(settings.CONSUMER_SECRET), oauth.escape(oauth_token_secret)) OutputLog.debug('shared_key: %s' % shared_key) hashed = hmac.new(shared_key, message, hashlib.sha1) return hashed.digest()
def create_hmac_hash(request, params, oauth_token_secret): """ create_hmac_hash """ Log.debug("[Method] create_hmac_hash") message = create_message(request, params) shared_key = '%s&%s' % (oauth.escape( settings.CONSUMER_SECRET), oauth.escape(oauth_token_secret)) hashed = hmac.new(shared_key, message, hashlib.sha1) return hashed.digest()
def create_hmac_hash(request, params, oauth_token_secret): """ create_hmac_hash """ Log.debug("[Method] create_hmac_hash") message = create_message(request, params) shared_key = '%s&%s' % (oauth.escape(settings.CONSUMER_SECRET), oauth.escape(oauth_token_secret)) hashed = hmac.new(shared_key, message, hashlib.sha1) return hashed.digest()
def create_message(request, params): """ create_message """ host = request.get_host() host = host.split(',')[0] base_url = request.is_secure() and 'https://' or 'http://' + host + request.path oauth_request = OAuthRequestWithDupKey( request.method, base_url, params) message = '&'.join(( oauth.escape(oauth_request.get_normalized_http_method()), oauth.escape(oauth_request.get_normalized_http_url()), oauth.escape(oauth_request.get_normalized_parameters()))) return message
def fetch_request_token(self, oauth_consumer, oauth_callback): if oauth_consumer.key != self.consumer.key: raise OAuthError('Consumer key does not match.') # OAuth 1.0a: if there is a callback, check its validity callback = None callback_confirmed = False if oauth_callback: if oauth_callback != OUT_OF_BAND: if check_valid_callback(oauth_callback): callback = oauth_callback callback_confirmed = True else: raise OAuthError('Invalid callback URL.') try: resource = Resource.objects.get(name=self.scope) except: raise OAuthError('Resource %s does not exist.' % escape(self.scope)) self.request_token = Token.objects.create_token( consumer=self.consumer, token_type=Token.REQUEST, timestamp=self.timestamp, resource=resource, callback=callback, callback_confirmed=callback_confirmed) return self.request_token
def fetch_request_token(self, oauth_consumer, oauth_callback): if oauth_consumer.key != self.consumer.key: raise OAuthError('Consumer key does not match.') # OAuth 1.0a: if there is a callback, check its validity callback = None callback_confirmed = False if oauth_callback: if oauth_callback != OUT_OF_BAND: if check_valid_callback(oauth_callback): callback = oauth_callback callback_confirmed = True else: raise OAuthError('Invalid callback URL.') try: resource = Resource.objects.get(name=self.scope) except: raise OAuthError('Resource %s does not exist.' % escape(self.scope)) self.request_token = Token.objects.create_token(consumer=self.consumer, token_type=Token.REQUEST, timestamp=self.timestamp, resource=resource, callback=callback, callback_confirmed=callback_confirmed) return self.request_token
def request_to_header(request, realm=''): """Serialize as a header for an HTTPAuth request.""" auth_header = 'OAuth realm="%s"' % realm if request.parameters: for k, v in request.parameters.iteritems(): if k.startswith('oauth_') or k.startswith('x_auth_'): auth_header += ', %s="%s"' % (k, oauth.escape(str(v))) return {'Authorization': auth_header}
def create_hmac_hash(request, params, oauth_token_secret): """ create_hmac_hash """ message = create_message(request, params) shared_key = oauth.escape(oauth_token_secret) hashed = hmac.new(shared_key, message, hashlib.sha1) return hashed.digest()
def create_message(request, params): """ create_message """ Log.debug("[Method] create_message") host = request.get_host() host = host.split(',')[0] base_url = request.is_secure( ) and 'https://' or 'http://' + host + request.path oauth_request = Request2(request.method, base_url, params) message = '&'.join(( oauth.escape(oauth_request.get_normalized_http_method()), oauth.escape(oauth_request.get_normalized_http_url()), oauth.escape(oauth_request.get_normalized_parameters()), )) return message
def get_normalized_parameters(self): """Return a string that contains the parameters that must be signed.""" params = self.parameters try: # Exclude the signature if it exists. del params['oauth_signature'] except: pass # Escape key values before sorting. key_values = [] for k, values in params.iterlists(): for v in values: key_values.append((escape(_utf8_str(k)), escape(_utf8_str(v)))) # Sort lexicographically, first after key, then after value. key_values.sort() # Combine key value pairs into a string. return '&'.join(['%s=%s' % (k, v) for k, v in key_values])
def fetch_request_token(self, oauth_consumer): if oauth_consumer.key == self.consumer.key: try: resource = Resource.objects.get(name=self.scope) except: raise OAuthError("Resource %s does not exist." % escape(self.scope)) self.request_token = Token.objects.create_token( consumer=self.consumer, token_type=Token.REQUEST, timestamp=self.timestamp, resource=resource ) return self.request_token raise OAuthError("Consumer key does not match.")
def _getOAuthRequest(self, http_method, method, parameters={}, headers={}): if http_method == 'POST': url = self.getUrl(method, {}) else: url = self.getUrl(method, parameters) token = oauth.OAuthToken(self.client['tkey'], self.client['tsec']) oauth_request = oauth.OAuthRequest.from_consumer_and_token(self.consumer, token=token, http_method=http_method, http_url=url, parameters=parameters) oauth_request.sign_request(self.signature_method, self.consumer, token) headers.update(oauth_request.to_header()) if http_method == 'POST': headers['Content-Type'] = 'application/x-www-form-urlencoded' postdata = '&'.join(['%s=%s' % (oauth.escape(oauth._utf8_str(k)), oauth.escape(oauth._utf8_str(v))) \ for k, v in oauth_request.parameters.iteritems()]) else: postdata = "" return url, postdata, headers
def create_message(request, params): """ create_message """ host = request.get_host() host = host.split(',')[0] http_head = request.is_secure() and 'https://' or 'http://' base_url = http_head + host + request.path OutputLog.debug('base_url: %s' % base_url) oauth_request = Request2(request.method, base_url, params) message = '&'.join(( oauth.escape(oauth_request.get_normalized_http_method()), oauth.escape(oauth_request.get_normalized_http_url()), oauth.escape(oauth_request.get_normalized_parameters()), )) OutputLog.debug("message: %s" % message) return message
def fetch_request_token(self, oauth_consumer): if oauth_consumer.key == self.consumer.key: try: resource = Resource.objects.get(name=self.scope) except: raise OAuthError('Resource %s does not exist.' % escape(self.scope)) self.request_token = Token.objects.create_token(consumer=self.consumer, token_type=Token.REQUEST, timestamp=self.timestamp, resource=resource) return self.request_token raise OAuthError('Consumer key does not match.')
def get_normalized_parameters(self): """Return a string that contains the parameters that must be signed.""" params = self.parameters try: # Exclude the signature if it exists. del params['oauth_signature'] except: pass # Escape key values before sorting. key_values = [] for key, value in params.iteritems(): if isinstance(value, basestring): esc_value = escape(_utf8_str(value)) esc_key = escape(_utf8_str(key)) key_values.append((esc_key, esc_value)) else: try: esc_value = escape(_utf8_str(value)) esc_key = escape(_utf8_str(key)) list(value) except TypeError, error: assert 'is not iterable' in str(error) key_values.append((esc_key, esc_value)) else: key_values.extend( (escape(_utf8_str(key)), escape(_utf8_str(item) ) if isinstance(item, basestring) else item) for item in value)
def get_normalized_parameters(self): """ Return a string that contains the parameters that must be signed. """ Log.debug("[Method] get_normalized_parameters") params = self.parameters try: # Exclude the signature if it exists. del params['oauth_signature'] except: pass # Escape key values before sorting. key_values = [] for key, value in params.iteritems(): if isinstance(key, basestring) and not _is_post_values_key(key): key_values.append( (escape(_utf8_str(key)), escape(_utf8_str(value)))) else: try: value = list(value) except TypeError, e: assert 'is not iterable' in str(e) key_values.append( (escape(_utf8_str(key)), escape(_utf8_str(value)))) else: if _is_post_values_key(key): key = _remove_post_values_key(key) key_values.extend( (escape(_utf8_str(key)), escape(_utf8_str(item) ) if isinstance(item, basestring) else item) for item in value)
def get_normalized_parameters(self): """ Return a string that contains the parameters that must be signed. """ Log.debug("[Method] get_normalized_parameters") params = self.parameters try: # Exclude the signature if it exists. del params['oauth_signature'] except: pass # Escape key values before sorting. key_values = [] for key, value in params.iteritems(): if isinstance(key, basestring) and not _is_post_values_key(key): key_values.append((escape(_utf8_str(key)), escape(_utf8_str(value)))) else: try: value = list(value) except TypeError, e: assert 'is not iterable' in str(e) key_values.append((escape(_utf8_str(key)), escape(_utf8_str(value)))) else: if _is_post_values_key(key): key = _remove_post_values_key(key) key_values.extend((escape(_utf8_str(key)), escape(_utf8_str(item)) if isinstance(item, basestring) else item) for item in value)
def get_normalized_parameters(self): """Return a string that contains the parameters that must be signed.""" params = self.parameters try: # Exclude the signature if it exists. del params['oauth_signature'] except: pass # Escape key values before sorting. key_values = [] for key, value in params.iteritems(): if isinstance(value, basestring): esc_value = escape(_utf8_str(value)) esc_key = escape(_utf8_str(key)) key_values.append((esc_key, esc_value)) else: try: esc_value = escape(_utf8_str(value)) esc_key = escape(_utf8_str(key)) list(value) except TypeError, error: assert 'is not iterable' in str(error) key_values.append((esc_key, esc_value)) else: key_values.extend((escape(_utf8_str(key)), escape(_utf8_str(item)) if isinstance(item, basestring) else item) for item in value)
def create_message(request, params): """ create_message """ host = request.get_host() host = host.split(',')[0] http_head = request.is_secure() and 'https://' or 'http://' base_url = http_head + host + request.path OutputLog.debug('base_url: %s' % base_url) oauth_request = Request2( request.method, base_url, params) message = '&'.join(( oauth.escape(oauth_request.get_normalized_http_method()), oauth.escape(oauth_request.get_normalized_http_url()), oauth.escape(oauth_request.get_normalized_parameters()), )) OutputLog.debug("message: %s" % message) return message
def fetch_request_token(self, oauth_consumer, oauth_callback): if oauth_consumer.key != self.consumer.key: raise OAuthError('Consumer key does not match.') # OAuth 1.0a: if there is a callback, check its validity callback = None # tom c changed... call back confirmed is supposed to be true # callback_confirmed = False callback_confirmed = True if oauth_callback: if oauth_callback != OUT_OF_BAND: if check_valid_callback(oauth_callback): callback = oauth_callback else: # tom c callback_confirmed = False raise OAuthError('Invalid callback URL.') # tom c - changed... Resource used to represent a specific scope # with xapi scopes could be many.. using resource as a holder of # many scopes if self.scope: scope = self.scope else: scope = self.consumer.default_scopes # lou w - Make sure a valid scope(s) is supplied scope_list = scope.split(",") for x in scope_list: if not x in OAUTH_SCOPES: raise OAuthError('Resource %s is not allowed.' % escape(self.scope)) # lou w - save as scope instead of resource self.request_token = Token.objects.create_token( consumer=self.consumer, token_type=Token.REQUEST, timestamp=self.timestamp, scope=scope, callback=callback, callback_confirmed=callback_confirmed) return self.request_token
def fetch_request_token(self, oauth_consumer, oauth_callback): if oauth_consumer.key != self.consumer.key: raise OAuthError('Consumer key does not match.') # OAuth 1.0a: if there is a callback, check its validity callback = None # tom c changed... call back confirmed is supposed to be true # callback_confirmed = False callback_confirmed = True if oauth_callback: if oauth_callback != OUT_OF_BAND: if check_valid_callback(oauth_callback): callback = oauth_callback else: # tom c callback_confirmed = False raise OAuthError('Invalid callback URL.') # tom c - changed... Resource used to represent a specific scope # with xapi scopes could be many.. using resource as a holder of # many scopes if self.scope: scope = self.scope else: scope = self.consumer.default_scopes # lou w - Make sure a valid scope(s) is supplied scope_list = scope.split(",") for x in scope_list: if not x in OAUTH_SCOPES: raise OAuthError('Resource %s is not allowed.' % escape(self.scope)) # lou w - save as scope instead of resource self.request_token = Token.objects.create_token(consumer=self.consumer, token_type=Token.REQUEST, timestamp=self.timestamp, scope=scope, callback=callback, callback_confirmed=callback_confirmed) return self.request_token
def getUrl(self, method, parameters={}): if parameters: encoded_params = "?" + ("&".join(["%s=%s" % (oauth.escape(k), oauth.escape(v)) for k,v in parameters.iteritems()])) else: encoded_params = "" return '%s://%s/api/%s%s' % (self.protocol, self.app['host'], method, encoded_params)