def get(self, request, token_key): token = oauth_datastore.lookup_token('request', token_key, expired_too=True) if not token: return Response({'status': 'expired'}) if token.status != 'expired' and token.created <= datetime.utcnow().replace(tzinfo = pytz.utc) - timedelta(seconds=REQUEST_TOKEN_EXPIRY): token.status = 'expired' token.save() return Response({'status': token.status})
def deauthorize(request, token_key): """Deauthorize the access token with the given access key. """ data = {} token = oauth_datastore.lookup_token('access', token_key) if not token or token.user != request.user: # TODO: nice error message return HttpResponseForbidden() if request.method == 'POST': oauth_datastore.deauthorize_access_token(token) return redirect('oauth-client-list') data['key'] = token.key return render(request, 'oauth/deauthorize.html', data)
def authorize(request): if request.method == "POST": token = oauth_datastore.lookup_token('request', request.POST.get('oauth_token')) if token is None: # TODO: nice error message return HttpResponseForbidden() if token.status != 'waiting': # TODO: nice error message return HttpResponseForbidden() if request.POST.get('confirm', '').lower() == 'true': token = oauth_server.authorize_token(token, request.user) messages.success(request, 'Your client was authorized for access.') data = {'verifier': token.verifier, 'callback': token.consumer.callback} return render(request, 'oauth/authorize_finished.html', data) else: # not confirmed is the same as denied! token = oauth_datastore.deauthorize_request_token(token, request.user) messages.success(request, 'Your client was not authorized for access.') if token.consumer.callback == 'oob': return redirect('oauth-client-list') else: return redirect(token.consumer.callback) oauth_request = oauth.OAuthRequest.from_request(request) try: # get the request token token = oauth_server.fetch_request_token(oauth_request) if token.status != 'waiting': # TODO: nice error message (check user, too!) return HttpResponseForbidden() data = {'oauth_token': token.key, } return render(request, 'oauth/authorize.html', data) except oauth.OAuthError as err: raise err