def compute_from_request(request): """ Computes the signature based on the data stored in request object. """ verb = request.method absolute_uri = request.build_absolute_uri() uri = NormalizedUri(absolute_uri, request.META).get_uri() try: timestamp = search_key(request.META, request.GET, 'timestamp') consumer_key = search_key(request.META, request.GET, 'consumer_key') nonce = None if config('nonce'): nonce = search_key(request.META, request.GET, 'nonce') except KeyNotFound: raise _AuthException("Invalid Request. Some arguments are missing.") # A request is timedout if its life is longer than the value specified # in API_AUTH_TIMEOUT. try: if int(time.time()) > int(timestamp) + config('timeout'): raise _AuthException("The request has timed out. " "Expected timestamp: %s." % int(time.time())) except ValueError: raise _AuthException("Invalid timestamp format. Must be integer.") body = request.body consumer = Consumer(consumer_key) secret = consumer.get_secret_key() signature = Signature.compute_signature(secret, verb, uri, timestamp, consumer_key, body, nonce) return Signature(signature)
def setUp(self): # Reuse the consumer from piston for the tests settings.API_AUTH_FIELDS = utils.config('fields').copy() settings.API_AUTH_APP = "piston" settings.API_AUTH_MODEL = "consumer" self.c = utils.consumer_model().objects.create( name = "Test", key = "consumer1", secret = "secret1")
def validate_nonce(self, nonce): """ A nonce is invalid if it was already used by a consumer more than once in a timeframe smaller than API-AUTH-TIMEOUT. In case API_AUTH_NONCE is False we don't use nonces. """ # Check to see if nonces are activated. if not config('nonce'): return try: Nonce.valid.get(consumer_key=self.consumer_key, value=nonce) # If the object already exists it's invalid. raise _AuthException("Nonce %s already exists." % nonce) except Nonce.DoesNotExist: # If the nonce is unique for this timeframe, create one. Nonce.objects.create(consumer_key=self.consumer_key, value=nonce)
def get_secret_key(self): """ Queries the database to find the secret key for this consumer. """ fields = config('fields') ConsumerModel = consumer_model() query = {fields['consumer_key']: self.consumer_key} try: q = ConsumerModel.objects.values(fields['consumer_secret']) consumer_secret = q.get(**query) except FieldError: raise _AuthException("Invalid database fields.") except ConsumerModel.DoesNotExist: raise _AuthException("Invalid consumer key: %s." % self.consumer_key) except ConsumerModel.MultipleObjectsReturned: raise _AuthException( "Invalid database. " "Consumer keys are not unique: %s." % self.consumer_key ) return consumer_secret[fields['consumer_secret']]
def time_limit(): timestamp_limit = time.time() - config("timeout") return datetime.datetime.fromtimestamp(timestamp_limit)
def check_nonce(self, meta, get, consumer_key): if config('nonce'): nonce = search_key(meta, get, 'nonce') consumer = Consumer(consumer_key) consumer.validate_nonce(nonce)