def fetch_request_token(self, oauth_consumer, oauth_callback):
if oauth_consumer.key != self.consumer.key:
raise OAuthError('Consumer key does not match.')
# OAuth 1.0a: if there is a callback, check its validity
callback = None
callback_confirmed = False
if oauth_callback:
if oauth_callback != OUT_OF_BAND:
if check_valid_callback(oauth_callback):
callback = oauth_callback
callback_confirmed = True
else:
raise OAuthError('Invalid callback URL.')
try:
resource = Resource.objects.get(name=self.scope)
except:
raise OAuthError('Resource %s does not exist.' %
escape(self.scope))
self.request_token = Token.objects.create_token(
consumer=self.consumer,
token_type=Token.REQUEST,
timestamp=self.timestamp,
resource=resource,
callback=callback,
callback_confirmed=callback_confirmed)
return self.request_token
def fetch_request_token(self, oauth_consumer):
if oauth_consumer.key == self.consumer.key:
try:
resource = Resource.objects.get(name=self.scope)
except:
raise OAuthError('Resource %s does not exist.' % escape(self.scope))
self.request_token = Token.objects.create_token(consumer=self.consumer,
token_type=Token.REQUEST,
timestamp=self.timestamp,
resource=resource)
return self.request_token
raise OAuthError('Consumer key does not match.')
class CheckOAuth(object):
"""
Class that checks that the OAuth parameters passes the given test, raising
an OAuth error otherwise. If the test is passed, the view function
is invoked.
We use a class here so that we can define __get__. This way, when a
CheckOAuth object is used as a method decorator, the view function
is properly bound to its instance.
"""
def __init__(self, request):
self.request = request
self.view_func = view_func
# lou w - name scope instead of resource
self.scopes = resource_name
update_wrapper(self, request)
def __get__(self, obj, cls=None):
return CheckOAuth(request)
def __call__(self, request):
if self.is_valid_request(request):
try:
consumer, token, parameters = self.validate_token(request)
except OAuthError, e:
return send_oauth_error(e)
# lou w - changed to check token scope and self scope instead of resource
if self.scopes and token.scope != self.scopes:
return send_oauth_error(
OAuthError(
_('You are not allowed to access this resource.')))
elif consumer and token:
return self.view_func(request, *args, **kwargs)
return send_oauth_error(OAuthError(_('Invalid request parameters.')))
def authorize_request_token(self, oauth_token, user):
if oauth_token.key == self.request_token.key:
# authorize the request token in the store
self.request_token.is_approved = True
self.request_token.user = user
self.request_token.save()
return self.request_token
raise OAuthError('Token key does not match.')
def fetch_request_token(self, oauth_consumer, oauth_callback):
if oauth_consumer.key != self.consumer.key:
raise OAuthError('Consumer key does not match.')
# OAuth 1.0a: if there is a callback, check its validity
callback = None
# tom c changed... call back confirmed is supposed to be true
# callback_confirmed = False
callback_confirmed = True
if oauth_callback:
if oauth_callback != OUT_OF_BAND:
if check_valid_callback(oauth_callback):
callback = oauth_callback
else:
# tom c
callback_confirmed = False
raise OAuthError('Invalid callback URL.')
# tom c - changed... Resource used to represent a specific scope
# with xapi scopes could be many.. using resource as a holder of
# many scopes
if self.scope:
scope = self.scope
else:
scope = self.consumer.default_scopes
# lou w - Make sure a valid scope(s) is supplied
scope_list = scope.split(",")
for x in scope_list:
if not x in OAUTH_SCOPES:
raise OAuthError('Resource %s is not allowed.' %
escape(self.scope))
# lou w - save as scope instead of resource
self.request_token = Token.objects.create_token(
consumer=self.consumer,
token_type=Token.REQUEST,
timestamp=self.timestamp,
scope=scope,
callback=callback,
callback_confirmed=callback_confirmed)
return self.request_token
def fetch_access_token(self, oauth_consumer, oauth_token):
if oauth_consumer.key == self.consumer.key \
and oauth_token.key == self.request_token.key \
and self.request_token.is_approved:
self.access_token = Token.objects.create_token(consumer=self.consumer,
token_type=Token.ACCESS,
timestamp=self.timestamp,
user=self.request_token.user,
resource=self.request_token.resource)
return self.access_token
raise OAuthError('Consumer key or token key does not match. Make sure your request token is approved too.')
def access_token_view(self, request):
oauth_server, oauth_request = initialise_server_request(request)
if oauth_request is None:
return send_oauth_error(OAuthError('Invalid request parameters.'))
try:
token = oauth_server.fetch_access_token(oauth_request)
return HttpResponse(token.to_string())
except OAuthError, ex:
return send_oauth_error(ex)
def authorise_view(self, request):
oauth_server, oauth_request = initialise_server_request(request)
if oauth_server is None or oauth_request is None:
return send_oauth_error(OAuthError('Invalid request parameters.'))
app = oauth_server._get_consumer(oauth_request)
try:
token = oauth_server.fetch_request_token(oauth_request)
except OAuthError, ex:
return send_oauth_error(ex)
def __call__(self, request, *args, **kwargs):
if self.is_valid_request(request):
try:
consumer, token, parameters = self.validate_token(request)
except OAuthError, e:
return send_oauth_error(e)
if self.resource_name and token.resource.name != self.resource_name:
return send_oauth_error(
OAuthError(
_('You are not allowed to access this resource.')))
elif consumer and token:
return self.view_func(request, *args, **kwargs)
def authorize_request_token(self, oauth_token, user):
if oauth_token.key == self.request_token.key:
# authorize the request token in the store
self.request_token.is_approved = True
self.request_token.save()
# OAuth 1.0a: if there is a callback confirmed, we must set a verifier
if self.request_token.callback_confirmed:
self.request_token.verifier = generate_random(VERIFIER_SIZE)
self.request_token.user = user
self.request_token.save()
return self.request_token
raise OAuthError('Token key or lrs_auth_id does not match.')
def __call__(self, request):
if self.is_valid_request(request):
try:
consumer, token, parameters = self.validate_token(request)
except OAuthError, e:
return send_oauth_error(e)
# lou w - changed to check token scope and self scope instead of resource
if self.scopes and token.scope != self.scopes:
return send_oauth_error(
OAuthError(
_('You are not allowed to access this resource.')))
elif consumer and token:
return self.view_func(request, *args, **kwargs)
def __call__(self, request, *args, **kwargs):
if self.is_valid_request(request):
try:
consumer, token, parameters = self.validate_token(request)
except OAuthError, e:
return send_oauth_error(e)
if self.resource_name and token.resource.name != self.resource_name:
return send_oauth_error(OAuthError(_('You are not allowed to access this resource.')))
elif consumer and token:
form = self.form(request.REQUEST)
if form.is_valid():
return self.view(request, form, token.user)
else:
return self.invalid_form(request, form)
def fetch_access_token(self, oauth_consumer, oauth_token, oauth_verifier):
if oauth_consumer.key == self.consumer.key \
and oauth_token.key == self.request_token.key \
and self.request_token.is_approved:
# OAuth 1.0a: if there is a callback confirmed, check the verifier
if (self.request_token.callback_confirmed \
and oauth_verifier == self.request_token.verifier) \
or not self.request_token.callback_confirmed:
self.access_token = Token.objects.create_token(
consumer=self.consumer,
token_type=Token.ACCESS,
timestamp=self.timestamp,
user=self.request_token.user,
resource=self.request_token.resource)
return self.access_token
raise OAuthError('Consumer key or token key does not match. ' \
+'Make sure your request token is approved. ' \
+'Check your verifier too if you use OAuth 1.0a.')
class oauth_api_method(object):
def __init__(self, view):
update_wrapper(self, view)
self.view = view
form_name = ''.join(n.capitalize() for n in self.__name__.split('_')) + 'Form'
self.form = getattr(forms, form_name)
def __call__(self, request, *args, **kwargs):
if self.is_valid_request(request):
try:
consumer, token, parameters = self.validate_token(request)
except OAuthError, e:
return send_oauth_error(e)
if self.resource_name and token.resource.name != self.resource_name:
return send_oauth_error(OAuthError(_('You are not allowed to access this resource.')))
elif consumer and token:
form = self.form(request.REQUEST)
if form.is_valid():
return self.view(request, form, token.user)
else:
return self.invalid_form(request, form)
return send_oauth_error(OAuthError(_('Invalid request parameters.')))
from django.contrib.auth.decorators import login_required
from django.core.urlresolvers import get_callable
from django.template import RequestContext
from utils import initialize_server_request, send_oauth_error
from decorators import oauth_required
from stores import check_valid_callback
from consts import OUT_OF_BAND
from django.utils.decorators import decorator_from_middleware
from django.shortcuts import render_to_response
from lrs.forms import AuthClientForm
from lrs.models import Token
OAUTH_AUTHORIZE_VIEW = 'OAUTH_AUTHORIZE_VIEW'
OAUTH_CALLBACK_VIEW = 'OAUTH_CALLBACK_VIEW'
INVALID_PARAMS_RESPONSE = send_oauth_error(OAuthError(
_('Invalid request parameters.')))
def oauth_home(request):
rsp = """
<html><head></head><body><h1>Oauth Authorize</h1></body></html>"""
return HttpResponse(rsp)
def request_token(request):
"""
The Consumer obtains an unauthorized Request Token by asking the Service
Provider to issue a Token. The Request Token's sole purpose is to receive
User approval and can only be used to obtain an Access Token.
"""
# If oauth is not enabled, don't initiate the handshake
if settings.OAUTH_ENABLED:
oauth_server, oauth_request = initialize_server_request(request)
from django.utils.translation import ugettext as _
from oauth.oauth import OAuthError
from oauth_provider.decorators import CheckOAuth
from oauth_provider.utils import send_oauth_error
from dapi.auth import AuthBase
class AuthOAuth(AuthBase):
def check_request(self, request):
if CheckOAuth.is_valid_request(request):
try:
CheckOAuth.validate_token(request)
except OAuthError, e:
return send_oauth_error(e)
else:
return send_oauth_error(
OAuthError(_("Invalid request parameters.")))
return None
from django.conf import settings
from django.http import HttpResponse, HttpResponseRedirect
from django.utils.translation import ugettext as _
from django.contrib.auth.decorators import login_required
from django.core.urlresolvers import get_callable
from utils import initialize_server_request, send_oauth_error
from decorators import oauth_required
from stores import check_valid_callback
from consts import OUT_OF_BAND
OAUTH_AUTHORIZE_VIEW = 'OAUTH_AUTHORIZE_VIEW'
OAUTH_CALLBACK_VIEW = 'OAUTH_CALLBACK_VIEW'
INVALID_PARAMS_RESPONSE = send_oauth_error(
OAuthError(_('Invalid request parameters.')))
def request_token(request):
"""
The Consumer obtains an unauthorized Request Token by asking the Service
Provider to issue a Token. The Request Token's sole purpose is to receive
User approval and can only be used to obtain an Access Token.
"""
oauth_server, oauth_request = initialize_server_request(request)
if oauth_server is None:
return INVALID_PARAMS_RESPONSE
try:
# create a request token
token = oauth_server.fetch_request_token(oauth_request)
# return the token
