def verify_oauth_request(request, oauth_request, consumer, token=None):
""" Helper function to verify requests. """
from .store import get_store_singleton
# Check nonce
if not get_store_singleton().check_nonce(request, oauth_request,
oauth_request['oauth_nonce'],
oauth_request['oauth_timestamp']):
return False
# Verify request
try:
oauth_server = oauth.Server()
oauth_server.add_signature_method(oauth.SignatureMethod_HMAC_SHA1())
oauth_server.add_signature_method(oauth.SignatureMethod_PLAINTEXT())
# Ensure the passed keys and secrets are ascii, or HMAC will complain.
consumer = oauth.Consumer(consumer.key.encode('ascii', 'ignore'),
consumer.secret.encode('ascii', 'ignore'))
if token is not None:
token = oauth.Token(token.key.encode('ascii', 'ignore'),
token.secret.encode('ascii', 'ignore'))
oauth_server.verify_request(oauth_request, consumer, token)
except oauth.Error as err:
return False
return True
def _make_querystring_with_HMAC_SHA1(self, http_method, path, data,
content_type):
"""
Utility method for creating a request which is signed using HMAC_SHA1 method
"""
consumer = oauth.Consumer(key=self.CONSUMER_KEY,
secret=self.CONSUMER_SECRET)
token = oauth.Token(key=self.access_token.key,
secret=self.access_token.secret)
url = "http://testserver:80" + path
#if data is json, we want it in the body, else as parameters (i.e. queryparams on get)
parameters = None
body = ""
if content_type == "application/json":
body = data
else:
parameters = data
request = oauth.Request.from_consumer_and_token(
consumer=consumer,
token=token,
http_method=http_method,
http_url=url,
parameters=parameters,
body=body)
# Sign the request.
signature_method = oauth.SignatureMethod_HMAC_SHA1()
request.sign_request(signature_method, consumer, token)
return request.to_url()
def _make_auth_header_with_HMAC_SHA1(self, http_method, path, get_params, body_params, is_form_encoded):
"""make auth header, take in consideration both get and post body_params
"""
consumer = oauth.Consumer(key=self.CONSUMER_KEY, secret=self.CONSUMER_SECRET)
token = oauth.Token(key=self.ACCESS_TOKEN_KEY, secret=self.ACCESS_TOKEN_SECRET)
url = "http://testserver:80" + path
body = urlencode(body_params)
params = {}
params.update(get_params)
params.update(body_params)
request = oauth.Request.from_consumer_and_token(
consumer=consumer, token=token,
http_method=http_method, http_url=url,
is_form_encoded=is_form_encoded,
body=body,
# it seems that body parameter isn't enough to have body params
# in signature base string
parameters=params
)
# Sign the request.
signature_method = oauth.SignatureMethod_HMAC_SHA1()
request.sign_request(signature_method, consumer, token)
return request.to_header()
def _make_GET_auth_header(self, url):
token = oauth.Token(self.ACCESS_TOKEN_KEY, self.ACCESS_TOKEN_SECRET)
consumer = oauth.Consumer(self.CONSUMER_KEY, self.CONSUMER_SECRET)
request = oauth.Request.from_consumer_and_token(
consumer=consumer,
token=token,
http_method="GET",
http_url=url,
)
# Sign the request.
signature_method = oauth.SignatureMethod_HMAC_SHA1()
request.sign_request(signature_method, consumer, token)
return request.to_header()["Authorization"]
def __init__(self):
self.consumer = oauth.Consumer('key', 'secret')
self.request_token = oauth.Token('requestkey', 'requestsecret')
self.access_token = oauth.Token('accesskey', 'accesssecret')
self.nonce = 'nonce'
self.verifier = VERIFIER
def run_example():
# setup
print('** OAuth Python Library Example **')
client = SimpleOAuthClient(SERVER, PORT, REQUEST_TOKEN_URL,
ACCESS_TOKEN_URL, AUTHORIZATION_URL)
consumer = oauth.Consumer(CONSUMER_KEY, CONSUMER_SECRET)
signature_method_plaintext = oauth.SignatureMethod_PLAINTEXT()
signature_method_hmac_sha1 = oauth.SignatureMethod_HMAC_SHA1()
pause()
# get request token
print('* Obtain a request token ...')
pause()
oauth_request = oauth.Request.from_consumer_and_token(
consumer, http_url=client.request_token_url)
oauth_request.sign_request(signature_method_plaintext, consumer, None)
print('REQUEST (via headers)')
print('parameters: %s' % str(dict(oauth_request)))
pause()
token = client.fetch_request_token(oauth_request)
print('GOT')
print('key: %s' % str(token.key))
print('secret: %s' % str(token.secret))
print('callback confirmed? %s' % str(token.callback_confirmed))
pause()
print('* Authorize the request token ...')
pause()
oauth_request = oauth.Request.from_token_and_callback(
token=token, http_url=client.authorization_url)
print('REQUEST (via url query string)')
print('parameters: %s' % str(oauth_request.parameters))
pause()
# this will actually occur only on some callback
response = client.authorize_token(oauth_request)
print('GOT')
print(response)
# sad way to get the verifier
import urlparse
import cgi
query = urlparse.urlparse(response)[4]
params = cgi.parse_qs(query, keep_blank_values=False)
verifier = params['oauth_verifier'][0]
print('verifier: %s' % verifier)
pause()
# get access token
print('* Obtain an access token ...')
pause()
oauth_request = oauth.Request.from_consumer_and_token(
consumer, token=token, verifier=verifier,
http_url=client.access_token_url)
oauth_request.sign_request(signature_method_plaintext, consumer, token)
print('REQUEST (via headers)')
print('parameters: %s' % str(oauth_request.parameters))
pause()
token = client.fetch_access_token(oauth_request)
print('GOT')
print('key: %s' % str(token.key))
print('secret: %s' % str(token.secret))
pause()
# access some protected resources
print('* Access protected resources ...')
pause()
parameters = {'file': 'vacation.jpg',
'size': 'original'} # resource specific params
oauth_request = oauth.Request.from_consumer_and_token(
consumer,
token=token,
http_method='POST',
http_url=RESOURCE_URL,
parameters=parameters
)
oauth_request.sign_request(signature_method_hmac_sha1, consumer, token)
print('REQUEST (via post body)')
print('parameters: %s' % str(oauth_request.parameters))
pause()
params = client.access_resource(oauth_request)
print('GOT')
print('non-oauth parameters: %s' % params)
pause()