def __call__(self, request, *args, **kwargs):
if self.is_valid_request(request):
oauth_request = get_oauth_request(request)
consumer = store.get_consumer(
request, oauth_request,
oauth_request.get_parameter('oauth_consumer_key'))
try:
token = store.get_access_token(
request, oauth_request, consumer,
oauth_request.get_parameter('oauth_token'))
except InvalidTokenError:
return send_oauth_error(
Error(
_('Invalid access token: %s') %
oauth_request.get_parameter('oauth_token')))
try:
parameters = self.validate_token(request, consumer, token)
except Error, e:
return send_oauth_error(e)
if self.resource_name and token.resource.name != self.resource_name:
return send_oauth_error(
Error(_('You are not allowed to access this resource.')))
elif consumer and token:
# Hack
request.user = token.user
return self.view_func(request, *args, **kwargs)
def _check_timestamp(self, timestamp, threshold=300):
if timestamp is None:
raise Error("The oauth_timestamp parameter is missing.")
timestamp = int(timestamp)
now = int(time.time())
lapsed = now - timestamp
if lapsed > threshold:
raise Error(
'Expired timestamp: given %d and now %s has a greater difference than the threshold %d'
% (timestamp, now, threshold))
def _check_signature(self, consumer, token):
try:
nonce = self.oauth_params['oauth_nonce']
except KeyError:
raise PartialOAuthRequest('Missing oauth_nonce.')
self._check_nonce(nonce)
try:
timestamp = self.oauth_params['oauth_timestamp']
except KeyError:
raise PartialOAuthRequest('Missing oauth_timestamp.')
self._check_timestamp(timestamp)
try:
signature_method = self.application.oauth_signature_methods[
self.oauth_params['oauth_signature_method']]()
except KeyError:
raise UnknownSignature('Unknown oauth_signature_method.')
oauth_req = oauth_request(self.request)
try:
signature = self.oauth_params['oauth_signature']
except KeyError:
raise MissingSignature('The oauth_signature is missing')
valid = signature_method.check(oauth_req, consumer, token, signature)
if not valid:
key, base = signature_method.signing_base(oauth_req, consumer,
token)
raise Error(
('Invalid signature. Expected signature base string: ' +
str(base)), 'sock')
def __call__(self, request, *args, **kwargs):
if self.is_valid_request(request):
oauth_request = get_oauth_request(request)
consumer = store.get_consumer(
request, oauth_request,
oauth_request.get_parameter('oauth_consumer_key'))
consumer.key = str(consumer.key)
consumer.secret = str(consumer.secret)
try:
token = store.get_access_token(
request, oauth_request, consumer,
oauth_request.get_parameter('oauth_token'))
token.key = str(token.key)
token.secret = str(token.secret)
except InvalidTokenError:
return send_oauth_error(
Error(
_('Invalid access token: %s') %
oauth_request.get_parameter('oauth_token')))
try:
parameters = self.validate_token(request, consumer, token)
except Error, e:
return send_oauth_error(e)
if consumer and token:
request.user = token.user
return self.view_func(request, *args, **kwargs)
class CheckOAuth(object):
"""
Class that checks that the OAuth parameters passes the given test, raising
an OAuth error otherwise. If the test is passed, the view function
is invoked.
We use a class here so that we can define __get__. This way, when a
CheckOAuth object is used as a method decorator, the view function
is properly bound to its instance.
"""
def __init__(self, view_func, resource_name):
self.view_func = view_func
self.resource_name = resource_name
update_wrapper(self, view_func)
def __get__(self, obj, cls=None):
view_func = self.view_func.__get__(obj, cls)
return CheckOAuth(view_func, self.resource_name)
def __call__(self, request, *args, **kwargs):
if self.is_valid_request(request):
oauth_request = get_oauth_request(request)
consumer = store.get_consumer(
request, oauth_request,
oauth_request.get_parameter('oauth_consumer_key'))
try:
token = store.get_access_token(
request, oauth_request, consumer,
oauth_request.get_parameter('oauth_token'))
except InvalidTokenError:
return send_oauth_error(
Error(
_('Invalid access token: %s') %
oauth_request.get_parameter('oauth_token')))
try:
parameters = self.validate_token(request, consumer, token)
except Error, e:
return send_oauth_error(e)
if self.resource_name and token.resource.name != self.resource_name:
return send_oauth_error(
Error(_('You are not allowed to access this resource.')))
elif consumer and token:
# Hack
request.user = token.user
return self.view_func(request, *args, **kwargs)
return send_oauth_error(Error(_('Invalid request parameters.')))
def oauth_header(self):
extracted = {}
try:
auth_header = self.request.headers['authorization']
if auth_header[:6] == 'OAuth ':
auth_header = auth_header.lstrip('OAuth ')
try:
extracted = oauth2.Request._split_header(auth_header)
except Exception, e:
log.err()
raise Error(
'Unable to parse OAuth parameters from the Authorization Header.'
)
except KeyError:
pass
return extracted
def _check_signature(self, request, consumer, token):
"""Determines if the request was made with good signing practices"""
try:
nonce = request.oauth_params['oauth_nonce']
except KeyError:
raise PartialOAuthRequest("Missing oauth_nonce.")
self._check_nonce(nonce)
# was the request made within a predefined window of time
try:
timestamp = request.oauth_params['oauth_timestamp']
except KeyError:
raise PartialOAuthRequest("Missing oauth_timestamp.")
self._check_timestamp(timestamp)
# TODO: scheme to signature verification (e.g. http to HMAC-SHA1)
# get the signature method
signature_name = request.oauth_params.get('oauth_signature_method')
# get the signing method from the dictionary of known signing methods
try:
signature_method = self.signature_methods[signature_name]
except KeyError:
raise UnknownSignature("%s is a signature method unknown to this"
" application." % signature_method)
# get the signature from the request
try:
signature = request.oauth_params['oauth_signature']
except KeyError:
raise MissingSignature('The oauth_signature is missing.')
# validate the signature
valid = signature_method.check(request, consumer, token, signature)
if not valid:
key, base = signature_method.signing_base(request, consumer, token)
raise Error(
'Invalid signature. Expected signature base string: %s' % base)
def _raise_oauth_error(*args, **kwargs):
from oauth2 import Error
raise Error("Some error.")