Exemplo n.º 1
0
def request_token(request):
    oauth_request = get_oauth_request(request)
    if oauth_request is None:
        return INVALID_PARAMS_RESPONSE

    missing_params = require_params(oauth_request, ('oauth_callback', ))
    if missing_params is not None:
        return missing_params

    try:
        consumer = store.get_consumer(request, oauth_request,
                                      oauth_request['oauth_consumer_key'])
    except InvalidConsumerError:
        return oauth_error_response('Invalid Consumer.',
                                    status_code=httplib.BAD_REQUEST)

    if not verify_oauth_request(request, oauth_request, consumer):
        return oauth_error_response('Could not verify OAuth request.',
                                    status_code=httplib.BAD_REQUEST)

    try:
        request_token = store.create_request_token(
            request, oauth_request, consumer, oauth_request['oauth_callback'])
    except oauth.Error, err:
        return oauth_error_response(err)
Exemplo n.º 2
0
        def wrapped_view(request, *args, **kwargs):
            oauth_request = get_oauth_request(request)
            scheme = 'https' if request.is_secure() else 'http'
            domain = get_current_site(request).domain
            if oauth_request is None:
                return invalid_params_response(scheme, domain)

            try:
                consumer = store.get_consumer(
                    request, oauth_request, oauth_request['oauth_consumer_key'])
            except InvalidConsumerError:
                return INVALID_CONSUMER_RESPONSE

            try:
                token = store.get_access_token(
                    request, oauth_request, consumer, oauth_request.get_parameter('oauth_token'))
            except InvalidTokenError:
                return send_oauth_error('https' if request.is_secure() else 'http',
                    get_current_site(request).domain,
                    oauth.Error(_('Invalid access token: %s') % oauth_request.get_parameter('oauth_token')))

            if not verify_oauth_request(request, oauth_request, consumer, token):
                return could_not_verify_oauth_request_response(scheme, domain)

            if self.scope_name and (not token.scope or
                                    token.scope.name != self.scope_name):
                return invalid_scope_response(scheme, domain)

            if token.user:
                request.user = token.user
            return view_func(request, *args, **kwargs)
Exemplo n.º 3
0
def request_token(request):
    oauth_request = get_oauth_request(request)
    if oauth_request is None:
        return HttpResponseBadRequest("Invalid request parameters.")

    missing_params = require_params(oauth_request, ("oauth_callback",))
    if missing_params is not None:
        return missing_params

    if is_xauth_request(oauth_request):
        return HttpResponseBadRequest("xAuth not allowed for this method.")

    try:
        consumer = store.get_consumer(request, oauth_request, oauth_request["oauth_consumer_key"])
    except InvalidConsumerError:
        return HttpResponse("Invalid consumer.", status=401)

    if not verify_oauth_request(request, oauth_request, consumer):
        return HttpResponseBadRequest("Could not verify OAuth request.")

    try:
        request_token = store.create_request_token(request, oauth_request, consumer, oauth_request["oauth_callback"])
    except oauth.Error:
        return HttpResponse("Invalid request token: %s" % oauth_request.get_parameter("oauth_token"), status=401)

    ret = urlencode(
        {
            "oauth_token": request_token.key,
            "oauth_token_secret": request_token.secret,
            "oauth_callback_confirmed": "true",
        }
    )
    return HttpResponse(ret, content_type="application/x-www-form-urlencoded")
Exemplo n.º 4
0
def request_token(request):
    oauth_request = get_oauth_request(request)
    if oauth_request is None:
        return HttpResponseBadRequest('Invalid request parameters.')

    missing_params = require_params(oauth_request, ('oauth_callback',))
    if missing_params is not None:
        return missing_params

    if is_xauth_request(oauth_request):
        return HttpResponseBadRequest('xAuth not allowed for this method.')

    try:
        consumer = store.get_consumer(request, oauth_request, oauth_request['oauth_consumer_key'])
    except InvalidConsumerError:
        return HttpResponse('Invalid consumer.', status=401)

    if not verify_oauth_request(request, oauth_request, consumer):
        return HttpResponseBadRequest('Could not verify OAuth request.')

    try:
        request_token = store.create_request_token(request, oauth_request, consumer, oauth_request['oauth_callback'])
    except oauth.Error:
        return HttpResponse('Invalid request token: %s' % oauth_request.get_parameter('oauth_token'), status=401)

    ret = urlencode({
        'oauth_token': request_token.key,
        'oauth_token_secret': request_token.secret,
        'oauth_callback_confirmed': 'true'
    })
    return HttpResponse(ret, content_type='application/x-www-form-urlencoded')
Exemplo n.º 5
0
def request_token(request):
    oauth_request = get_oauth_request(request)
    if oauth_request is None:
        return INVALID_PARAMS_RESPONSE

    missing_params = require_params(oauth_request, ('oauth_callback', ))
    if missing_params is not None:
        return missing_params

    try:
        consumer = store.get_consumer(request, oauth_request,
                                      oauth_request['oauth_consumer_key'])
    except InvalidConsumerError:
        logging.info('Oauth error: invalid consumer: %d' %
                     oauth_request['oauth_consumer_key'])
        return HttpResponseBadRequest('Invalid Consumer.')

    if not verify_oauth_request(request, oauth_request, consumer):
        logging.info('Oauth error: could not verify request')
        return HttpResponseBadRequest('Could not verify OAuth request.')

    try:
        request_token = store.create_request_token(
            request, oauth_request, consumer, oauth_request['oauth_callback'])
    except oauth.Error, err:
        return send_oauth_error(err)
Exemplo n.º 6
0
def request_token(request):
    oauth_request = get_oauth_request(request)
    if oauth_request is None:
        return INVALID_PARAMS_RESPONSE

    missing_params = require_params(oauth_request, ('oauth_callback', ))
    if missing_params is not None:
        return missing_params

    if is_xauth_request(oauth_request):
        return HttpResponseBadRequest('xAuth not allowed for this method.')

    try:
        consumer = store.get_consumer(request, oauth_request,
                                      oauth_request['oauth_consumer_key'])
    except InvalidConsumerError:
        return INVALID_CONSUMER_RESPONSE

    if not verify_oauth_request(request, oauth_request, consumer):
        return COULD_NOT_VERIFY_OAUTH_REQUEST_RESPONSE

    try:
        request_token = store.create_request_token(
            request, oauth_request, consumer, oauth_request['oauth_callback'])
    except oauth.Error, err:
        return send_oauth_error(err)
Exemplo n.º 7
0
    def check_access_token(self, request):
        oauth_request = get_oauth_request(request)
        if oauth_request is None:
            return ('params', 'Invalid request parameters.')

        try:
            consumer = store.get_consumer(request, oauth_request, oauth_request['oauth_consumer_key'])
        except InvalidConsumerError:
            return ('auth', 'Invalid Consumer.')

        try:
            token = store.get_access_token(request, oauth_request, consumer, oauth_request.get_parameter('oauth_token'))
        except InvalidTokenError:
            return ('auth', 'Invalid access token: %s' % oauth_request.get_parameter('oauth_token'))
        # LRS CHANGE - RETURN BETTER ERROR MESSAGE
        if not verify_oauth_request(request, oauth_request, consumer, token):
            return ('params', 'Could not verify OAuth request.')

        # LRS CHANGE - SCOPE IS JUST A CHARFIELD NOW - JUST COMPARE THE VALUES
        if self.scope_name and (not token.scope
                                or token.scope != self.scope_name):
            return ('params', 'You are not allowed to access this resource.')

        if token.user:
            request.user = token.user      

        return (None, None)
Exemplo n.º 8
0
def access_token(request):
    oauth_request = get_oauth_request(request)
    if oauth_request is None:
        return INVALID_PARAMS_RESPONSE

    missing_params = require_params(oauth_request, ('oauth_token', 'oauth_verifier'))
    if missing_params is not None:
        return missing_params

    try:
        request_token = store.get_request_token(request, oauth_request, oauth_request['oauth_token'])
    except InvalidTokenError:
        return HttpResponseBadRequest('Invalid request token.')
    try:
        consumer = store.get_consumer(request, oauth_request, oauth_request['oauth_consumer_key'])
    except InvalidConsumerError:
        return HttpResponseBadRequest('Invalid consumer.')

    if not verify_oauth_request(request, oauth_request, consumer, request_token):
        return HttpResponseBadRequest('Could not verify OAuth request.')

    if oauth_request.get('oauth_verifier', None) != request_token.verifier:
        return HttpResponseBadRequest('Invalid OAuth verifier.')

    if not request_token.is_approved:
        return HttpResponseBadRequest('Request Token not approved by the user.')

    access_token = store.create_access_token(request, oauth_request, consumer, request_token)

    ret = urlencode({
        'oauth_token': access_token.key,
        'oauth_token_secret': access_token.secret
    })
    return HttpResponse(ret, content_type='application/x-www-form-urlencoded')
Exemplo n.º 9
0
    def check_access_token(self, request):
        oauth_request = get_oauth_request(request)
        if oauth_request is None:
            return ('params', 'Invalid request parameters.')

        try:
            consumer = store.get_consumer(request, oauth_request,
                                          oauth_request['oauth_consumer_key'])
        except InvalidConsumerError:
            return ('auth', 'Invalid Consumer.')

        try:
            token = store.get_access_token(
                request, oauth_request, consumer,
                oauth_request.get_parameter('oauth_token'))
        except InvalidTokenError:
            return ('auth', 'Invalid access token: %s' %
                    oauth_request.get_parameter('oauth_token'))
        # LRS CHANGE - RETURN BETTER ERROR MESSAGE
        if not verify_oauth_request(request, oauth_request, consumer, token):
            return ('params', 'Could not verify OAuth request.')

        # LRS CHANGE - SCOPE IS JUST A CHARFIELD NOW - JUST COMPARE THE VALUES
        if self.scope_name and (not token.scope
                                or token.scope != self.scope_name):
            return ('params', 'You are not allowed to access this resource.')

        if token.user:
            request.user = token.user

        return (None, None)
Exemplo n.º 10
0
    def _authenticate_three_legged(self, request, oauth_request):
        # missing_params = require_params(oauth_request, ('oauth_token',))
        # if missing_params is not None:
        #    return missing_params

        try:
            consumer = store.get_consumer(request, oauth_request,
                                          oauth_request['oauth_consumer_key'])
            access_token = store.get_access_token(request, oauth_request,
                                                  consumer,
                                                  oauth_request['oauth_token'])
        except (InvalidConsumerError, InvalidTokenError):
            return False

        if not verify_oauth_request(request, oauth_request, consumer,
                                    access_token):
            return False

        request.user = store.get_user_for_access_token(request, oauth_request,
                                                       access_token)
        request.consumer = store.get_consumer_for_access_token(
            request, oauth_request, access_token)
        request.throttle_extra = request.consumer.key

        return True
Exemplo n.º 11
0
def access_token(request):
    oauth_request = get_oauth_request(request)

    missing_params = require_params(oauth_request, ('oauth_token', 'oauth_verifier'))
    if missing_params is not None:
        return missing_params

    try:
        request_token = store.get_request_token(request, oauth_request, oauth_request['oauth_token'])
    except InvalidTokenError:
        return HttpResponseBadRequest('Invalid request token.')
    try:
        consumer = store.get_consumer(request, oauth_request, oauth_request['oauth_consumer_key'])
    except InvalidConsumerError:
        return HttpResponseBadRequest('Invalid consumer.')

    if not verify_oauth_request(request, oauth_request, consumer, request_token):
        return HttpResponseBadRequest('Could not verify OAuth request.')

    if oauth_request.get('oauth_verifier', None) != request_token.verifier:
        return HttpResponseBadRequest('Invalid OAuth verifier.')

    if not request_token.is_approved:
        return HttpResponseBadRequest('Request Token not approved by the user.')

    access_token = store.create_access_token(request, oauth_request, consumer, request_token)

    ret = urlencode({
        'oauth_token': access_token.key,
        'oauth_token_secret': access_token.secret
    })
    return HttpResponse(ret, content_type='application/x-www-form-urlencoded')
Exemplo n.º 12
0
        def wrapped_view(request, *args, **kwargs):
            oauth_request = get_oauth_request(request)
            if oauth_request is None:
                return INVALID_PARAMS_RESPONSE

            try:
                consumer = store.get_consumer(
                    request, oauth_request,
                    oauth_request['oauth_consumer_key'])
            except InvalidConsumerError:
                return INVALID_CONSUMER_RESPONSE

            try:
                token = store.get_access_token(
                    request, oauth_request, consumer,
                    oauth_request.get_parameter('oauth_token'))
            except InvalidTokenError:
                return send_oauth_error(
                    oauth.Error(
                        _('Invalid access token: %s') %
                        oauth_request.get_parameter('oauth_token')))

            if not verify_oauth_request(request, oauth_request, consumer,
                                        token):
                return COULD_NOT_VERIFY_OAUTH_REQUEST_RESPONSE

            if self.scope_name and (not token.scope
                                    or token.scope.name != self.scope_name):
                return INVALID_SCOPE_RESPONSE

            if token.user:
                request.user = token.user
            return view_func(request, *args, **kwargs)
Exemplo n.º 13
0
def access_token(request):
    oauth_request = get_oauth_request(request)

    if oauth_request is None:
        return INVALID_PARAMS_RESPONSE

    missing_params = require_params(oauth_request, ("oauth_token", "oauth_verifier"))
    if missing_params is not None:
        return missing_params

    try:
        request_token = store.get_request_token(request, oauth_request, oauth_request["oauth_token"])
    except InvalidTokenError:
        return HttpResponseBadRequest("Invalid request token.")
    try:
        consumer = store.get_consumer(request, oauth_request, oauth_request["oauth_consumer_key"])
    except InvalidConsumerError:
        return HttpResponseBadRequest("Invalid consumer.")

    if not verify_oauth_request(request, oauth_request, consumer, request_token):
        return HttpResponseBadRequest("Could not verify OAuth request.")

    if oauth_request.get("oauth_verifier", None) != request_token.verifier:
        return HttpResponseBadRequest("Invalid OAuth verifier.")

    if not request_token.is_approved:
        return HttpResponseBadRequest("Request Token not approved by the user.")

    access_token = store.create_access_token(request, oauth_request, consumer, request_token)

    ret = urlencode({"oauth_token": access_token.key, "oauth_token_secret": access_token.secret})
    return HttpResponse(ret, content_type="application/x-www-form-urlencoded")
Exemplo n.º 14
0
def request_token(request):
    oauth_request = get_oauth_request(request)
    if oauth_request is None:
        return HttpResponseBadRequest('Invalid request parameters.')

    missing_params = require_params(oauth_request, ('oauth_callback', ))
    if missing_params is not None:
        return missing_params

    if is_xauth_request(oauth_request):
        return HttpResponseBadRequest('xAuth not allowed for this method.')

    try:
        consumer = store.get_consumer(request, oauth_request,
                                      oauth_request['oauth_consumer_key'])
    except InvalidConsumerError:
        return HttpResponse('Invalid consumer.', status=401)

    if not verify_oauth_request(request, oauth_request, consumer):
        return HttpResponseBadRequest('Could not verify OAuth request.')

    try:
        request_token = store.create_request_token(
            request, oauth_request, consumer, oauth_request['oauth_callback'])
    except oauth.Error:
        return HttpResponse('Invalid request token: %s' %
                            oauth_request.get_parameter('oauth_token'),
                            status=401)

    ret = urlencode({
        'oauth_token': request_token.key,
        'oauth_token_secret': request_token.secret,
        'oauth_callback_confirmed': 'true'
    })
    return HttpResponse(ret, content_type='application/x-www-form-urlencoded')
Exemplo n.º 15
0
        def wrapped_view(request, *args, **kwargs):
            oauth_request = get_oauth_request(request)
            if oauth_request is None:
                return INVALID_PARAMS_RESPONSE

            try:
                consumer = store.get_consumer(request, oauth_request, oauth_request['oauth_consumer_key'])
            except InvalidConsumerError:
                return INVALID_CONSUMER_RESPONSE

            try:
                token = store.get_access_token(request, oauth_request, consumer, oauth_request.get_parameter('oauth_token'))
            except InvalidTokenError:
                return send_oauth_error(oauth.Error(_('Invalid access token: %s') % oauth_request.get_parameter('oauth_token')))

            if not verify_oauth_request(request, oauth_request, consumer, token):
                return COULD_NOT_VERIFY_OAUTH_REQUEST_RESPONSE

            if self.scope_name and (not token.scope
                                    or token.scope.name != self.scope_name):
                return INVALID_SCOPE_RESPONSE

            if token.user:
                request.user = token.user
            return view_func(request, *args, **kwargs)
Exemplo n.º 16
0
    def _authenticate_two_legged(self, request, oauth_request):
        # missing_params = require_params(oauth_request)
        # if missing_params is not None:
        #   return missing_params

        try:
            consumer = store.get_consumer(request, oauth_request,
                                          oauth_request['oauth_consumer_key'])
        except InvalidConsumerError:
            return False

        if not verify_oauth_request(request, oauth_request, consumer):
            return False

        request.user = store.get_user_for_consumer(request, oauth_request,
                                                   consumer)
        request.consumer = consumer
        request.throttle_extra = consumer.key

        return True
Exemplo n.º 17
0
    def _authenticate_two_legged(self, request, oauth_request):
        # missing_params = require_params(oauth_request)
        # if missing_params is not None:
        #   return missing_params

        try:
            consumer = store.get_consumer(
                request, oauth_request, oauth_request['oauth_consumer_key'])
        except InvalidConsumerError:
            return False

        if not verify_oauth_request(request, oauth_request, consumer):
            return False

        request.user = store.get_user_for_consumer(
            request, oauth_request, consumer)
        request.consumer = consumer
        request.throttle_extra = consumer.key

        return True
Exemplo n.º 18
0
def request_token(request):
    oauth_request = get_oauth_request(request)
    if oauth_request is None:
        return INVALID_PARAMS_RESPONSE

    missing_params = require_params(oauth_request, ("oauth_callback",))
    if missing_params is not None:
        return missing_params

    try:
        consumer = store.get_consumer(request, oauth_request, oauth_request["oauth_consumer_key"])
    except InvalidConsumerError:
        return HttpResponseBadRequest("Invalid Consumer.")

    if not verify_oauth_request(request, oauth_request, consumer):
        return HttpResponseBadRequest("Could not verify OAuth request.")

    try:
        request_token = store.create_request_token(request, oauth_request, consumer, oauth_request["oauth_callback"])
    except oauth.Error, err:
        return send_oauth_error(err)
Exemplo n.º 19
0
def request_token(request):
    oauth_request = get_oauth_request(request)
    if oauth_request is None:
        return INVALID_PARAMS_RESPONSE

    missing_params = require_params(oauth_request, ('oauth_callback',))
    if missing_params is not None:
        return missing_params

    try:
        consumer = store.get_consumer(request, oauth_request, oauth_request['oauth_consumer_key'])
    except InvalidConsumerError:
        return oauth_error_response('Invalid Consumer.', status_code=httplib.BAD_REQUEST)

    if not verify_oauth_request(request, oauth_request, consumer):
        return oauth_error_response('Could not verify OAuth request.', status_code=httplib.BAD_REQUEST)

    try:
        request_token = store.create_request_token(request, oauth_request, consumer, oauth_request['oauth_callback'])
    except oauth.Error, err:
        return oauth_error_response(err)
Exemplo n.º 20
0
def request_token(request):
    oauth_request = get_oauth_request(request)
    if oauth_request is None:
        return INVALID_PARAMS_RESPONSE

    missing_params = require_params(oauth_request, ('oauth_callback',))
    if missing_params is not None:
        return missing_params

    try:
        consumer = store.get_consumer(request, oauth_request, oauth_request['oauth_consumer_key'])
    except InvalidConsumerError:
        logging.info('Oauth error: invalid consumer: %d' % oauth_request['oauth_consumer_key'])
        return HttpResponseBadRequest('Invalid Consumer.')

    if not verify_oauth_request(request, oauth_request, consumer):
        logging.info('Oauth error: could not verify request')
        return HttpResponseBadRequest('Could not verify OAuth request.')

    try:
        request_token = store.create_request_token(request, oauth_request, consumer, oauth_request['oauth_callback'])
    except oauth.Error, err:
        return send_oauth_error(err)
Exemplo n.º 21
0
    def _authenticate_three_legged(self, request, oauth_request):
        # missing_params = require_params(oauth_request, ('oauth_token',))
        # if missing_params is not None:
        #    return missing_params

        try:
            consumer = store.get_consumer(
                request, oauth_request, oauth_request['oauth_consumer_key'])
            access_token = store.get_access_token(
                request, oauth_request, consumer, oauth_request['oauth_token'])
        except (InvalidConsumerError, InvalidTokenError):
            return False

        if not verify_oauth_request(request, oauth_request, consumer, access_token):
            return False

        request.user = store.get_user_for_access_token(
            request, oauth_request, access_token)
        request.consumer = store.get_consumer_for_access_token(
            request, oauth_request, access_token)
        request.throttle_extra = request.consumer.key

        return True
Exemplo n.º 22
0
        def wrapped_view(request, *args, **kwargs):
            oauth_request = get_oauth_request(request)
            scheme = 'https' if request.is_secure() else 'http'
            domain = get_current_site(request).domain
            if oauth_request is None:
                return invalid_params_response(scheme, domain)

            try:
                consumer = store.get_consumer(
                    request, oauth_request,
                    oauth_request['oauth_consumer_key'])
            except InvalidConsumerError:
                return INVALID_CONSUMER_RESPONSE

            try:
                token = store.get_access_token(
                    request, oauth_request, consumer,
                    oauth_request.get_parameter('oauth_token'))
            except InvalidTokenError:
                return send_oauth_error(
                    'https' if request.is_secure() else 'http',
                    get_current_site(request).domain,
                    oauth.Error(
                        _('Invalid access token: %s') %
                        oauth_request.get_parameter('oauth_token')))

            if not verify_oauth_request(request, oauth_request, consumer,
                                        token):
                return could_not_verify_oauth_request_response(scheme, domain)

            if self.scope_name and (not token.scope
                                    or token.scope.name != self.scope_name):
                return invalid_scope_response(scheme, domain)

            if token.user:
                request.user = token.user
            return view_func(request, *args, **kwargs)
Exemplo n.º 23
0
def request_token(request):
    oauth_request = get_oauth_request(request)
    if oauth_request is None:
        return INVALID_PARAMS_RESPONSE

    missing_params = require_params(oauth_request, ('oauth_callback',))
    if missing_params is not None:
        return missing_params

    if is_xauth_request(oauth_request):
        return HttpResponseBadRequest('xAuth not allowed for this method.')

    try:
        consumer = store.get_consumer(request, oauth_request, oauth_request['oauth_consumer_key'])
    except InvalidConsumerError:
        return HttpResponseBadRequest('Invalid Consumer.')

    if not verify_oauth_request(request, oauth_request, consumer):
        return HttpResponseBadRequest('Could not verify OAuth request.')

    try:
        request_token = store.create_request_token(request, oauth_request, consumer, oauth_request['oauth_callback'])
    except oauth.Error, err:
        return send_oauth_error(err)
Exemplo n.º 24
0
def access_token(request):
    oauth_request = get_oauth_request(request)
    if oauth_request is None:
        return HttpResponseBadRequest("Invalid request parameters.")

    # Consumer
    try:
        consumer = store.get_consumer(request, oauth_request, oauth_request["oauth_consumer_key"])
    except InvalidConsumerError:
        return HttpResponseBadRequest("Invalid consumer.")

    is_xauth = is_xauth_request(oauth_request)

    if not is_xauth:

        # Check Parameters
        missing_params = require_params(oauth_request, ("oauth_token", "oauth_verifier"))
        if missing_params is not None:
            return missing_params

        # Check Request Token
        try:
            request_token = store.get_request_token(request, oauth_request, oauth_request["oauth_token"])
        except InvalidTokenError:
            return HttpResponse("Invalid request token: %s" % oauth_request["oauth_token"], status=401)
        if not request_token.is_approved:
            return HttpResponse("Request Token not approved by the user.", status=401)

        # Verify Signature
        if not verify_oauth_request(request, oauth_request, consumer, request_token):
            return HttpResponseBadRequest("Could not verify OAuth request.")

        # Check Verifier
        if oauth_request.get("oauth_verifier", None) != request_token.verifier:
            return HttpResponseBadRequest("Invalid OAuth verifier.")

    else:  # xAuth

        # Check Parameters
        missing_params = require_params(oauth_request, ("x_auth_username", "x_auth_password", "x_auth_mode"))
        if missing_params is not None:
            return missing_params

        # Check if Consumer allows xAuth
        if not consumer.xauth_allowed:
            return HttpResponseBadRequest("xAuth not allowed for this method")

        # Check Signature
        if not verify_oauth_request(request, oauth_request, consumer):
            return HttpResponseBadRequest("Could not verify xAuth request.")

        user = authenticate(
            x_auth_username=oauth_request.get_parameter("x_auth_username"),
            x_auth_password=oauth_request.get_parameter("x_auth_password"),
            x_auth_mode=oauth_request.get_parameter("x_auth_mode"),
        )

        if not user:
            return HttpResponseBadRequest("xAuth username or password is not valid")
        else:
            request.user = user

        # Handle Request Token
        try:
            # request_token = store.create_request_token(request, oauth_request, consumer, oauth_request.get('oauth_callback'))
            request_token = store.create_request_token(request, oauth_request, consumer, OUT_OF_BAND)
            request_token = store.authorize_request_token(request, oauth_request, request_token)
        except oauth.Error as err:
            return send_oauth_error("https" if request.is_secure() else "http", get_current_site(request).domain, err)

    access_token = store.create_access_token(request, oauth_request, consumer, request_token)

    ret = urlencode({"oauth_token": access_token.key, "oauth_token_secret": access_token.secret})
    return HttpResponse(ret, content_type="application/x-www-form-urlencoded")
Exemplo n.º 25
0
def access_token(request):
    oauth_request = get_oauth_request(request)
    if oauth_request is None:
        return INVALID_PARAMS_RESPONSE

    # Consumer
    try:
        consumer = store.get_consumer(request, oauth_request, oauth_request['oauth_consumer_key'])
    except InvalidConsumerError:
        return HttpResponseBadRequest('Invalid consumer.')

    is_xauth = is_xauth_request(oauth_request)

    if not is_xauth:

        # Check Parameters
        missing_params = require_params(oauth_request, ('oauth_token', 'oauth_verifier'))
        if missing_params is not None:
            return missing_params

        # Check Request Token
        try:
            request_token = store.get_request_token(request, oauth_request, oauth_request['oauth_token'])
        except InvalidTokenError:
            return HttpResponseBadRequest('Invalid request token.')
        if not request_token.is_approved:
            return HttpResponseBadRequest('Request Token not approved by the user.')

        # Verify Signature
        if not verify_oauth_request(request, oauth_request, consumer, request_token):
            return HttpResponseBadRequest('Could not verify OAuth request.')
       
        # Check Verifier
        if oauth_request.get('oauth_verifier', None) != request_token.verifier:
            return HttpResponseBadRequest('Invalid OAuth verifier.')

    else: # xAuth

        # Check Parameters
        missing_params = require_params(oauth_request, ('x_auth_username', 'x_auth_password', 'x_auth_mode'))
        if missing_params is not None:
            return missing_params

        # Check if Consumer allows xAuth
        if not consumer.xauth_allowed:
            return HttpResponseBadRequest('xAuth not allowed for this method')

        # Check Signature
        if not verify_oauth_request(request, oauth_request, consumer):
            return HttpResponseBadRequest('Could not verify xAuth request.')
        
        # Check Username/Password 
        if is_xauth and not verify_xauth_request(request, oauth_request):
            return HttpResponseBadRequest('xAuth username or password is not valid')
        
        # Handle Request Token
        try:
            #request_token = store.create_request_token(request, oauth_request, consumer, oauth_request.get('oauth_callback'))
            request_token = store.create_request_token(request, oauth_request, consumer, OUT_OF_BAND)
            request_token = store.authorize_request_token(request, oauth_request, request_token)
        except oauth.Error, err:
            return send_oauth_error(err)
Exemplo n.º 26
0
def access_token(request):
    oauth_request = get_oauth_request(request)
    if oauth_request is None:
        return HttpResponseBadRequest('Invalid request parameters.')

    # Consumer
    try:
        consumer = store.get_consumer(request, oauth_request,
                                      oauth_request['oauth_consumer_key'])
    except InvalidConsumerError:
        return HttpResponseBadRequest('Invalid consumer.')

    is_xauth = is_xauth_request(oauth_request)

    if not is_xauth:

        # Check Parameters
        missing_params = require_params(oauth_request,
                                        ('oauth_token', 'oauth_verifier'))
        if missing_params is not None:
            return missing_params

        # Check Request Token
        try:
            request_token = store.get_request_token(
                request, oauth_request, oauth_request['oauth_token'])
        except InvalidTokenError:
            return HttpResponse('Invalid request token: %s' %
                                oauth_request['oauth_token'],
                                status=401)
        if not request_token.is_approved:
            return HttpResponse('Request Token not approved by the user.',
                                status=401)

        # Verify Signature
        if not verify_oauth_request(request, oauth_request, consumer,
                                    request_token):
            return HttpResponseBadRequest('Could not verify OAuth request.')

        # Check Verifier
        if oauth_request.get('oauth_verifier', None) != request_token.verifier:
            return HttpResponseBadRequest('Invalid OAuth verifier.')

    else:  # xAuth

        # Check Parameters
        missing_params = require_params(
            oauth_request,
            ('x_auth_username', 'x_auth_password', 'x_auth_mode'))
        if missing_params is not None:
            return missing_params

        # Check if Consumer allows xAuth
        if not consumer.xauth_allowed:
            return HttpResponseBadRequest('xAuth not allowed for this method')

        # Check Signature
        if not verify_oauth_request(request, oauth_request, consumer):
            return HttpResponseBadRequest('Could not verify xAuth request.')

        user = authenticate(
            x_auth_username=oauth_request.get_parameter('x_auth_username'),
            x_auth_password=oauth_request.get_parameter('x_auth_password'),
            x_auth_mode=oauth_request.get_parameter('x_auth_mode'))

        if not user:
            return HttpResponseBadRequest(
                'xAuth username or password is not valid')
        else:
            request.user = user

        # Handle Request Token
        try:
            #request_token = store.create_request_token(request, oauth_request, consumer, oauth_request.get('oauth_callback'))
            request_token = store.create_request_token(request, oauth_request,
                                                       consumer, OUT_OF_BAND)
            request_token = store.authorize_request_token(
                request, oauth_request, request_token)
        except oauth.Error, err:
            return send_oauth_error(err)