def compute_from_request(request):
"""
Computes the signature based on the data stored in request object.
"""
verb = request.method
absolute_uri = request.build_absolute_uri()
uri = NormalizedUri(absolute_uri, request.META).get_uri()
try:
timestamp = search_key(request.META, request.GET, 'timestamp')
consumer_key = search_key(request.META, request.GET, 'consumer_key')
nonce = None
if config('nonce'):
nonce = search_key(request.META, request.GET, 'nonce')
except KeyNotFound:
raise _AuthException("Invalid Request. Some arguments are missing.")
# A request is timedout if its life is longer than the value specified
# in API_AUTH_TIMEOUT.
try:
if int(time.time()) > int(timestamp) + config('timeout'):
raise _AuthException("The request has timed out. "
"Expected timestamp: %s." % int(time.time()))
except ValueError:
raise _AuthException("Invalid timestamp format. Must be integer.")
body = request.body
consumer = Consumer(consumer_key)
secret = consumer.get_secret_key()
signature = Signature.compute_signature(secret, verb, uri, timestamp,
consumer_key, body, nonce)
return Signature(signature)
def setUp(self):
# Reuse the consumer from piston for the tests
settings.API_AUTH_FIELDS = utils.config('fields').copy()
settings.API_AUTH_APP = "piston"
settings.API_AUTH_MODEL = "consumer"
self.c = utils.consumer_model().objects.create(
name = "Test", key = "consumer1", secret = "secret1")
def validate_nonce(self, nonce):
"""
A nonce is invalid if it was already used by a consumer more than
once in a timeframe smaller than API-AUTH-TIMEOUT.
In case API_AUTH_NONCE is False we don't use nonces.
"""
# Check to see if nonces are activated.
if not config('nonce'):
return
try:
Nonce.valid.get(consumer_key=self.consumer_key, value=nonce)
# If the object already exists it's invalid.
raise _AuthException("Nonce %s already exists." % nonce)
except Nonce.DoesNotExist:
# If the nonce is unique for this timeframe, create one.
Nonce.objects.create(consumer_key=self.consumer_key, value=nonce)
def get_secret_key(self):
"""
Queries the database to find the secret key for this consumer.
"""
fields = config('fields')
ConsumerModel = consumer_model()
query = {fields['consumer_key']: self.consumer_key}
try:
q = ConsumerModel.objects.values(fields['consumer_secret'])
consumer_secret = q.get(**query)
except FieldError:
raise _AuthException("Invalid database fields.")
except ConsumerModel.DoesNotExist:
raise _AuthException("Invalid consumer key: %s." % self.consumer_key)
except ConsumerModel.MultipleObjectsReturned:
raise _AuthException(
"Invalid database. "
"Consumer keys are not unique: %s." % self.consumer_key
)
return consumer_secret[fields['consumer_secret']]
def time_limit():
timestamp_limit = time.time() - config("timeout")
return datetime.datetime.fromtimestamp(timestamp_limit)
def check_nonce(self, meta, get, consumer_key):
if config('nonce'):
nonce = search_key(meta, get, 'nonce')
consumer = Consumer(consumer_key)
consumer.validate_nonce(nonce)
