def create_request_token(self, request): oauth_headers = oauth1.get_oauth_headers(request.headers) consumer_id = oauth_headers.get('oauth_consumer_key') requested_project_id = request.headers.get('Requested-Project-Id') if not consumer_id: raise exception.ValidationError( attribute='oauth_consumer_key', target='request') if not requested_project_id: raise exception.ValidationError( attribute='requested_project_id', target='request') # NOTE(stevemar): Ensure consumer and requested project exist self.resource_api.get_project(requested_project_id) self.oauth_api.get_consumer(consumer_id) url = self.base_url(request.context_dict, request.context_dict['path']) req_headers = {'Requested-Project-Id': requested_project_id} req_headers.update(request.headers) request_verifier = oauth1.RequestTokenEndpoint( request_validator=validator.OAuthValidator(), token_generator=oauth1.token_generator) h, b, s = request_verifier.create_request_token_response( url, http_method='POST', body=request.params, headers=req_headers) if (not b) or int(s) > 399: msg = _('Invalid signature') raise exception.Unauthorized(message=msg) request_token_duration = CONF.oauth1.request_token_duration initiator = notifications._get_request_audit_info(request.context_dict) token_ref = self.oauth_api.create_request_token(consumer_id, requested_project_id, request_token_duration, initiator) result = ('oauth_token=%(key)s&oauth_token_secret=%(secret)s' % {'key': token_ref['id'], 'secret': token_ref['request_secret']}) if CONF.oauth1.request_token_duration: expiry_bit = '&oauth_expires_at=%s' % token_ref['expires_at'] result += expiry_bit headers = [('Content-Type', 'application/x-www-urlformencoded')] response = wsgi.render_response( result, status=(http_client.CREATED, http_client.responses[http_client.CREATED]), headers=headers) return response
def create_request_token(self, request): oauth_headers = oauth1.get_oauth_headers(request.headers) consumer_id = oauth_headers.get('oauth_consumer_key') requested_project_id = request.headers.get('Requested-Project-Id') if not consumer_id: raise exception.ValidationError( attribute='oauth_consumer_key', target='request') if not requested_project_id: raise exception.ValidationError( attribute='requested_project_id', target='request') # NOTE(stevemar): Ensure consumer and requested project exist self.resource_api.get_project(requested_project_id) self.oauth_api.get_consumer(consumer_id) url = self.base_url(request.context_dict, request.context_dict['path']) req_headers = {'Requested-Project-Id': requested_project_id} req_headers.update(request.headers) request_verifier = oauth1.RequestTokenEndpoint( request_validator=validator.OAuthValidator(), token_generator=oauth1.token_generator) h, b, s = request_verifier.create_request_token_response( url, http_method='POST', body=request.params, headers=req_headers) if (not b) or int(s) > 399: msg = _('Invalid signature') raise exception.Unauthorized(message=msg) request_token_duration = CONF.oauth1.request_token_duration initiator = notifications._get_request_audit_info(request.context_dict) token_ref = self.oauth_api.create_request_token(consumer_id, requested_project_id, request_token_duration, initiator) result = ('oauth_token=%(key)s&oauth_token_secret=%(secret)s' % {'key': token_ref['id'], 'secret': token_ref['request_secret']}) if CONF.oauth1.request_token_duration: expiry_bit = '&oauth_expires_at=%s' % token_ref['expires_at'] result += expiry_bit headers = [('Content-Type', 'application/x-www-form-urlencoded')] response = wsgi.render_response( result, status=(http_client.CREATED, http_client.responses[http_client.CREATED]), headers=headers) return response
def post(self): oauth_headers = oauth1.get_oauth_headers(flask.request.headers) consumer_id = oauth_headers.get('oauth_consumer_key') requested_project_id = flask.request.headers.get( 'Requested-Project-Id') if not consumer_id: raise exception.ValidationError(attribute='oauth_consumer_key', target='request') if not requested_project_id: raise exception.ValidationError(attribute='Requested-Project-Id', target='request') # NOTE(stevemar): Ensure consumer and requested project exist PROVIDERS.resource_api.get_project(requested_project_id) PROVIDERS.oauth_api.get_consumer(consumer_id) url = _update_url_scheme() req_headers = {'Requested-Project-Id': requested_project_id} req_headers.update(flask.request.headers) request_verifier = oauth1.RequestTokenEndpoint( request_validator=validator.OAuthValidator(), token_generator=oauth1.token_generator) h, b, s = request_verifier.create_request_token_response( url, http_method='POST', body=flask.request.args, headers=req_headers) if not b: msg = _('Invalid signature') raise exception.Unauthorized(message=msg) # show the details of the failure. oauth1.validate_oauth_params(b) request_token_duration = CONF.oauth1.request_token_duration token_ref = PROVIDERS.oauth_api.create_request_token( consumer_id, requested_project_id, request_token_duration, initiator=ks_flask.build_audit_initiator()) result = ('oauth_token=%(key)s&oauth_token_secret=%(secret)s' % { 'key': token_ref['id'], 'secret': token_ref['request_secret'] }) if CONF.oauth1.request_token_duration > 0: expiry_bit = '&oauth_expires_at=%s' % token_ref['expires_at'] result += expiry_bit resp = flask.make_response(result, http_client.CREATED) resp.headers['Content-Type'] = 'application/x-www-form-urlencoded' return resp
def create_request_token(self, context): headers = context["headers"] oauth_headers = oauth1.get_oauth_headers(headers) consumer_id = oauth_headers.get("oauth_consumer_key") requested_project_id = headers.get("Requested-Project-Id") if not consumer_id: raise exception.ValidationError(attribute="oauth_consumer_key", target="request") if not requested_project_id: raise exception.ValidationError(attribute="requested_project_id", target="request") # NOTE(stevemar): Ensure consumer and requested project exist self.resource_api.get_project(requested_project_id) self.oauth_api.get_consumer(consumer_id) url = self.base_url(context, context["path"]) req_headers = {"Requested-Project-Id": requested_project_id} req_headers.update(headers) request_verifier = oauth1.RequestTokenEndpoint( request_validator=validator.OAuthValidator(), token_generator=oauth1.token_generator ) h, b, s = request_verifier.create_request_token_response( url, http_method="POST", body=context["query_string"], headers=req_headers ) if (not b) or int(s) > 399: msg = _("Invalid signature") raise exception.Unauthorized(message=msg) request_token_duration = CONF.oauth1.request_token_duration initiator = notifications._get_request_audit_info(context) token_ref = self.oauth_api.create_request_token( consumer_id, requested_project_id, request_token_duration, initiator ) result = "oauth_token=%(key)s&oauth_token_secret=%(secret)s" % { "key": token_ref["id"], "secret": token_ref["request_secret"], } if CONF.oauth1.request_token_duration: expiry_bit = "&oauth_expires_at=%s" % token_ref["expires_at"] result += expiry_bit headers = [("Content-Type", "application/x-www-urlformencoded")] response = wsgi.render_response(result, status=(201, "Created"), headers=headers) return response
def post(self): oauth_headers = oauth1.get_oauth_headers(flask.request.headers) consumer_id = oauth_headers.get('oauth_consumer_key') requested_project_id = flask.request.headers.get( 'Requested-Project-Id') if not consumer_id: raise exception.ValidationError( attribute='oauth_consumer_key', target='request') if not requested_project_id: raise exception.ValidationError( attribute='Requested-Project-Id', target='request') # NOTE(stevemar): Ensure consumer and requested project exist PROVIDERS.resource_api.get_project(requested_project_id) PROVIDERS.oauth_api.get_consumer(consumer_id) url = _update_url_scheme() req_headers = {'Requested-Project-Id': requested_project_id} req_headers.update(flask.request.headers) request_verifier = oauth1.RequestTokenEndpoint( request_validator=validator.OAuthValidator(), token_generator=oauth1.token_generator) h, b, s = request_verifier.create_request_token_response( url, http_method='POST', body=flask.request.args, headers=req_headers) if not b: msg = _('Invalid signature') raise exception.Unauthorized(message=msg) # show the details of the failure. oauth1.validate_oauth_params(b) request_token_duration = CONF.oauth1.request_token_duration token_ref = PROVIDERS.oauth_api.create_request_token( consumer_id, requested_project_id, request_token_duration, initiator=notifications.build_audit_initiator()) result = ('oauth_token=%(key)s&oauth_token_secret=%(secret)s' % {'key': token_ref['id'], 'secret': token_ref['request_secret']}) if CONF.oauth1.request_token_duration > 0: expiry_bit = '&oauth_expires_at=%s' % token_ref['expires_at'] result += expiry_bit resp = flask.make_response(result, http_client.CREATED) resp.headers['Content-Type'] = 'application/x-www-form-urlencoded' return resp
def authenticate(self, request, auth_payload): """Turn a signed request with an access key into a keystone token.""" response_data = {} oauth_headers = oauth.get_oauth_headers(request.headers) access_token_id = oauth_headers.get('oauth_token') if not access_token_id: raise exception.ValidationError( attribute='oauth_token', target='request') acc_token = self.oauth_api.get_access_token(access_token_id) expires_at = acc_token['expires_at'] if expires_at: now = timeutils.utcnow() expires = timeutils.normalize_time( timeutils.parse_isotime(expires_at)) if now > expires: raise exception.Unauthorized(_('Access token is expired')) url = controller.V3Controller.base_url(request.context_dict, request.path_info) access_verifier = oauth.ResourceEndpoint( request_validator=validator.OAuthValidator(), token_generator=oauth.token_generator) result, request = access_verifier.validate_protected_resource_request( url, http_method='POST', body=request.params, headers=request.headers, realms=None ) if not result: msg = _('Could not validate the access token') raise exception.Unauthorized(msg) response_data['user_id'] = acc_token['authorizing_user_id'] response_data['access_token_id'] = access_token_id response_data['project_id'] = acc_token['project_id'] return base.AuthHandlerResponse(status=True, response_body=None, response_data=response_data)
def authenticate(self, request, auth_payload): """Turn a signed request with an access key into a keystone token.""" response_data = {} oauth_headers = oauth.get_oauth_headers(request.headers) access_token_id = oauth_headers.get('oauth_token') if not access_token_id: raise exception.ValidationError( attribute='oauth_token', target='request') acc_token = PROVIDERS.oauth_api.get_access_token(access_token_id) expires_at = acc_token['expires_at'] if expires_at: now = timeutils.utcnow() expires = timeutils.normalize_time( timeutils.parse_isotime(expires_at)) if now > expires: raise exception.Unauthorized(_('Access token is expired')) url = controller.V3Controller.base_url(request.context_dict, request.path_info) access_verifier = oauth.ResourceEndpoint( request_validator=validator.OAuthValidator(), token_generator=oauth.token_generator) result, request = access_verifier.validate_protected_resource_request( url, http_method='POST', body=request.params, headers=request.headers, realms=None ) if not result: msg = _('Could not validate the access token') raise exception.Unauthorized(msg) response_data['user_id'] = acc_token['authorizing_user_id'] response_data['access_token_id'] = access_token_id response_data['project_id'] = acc_token['project_id'] return base.AuthHandlerResponse(status=True, response_body=None, response_data=response_data)
def authenticate(self, context, auth_info, auth_context): """Turn a signed request with an access key into a keystone token.""" headers = context['headers'] oauth_headers = oauth.get_oauth_headers(headers) access_token_id = oauth_headers.get('oauth_token') if not access_token_id: raise exception.ValidationError( attribute='oauth_token', target='request') acc_token = self.oauth_api.get_access_token(access_token_id) expires_at = acc_token['expires_at'] if expires_at: now = timeutils.utcnow() expires = timeutils.normalize_time( timeutils.parse_isotime(expires_at)) if now > expires: raise exception.Unauthorized(_('Access token is expired')) url = controller.V3Controller.base_url(context, context['path']) access_verifier = oauth.ResourceEndpoint( request_validator=validator.OAuthValidator(), token_generator=oauth.token_generator) result, request = access_verifier.validate_protected_resource_request( url, http_method='POST', body=context['query_string'], headers=headers, realms=None ) if not result: msg = _('Could not validate the access token') raise exception.Unauthorized(msg) auth_context['user_id'] = acc_token['authorizing_user_id'] auth_context['access_token_id'] = access_token_id auth_context['project_id'] = acc_token['project_id']
def authenticate(self, context, auth_info, auth_context): """Turn a signed request with an access key into a keystone token.""" headers = context['headers'] oauth_headers = oauth.get_oauth_headers(headers) access_token_id = oauth_headers.get('oauth_token') if not access_token_id: raise exception.ValidationError(attribute='oauth_token', target='request') acc_token = self.oauth_api.get_access_token(access_token_id) expires_at = acc_token['expires_at'] if expires_at: now = timeutils.utcnow() expires = timeutils.normalize_time( timeutils.parse_isotime(expires_at)) if now > expires: raise exception.Unauthorized(_('Access token is expired')) url = controller.V3Controller.base_url(context, context['path']) access_verifier = oauth.ResourceEndpoint( request_validator=validator.OAuthValidator(), token_generator=oauth.token_generator) result, request = access_verifier.validate_protected_resource_request( url, http_method='POST', body=context['query_string'], headers=headers, realms=None) if not result: msg = _('Could not validate the access token') raise exception.Unauthorized(msg) auth_context['user_id'] = acc_token['authorizing_user_id'] auth_context['access_token_id'] = access_token_id auth_context['project_id'] = acc_token['project_id']
def create_access_token(self, request): oauth_headers = oauth1.get_oauth_headers(request.headers) consumer_id = oauth_headers.get('oauth_consumer_key') request_token_id = oauth_headers.get('oauth_token') oauth_verifier = oauth_headers.get('oauth_verifier') if not consumer_id: raise exception.ValidationError(attribute='oauth_consumer_key', target='request') if not request_token_id: raise exception.ValidationError(attribute='oauth_token', target='request') if not oauth_verifier: raise exception.ValidationError(attribute='oauth_verifier', target='request') req_token = self.oauth_api.get_request_token(request_token_id) expires_at = req_token['expires_at'] if expires_at: now = timeutils.utcnow() expires = timeutils.normalize_time( timeutils.parse_isotime(expires_at)) if now > expires: raise exception.Unauthorized(_('Request token is expired')) access_verifier = oauth1.AccessTokenEndpoint( request_validator=validator.OAuthValidator(), token_generator=oauth1.token_generator) try: h, b, s = access_verifier.create_access_token_response( request.url, http_method='POST', body=request.params, headers=request.headers) except NotImplementedError: # Client key or request token validation failed, since keystone # does not yet support dummy client or dummy request token, # so we will raise Unauthorized exception instead. try: self.oauth_api.get_consumer(consumer_id) except exception.NotFound: msg = _('Provided consumer does not exist.') LOG.warning(msg) raise exception.Unauthorized(message=msg) if req_token['consumer_id'] != consumer_id: msg = _('Provided consumer key does not match stored ' 'consumer key.') LOG.warning(msg) raise exception.Unauthorized(message=msg) # The response body is empty since either one of the following reasons if not b: if req_token['verifier'] != oauth_verifier: msg = _('Provided verifier does not match stored verifier') else: msg = _('Invalid signature.') LOG.warning(msg) raise exception.Unauthorized(message=msg) # show the details of the failure. oauth1.validate_oauth_params(b) if not req_token.get('authorizing_user_id'): msg = _('Request Token does not have an authorizing user id.') LOG.warning(msg) raise exception.Unauthorized(message=msg) access_token_duration = CONF.oauth1.access_token_duration token_ref = self.oauth_api.create_access_token( request_token_id, access_token_duration, initiator=request.audit_initiator) result = ('oauth_token=%(key)s&oauth_token_secret=%(secret)s' % { 'key': token_ref['id'], 'secret': token_ref['access_secret'] }) if CONF.oauth1.access_token_duration > 0: expiry_bit = '&oauth_expires_at=%s' % (token_ref['expires_at']) result += expiry_bit headers = [('Content-Type', 'application/x-www-form-urlencoded')] response = wsgi.render_response( result, status=(http_client.CREATED, http_client.responses[http_client.CREATED]), headers=headers) return response
def create_access_token(self, context): headers = context['headers'] oauth_headers = oauth1.get_oauth_headers(headers) consumer_id = oauth_headers.get('oauth_consumer_key') request_token_id = oauth_headers.get('oauth_token') oauth_verifier = oauth_headers.get('oauth_verifier') if not consumer_id: raise exception.ValidationError( attribute='oauth_consumer_key', target='request') if not request_token_id: raise exception.ValidationError( attribute='oauth_token', target='request') if not oauth_verifier: raise exception.ValidationError( attribute='oauth_verifier', target='request') req_token = self.oauth_api.get_request_token( request_token_id) expires_at = req_token['expires_at'] if expires_at: now = timeutils.utcnow() expires = timeutils.normalize_time( timeutils.parse_isotime(expires_at)) if now > expires: raise exception.Unauthorized(_('Request token is expired')) url = self.base_url(context, context['path']) access_verifier = oauth1.AccessTokenEndpoint( request_validator=validator.OAuthValidator(), token_generator=oauth1.token_generator) h, b, s = access_verifier.create_access_token_response( url, http_method='POST', body=context['query_string'], headers=headers) params = oauth1.extract_non_oauth_params(b) if params: msg = _('There should not be any non-oauth parameters') raise exception.Unauthorized(message=msg) if req_token['consumer_id'] != consumer_id: msg = _('provided consumer key does not match stored consumer key') raise exception.Unauthorized(message=msg) if req_token['verifier'] != oauth_verifier: msg = _('provided verifier does not match stored verifier') raise exception.Unauthorized(message=msg) if req_token['id'] != request_token_id: msg = _('provided request key does not match stored request key') raise exception.Unauthorized(message=msg) if not req_token.get('authorizing_user_id'): msg = _('Request Token does not have an authorizing user id') raise exception.Unauthorized(message=msg) access_token_duration = CONF.oauth1.access_token_duration initiator = notifications._get_request_audit_info(context) token_ref = self.oauth_api.create_access_token(request_token_id, access_token_duration, initiator) result = ('oauth_token=%(key)s&oauth_token_secret=%(secret)s' % {'key': token_ref['id'], 'secret': token_ref['access_secret']}) if CONF.oauth1.access_token_duration: expiry_bit = '&oauth_expires_at=%s' % (token_ref['expires_at']) result += expiry_bit headers = [('Content-Type', 'application/x-www-urlformencoded')] response = wsgi.render_response(result, status=(201, 'Created'), headers=headers) return response
def create_access_token(self, context): headers = context["headers"] oauth_headers = oauth1.get_oauth_headers(headers) consumer_id = oauth_headers.get("oauth_consumer_key") request_token_id = oauth_headers.get("oauth_token") oauth_verifier = oauth_headers.get("oauth_verifier") if not consumer_id: raise exception.ValidationError(attribute="oauth_consumer_key", target="request") if not request_token_id: raise exception.ValidationError(attribute="oauth_token", target="request") if not oauth_verifier: raise exception.ValidationError(attribute="oauth_verifier", target="request") req_token = self.oauth_api.get_request_token(request_token_id) expires_at = req_token["expires_at"] if expires_at: now = timeutils.utcnow() expires = timeutils.normalize_time(timeutils.parse_isotime(expires_at)) if now > expires: raise exception.Unauthorized(_("Request token is expired")) url = self.base_url(context, context["path"]) access_verifier = oauth1.AccessTokenEndpoint( request_validator=validator.OAuthValidator(), token_generator=oauth1.token_generator ) h, b, s = access_verifier.create_access_token_response( url, http_method="POST", body=context["query_string"], headers=headers ) params = oauth1.extract_non_oauth_params(b) if params: msg = _("There should not be any non-oauth parameters") raise exception.Unauthorized(message=msg) if req_token["consumer_id"] != consumer_id: msg = _("provided consumer key does not match stored consumer key") raise exception.Unauthorized(message=msg) if req_token["verifier"] != oauth_verifier: msg = _("provided verifier does not match stored verifier") raise exception.Unauthorized(message=msg) if req_token["id"] != request_token_id: msg = _("provided request key does not match stored request key") raise exception.Unauthorized(message=msg) if not req_token.get("authorizing_user_id"): msg = _("Request Token does not have an authorizing user id") raise exception.Unauthorized(message=msg) access_token_duration = CONF.oauth1.access_token_duration initiator = notifications._get_request_audit_info(context) token_ref = self.oauth_api.create_access_token(request_token_id, access_token_duration, initiator) result = "oauth_token=%(key)s&oauth_token_secret=%(secret)s" % { "key": token_ref["id"], "secret": token_ref["access_secret"], } if CONF.oauth1.access_token_duration: expiry_bit = "&oauth_expires_at=%s" % (token_ref["expires_at"]) result += expiry_bit headers = [("Content-Type", "application/x-www-urlformencoded")] response = wsgi.render_response(result, status=(201, "Created"), headers=headers) return response
def create_access_token(self, request): headers = request.context_dict['headers'] oauth_headers = oauth1.get_oauth_headers(headers) consumer_id = oauth_headers.get('oauth_consumer_key') request_token_id = oauth_headers.get('oauth_token') oauth_verifier = oauth_headers.get('oauth_verifier') if not consumer_id: raise exception.ValidationError(attribute='oauth_consumer_key', target='request') if not request_token_id: raise exception.ValidationError(attribute='oauth_token', target='request') if not oauth_verifier: raise exception.ValidationError(attribute='oauth_verifier', target='request') req_token = self.oauth_api.get_request_token(request_token_id) expires_at = req_token['expires_at'] if expires_at: now = timeutils.utcnow() expires = timeutils.normalize_time( timeutils.parse_isotime(expires_at)) if now > expires: raise exception.Unauthorized(_('Request token is expired')) url = self.base_url(request.context_dict, request.context_dict['path']) access_verifier = oauth1.AccessTokenEndpoint( request_validator=validator.OAuthValidator(), token_generator=oauth1.token_generator) h, b, s = access_verifier.create_access_token_response( url, http_method='POST', body=request.context_dict['query_string'], headers=headers) params = oauth1.extract_non_oauth_params(b) if params: msg = _('There should not be any non-oauth parameters') raise exception.Unauthorized(message=msg) if req_token['consumer_id'] != consumer_id: msg = _('provided consumer key does not match stored consumer key') raise exception.Unauthorized(message=msg) if req_token['verifier'] != oauth_verifier: msg = _('provided verifier does not match stored verifier') raise exception.Unauthorized(message=msg) if req_token['id'] != request_token_id: msg = _('provided request key does not match stored request key') raise exception.Unauthorized(message=msg) if not req_token.get('authorizing_user_id'): msg = _('Request Token does not have an authorizing user id') raise exception.Unauthorized(message=msg) access_token_duration = CONF.oauth1.access_token_duration initiator = notifications._get_request_audit_info(request.context_dict) token_ref = self.oauth_api.create_access_token(request_token_id, access_token_duration, initiator) result = ('oauth_token=%(key)s&oauth_token_secret=%(secret)s' % { 'key': token_ref['id'], 'secret': token_ref['access_secret'] }) if CONF.oauth1.access_token_duration: expiry_bit = '&oauth_expires_at=%s' % (token_ref['expires_at']) result += expiry_bit headers = [('Content-Type', 'application/x-www-urlformencoded')] response = wsgi.render_response(result, status=(201, 'Created'), headers=headers) return response
def create_access_token(self, request): oauth_headers = oauth1.get_oauth_headers(request.headers) consumer_id = oauth_headers.get('oauth_consumer_key') request_token_id = oauth_headers.get('oauth_token') oauth_verifier = oauth_headers.get('oauth_verifier') if not consumer_id: raise exception.ValidationError( attribute='oauth_consumer_key', target='request') if not request_token_id: raise exception.ValidationError( attribute='oauth_token', target='request') if not oauth_verifier: raise exception.ValidationError( attribute='oauth_verifier', target='request') req_token = self.oauth_api.get_request_token( request_token_id) expires_at = req_token['expires_at'] if expires_at: now = timeutils.utcnow() expires = timeutils.normalize_time( timeutils.parse_isotime(expires_at)) if now > expires: raise exception.Unauthorized(_('Request token is expired')) url = self.base_url(request.context_dict, request.context_dict['path']) access_verifier = oauth1.AccessTokenEndpoint( request_validator=validator.OAuthValidator(), token_generator=oauth1.token_generator) try: h, b, s = access_verifier.create_access_token_response( url, http_method='POST', body=request.params, headers=request.headers) except NotImplementedError: # Client key or request token validation failed, since keystone # does not yet support dummy client or dummy request token, # so we will raise Unauthorized exception instead. try: self.oauth_api.get_consumer(consumer_id) except exception.NotFound: msg = _('Provided consumer does not exist.') LOG.warning(msg) raise exception.Unauthorized(message=msg) if req_token['consumer_id'] != consumer_id: msg = _('Provided consumer key does not match stored ' 'consumer key.') LOG.warning(msg) raise exception.Unauthorized(message=msg) # The response body is empty since either one of the following reasons if not b: if req_token['verifier'] != oauth_verifier: msg = _('Provided verifier does not match stored verifier') else: msg = _('Invalid signature.') LOG.warning(msg) raise exception.Unauthorized(message=msg) # show the details of the failure. oauth1.validate_oauth_params(b) if not req_token.get('authorizing_user_id'): msg = _('Request Token does not have an authorizing user id.') LOG.warning(msg) raise exception.Unauthorized(message=msg) access_token_duration = CONF.oauth1.access_token_duration token_ref = self.oauth_api.create_access_token( request_token_id, access_token_duration, initiator=request.audit_initiator ) result = ('oauth_token=%(key)s&oauth_token_secret=%(secret)s' % {'key': token_ref['id'], 'secret': token_ref['access_secret']}) if CONF.oauth1.access_token_duration: expiry_bit = '&oauth_expires_at=%s' % (token_ref['expires_at']) result += expiry_bit headers = [('Content-Type', 'application/x-www-form-urlencoded')] response = wsgi.render_response( result, status=(http_client.CREATED, http_client.responses[http_client.CREATED]), headers=headers) return response