def initialize_server_request(request): """Shortcut for initialization.""" # Django converts Authorization header in HTTP_AUTHORIZATION # Warning: it doesn't happen in tests but it's useful, do not remove! # Check to see if it's a dict if it's being called from the LRS app. The LRS app parses everything in a dict first # then will call this in Authorization with the request dict. if type(request) == dict: auth_header = {} if 'Authorization' in request: auth_header = {'Authorization': request['Authorization']} elif 'HTTP_AUTHORIZATION' in request: auth_header = {'Authorization': request['HTTP_AUTHORIZATION']} parameters = {} # TODO-WHAT TO DO WITH THIS? # if request['method'] == "POST": # parameters = ast.literal_eval(request['body']) oauth_request = OAuthRequest.from_request(request['method'], request['absolute_uri'], headers=auth_header, parameters=parameters, query_string=request['query_string']) else: auth_header = {} if 'Authorization' in request.META: auth_header = {'Authorization': request.META['Authorization']} elif 'HTTP_AUTHORIZATION' in request.META: auth_header = {'Authorization': request.META['HTTP_AUTHORIZATION']} # Don't include extra parameters when request.method is POST and # request.MIME['CONTENT_TYPE'] is "application/x-www-form-urlencoded" # (See http://oauth.net/core/1.0a/#consumer_req_param). # But there is an issue with Django's test Client and custom content types # so an ugly test is made here, if you find a better solution... parameters = {} if request.method == "POST" and \ (request.META.get('CONTENT_TYPE') == "application/x-www-form-urlencoded" \ or request.META.get('SERVER_NAME') == 'testserver'): parameters = dict(request.REQUEST.items()) # pdb.set_trace() oauth_request = OAuthRequest.from_request(request.method, request.build_absolute_uri(), headers=auth_header, parameters=parameters, query_string=request.META.get('QUERY_STRING', '')) if oauth_request: oauth_server = OAuthServer(DataStore(oauth_request)) if 'plaintext' in OAUTH_SIGNATURE_METHODS: oauth_server.add_signature_method(OAuthSignatureMethod_PLAINTEXT()) if 'hmac-sha1' in OAUTH_SIGNATURE_METHODS: oauth_server.add_signature_method(OAuthSignatureMethod_HMAC_SHA1()) else: oauth_server = None return oauth_server, oauth_request
def initialize_server_request(request): """Shortcut for initialization.""" # Django converts Authorization header in HTTP_AUTHORIZATION # Warning: it doesn't happen in tests but it's useful, do not remove! auth_header = {} if 'Authorization' in request.META: auth_header = {'Authorization': request.META['Authorization']} elif 'HTTP_AUTHORIZATION' in request.META: auth_header = {'Authorization': request.META['HTTP_AUTHORIZATION']} parameters = dict(request.REQUEST.items()) oauth_request = OAuthRequest.from_request(request.method, request.build_absolute_uri(), headers=auth_header, parameters=parameters, query_string=request.META.get( 'QUERY_STRING', '')) if oauth_request: oauth_server = OAuthServer(DataStore(oauth_request)) if 'plaintext' in OAUTH_SIGNATURE_METHODS: oauth_server.add_signature_method(OAuthSignatureMethod_PLAINTEXT()) if 'hmac-sha1' in OAUTH_SIGNATURE_METHODS: oauth_server.add_signature_method(OAuthSignatureMethod_HMAC_SHA1()) else: oauth_server = None return oauth_server, oauth_request
def set_session_oauth_token(sender, user, request, **kwargs): # user is an Account instance here headers = {'Authorization': request.META.get('HTTP_AUTHORIZATION', '')} orequest = OAuthRequest.from_request(request.method, '', headers=headers) if orequest and 'oauth_token' in orequest.parameters: # check for token in headers (handle login_by_token case) token_key = orequest.get_parameter('oauth_token') elif settings.READ_ONLY_MODE: try: token_key = '' consumer_user = user.user if consumer_user is not None: # check for already existent token token = Token.objects.get( name=SESSION_TOKEN_NAME, consumer__user=consumer_user) token_key = token.token except Token.DoesNotExist: # no token, this session will be invalidated when RO mode is off pass else: oauth_token, _ = user.get_or_create_oauth_token( token_name=SESSION_TOKEN_NAME) token_key = oauth_token.token request.session[SESSION_TOKEN_KEY] = token_key
def initialize_server_request(request): """Shortcut for initialization.""" # OAuth change # Django converts Authorization header in HTTP_AUTHORIZATION # Warning: it doesn't happen in tests but it's useful, do not remove! auth_header = {} if 'Authorization' in request.META: auth_header = {'Authorization': request.META['Authorization']} elif 'HTTP_AUTHORIZATION' in request.META: auth_header = {'Authorization': request.META['HTTP_AUTHORIZATION']} # Don't include extra parameters when request.method is POST and # request.MIME['CONTENT_TYPE'] is "application/x-www-form-urlencoded" # (See http://oauth.net/core/1.0a/#consumer_req_param). # But there is an issue with Django's test Client and custom content types # so an ugly test is made here, if you find a better solution... parameters = {} if request.method == "POST" and request.META.get('CONTENT_TYPE') != "application/json" \ and (request.META.get('CONTENT_TYPE') == "application/x-www-form-urlencoded" \ or request.META.get('SERVER_NAME') == 'testserver'): # lou -w -When POST statement data, the actual data is a dict key and has a value of '' # have to parse it out correctly... # pdb.set_trace() p = dict(request.REQUEST.items()) if p.values()[0] == '': # literal eval is putting them in differnt order parameters = ast.literal_eval(p.keys()[0]) else: parameters = p oauth_request = OAuthRequest.from_request(request.method, request.build_absolute_uri(), headers=auth_header, parameters=parameters, query_string=request.META.get('QUERY_STRING', '')) if oauth_request: oauth_server = OAuthServer(DataStore(oauth_request)) if 'plaintext' in OAUTH_SIGNATURE_METHODS: oauth_server.add_signature_method(OAuthSignatureMethod_PLAINTEXT()) if 'hmac-sha1' in OAUTH_SIGNATURE_METHODS: oauth_server.add_signature_method(OAuthSignatureMethod_HMAC_SHA1()) else: oauth_server = None return oauth_server, oauth_request
def initialize_server_request(request): """Shortcut for initialization.""" # OAuth change # Django converts Authorization header in HTTP_AUTHORIZATION # Warning: it doesn't happen in tests but it's useful, do not remove! auth_header = {} if 'Authorization' in request.META: auth_header = {'Authorization': request.META['Authorization']} elif 'HTTP_AUTHORIZATION' in request.META: auth_header = {'Authorization': request.META['HTTP_AUTHORIZATION']} # Don't include extra parameters when request.method is POST and # request.MIME['CONTENT_TYPE'] is "application/x-www-form-urlencoded" # (See http://oauth.net/core/1.0a/#consumer_req_param). # But there is an issue with Django's test Client and custom content types # so an ugly test is made here, if you find a better solution... parameters = {} if request.method == "POST" and request.META.get('CONTENT_TYPE') != "application/json" \ and (request.META.get('CONTENT_TYPE') == "application/x-www-form-urlencoded" \ or request.META.get('SERVER_NAME') == 'testserver'): # lou -w -When POST statement data, the actual data is a dict key and has a value of '' # have to parse it out correctly... p = dict(request.REQUEST.items()) if p.values()[0] == '': # literal eval is putting them in differnt order parameters = ast.literal_eval(p.keys()[0]) else: parameters = p oauth_request = OAuthRequest.from_request(request.method, request.build_absolute_uri(), headers=auth_header, parameters=parameters, query_string=request.META.get( 'QUERY_STRING', '')) if oauth_request: oauth_server = OAuthServer(DataStore(oauth_request)) if 'plaintext' in OAUTH_SIGNATURE_METHODS: oauth_server.add_signature_method(OAuthSignatureMethod_PLAINTEXT()) if 'hmac-sha1' in OAUTH_SIGNATURE_METHODS: oauth_server.add_signature_method(OAuthSignatureMethod_HMAC_SHA1()) else: oauth_server = None return oauth_server, oauth_request
def initialise_server_request(request): if request.method == "POST": params = dict(request.REQUEST.items()) else: params = {} request.META['Authorization'] = request.META.get('HTTP_AUTHORIZATION', '') oauth_request = OAuthRequest.from_request( request.method, request.build_absolute_uri(), headers = request.META, parameters = params, query_string = request.environ.get('QUERY_STRING', '') ) if oauth_request: oauth_server = OAuthServer(DataStore(oauth_request)) oauth_server.add_signature_method(OAuthSignatureMethod_PLAINTEXT()) else: oauth_server = None return oauth_server, oauth_request
def initialise_server_request(request): if request.method == "POST": params = dict(request.REQUEST.items()) else: params = {} request.META['Authorization'] = request.META.get('HTTP_AUTHORIZATION', '') oauth_request = OAuthRequest.from_request(request.method, request.build_absolute_uri(), headers=request.META, parameters=params, query_string=request.environ.get( 'QUERY_STRING', '')) if oauth_request: oauth_server = OAuthServer(DataStore(oauth_request)) oauth_server.add_signature_method(OAuthSignatureMethod_PLAINTEXT()) else: oauth_server = None return oauth_server, oauth_request
def login_by_token(request): headers = { 'Authorization': request.META.get('HTTP_AUTHORIZATION', '') } orequest = OAuthRequest.from_request( request.method, request.build_absolute_uri(), headers=headers, query_string=request.META['QUERY_STRING']) if (orequest is None or not 'oauth_token' in orequest.parameters or not 'oauth_consumer_key' in orequest.parameters): return HttpResponseForbidden() oauthtoken = orequest.get_parameter('oauth_token') consumer_key = orequest.get_parameter('oauth_consumer_key') # get the entire token via the key from the db tokens = Token.objects.filter( token=oauthtoken, consumer__user__username=consumer_key) tokens = tokens.order_by('-created_at') if not tokens: return HttpResponseForbidden() token = tokens[0] user = auth.authenticate(token=token) if user is None: return HttpResponseForbidden() auth.login(request, user) next_step = request.GET.get('next') rpconfig = None if next_step: rpconfig = OpenIDRPConfig.objects.for_url(next_step) if next_step: if rpconfig or utils.is_safe_redirect_url(next_step): return HttpResponseRedirect(next_step) else: msg = _("Unknown redirect URL '{url}'") messages.warning(request, msg.format(url=next_step)) return HttpResponseRedirect('/')
def initialize_server_request(request): """Shortcut for initialization.""" # Django converts Authorization header in HTTP_AUTHORIZATION # Warning: it doesn't happen in tests but it's useful, do not remove! auth_header = {} if 'Authorization' in request.META: auth_header = {'Authorization': request.META['Authorization']} elif 'HTTP_AUTHORIZATION' in request.META: auth_header = {'Authorization': request.META['HTTP_AUTHORIZATION']} oauth_request = OAuthRequest.from_request(request.method, request.build_absolute_uri(), headers=auth_header, parameters=dict(request.REQUEST.items()), query_string=request.environ.get('QUERY_STRING', '')) if oauth_request: oauth_server = OAuthServer(DataStore(oauth_request)) oauth_server.add_signature_method(OAuthSignatureMethod_PLAINTEXT()) oauth_server.add_signature_method(OAuthSignatureMethod_HMAC_SHA1()) else: oauth_server = None return oauth_server, oauth_request