def test_init(self): server = oauth.Server( signature_methods={'HMAC-SHA1': oauth.SignatureMethod_HMAC_SHA1()}) self.assertTrue('HMAC-SHA1' in server.signature_methods) self.assertTrue( isinstance(server.signature_methods['HMAC-SHA1'], oauth.SignatureMethod_HMAC_SHA1)) server = oauth.Server() self.assertEquals(server.signature_methods, {})
def initialize_oauth_server_request(request): """ OAuth initialization. """ # Since 'Authorization' header comes through as 'HTTP_AUTHORIZATION', convert it back auth_header = {} if 'HTTP_AUTHORIZATION' in request.META: auth_header = {'Authorization': request.META.get('HTTP_AUTHORIZATION')} absolute_uri = request.build_absolute_uri() url = absolute_uri if absolute_uri.find('?') != -1: url = absolute_uri[:absolute_uri.find('?')] oauth_request = oauth2.Request.from_request(request.method, url, headers=auth_header, parameters=dict( request.REQUEST.items())) if oauth_request: oauth_server = oauth2.Server( signature_methods={ # Supported signature methods 'HMAC-SHA1': oauth2.SignatureMethod_HMAC_SHA1() }) else: oauth_server = None return oauth_server, oauth_request
def verify_oauth_request(request, oauth_request, consumer, token=None): """ Helper function to verify requests. """ from store import store # Check nonce if not store.check_nonce(request, oauth_request, oauth_request['oauth_nonce']): return False # Verify request try: oauth_server = oauth.Server() oauth_server.add_signature_method(oauth.SignatureMethod_HMAC_SHA1()) oauth_server.add_signature_method(oauth.SignatureMethod_PLAINTEXT()) # Ensure the passed keys and secrets are ascii, or HMAC will complain. consumer = oauth.Consumer(consumer.key.encode('ascii', 'ignore'), consumer.secret.encode('ascii', 'ignore')) if token is not None: token = oauth.Token(token.key.encode('ascii', 'ignore'), token.secret.encode('ascii', 'ignore')) oauth_server.verify_request(oauth_request, consumer, token) except oauth.Error, err: logger.error('OAuth-request verification error', extra={'data': { 'error': err.message }}) return False
def initialize_oauth_server_request(request): """ OAuth initialization. """ # Since 'Authorization' header comes through as 'HTTP_AUTHORIZATION', # convert it back. auth_header = {} if 'HTTP_AUTHORIZATION' in request.META: auth_header = {'Authorization': request.META.get('HTTP_AUTHORIZATION')} url = urljoin(settings.SITE_URL, request.path) # Note: we are only signing using the QUERY STRING. We are not signing the # body yet. According to the spec we should be including an oauth_body_hash # as per: # # http://oauth.googlecode.com/svn/spec/ext/body_hash/1.0/drafts/1/spec.html # # There is no support in python-oauth2 for this yet. There is an # outstanding pull request for this: # # https://github.com/simplegeo/python-oauth2/pull/110 # # Or time to move to a better OAuth implementation. oauth_request = oauth2.Request.from_request( request.method, url, headers=auth_header, query_string=request.META['QUERY_STRING']) oauth_server = oauth2.Server(signature_methods={ 'HMAC-SHA1': oauth2.SignatureMethod_HMAC_SHA1() }) return oauth_server, oauth_request
def _validate_lti_Irequest_signature(self, i_req): """ Function that validates an LTI request by recreating the signature and comparing this with the provided signature. For this we require that the LTI request is wrapped in a Irequest(Internal request) object. For this it uses the python3-oauth2 libary. source: https://github.com/i-kiwamu/python3-oauth2/blob/master/oauth2/__init__.py If the LTI request is invalid, we throw an InvalidLTIRequest exception and log the error. """ oauth_server = oauth2.Server() signature_method = oauth2.SignatureMethod_HMAC_SHA1() oauth_server.add_signature_method(signature_method) consumer = oauth2.Consumer('consumerKey', 'test') # Test values oauth_request = oauth2.Request.from_request(i_req.method, i_req.url, i_req.headers, i_req.body) try: oauth_server.verify_request(oauth_request, consumer, {}) except Exception as e: print(e) # debug raise InvalidLTIRequest
def initialize_server_request(request): """Shortcut for initialization.""" # Django converts Authorization header in HTTP_AUTHORIZATION # Warning: it doesn't happen in tests but it's useful, do not remove! auth_header = {} if 'Authorization' in request.META: auth_header = {'Authorization': request.META['Authorization']} elif 'HTTP_AUTHORIZATION' in request.META: auth_header = {'Authorization': request.META['HTTP_AUTHORIZATION']} # Don't include extra parameters when request.method is POST and # request.MIME['CONTENT_TYPE'] is "application/x-www-form-urlencoded" # (See http://oauth.net/core/1.0a/#consumer_req_param). # But there is an issue with Django's test Client and custom content types # so an ugly test is made here, if you find a better solution... parameters = {} if request.method == "POST" and \ (request.META.get('CONTENT_TYPE') == "application/x-www-form-urlencoded" \ or request.META.get('SERVER_NAME') == 'testserver'): parameters = dict((k, v.encode('utf-8')) for (k, v) in request.REQUEST.iteritems()) oauth_request = oauth.Request.from_request(request.method, request.build_absolute_uri(request.path), headers=auth_header, parameters=parameters, query_string=request.META.get('QUERY_STRING', '')) if oauth_request: oauth_server = oauth.Server() if 'plaintext' in OAUTH_SIGNATURE_METHODS: oauth_server.add_signature_method(oauth.SignatureMethod_PLAINTEXT()) if 'hmac-sha1' in OAUTH_SIGNATURE_METHODS: oauth_server.add_signature_method(oauth.SignatureMethod_HMAC_SHA1()) else: oauth_server = None return oauth_server, oauth_request
def test_no_version(self): url = "http://sp.example.com/" params = { 'oauth_nonce': "4572616e48616d6d65724c61686176", 'oauth_timestamp': int(time.time()), 'bar': 'blerg', 'multi': ['FOO', 'BAR'], 'foo': 59 } self.consumer = oauth.Consumer(key="consumer-key", secret="consumer-secret") self.token = oauth.Token(key="token-key", secret="token-secret") params['oauth_token'] = self.token.key params['oauth_consumer_key'] = self.consumer.key self.request = oauth.Request(method="GET", url=url, parameters=params) signature_method = oauth.SignatureMethod_HMAC_SHA1() self.request.sign_request(signature_method, self.consumer, self.token) server = oauth.Server() server.add_signature_method(oauth.SignatureMethod_HMAC_SHA1()) parameters = server.verify_request(self.request, self.consumer, self.token)
def test_missing_signature(self): url = "http://sp.example.com/" params = { 'oauth_version': '1.0', 'oauth_nonce': "4572616e48616d6d65724c61686176", 'oauth_timestamp': int(time.time()), 'bar': 'blerg', 'multi': ['FOO', 'BAR'], 'foo': 59 } consumer = oauth.Consumer(key="consumer-key", secret="consumer-secret") token = oauth.Token(key="token-key", secret="token-secret") params['oauth_token'] = token.key params['oauth_consumer_key'] = consumer.key request = oauth.Request(method="GET", url=url, parameters=params) signature_method = oauth.SignatureMethod_HMAC_SHA1() request.sign_request(signature_method, consumer, token) del request['oauth_signature'] server = oauth.Server() server.add_signature_method(oauth.SignatureMethod_HMAC_SHA1()) self.assertRaises(oauth.MissingSignature, server.verify_request, request, consumer, token)
def verify_oauth_request(request, oauth_request, consumer, token=None): """ Helper function to verify requests. """ from treeio.core.api.auth.store import store # Check nonce if not store.check_nonce(request, oauth_request, oauth_request['oauth_nonce']): return False # Verify request try: oauth_server = oauth.Server() oauth_server.add_signature_method(oauth.SignatureMethod_HMAC_SHA1()) oauth_server.add_signature_method(oauth.SignatureMethod_PLAINTEXT()) # Ensure the passed keys and secrets are ascii, or HMAC will complain. consumer = oauth.Consumer(consumer.key.encode('ascii', 'ignore'), consumer.secret.encode('ascii', 'ignore')) if token is not None: token = oauth.Token(token.key.encode('ascii', 'ignore'), token.secret.encode('ascii', 'ignore')) oauth_server.verify_request(oauth_request, consumer, token) except oauth.Error: return False return True
def getInstance(cls): if cls._instance == None: cls._instance = oauth.Server() cls._instance.add_signature_method( oauth.SignatureMethod_PLAINTEXT()) cls._instance.add_signature_method( oauth.SignatureMethod_HMAC_SHA1()) return cls._instance
def __init__(self): super(RequestValidatorMixin, self).__init__() self.oauth_server = oauth2.Server() signature_method = oauth2.SignatureMethod_HMAC_SHA1() self.oauth_server.add_signature_method(signature_method) self.oauth_consumer = oauth2.Consumer(self.consumer_key, self.consumer_secret)
def index(self, *args, **kwargs): try: server = oauth2.Server() server.add_signature_method(oauth2.SignatureMethod_HMAC_SHA1()) req = oauth2.Request.from_request(request.method, request.url, request.headers, request.params, request.query_string) params = server.verify_request( req, oauth2.Consumer(self.key, self.secret), None) except: log.debug('LTI Tool Provider OAuth Error', exc_info=True) flash('LTI Tool Provider OAuth Error', 'error') abort(403) else: log.debug(params) user_name = ( params.get('tool_consumer_info_product_family_code', 'external') + '_' + params.get('tool_consumer_instance_guid', 'external') + '_' + params.get('user_id')) user = User.query.filter_by(user_name=user_name).first() if not user: log.info('New user %s', user_name) user = User( user_name=user_name, display_name=params.get('lis_person_name_full'), email_address=params.get('lis_person_contact_email_primary'), ) DBSession.add(user) submission = Submission.query.filter( Submission.assignment == self.assignment, Submission.user == user).first() if not submission: submission = Submission( assignment=self.assignment, filename=self.assignment.submission_filename or None, source=self.assignment.submission_template or None, language=self.assignment.allowed_languages[0], user=user, created=datetime.now(), modified=datetime.now(), ) DBSession.add(submission) DBSession.flush() session['lti'] = True session['params'] = params session['user'] = user.id session['submission'] = submission.id session.save() redirect('/lti/%d/edit' % self.assignment.id)
def _wrap_oauth(request, *args, **kwargs): project = kwargs.get('project', None) ### # Until the production environment for talos can make use of # OAuth or use API/Keys we need to bypass OAuth to injest data. # This needs to be removed as soon as talos can support OAuth. ### if project in ['talos', 'views']: return func(request, *args, **kwargs) dm = PerformanceTestModel(project) #Get the consumer key key = request.REQUEST.get('oauth_consumer_key', None) if key is None: result = {"status": "No OAuth credentials provided."} return HttpResponse(json.dumps(result), content_type=APP_JS, status=403) try: #Get the consumer secret stored with this key ds_consumer_secret = dm.get_oauth_consumer_secret(key) except DatasetNotFoundError: result = {"status": "Unknown project '%s'" % project} return HttpResponse(json.dumps(result), content_type=APP_JS, status=404) #Construct the OAuth request based on the django request object req_obj = oauth.Request(request.method, request.build_absolute_uri(), request.REQUEST, '', False) server = oauth.Server() #Get the consumer object cons_obj = oauth.Consumer(key, ds_consumer_secret) #Set the signature method server.add_signature_method(oauth.SignatureMethod_HMAC_SHA1()) try: #verify oauth django request and consumer object match server.verify_request(req_obj, cons_obj, None) except oauth.Error: status = 403 result = {"status": "Oauth verification error."} return HttpResponse(json.dumps(result), content_type=APP_JS, status=status) return func(request, *args, **kwargs)
def test_verify_request(self): server = oauth.Server() server.add_signature_method(oauth.SignatureMethod_HMAC_SHA1()) parameters = server.verify_request(self.request, self.consumer, self.token) self.assertTrue('bar' in parameters) self.assertTrue('foo' in parameters) self.assertEquals(parameters['bar'], 'blerg') self.assertEquals(parameters['foo'], 59)
def check_oauth(self, username, method, url, auth, query): """ Check OAuth header credentials. Return None if the credentials are invalid :type username: str :param username: username corresponding to credentials :type method: str :param method: http method :type url: str :param url: request url :type auth: str :param auth: http authorization header value :type query: str :param query: http request query string :rtype: str or None :return: user login corresponding to the credentials """ is_consumer = False headers = {'Authorization': auth} req = oauth2.Request.from_request(method, url, headers, query_string=query) if not req: return None, is_consumer if not (config.has_option('oauth', 'oauth_key') and config.has_option('oauth', 'oauth_secret')): _logger.error( _("Attempting OAuth authentication and you do not have oauth_key and " "oauth_secret in pulp.conf")) return None, is_consumer key = config.get('oauth', 'oauth_key') secret = config.get('oauth', 'oauth_secret') consumer = oauth2.Consumer(key=key, secret=secret) server = oauth2.Server() server.add_signature_method(oauth2.SignatureMethod_HMAC_SHA1()) try: # this call has a return value, but failures are noted by the exception server.verify_request(req, consumer, None) except oauth2.Error, e: _logger.error('error verifying OAuth signature: %s' % e) return None, is_consumer
def view(request, *args, **kwargs): authorized = False json_params = {} oauth_params = {} try: for key in request.GET: if key.startswith("oauth"): oauth_params[key] = request.GET.get(key) else: json_params = json.loads(key) for key in request.POST: if key.startswith("oauth"): oauth_params[key] = request.POST.get(key) key = oauth_params.get("oauth_consumer_key", None) host = "%s://%s" % ( 'https' if request.is_secure() else 'http', request.get_host(), ) uurl = host + request.path oreq = oauth.Request(request.method, uurl, oauth_params, '', False) server = oauth.Server() secret = None rpctoken = RPCToken.objects.get(key=key) if rpctoken: secret = rpctoken.secret if not key or not secret: raise Exception try: cons = oauth.Consumer(key, secret) server.add_signature_method(oauth.SignatureMethod_HMAC_SHA1()) server.verify_request(oreq, cons, None) authorized = True except Exception, e: log.debug("auth error = %s" % e) authorized = False if request.method == "POST": method = json_params.get("method") if method in ('plugins.is_authenticated', ): authorized = True if authorized: return func(request, *args, **kwargs)
def __init__(self, handlers): settings = { 'template_path': os.path.abspath(os.path.join(os.path.dirname(__main__.__file__), "templates")), 'static_path': os.path.abspath(os.path.join(os.path.dirname(__main__.__file__), "static")) } if 'tornado' in config: tornado_settings = config['tornado'] for key in tornado_settings.keys(): settings[key] = tornado_settings[key] tornado.web.Application.__init__(self, handlers, **settings) if 'mysql' in config: log.info("--> tornado initializing mysql") import database try: self.db = database.Connection() except Exception as e: log.error("Could not connect to MySQL: %s" % log.exc(e)) elif 'mongo' in config: log.info("--> tornado initializing mongo") try: mongo = config['mongo'] import pymongo connection = pymongo.Connection(mongo['host']) self.db = connection[mongo['database']] except Exception as e: log.error("Could not connect to mongo: %s" % log.exc(e)) if 'redis' in config: log.info("--> tornado initializing redis") import redis self.redis = redis.StrictRedis() if 'memcache' in config: log.info("--> torando initializing memcache") import memcache self.cache = memcache.Client([config['memcache']['address'] + ":" + str(config['memcache']['port'])]) self.jobs = None if 'beanstalk' in config: log.info("--> tornado initializing beanstalk") import jobs self.jobs = jobs.Jobs() # intialize oauth server try: self.oauth_server = oauth2.Server(signature_methods={'HMAC-SHA1': oauth2.SignatureMethod_HMAC_SHA1()}) except ImportError: self.oauth_server = None Application.instance = self
def is_valid_request(consumer_key, consumer_secret, request): oauth_server = oauth2.Server() oauth_server.add_signature_method(Python3SignatureMethodHMACSHA1()) oauth_consumer = oauth2.Consumer(consumer_key, consumer_secret) try: oauth_request = oauth2.Request.from_request( request.method, request.build_absolute_uri(), headers=request.META, parameters=request.POST.dict() ) oauth_server.verify_request(oauth_request, oauth_consumer, {}) except oauth2.MissingSignature: return False return True
def __init__(self, key, secret): """ Constructor which creates a consumer object with the given key and secret. """ super(OAuthRequestValidater, self).__init__() self.consumer_key = key self.consumer_secret = secret self.oauth_server = oauth2.Server() signature_method = oauth2.SignatureMethod_HMAC_SHA1() self.oauth_server.add_signature_method(signature_method) self.oauth_consumer = oauth2.Consumer(self.consumer_key, self.consumer_secret)
def test_add_signature_method(self): server = oauth.Server() res = server.add_signature_method(oauth.SignatureMethod_HMAC_SHA1()) self.assertTrue(len(res) == 1) self.assertTrue('HMAC-SHA1' in res) self.assertTrue( isinstance(res['HMAC-SHA1'], oauth.SignatureMethod_HMAC_SHA1)) res = server.add_signature_method(oauth.SignatureMethod_PLAINTEXT()) self.assertTrue(len(res) == 2) self.assertTrue('PLAINTEXT' in res) self.assertTrue( isinstance(res['PLAINTEXT'], oauth.SignatureMethod_PLAINTEXT))
def initialize_server_request(request): """Shortcut for initialization.""" oauth_request = get_oauth_request(request) if oauth_request: oauth_server = oauth.Server() if 'plaintext' in OAUTH_SIGNATURE_METHODS: oauth_server.add_signature_method(oauth.SignatureMethod_PLAINTEXT()) if 'hmac-sha1' in OAUTH_SIGNATURE_METHODS: oauth_server.add_signature_method(oauth.SignatureMethod_HMAC_SHA1()) else: oauth_server = None return oauth_server, oauth_request
def authenticate(self, request): if not self.auth_detected(request): return None user = request.resolver_match.kwargs.get( 'project') or request.query_params['user'] project_credentials = OAuthCredentials.get_credentials(user) if not project_credentials: raise exceptions.ValidationError( 'project {0} has no OAuth credentials'.format(user)) parameters = OAuthCredentials.get_parameters(request.query_params) oauth_consumer_key = parameters['oauth_consumer_key'] if oauth_consumer_key != project_credentials['consumer_key']: raise exceptions.AuthenticationFailed( 'oauth_consumer_key does not match credentials for project {0}' .format(user)) uri = '{0}://{1}{2}'.format(settings.TREEHERDER_REQUEST_PROTOCOL, request.get_host(), request.path) # Construct the OAuth request based on the django request object json_renderer = JSONRenderer() req_obj = oauth.Request( method=request.method, url=uri, parameters=parameters, body=json_renderer.render(request.DATA), ) server = oauth.Server() token = oauth.Token(key='', secret='') # Get the consumer object cons_obj = oauth.Consumer(oauth_consumer_key, project_credentials['consumer_secret']) # Set the signature method server.add_signature_method(oauth.SignatureMethod_HMAC_SHA1()) try: # verify oauth django request and consumer object match server.verify_request(req_obj, cons_obj, token) except oauth.Error: raise exceptions.AuthenticationFailed( 'Client authentication failed for project {0}'.format(user)) request.legacy_oauth_authenticated = True return (DummyUser(), None)
def initialize_oauth_server_request(request): """ OAuth initialization. """ # Since 'Authorization' header comes through as 'HTTP_AUTHORIZATION', # convert it back. auth_header = {} if 'HTTP_AUTHORIZATION' in request.META: auth_header = {'Authorization': request.META.get('HTTP_AUTHORIZATION')} if not settings.SITE_URL: raise ValueError('SITE_URL cannot be blank') # Do this check on a combination of protocol, domain and path ignoring # querystrings. url = urljoin(settings.SITE_URL, request.path) parsed = list(urlparse(request.build_absolute_uri())) check = urlunparse(parsed[:3] + ['', '', '']) if check != url: log.warning('SITE_URL: {0} does not match request: {1} ' 'This may cause OAuth failures.'.format(check, url)) # Note: we are only signing using the QUERY STRING. We are not signing the # body yet. According to the spec we should be including an oauth_body_hash # as per: # # http://oauth.googlecode.com/svn/spec/ext/body_hash/1.0/drafts/1/spec.html # # There is no support in python-oauth2 for this yet. There is an # outstanding pull request for this: # # https://github.com/simplegeo/python-oauth2/pull/110 # # Or time to move to a better OAuth implementation. method = getattr(request, 'signed_method', request.method) oauth_request = oauth2.Request.from_request( method, url, headers=auth_header, query_string=request.META['QUERY_STRING']) oauth_server = oauth2.Server( signature_methods={'HMAC-SHA1': oauth2.SignatureMethod_HMAC_SHA1()}) return oauth_server, oauth_request
def check_request(self, request, mapper=None): http_method = request.method http_url = request.host_url + request.path_info headers = request.headers query_string = request.query_string info = None parameters = None # log.error("*** CHECK_REQUEST *** "+json.dumps({ # "query_string": query_string, # "headers": {}.update(headers), # "http_method": http_method, # "http_url": http_url # })) oa_request = oauth2.Request.from_request(http_method, http_url, headers, query_string=query_string) if oa_request and all([ x in oa_request for x in ['oauth_consumer_key', 'oauth_token']]): server = oauth2.Server() server.add_signature_method(oauth2.SignatureMethod_HMAC_SHA1()) last_exc = None for row in self.find_possible(oa_request['oauth_consumer_key'], oa_request['oauth_token'], mapper): try: parameters = server.verify_request(oa_request, row["consumer"], row["token"]) except oauth2.Error as e: last_exc = BadOAuthSignature("OAuth2 Error: %s" % e.message) except: import sys log.exception("Caught Exception in CouchDBOAuthUtil") last_exc = BadOAuthSignature(sys.exc_info()[1]) if parameters != None: info = row break if parameters == None and last_exc != None: raise last_exc return (parameters, info)
def verify_access_token(self, request, key): uurl = "%s://%s%s" % ( 'https' if request.is_secure() else 'http', request.get_host(), request.path, ) auth_header = {} if 'Authorization' in request.META: auth_header = {'Authorization': request.META['Authorization']} elif 'HTTP_AUTHORIZATION' in request.META: auth_header = {'Authorization': request.META['HTTP_AUTHORIZATION']} oreq = oauth2.Request.from_request( request.method, uurl, headers=auth_header, query_string=request.META.get('QUERY_STRING', None), ) key = oreq.get("oauth_consumer_key", None) secret = None client = APIClient.objects.get(name=key) if client: secret = client.secret if not key or not secret: return False try: server = oauth2.Server() cons = oauth2.Consumer(key, secret) server.add_signature_method(oauth2.SignatureMethod_HMAC_SHA1()) server.verify_request(oreq, cons, None) authorized = True except Exception: log.exception("auth2 error") authorized = False request.oauth2 = authorized return authorized
def validate(self, request, params={}): oauth_server = oauth.Server() oauth_server.add_signature_method(oauth.SignatureMethod_HMAC_SHA1()) oauth_request = oauth.Request.from_request( request.method, request.build_absolute_uri(), headers=request.META, parameters=params) if oauth_request: try: key = oauth_request.get_parameter('oauth_consumer_key') consumer = self.get_consumer(key) oauth_server._check_signature(oauth_request, consumer, None) return oauth_request.get_nonoauth_parameters() except oauth.Error as err: raise BLTIException(str(err)) raise BLTIException('Invalid OAuth Request')
def validate_two_leg_oauth(): """ Verify 2-legged oauth request using values in "Authorization" header. """ log.loggit('validate_two_leg_oauth()') parameters = web.input() if web.ctx.env.has_key('HTTP_AUTHORIZATION') and web.ctx.env[ 'HTTP_AUTHORIZATION'].startswith('OAuth '): parameters = split_header(web.ctx.env['HTTP_AUTHORIZATION']) # We have to reconstruct the original full URL used when signing # so if there are ever 401 errors verifying a request, look here first. req = oauth2.Request(web.ctx.env['REQUEST_METHOD'], web.ctx['homedomain'] + web.ctx.env['REQUEST_URI'], parameters=parameters) if not req.has_key('oauth_consumer_key'): raise web.unauthorized() # Verify the account referenced in the request is valid adb = accountdb.AccountDB() account = adb.review_account_using_info('consumer_key', req['oauth_consumer_key']) if not account: raise web.unauthorized(UNAUTHORIZED_MESSAGE) # Create an oauth2 Consumer with an account's consumer_key and consumer_secret # to be used to verify the request consumer = oauth2.Consumer(account['consumer_key'], account['consumer_secret']) # Create our oauth2 Server and add hmac-sha1 signature method server = oauth2.Server() server.add_signature_method(oauth2.SignatureMethod_HMAC_SHA1()) # Attempt to verify the authorization request via oauth2 try: server.verify_request(req, consumer, None) except oauth2.Error, e: log.loggit('validate_two_leg_oauth() - %s %s' % (repr(e), str(e))) raise web.unauthorized(e)
def __init__(self, manager=DefaultManager, realm='', request_token_path='/oauth/request_token', access_token_path='/oauth/access_token', **kwargs): self.realm = realm # The oauth2 server implementation to handle signatures self.server = oauth2.Server( signature_methods={ # Supported signature methods 'HMAC-SHA1': oauth2.SignatureMethod_HMAC_SHA1(), 'RSA-SHA1': SignatureMethod_RSA_SHA1(), }) # Remember the paths to serve the tokens on self.paths = dict(request=request_token_path, access=access_token_path) # Allow manager to be provided as an entry point from config if isinstance(manager, (str, unicode)): manager = _resolve(manager) self.manager = manager(**kwargs)
def verify_oauth_request(request, oauth_request, consumer, token=None): """ Helper function to verify requests. """ from store import store # Check nonce #print 'Nonce: %s' % store.check_nonce(request, oauth_request, oauth_request['oauth_nonce'], oauth_request['oauth_timestamp']) if not store.check_nonce(request, oauth_request, oauth_request['oauth_nonce'], oauth_request['oauth_timestamp']): #print 'nonce check fail' return False print 'Nonce: true' # Verify request try: oauth_server = oauth.Server() oauth_server.add_signature_method(oauth.SignatureMethod_HMAC_SHA1()) oauth_server.add_signature_method(oauth.SignatureMethod_PLAINTEXT()) oauth_server.add_signature_method(SignatureMethod_RSA_SHA1()) # Ensure the passed keys and secrets are ascii, or HMAC will complain. consumer = oauth.Consumer(consumer.key.encode('ascii', 'ignore'), consumer.secret.encode('ascii', 'ignore')) if token is not None: token = oauth.Token(token.key.encode('ascii', 'ignore'), token.secret.encode('ascii', 'ignore')) print 'normalized parameters: %s' % oauth_request.get_normalized_parameters( ) oauth_server.verify_request(oauth_request, consumer, token) except oauth.Error as o: print o.message return False return True
class OAuth2LeggedAuthentication(object): """ Two-leggeed OAuth authentication. Based on: piston.authentication.OAuthAuthentication http://philipsoutham.com/post/2172924723/two-legged-oauth-in-python https://github.com/simplegeo/python-oauth2/blob/master/oauth2/__init__.py http://status.smugmug.com/documentation/examples http://stackoverflow.com/questions/3587454/oauth-posting-json http://oauth.net/core/1.0/#anchor14 http://sites.google.com/site/oauthgoog/2leggedoauth/2opensocialrestapi """ oauth_server = oauth2.Server( signature_methods={ # Supported signature methods 'HMAC-SHA1': oauth2.SignatureMethod_HMAC_SHA1(), #'PLAINTEXT': oauth2.SignatureMethod_PLAINTEXT(), }) def __init__(self, realm='API'): self.realm = realm #self.builder = oauth.build_authenticate_header def is_authenticated(self, request): """ Checks whether the required parameters are either in the http-authorization header sent by some clients, which is by the way the preferred method according to OAuth spec, but otherwise fall back to `GET` and `POST`. Checks whether a means of specifying authentication is provided, and if so, if it is a valid token. If authenticate successful, the user attribute on request is set. """ auth_header = request.META if 'HTTP_AUTHORIZATION' in auth_header and not 'Authorization' in auth_header: auth_header['Authorization'] = auth_header['HTTP_AUTHORIZATION'] req = oauth2.Request.from_request( request.method, request.build_absolute_uri(request.path), auth_header, dict(request.REQUEST)) if not req: return False try: consumer = Consumer.objects.get(key=req.get('oauth_consumer_key')) except Consumer.DoesNotExist: msg = 'OAuth2Legged failed to find the Consumer with key %s' % req.get( 'oauth_consumer_key') logger.error(msg) return False try: self.oauth_server.verify_request(req, consumer, None) except oauth2.Error, e: msg = 'OAuth2Legged failed verify signed request for consumer(key=%s, secret=%s) error: %s' % ( consumer.key, consumer.secret, e) logger.error(msg) return False request.user = consumer.user return True