Пример #1
0
def set_normal_authorization(request, r_dict):
    auth_params = r_dict['headers']['Authorization']
    # OAuth1 and basic http auth come in as string
    r_dict['auth']['endpoint'] = get_endpoint(request)
    if auth_params[:6] == 'OAuth ':
        oauth_request = get_oauth_request(request)
        # Returns HttpBadRequest if missing any params
        missing = require_params(oauth_request)
        if missing:
            raise missing

        check = CheckOauth()
        e_type, error = check.check_access_token(request)
        if e_type and error:
            if e_type == 'auth':
                raise OauthUnauthorized(error)
            else:
                raise OauthBadRequest(error)
        # Consumer and token should be clean by now
        consumer = store.get_consumer(
            request, oauth_request, oauth_request['oauth_consumer_key'])
        token = store.get_access_token(
            request, oauth_request, consumer, oauth_request.get_parameter('oauth_token'))

        # Set consumer and token for authentication piece
        r_dict['auth']['oauth_consumer'] = consumer
        r_dict['auth']['oauth_token'] = token
        r_dict['auth']['type'] = 'oauth'
    else:
        r_dict['auth']['type'] = 'http'
Пример #2
0
def set_normal_authorization(request, r_dict):
    auth_params = r_dict['headers']['Authorization']
    # OAuth1 and basic http auth come in as string
    r_dict['auth']['endpoint'] = get_endpoint(request)
    if auth_params[:6] == 'OAuth ':
        oauth_request = get_oauth_request(request)
        # Returns HttpBadRequest if missing any params
        missing = require_params(oauth_request)
        if missing:
            raise missing

        check = CheckOauth()
        e_type, error = check.check_access_token(request)
        if e_type and error:
            if e_type == 'auth':
                raise OauthUnauthorized(error)
            else:
                raise OauthBadRequest(error)
        # Consumer and token should be clean by now
        consumer = store.get_consumer(request, oauth_request,
                                      oauth_request['oauth_consumer_key'])
        token = store.get_access_token(
            request, oauth_request, consumer,
            oauth_request.get_parameter('oauth_token'))

        # Set consumer and token for authentication piece
        r_dict['auth']['oauth_consumer'] = consumer
        r_dict['auth']['oauth_token'] = token
        r_dict['auth']['type'] = 'oauth'
    else:
        r_dict['auth']['type'] = 'http'
Пример #3
0
    def inner(request, *args, **kwargs):
        auth = None
        if 'HTTP_AUTHORIZATION' in request.META:
            auth = request.META.get('HTTP_AUTHORIZATION')
        elif 'Authorization' in request.META:
            auth = request.META.get('Authorization')
        elif request.user:
            auth = request.user
        if auth:
            if isinstance(auth, basestring):
                if auth[:6] == 'OAuth ':
                    oauth_request = get_oauth_request(request)
                    # Returns HttpBadRequest if missing any params
                    missing = require_params(oauth_request)
                    if missing:
                        raise missing

                    check = CheckOauth()
                    e_type, error = check.check_access_token(request)
                    if e_type and error:
                        if e_type == 'auth':
                            raise OauthUnauthorized(error)
                        else:
                            raise OauthBadRequest(error)
                    # Consumer and token should be clean by now
                    consumer = store.get_consumer(
                        request, oauth_request, oauth_request['oauth_consumer_key'])
                    token = store.get_access_token(
                        request, oauth_request, consumer, oauth_request.get_parameter('oauth_token'))
                    request.META['lrs-user'] = token.user
                else:
                    auth = auth.split()
                    if len(auth) == 2:
                        if auth[0].lower() == 'basic':
                            uname, passwd = base64.b64decode(
                                auth[1]).split(':')
                            if uname and passwd:
                                user = authenticate(
                                    username=uname, password=passwd)
                                if not user:
                                    request.META[
                                        'lrs-user'] = (False, "Unauthorized: Authorization failed, please verify your username and password")
                                request.META['lrs-user'] = (True, user)
                            else:
                                request.META[
                                    'lrs-user'] = (False, "Unauthorized: The format of the HTTP Basic Authorization Header value is incorrect")
                        else:
                            request.META[
                                'lrs-user'] = (False, "Unauthorized: HTTP Basic Authorization Header must start with Basic")
                    else:
                        request.META[
                            'lrs-user'] = (False, "Unauthorized: The format of the HTTP Basic Authorization Header value is incorrect")
            else:
                request.META['lrs-user'] = (True, '')
        else:
            request.META[
                'lrs-user'] = (False, "Unauthorized: Authorization must be supplied")
        return func(request, *args, **kwargs)
Пример #4
0
    def inner(request, *args, **kwargs):
        auth = None
        if 'HTTP_AUTHORIZATION' in request.META:
            auth = request.META.get('HTTP_AUTHORIZATION')
        elif 'Authorization' in request.META:
            auth = request.META.get('Authorization')
        elif request.user:
            auth = request.user
        if auth:
            if isinstance(auth, basestring):
                if auth[:6] == 'OAuth ':
                    oauth_request = get_oauth_request(request)
                    # Returns HttpBadRequest if missing any params
                    missing = require_params(oauth_request)
                    if missing:
                        raise missing

                    check = CheckOauth()
                    e_type, error = check.check_access_token(request)
                    if e_type and error:
                        if e_type == 'auth':
                            raise OauthUnauthorized(error)
                        else:
                            raise OauthBadRequest(error)
                    # Consumer and token should be clean by now
                    consumer = store.get_consumer(
                        request, oauth_request, oauth_request['oauth_consumer_key'])
                    token = store.get_access_token(
                        request, oauth_request, consumer, oauth_request.get_parameter('oauth_token'))
                    request.META['lrs-user'] = token.user
                else:
                    auth = auth.split()
                    if len(auth) == 2:
                        if auth[0].lower() == 'basic':
                            uname, passwd = base64.b64decode(
                                auth[1]).split(':')
                            if uname and passwd:
                                user = authenticate(
                                    username=uname, password=passwd)
                                if not user:
                                    request.META[
                                        'lrs-user'] = (False, "Unauthorized: Authorization failed, please verify your username and password")
                                request.META['lrs-user'] = (True, user)
                            else:
                                request.META[
                                    'lrs-user'] = (False, "Unauthorized: The format of the HTTP Basic Authorization Header value is incorrect")
                        else:
                            request.META[
                                'lrs-user'] = (False, "Unauthorized: HTTP Basic Authorization Header must start with Basic")
                    else:
                        request.META[
                            'lrs-user'] = (False, "Unauthorized: The format of the HTTP Basic Authorization Header value is incorrect")
            else:
                request.META['lrs-user'] = (True, '')
        else:
            request.META[
                'lrs-user'] = (False, "Unauthorized: Authorization must be supplied")
        return func(request, *args, **kwargs)
Пример #5
0
def set_authorization(r_dict, request):
    auth_params = r_dict['headers']['Authorization']
    # OAuth1 and basic http auth come in as string
    r_dict['auth']['endpoint'] = get_endpoint(request)
    if auth_params[:6] == 'OAuth ':
        oauth_request = get_oauth_request(request)

        # Returns HttpBadRequest if missing any params
        missing = require_params(oauth_request)
        if missing:
            raise missing

        check = CheckOauth()
        e_type, error = check.check_access_token(request)

        if e_type and error:
            if e_type == 'auth':
                raise OauthUnauthorized(error)
            else:
                raise OauthBadRequest(error)

        # Consumer and token should be clean by now
        consumer = store.get_consumer(request, oauth_request,
                                      oauth_request['oauth_consumer_key'])
        token = store.get_access_token(
            request, oauth_request, consumer,
            oauth_request.get_parameter('oauth_token'))

        # Set consumer and token for authentication piece
        r_dict['auth']['oauth_consumer'] = consumer
        r_dict['auth']['oauth_token'] = token
        r_dict['auth']['type'] = 'oauth'
    elif auth_params[:7] == 'Bearer ':
        try:
            access_token = AccessToken.objects.get(token=auth_params[7:])
        except AccessToken.DoesNotExist:
            raise OauthUnauthorized("Access Token does not exist")
        else:
            if access_token.get_expire_delta() <= 0:
                raise OauthUnauthorized('Access Token has expired')
            r_dict['auth']['oauth_token'] = access_token
            r_dict['auth']['type'] = 'oauth2'
    else:
        r_dict['auth']['type'] = 'http'
Пример #6
0
def set_authorization(r_dict, request):
    auth_params = r_dict['headers']['Authorization']
    # OAuth1 and basic http auth come in as string
    r_dict['auth']['endpoint'] = get_endpoint(request)
    if auth_params[:6] == 'OAuth ':
        oauth_request = get_oauth_request(request)
        
        # Returns HttpBadRequest if missing any params
        missing = require_params(oauth_request)            
        if missing:
            raise missing

        check = CheckOauth()
        e_type, error = check.check_access_token(request)

        if e_type and error:
            if e_type == 'auth':
                raise OauthUnauthorized(error)
            else:
                raise OauthBadRequest(error)

        # Consumer and token should be clean by now
        consumer = store.get_consumer(request, oauth_request, oauth_request['oauth_consumer_key'])
        token = store.get_access_token(request, oauth_request, consumer, oauth_request.get_parameter('oauth_token'))
        
        # Set consumer and token for authentication piece
        r_dict['auth']['oauth_consumer'] = consumer
        r_dict['auth']['oauth_token'] = token
        r_dict['auth']['type'] = 'oauth'
    elif auth_params[:7] == 'Bearer ':
        try:
            access_token = AccessToken.objects.get(token=auth_params[7:])
        except AccessToken.DoesNotExist:
            raise OauthUnauthorized("Access Token does not exist")
        else:
            if access_token.get_expire_delta() <= 0:
                raise OauthUnauthorized('Access Token has expired')
            r_dict['auth']['oauth_token'] = access_token
            r_dict['auth']['type'] = 'oauth2'
    else:        
        r_dict['auth']['type'] = 'http'