def debug_oauth(request, **kwargs): from smart.accesscontrol.oauth_servers import OAUTH_SERVER ret = "Details of your request: \n\n" ret += "Method: %s\n"%request.method ret += "URL: %s\n"%request.build_absolute_uri() ret += "Headers:\n" for k,v in request.META.iteritems(): if k.startswith("HTTP"): ret += "%s: %s"%(k,v) ret += "\n" try: oauth_request = OAUTH_SERVER.extract_oauth_request(djangoutils.extract_request(request)) ret += "OAuth Debugging: \n\n" ret += "SBS: \n" sbs = oauth_request.get_signature_base_string() ret += sbs ret += "Expected Signature: \n" ret += oauth.SIGNATURE_METHODS['HMAC-SHA1'].sign(sbs, oauth_request.consumer, oauth_request.token) ret += "Your Signature: \n" ret += oauth_request.signature except oauth.OAuthError as e: import traceback ret += "An error occurred:\n" ret += traceback.format_exc() return HttpResponse(ret, "text/plain")
def request_token(request): """ Get a new request token, bound to a record if desired. request.POST may contain: * *smart_record_id*: The record to which to bind the request token. Will return :http:statuscode:`200` with the request token on success, :http:statuscode:`401` if the oauth signature on the request was missing or faulty. Will raise on bad signature. """ # ask the oauth server to generate a request token given the HTTP request try: # we already have the oauth_request in context, so we don't get # it again app = request.principal request_token = OAUTH_SERVER.generate_request_token( request.oauth_request, record_id=request.POST.get("smart_record_id", None), offline_capable=request.POST.get("offline", False), ) return HttpResponse(request_token.to_string(), mimetype="text/plain") except oauth.OAuthError, e: traceback.print_exc(file=sys.stderr)
def request_token_approve(request, request_token): rt = ReqToken.objects.get(token = request_token) record_id=request.POST.get('record_id', None) offline = request.POST.get('offline', False) # requesting offline but request token doesn't allow it? Bust! if offline and not rt.offline_capable: raise PermissionDenied record = rt.record if (record_id and rt.record and record_id != rt.record.record_id): raise PermissionDenied("Request token pre-bound record %s != post variable %s"%(record.record_id, record_id)) if (not (rt.record or record_id)): raise Exception("Must have a record bound to token or a record_id passed in to authorize.") if not record: record = Record.objects.get(id=record_id) # authorize the request token request_token = OAUTH_SERVER.authorize_request_token(rt.token, record=record, account = request.principal, offline = offline) # where to redirect to + parameters redirect_url = AppActivity.objects.get(app=request_token.app, name="after_auth").url redirect_url += "?oauth_token=%s&oauth_verifier=%s" % (request_token.token, request_token.verifier) # redirect to the request token's callback, or if null the PHA's default callback return HttpResponse(urllib.urlencode({'location': redirect_url}))
def debug_oauth(request, **kwargs): from smart.accesscontrol.oauth_servers import OAUTH_SERVER ret = "Details of your request: \n\n" ret += "Method: %s\n" % request.method ret += "URL: %s\n" % request.build_absolute_uri() ret += "Headers:\n" for k, v in request.META.iteritems(): if k.startswith("HTTP"): ret += "%s: %s" % (k, v) ret += "\n" try: oauth_request = OAUTH_SERVER.extract_oauth_request( djangoutils.extract_request(request)) ret += "OAuth Debugging: \n\n" ret += "SBS: \n" sbs = oauth_request.get_signature_base_string() ret += sbs ret += "Expected Signature: \n" ret += oauth.SIGNATURE_METHODS['HMAC-SHA1'].sign( sbs, oauth_request.consumer, oauth_request.token) ret += "Your Signature: \n" ret += oauth_request.signature except oauth.OAuthError as e: import traceback ret += "An error occurred:\n" ret += traceback.format_exc() return HttpResponse(ret, "text/plain")
def exchange_token(request): # ask the oauth server to exchange a request token into an access token # this will check proper oauth for this action try: access_token = OAUTH_SERVER.exchange_request_token(request.oauth_request) return HttpResponse(access_token.to_string(), mimetype="text/plain") except oauth.OAuthError, e: traceback.print_exc(file=sys.stderr)
def exchange_token(request): # ask the oauth server to exchange a request token into an access token # this will check proper oauth for this action try: access_token = OAUTH_SERVER.exchange_request_token(request.oauth_request) # an exception can be raised if there is a bad signature (or no signature) in the request except: raise PermissionDenied() return HttpResponse(access_token.to_string(), mimetype='text/plain')
def exchange_token(request): # ask the oauth server to exchange a request token into an access token # this will check proper oauth for this action try: access_token = OAUTH_SERVER.exchange_request_token( request.oauth_request) # an exception can be raised if there is a bad signature (or no signature) in the request except: raise PermissionDenied() return HttpResponse(access_token.to_string(), mimetype='text/plain')
def request_token_approve(request, request_token): rt = ReqToken.objects.get(token=request_token) record_id = request.POST.get("record_id") offline = request.POST.get("offline", False) # requesting offline but request token doesn't allow it? Bust! if offline and not rt.offline_capable: raise PermissionDenied # different record id? You wish! if record_id and rt.record and record_id != rt.record.record_id: raise PermissionDenied( "Request token pre-bound record %s doesn't match post variable %s" % (rt.record.record_id, record_id) ) # no record reference at all? Crash and burn if not (rt.record or record_id): raise Exception("Must have a record bound to token or a record_id passed in to authorize") # no oauth_callback defined? Not a chance manifest = simplejson.loads(rt.app.manifest) if "oauth_callback" not in manifest: raise Exception("This app does not define an oauth_callback, cannot authorize") # get the callback -- must be in the manifest, we do not use the one # provided in the request header. # callback = request_token.oauth_callback or request_token.app.callback_url callback = manifest["oauth_callback"] record = rt.record if not record: record = Record.objects.get(id=record_id) # authorize the request token and redirect request_token = OAUTH_SERVER.authorize_request_token( rt.token, record=record, account=request.principal, offline=offline ) redirect_url = "%s?oauth_token=%s&oauth_verifier=%s" % (callback, request_token.token, request_token.verifier) return HttpResponse(urllib.urlencode({"location": redirect_url}))
def request_token(request): """ the request-token request URL """ # ask the oauth server to generate a request token given the HTTP request try: # we already have the oauth_request in context, so we don't get it again app = request.principal request_token = OAUTH_SERVER.generate_request_token(request.oauth_request, record_id = request.POST.get('record_id', None), offline_capable = request.POST.get('offline', False)) return HttpResponse(request_token.to_string(), mimetype='text/plain') except oauth.OAuthError, e: import sys, traceback traceback.print_exc(file=sys.stderr) # an exception can be raised if there is a bad signature (or no signature) in the request raise PermissionDenied()
def request_token(request): """ the request-token request URL """ # ask the oauth server to generate a request token given the HTTP request try: # we already have the oauth_request in context, so we don't get it again app = request.principal request_token = OAUTH_SERVER.generate_request_token( request.oauth_request, record_id=request.POST.get('record_id', None), offline_capable=request.POST.get('offline', False)) return HttpResponse(request_token.to_string(), mimetype='text/plain') except oauth.OAuthError, e: import sys, traceback traceback.print_exc(file=sys.stderr) # an exception can be raised if there is a bad signature (or no signature) in the request raise PermissionDenied()
def request_token_approve(request, request_token): rt = ReqToken.objects.get(token=request_token) record_id = request.POST.get('record_id', None) offline = request.POST.get('offline', False) # requesting offline but request token doesn't allow it? Bust! if offline and not rt.offline_capable: raise PermissionDenied record = rt.record if (record_id and rt.record and record_id != rt.record.record_id): raise PermissionDenied( "Request token pre-bound record %s != post variable %s" % (record.record_id, record_id)) if (not (rt.record or record_id)): raise Exception( "Must have a record bound to token or a record_id passed in to authorize." ) if not record: record = Record.objects.get(id=record_id) # authorize the request token request_token = OAUTH_SERVER.authorize_request_token( rt.token, record=record, account=request.principal, offline=offline) # where to redirect to + parameters redirect_url = AppActivity.objects.get(app=request_token.app, name="after_auth").url redirect_url += "?oauth_token=%s&oauth_verifier=%s" % ( request_token.token, request_token.verifier) # redirect to the request token's callback, or if null the PHA's default callback return HttpResponse(urllib.urlencode({'location': redirect_url}))