def test_tokens(self): request_request = oauth.OAuthRequest.from_consumer_and_token( self.desktop_consumer, http_url="http://%s/api/request_token" % settings.DOMAIN, ) request_request.sign_request(self.sig_hmac, self.desktop_consumer, None) response = self.client.get("/api/request_token", request_request.parameters) request_token = oauth.OAuthToken.from_string(response.content) # cheat and authorize this token using the backend api.oauth_authorize_request_token(api.ROOT, request_token.key, actor='*****@*****.**', perms="read") access_request = oauth.OAuthRequest.from_consumer_and_token( self.desktop_consumer, request_token, http_url="http://%s/api/access_token" % (settings.DOMAIN), ) access_request.sign_request(self.sig_hmac, self.desktop_consumer, request_token) response = self.client.get("/api/access_token", access_request.parameters) access_token = oauth.OAuthToken.from_string(response.content)
def api_authorize(request): """ checks on the request token provided or ask the user enter one allows the user to authorize this if consumer style is web and a callback is provided redirect to it otherwise suggest that the user notify their application that authorization has completed """ redirect = urllib.quote(request.get_full_path()) view = user.get_user_from_cookie_or_legacy_auth(request) if view is None: logging.info("Redirect: %s " % redirect) return http.HttpResponseRedirect("/login?redirect_to=%s" % redirect) oauth_token = request.REQUEST.get('oauth_token', None) if not oauth_token: # please enter token page pass oauth_token_ref = api.oauth_get_request_token(api.ROOT, oauth_token) if not oauth_token_ref: raise Exception("bad token") oauth_consumer_ref = api.oauth_get_consumer(api.ROOT, oauth_token_ref.consumer) if not oauth_consumer_ref: raise Exception("bad consumer") if "active" != oauth_consumer_ref.status: raise Exception("inactive consumer") perms = request.REQUEST.get('perms', 'read') if request.POST: # we posted to this page to authorize # TODO verify nonce validate.nonce(request, "authorize_token") api.oauth_authorize_request_token(api.ROOT, oauth_token_ref.key_, actor=request.user.nick, perms=perms) oauth_callback = request.POST.get("oauth_callback", None) if oauth_consumer_ref.type == "web": if oauth_callback: return http.HttpResponseRedirect(oauth_callback) elif oauth_consumer_ref.callback_url is not None: return http.HttpResponseRedirect(oauth_consumer_ref.callback_url) c = template.RequestContext(request, locals()) t = loader.get_template('api/templates/authorized.html') return http.HttpResponse(t.render(c)) perms_pretty = {'read': 'view', 'write': 'view and update', 'delete': 'view, update and delete'}[perms] c = template.RequestContext(request, locals()) t = loader.get_template('api/templates/authorize.html') return http.HttpResponse(t.render(c))
def api_authorize(request): """ checks on the request token provided or ask the user enter one allows the user to authorize this if consumer style is web and a callback is provided redirect to it otherwise suggest that the user notify their application that authorization has completed """ oauth_token = request.REQUEST.get('oauth_token', None) if not oauth_token: # please enter token page pass oauth_token_ref = api.oauth_get_request_token(api.ROOT, oauth_token) if not oauth_token_ref: raise Exception("bad token") oauth_consumer_ref = api.oauth_get_consumer(api.ROOT, oauth_token_ref.consumer) if not oauth_consumer_ref: raise Exception("bad consumer") if "active" != oauth_consumer_ref.status: raise Exception("inactive consumer") perms = request.REQUEST.get('perms', 'read') if request.POST: # we posted to this page to authorize # TODO verify nonce validate.nonce(request, "authorize_token") api.oauth_authorize_request_token(api.ROOT, oauth_token_ref.key_, actor=request.user.nick, perms=perms) oauth_callback = request.POST.get("oauth_callback", None) if oauth_callback and oauth_consumer_ref.type == "web": return http.HttpResponseRedirect(oauth_callback) c = template.RequestContext(request, locals()) t = loader.get_template('api/templates/authorized.html') return http.HttpResponse(t.render(c)) perms_pretty = { 'read': 'view', 'write': 'view and update', 'delete': 'view, update and delete' }[perms] c = template.RequestContext(request, locals()) t = loader.get_template('api/templates/authorize.html') return http.HttpResponse(t.render(c))
def api_authorize(request): """ checks on the request token provided or ask the user enter one allows the user to authorize this if consumer style is web and a callback is provided redirect to it otherwise suggest that the user notify their application that authorization has completed """ oauth_token = request.REQUEST.get("oauth_token", None) if not oauth_token: # please enter token page pass oauth_token_ref = api.oauth_get_request_token(api.ROOT, oauth_token) if not oauth_token_ref: raise Exception("bad token") oauth_consumer_ref = api.oauth_get_consumer(api.ROOT, oauth_token_ref.consumer) if not oauth_consumer_ref: raise Exception("bad consumer") if "active" != oauth_consumer_ref.status: raise Exception("inactive consumer") perms = request.REQUEST.get("perms", "read") if request.POST: # we posted to this page to authorize # TODO verify nonce validate.nonce(request, "authorize_token") api.oauth_authorize_request_token(api.ROOT, oauth_token_ref.key_, actor=request.user.nick, perms=perms) oauth_callback = request.POST.get("oauth_callback", None) if oauth_callback and oauth_consumer_ref.type == "web": return http.HttpResponseRedirect(oauth_callback) c = template.RequestContext(request, locals()) t = loader.get_template("api/templates/authorized.html") return http.HttpResponse(t.render(c)) perms_pretty = {"read": "view", "write": "view and update", "delete": "view, update and delete"}[perms] c = template.RequestContext(request, locals()) t = loader.get_template("api/templates/authorize.html") return http.HttpResponse(t.render(c))