def api_request_token(request): session = DBSession() auth_header = {} matchdict = request.matchdict appType = matchdict.get("appType", False) if ('Authorization' in request.headers): auth_header = {'Authorization': request.headers['Authorization']} req = oauth2.Request.from_request( request.method, request.url, headers = auth_header, parameters = dict([(k,v) for k,v in request.params.iteritems()])) consumer = ConsumerKeySecret.getByConsumerKey(req.get("oauth_consumer_key")) #if (request.logged_in != consumer.id): # request.session.flash(_("You are trying to request a token using credentials that do not belong to you.")) # return HTTPForbidden(location = route_url("home", request)) try: oauth_server.verify_request(req, consumer, None) # Check that this user doesn't already have an access token consumerToken = Token.getByConsumerID(consumer.id) if consumerToken: if (consumerToken.token_type == consumerToken.ACCESS): return Response(simplejson.dumps({'result': route_url('api_access_token', request)})) elif (consumerToken.token_type == consumerToken.AUTHORIZATION): # TODO # Check that the token hasn't already expired token = oauth2.Token(consumerToken.token, consumerToken.token_secret) if (appType == "android"): return Response(token.to_string()) else: return Response(simplejson.dumps({'result': route_url('api_authorize_token', request, appType = appType) + '?' + token.to_string()})) nonce = ConsumerNonce.getByNonce(req.get("oauth_nonce")) if (nonce): return simplejson.dumps({"error": "Nonce is already registered for an authorization token; please generate another request token, or wait five minutes and try again."}) else: nonce = ConsumerNonce() nonce.consumer_id = consumer.id nonce.timestamp = req.get("oauth_timestamp") nonce.nonce = req.get("oauth_nonce") session.add(nonce) randomData = hashlib.sha1(str(random.random())).hexdigest() key = generateRandomKey() secret = generateRandomKey() token = oauth2.Token(key, secret) token.callback_confirmed = True tokenData = Token() tokenData.token = key tokenData.token_secret = secret tokenData.consumer_id = consumer.id tokenData.timestamp = time.time() tokenData.callback_url = req.get("oauth_callback") tokenData.setAuthorizationType() session.add(tokenData) if (appType == "android"): return Response(token.to_string()) elif (appType == "desktop"): result = {'result': route_url('api_authorize_token', request, appType = appType) + '?' + token.to_string()} return Response(simplejson.dumps(result)) except oauth2.Error, e: return Response(simplejson.dumps({"oauth2 error": str(e)}))
http_method = request.method, http_url = request.url, parameters = dict([(k, v) for k,v in req.iteritems()])) try: oauth_server.verify_request(req, consumer, token) except oauth2.Error, e: return {"Oauth error": str(e)} except KeyError, e: return {"KeyError error": str(e)} except Exception, e: return {"General error": str(e)} nonce = ConsumerNonce() nonce.consumer_id = consumer.id nonce.timestamp = time.time() nonce.nonce = generateRandomKey() session.add(nonce) return {"nonce": nonce.nonce} @view_config(route_name = "api_nexus_message_update", renderer="json", request_method = "POST") def api_nexus_message_update(request): # TODO # add signed API call to request a nonce # and then in this call, check for nonce and for nonce time < 2 hours session = DBSession() if ("message" not in request.params): return {"error": _("No 'message' parameter found")} else: