def api_access_token(request): session = DBSession() if (not request.logged_in): request.session.flash(_("You must be logged in.")) return HTTPFound(location = route_url("home", request)) consumer = ConsumerKeySecret.getByUserID(request.logged_in) if (not consumer): return HTTPFound(location = route_url("api_request_key", request)) token = Token.getByConsumerID(consumer.id) if (not token): request.session.flash(_("Attempt to retrieve an access token that does not belong to you.")) return HTTPFound(location = route_url("home", request)) return dict(title = _("Your token and token secret"), token = token.token, token_secret = token.token_secret)
def api_request_token(request): session = DBSession() auth_header = {} matchdict = request.matchdict appType = matchdict.get("appType", False) if ('Authorization' in request.headers): auth_header = {'Authorization': request.headers['Authorization']} req = oauth2.Request.from_request( request.method, request.url, headers = auth_header, parameters = dict([(k,v) for k,v in request.params.iteritems()])) consumer = ConsumerKeySecret.getByConsumerKey(req.get("oauth_consumer_key")) #if (request.logged_in != consumer.id): # request.session.flash(_("You are trying to request a token using credentials that do not belong to you.")) # return HTTPForbidden(location = route_url("home", request)) try: oauth_server.verify_request(req, consumer, None) # Check that this user doesn't already have an access token consumerToken = Token.getByConsumerID(consumer.id) if consumerToken: if (consumerToken.token_type == consumerToken.ACCESS): return Response(simplejson.dumps({'result': route_url('api_access_token', request)})) elif (consumerToken.token_type == consumerToken.AUTHORIZATION): # TODO # Check that the token hasn't already expired token = oauth2.Token(consumerToken.token, consumerToken.token_secret) if (appType == "android"): return Response(token.to_string()) else: return Response(simplejson.dumps({'result': route_url('api_authorize_token', request, appType = appType) + '?' + token.to_string()})) nonce = ConsumerNonce.getByNonce(req.get("oauth_nonce")) if (nonce): return simplejson.dumps({"error": "Nonce is already registered for an authorization token; please generate another request token, or wait five minutes and try again."}) else: nonce = ConsumerNonce() nonce.consumer_id = consumer.id nonce.timestamp = req.get("oauth_timestamp") nonce.nonce = req.get("oauth_nonce") session.add(nonce) randomData = hashlib.sha1(str(random.random())).hexdigest() key = generateRandomKey() secret = generateRandomKey() token = oauth2.Token(key, secret) token.callback_confirmed = True tokenData = Token() tokenData.token = key tokenData.token_secret = secret tokenData.consumer_id = consumer.id tokenData.timestamp = time.time() tokenData.callback_url = req.get("oauth_callback") tokenData.setAuthorizationType() session.add(tokenData) if (appType == "android"): return Response(token.to_string()) elif (appType == "desktop"): result = {'result': route_url('api_authorize_token', request, appType = appType) + '?' + token.to_string()} return Response(simplejson.dumps(result)) except oauth2.Error, e: return Response(simplejson.dumps({"oauth2 error": str(e)}))