示例#1
0
def validate_2legged_oauth(oauth, uri, method, auth_header):
    """
    "Two-legged" OAuth authorization isn't standard and so not
    supported by current versions of oauthlib. The implementation
    here is sufficient for simple developer tools and testing. Real
    usage of OAuth will always require directing the user to the
    authorization page so that a resource-owner token can be
    generated.
    """
    req = Request(uri, method, "", auth_header)
    typ, params, oauth_params = oauth._get_signature_type_and_params(req)
    oauth_params = dict(oauth_params)
    req.params = filter(lambda x: x[0] not in ("oauth_signature", "realm"), params)
    req.signature = oauth_params.get("oauth_signature")
    req.client_key = oauth_params.get("oauth_consumer_key")
    req.nonce = oauth_params.get("oauth_nonce")
    req.timestamp = oauth_params.get("oauth_timestamp")
    if oauth_params.get("oauth_signature_method").lower() != "hmac-sha1":
        raise TwoLeggedOAuthError(u"unsupported signature method " + oauth_params.get("oauth_signature_method"))
    secret = validator.get_client_secret(req.client_key, req)
    valid_signature = signature.verify_hmac_sha1(req, secret, None)
    if valid_signature:
        return req.client_key
    else:
        raise TwoLeggedOAuthError(u"Cannot find APIAccess token with that key: %s" % req.client_key)
示例#2
0
def validate_2legged_oauth(oauth, uri, method, auth_header):
    """
    "Two-legged" OAuth authorization isn't standard and so not
    supported by current versions of oauthlib. The implementation
    here is sufficient for simple developer tools and testing. Real
    usage of OAuth will always require directing the user to the
    authorization page so that a resource-owner token can be
    generated.
    """
    req = Request(uri, method, '', auth_header)
    typ, params, oauth_params = oauth._get_signature_type_and_params(req)
    oauth_params = dict(oauth_params)
    req.params = filter(lambda x: x[0] not in ("oauth_signature", "realm"),
                        params)
    req.signature = oauth_params.get('oauth_signature')
    req.client_key = oauth_params.get('oauth_consumer_key')
    req.nonce = oauth_params.get('oauth_nonce')
    req.timestamp = oauth_params.get('oauth_timestamp')
    if oauth_params.get('oauth_signature_method').lower() != 'hmac-sha1':
        raise TwoLeggedOAuthError(u'unsupported signature method ' +
                                  oauth_params.get('oauth_signature_method'))
    secret = validator.get_client_secret(req.client_key, req)
    valid_signature = signature.verify_hmac_sha1(req, secret, None)
    if valid_signature:
        return req.client_key
    else:
        raise TwoLeggedOAuthError(
            u'Cannot find APIAccess token with that key: %s' % req.client_key)