def checkUser(self):
# 署名の検証を行う.
#self.osa_util.checkOAuth()
if settings_sub.IS_LOCAL:
return
try:
if self.request.django_request.META.has_key('HTTP_AUTHORIZATION'):
oauth_params = self.request.django_request.META['HTTP_AUTHORIZATION']
headers = {}
headers.update(self.request.django_request.META)
headers['Authorization'] = oauth_params
oauth_request = oauth.OAuthRequest.from_request(
self.request.method,
self.request.url,
headers = headers,
query_string = self.request.query_string
)
sig = oauth_request.get_parameter('oauth_signature')
sig_build = oauth.OAuthSignatureMethod_HMAC_SHA1().build_signature(oauth_request, self.osa_util.consumer, None)
self.osa_util.logger.trace('sig :' + sig)
self.osa_util.logger.trace('sig_build:' + sig_build)
if sig == sig_build:
self.osa_util.logger.trace('sig_check_ok?:True')
else:
self.osa_util.logger.trace('sig_check_ok?:False')
raise oauth.OAuthError('sig check error!!')
else:
raise CabaretError(u'署名を確認できません')
except:
raise CabaretError(u'署名を確認できません')
def test_exception_unicode_includes_user_friendly_message(self):
# When the error is an authentication error, the message is more
# user-friendly than the default 'Invalid consumer.'.
original_exception = oauth.OAuthError('Invalid consumer.')
maas_exception = OAuthUnauthorized(original_exception)
self.assertThat(str(maas_exception),
Contains("Authorization Error: Invalid API key."))
def test_exception_unicode_includes_original_failure_message(self):
error_msg = factory.make_name('error-message')
original_exception = oauth.OAuthError(error_msg)
maas_exception = OAuthUnauthorized(original_exception)
self.assertThat(
str(maas_exception),
Contains("Authorization Error: %r" % error_msg))
def lookup_nonce(self, oauth_consumer, oauth_token, nonce):
if oauth_token and oauth_consumer.key == self.consumer.key and (
oauth_token.key == self.request_token.key
or token.key == self.access_token.key) and nonce == self.nonce:
return self.nonce
else:
raise oauth.OAuthError('Nonce not found: %s' % str(nonce))
return None
def mark_request_token_used(self, consumer, request_token):
"""
Mark that this request token has been used.
Should fail if it is already used
"""
if not request_token.authorized_p:
raise oauth.OAuthError("request token not authorized")
request_token.delete()
def check_and_store_nonce(self, nonce_str):
"""
store the given nonce in some form to check for later duplicates
IMPORTANT: raises an exception if the nonce has already been stored
"""
nonce, created = models.Nonce.objects.get_or_create(nonce=nonce_str)
if not created:
raise oauth.OAuthError("Nonce already exists")
def mark_request_token_used(self, consumer, request_token):
"""
Mark that this request token has been used.
Should fail if it is already used
"""
new_rt = models.ReqToken.objects.get(pha=consumer,
token=request_token.token)
# authorized?
if not new_rt.authorized:
raise oauth.OAuthError("Request Token not Authorized")
new_rt.delete()
def unauthorized(e):
log.error('Error accessing resource %r', self.endpoint)
code = getattr(e, 'code', 0)
emsg = getattr(e, 'message', None)
if code or (emsg == 'conn_fail'):
is_error = True
early_return = True
headers = getattr(e, 'headers', {})
opensocial_err = headers.get('x-opensocial-error')
if emsg == "conn_fail":
log.error("\tconnection error occurred")
elif code == 404:
log.error("\tResource %r does not exist.", self.endpoint)
elif code == 401:
log.error('\tPermissions error accessing resource %r: %r',
self.endpoint, e)
early_return = not (opensocial_err is None
or opensocial_err
in REAUTHORIZE_ERROR_MESSAGES)
if hasattr(e, 'document') and isinstance(
e.document, basestring):
try:
json_error_info = json.loads(e.document)
except Exception:
pass
else:
if 'timestamp' in json_error_info.get(
'statusDescription', '').lower():
log.error(
"\tGot timestamp message from error response: %r",
json_error_info)
early_return = True
is_error = True
e = oauth.OAuthError(
oauth_data={
'oauth_problem': 'timestamp_refused'
})
elif code == 409:
is_error = False
log.error('\tConflict while performing action: %r',
self.endpoint)
else:
log.error(
'\tError is being handled as non-fatal. code = %r',
code)
if opensocial_err is not None:
log.error(
"\tadditionally, an opensocial error was encountered: %r",
opensocial_err)
if early_return:
if is_error:
log.info("callback.error = %r", callback.error)
return callback.error(e)
else:
return callback.success(e)
etxt = ''
if hasattr(e, 'read'):
etxt = e.read()
if not etxt:
etxt = repr(e)
log.error("\terror text = %r", etxt)
if not client.allow_authenticate():
log.info('authenticate not allowed')
return
client.authenticate_start()
client.authorize_token(
error=auth_error,
success=lambda results:
(client.token_authorized(results),
client.fetch_access_token(
error=auth_error,
success=lambda results:
(client.access_token_fetched(results),
client.request(url,
method=method,
data=data,
error=callback.error,
success=lambda resp: callback.success(
resp.document),
**kw)))))
def check_signature(self, oauth_request, consumer, token, signature):
if is_root(consumer, token) and not settings.API_ALLOW_ROOT_HMAC_SHA1:
raise oauth.OAuthError("Invalid consumer")
return super(JeOAuthSignatureMethod_HMAC_SHA1,
self).check_signature(oauth_request, consumer, token,
signature)
