def fetch_request_token(self, oauth_consumer, oauth_callback): if oauth_consumer.key != self.consumer.key: raise OAuthError('Consumer key does not match.') # OAuth 1.0a: if there is a callback, check its validity callback = None callback_confirmed = False if oauth_callback: if oauth_callback != OUT_OF_BAND: if check_valid_callback(oauth_callback): callback = oauth_callback callback_confirmed = True else: raise OAuthError('Invalid callback URL.') try: resource = Resource.objects.get(name=self.scope) except: raise OAuthError('Resource %s does not exist.' % escape(self.scope)) self.request_token = Token.objects.create_token( consumer=self.consumer, token_type=Token.REQUEST, timestamp=self.timestamp, resource=resource, callback=callback, callback_confirmed=callback_confirmed) return self.request_token
def fetch_request_token(self, oauth_consumer): if oauth_consumer.key == self.consumer.key: try: resource = Resource.objects.get(name=self.scope) except: raise OAuthError('Resource %s does not exist.' % escape(self.scope)) self.request_token = Token.objects.create_token(consumer=self.consumer, token_type=Token.REQUEST, timestamp=self.timestamp, resource=resource) return self.request_token raise OAuthError('Consumer key does not match.')
class CheckOAuth(object): """ Class that checks that the OAuth parameters passes the given test, raising an OAuth error otherwise. If the test is passed, the view function is invoked. We use a class here so that we can define __get__. This way, when a CheckOAuth object is used as a method decorator, the view function is properly bound to its instance. """ def __init__(self, request): self.request = request self.view_func = view_func # lou w - name scope instead of resource self.scopes = resource_name update_wrapper(self, request) def __get__(self, obj, cls=None): return CheckOAuth(request) def __call__(self, request): if self.is_valid_request(request): try: consumer, token, parameters = self.validate_token(request) except OAuthError, e: return send_oauth_error(e) # lou w - changed to check token scope and self scope instead of resource if self.scopes and token.scope != self.scopes: return send_oauth_error( OAuthError( _('You are not allowed to access this resource.'))) elif consumer and token: return self.view_func(request, *args, **kwargs) return send_oauth_error(OAuthError(_('Invalid request parameters.')))
def authorize_request_token(self, oauth_token, user): if oauth_token.key == self.request_token.key: # authorize the request token in the store self.request_token.is_approved = True self.request_token.user = user self.request_token.save() return self.request_token raise OAuthError('Token key does not match.')
def fetch_request_token(self, oauth_consumer, oauth_callback): if oauth_consumer.key != self.consumer.key: raise OAuthError('Consumer key does not match.') # OAuth 1.0a: if there is a callback, check its validity callback = None # tom c changed... call back confirmed is supposed to be true # callback_confirmed = False callback_confirmed = True if oauth_callback: if oauth_callback != OUT_OF_BAND: if check_valid_callback(oauth_callback): callback = oauth_callback else: # tom c callback_confirmed = False raise OAuthError('Invalid callback URL.') # tom c - changed... Resource used to represent a specific scope # with xapi scopes could be many.. using resource as a holder of # many scopes if self.scope: scope = self.scope else: scope = self.consumer.default_scopes # lou w - Make sure a valid scope(s) is supplied scope_list = scope.split(",") for x in scope_list: if not x in OAUTH_SCOPES: raise OAuthError('Resource %s is not allowed.' % escape(self.scope)) # lou w - save as scope instead of resource self.request_token = Token.objects.create_token( consumer=self.consumer, token_type=Token.REQUEST, timestamp=self.timestamp, scope=scope, callback=callback, callback_confirmed=callback_confirmed) return self.request_token
def fetch_access_token(self, oauth_consumer, oauth_token): if oauth_consumer.key == self.consumer.key \ and oauth_token.key == self.request_token.key \ and self.request_token.is_approved: self.access_token = Token.objects.create_token(consumer=self.consumer, token_type=Token.ACCESS, timestamp=self.timestamp, user=self.request_token.user, resource=self.request_token.resource) return self.access_token raise OAuthError('Consumer key or token key does not match. Make sure your request token is approved too.')
def access_token_view(self, request): oauth_server, oauth_request = initialise_server_request(request) if oauth_request is None: return send_oauth_error(OAuthError('Invalid request parameters.')) try: token = oauth_server.fetch_access_token(oauth_request) return HttpResponse(token.to_string()) except OAuthError, ex: return send_oauth_error(ex)
def authorise_view(self, request): oauth_server, oauth_request = initialise_server_request(request) if oauth_server is None or oauth_request is None: return send_oauth_error(OAuthError('Invalid request parameters.')) app = oauth_server._get_consumer(oauth_request) try: token = oauth_server.fetch_request_token(oauth_request) except OAuthError, ex: return send_oauth_error(ex)
def __call__(self, request, *args, **kwargs): if self.is_valid_request(request): try: consumer, token, parameters = self.validate_token(request) except OAuthError, e: return send_oauth_error(e) if self.resource_name and token.resource.name != self.resource_name: return send_oauth_error( OAuthError( _('You are not allowed to access this resource.'))) elif consumer and token: return self.view_func(request, *args, **kwargs)
def authorize_request_token(self, oauth_token, user): if oauth_token.key == self.request_token.key: # authorize the request token in the store self.request_token.is_approved = True self.request_token.save() # OAuth 1.0a: if there is a callback confirmed, we must set a verifier if self.request_token.callback_confirmed: self.request_token.verifier = generate_random(VERIFIER_SIZE) self.request_token.user = user self.request_token.save() return self.request_token raise OAuthError('Token key or lrs_auth_id does not match.')
def __call__(self, request): if self.is_valid_request(request): try: consumer, token, parameters = self.validate_token(request) except OAuthError, e: return send_oauth_error(e) # lou w - changed to check token scope and self scope instead of resource if self.scopes and token.scope != self.scopes: return send_oauth_error( OAuthError( _('You are not allowed to access this resource.'))) elif consumer and token: return self.view_func(request, *args, **kwargs)
def __call__(self, request, *args, **kwargs): if self.is_valid_request(request): try: consumer, token, parameters = self.validate_token(request) except OAuthError, e: return send_oauth_error(e) if self.resource_name and token.resource.name != self.resource_name: return send_oauth_error(OAuthError(_('You are not allowed to access this resource.'))) elif consumer and token: form = self.form(request.REQUEST) if form.is_valid(): return self.view(request, form, token.user) else: return self.invalid_form(request, form)
def fetch_access_token(self, oauth_consumer, oauth_token, oauth_verifier): if oauth_consumer.key == self.consumer.key \ and oauth_token.key == self.request_token.key \ and self.request_token.is_approved: # OAuth 1.0a: if there is a callback confirmed, check the verifier if (self.request_token.callback_confirmed \ and oauth_verifier == self.request_token.verifier) \ or not self.request_token.callback_confirmed: self.access_token = Token.objects.create_token( consumer=self.consumer, token_type=Token.ACCESS, timestamp=self.timestamp, user=self.request_token.user, resource=self.request_token.resource) return self.access_token raise OAuthError('Consumer key or token key does not match. ' \ +'Make sure your request token is approved. ' \ +'Check your verifier too if you use OAuth 1.0a.')
class oauth_api_method(object): def __init__(self, view): update_wrapper(self, view) self.view = view form_name = ''.join(n.capitalize() for n in self.__name__.split('_')) + 'Form' self.form = getattr(forms, form_name) def __call__(self, request, *args, **kwargs): if self.is_valid_request(request): try: consumer, token, parameters = self.validate_token(request) except OAuthError, e: return send_oauth_error(e) if self.resource_name and token.resource.name != self.resource_name: return send_oauth_error(OAuthError(_('You are not allowed to access this resource.'))) elif consumer and token: form = self.form(request.REQUEST) if form.is_valid(): return self.view(request, form, token.user) else: return self.invalid_form(request, form) return send_oauth_error(OAuthError(_('Invalid request parameters.')))
from django.contrib.auth.decorators import login_required from django.core.urlresolvers import get_callable from django.template import RequestContext from utils import initialize_server_request, send_oauth_error from decorators import oauth_required from stores import check_valid_callback from consts import OUT_OF_BAND from django.utils.decorators import decorator_from_middleware from django.shortcuts import render_to_response from lrs.forms import AuthClientForm from lrs.models import Token OAUTH_AUTHORIZE_VIEW = 'OAUTH_AUTHORIZE_VIEW' OAUTH_CALLBACK_VIEW = 'OAUTH_CALLBACK_VIEW' INVALID_PARAMS_RESPONSE = send_oauth_error(OAuthError( _('Invalid request parameters.'))) def oauth_home(request): rsp = """ <html><head></head><body><h1>Oauth Authorize</h1></body></html>""" return HttpResponse(rsp) def request_token(request): """ The Consumer obtains an unauthorized Request Token by asking the Service Provider to issue a Token. The Request Token's sole purpose is to receive User approval and can only be used to obtain an Access Token. """ # If oauth is not enabled, don't initiate the handshake if settings.OAUTH_ENABLED: oauth_server, oauth_request = initialize_server_request(request)
from django.utils.translation import ugettext as _ from oauth.oauth import OAuthError from oauth_provider.decorators import CheckOAuth from oauth_provider.utils import send_oauth_error from dapi.auth import AuthBase class AuthOAuth(AuthBase): def check_request(self, request): if CheckOAuth.is_valid_request(request): try: CheckOAuth.validate_token(request) except OAuthError, e: return send_oauth_error(e) else: return send_oauth_error( OAuthError(_("Invalid request parameters."))) return None
from django.conf import settings from django.http import HttpResponse, HttpResponseRedirect from django.utils.translation import ugettext as _ from django.contrib.auth.decorators import login_required from django.core.urlresolvers import get_callable from utils import initialize_server_request, send_oauth_error from decorators import oauth_required from stores import check_valid_callback from consts import OUT_OF_BAND OAUTH_AUTHORIZE_VIEW = 'OAUTH_AUTHORIZE_VIEW' OAUTH_CALLBACK_VIEW = 'OAUTH_CALLBACK_VIEW' INVALID_PARAMS_RESPONSE = send_oauth_error( OAuthError(_('Invalid request parameters.'))) def request_token(request): """ The Consumer obtains an unauthorized Request Token by asking the Service Provider to issue a Token. The Request Token's sole purpose is to receive User approval and can only be used to obtain an Access Token. """ oauth_server, oauth_request = initialize_server_request(request) if oauth_server is None: return INVALID_PARAMS_RESPONSE try: # create a request token token = oauth_server.fetch_request_token(oauth_request) # return the token