def get(self, *args): logger.debug("!!!START REQUEST!!!") """Handler method for OAuth GET requests.""" logger.debug("!!!Req URL: %s" % self.request.url) # access token logger.debug("!!!Entering ACESS_TOKEN_URL") oauth_server, oauth_request = initialize_server_request(self.request) if oauth_server is None: return send_oauth_error( oauth.OAuthError('Invalid request parameters.'), self.response) else: logger.debug("!!!OAuth Params: %s" % oauth_request.parameters) try: # create an access token token = oauth_server.fetch_access_token(oauth_request) if token == None: logger.debug( "!!! oauth_server.fetch_access_token returning None") send_oauth_error( oauth.OAuthError( "Cannot find corresponding access token."), self.response) return # send okay response self.response.set_status(200, 'OK') # return the token self.response.out.write(token.to_string()) except oauth.OAuthError, err: send_oauth_error(err, self.response)
def fetch_request_token(self, oauth_consumer, oauth_callback): if oauth_consumer.key != self.consumer.key: raise OAuthError('Consumer key does not match.') # OAuth 1.0a: if there is a callback, check its validity callback = None callback_confirmed = False if oauth_callback: if oauth_callback != OUT_OF_BAND: if check_valid_callback(oauth_callback): callback = oauth_callback callback_confirmed = True else: raise oauth.OAuthError('Invalid callback URL.') # Not going to implement scope just yet-so just hard code this for now # We create a default resource if it doesn't already exist. resource = Resource.get_or_insert("default", name="default") #try: # resource = Resource.objects.get(name=self.scope) #except: # raise OAuthError('Resource %s does not exist.' % escape(self.scope)) self.request_token = Token.create_token( consumer=self.consumer, token_type=Token.REQUEST, timestamp=self.timestamp, resource=resource, callback=callback, callback_confirmed=callback_confirmed) return self.request_token
def get(self, *args): logger.debug("!!!START REQUEST!!!") """Handler method for OAuth GET requests.""" logger.debug("!!!Req URL: %s" % self.request.url) # user authorization #TODO: put up a screen explaining what this authorization is for before #approving the request_token, and allowing the user to decide if they #want to proceed- now it just approves right away. If the user rejects #the approval , redirect to the callback with an error parameter logger.debug("!!!Entering AUTHORIZATION_URL") # get the request token oauth_server, oauth_request = initialize_server_request(self.request) if oauth_server is None: return send_oauth_error( oauth.OAuthError('Invalid request parameters.'), self.response) else: logger.debug("!!!OAuth Params: %s" % oauth_request.parameters) try: # get the request token token = oauth_server.fetch_request_token(oauth_request) except oauth.OAuthError, err: logger.exception("Failed accessing request token") return send_oauth_error(err, self.response)
def get(self, *args): logger.debug("!!!START REQUEST!!!") """Handler method for OAuth GET requests.""" logger.debug("!!!Req URL: %s" % self.request.url) logger.debug("!!!Entering REQUEST_TOKEN_URL") oauth_server, oauth_request = initialize_server_request(self.request) if oauth_server is None: send_oauth_error(oauth.OAuthError('Invalid request parameters.'), self.response) return else: logger.debug("!!!OAuth Params: %s" % oauth_request.parameters) try: # create a request token token = oauth_server.fetch_request_token(oauth_request) # return the token self.response.set_status(200, 'OK') self.response.out.write(token.to_string()) except oauth.OAuthError, err: logger.exception("Error when trying to do a request_token") send_oauth_error(err, self.response) return
def fetch_request_token(self, oauth_consumer, oauth_callback): logger.warning("!!! In MockOAuthDataStore.fetch_request_token args: %s"%locals()) if oauth_consumer.key != self.consumer.key: raise OAuthError('Consumer key does not match.') # OAuth 1.0a: if there is a callback, check its validity callback = None callback_confirmed = False if oauth_callback: if oauth_callback != OUT_OF_BAND: if check_valid_callback(oauth_callback): callback = oauth_callback callback_confirmed = True else: raise oauth.OAuthError('Invalid callback URL.') #not going to implement scope just yet-so just hard code this for now resource = Resource.all().filter("name =","default")[0] #try: # resource = Resource.objects.get(name=self.scope) #except: # raise OAuthError('Resource %s does not exist.' % escape(self.scope)) self.request_token = Token.create_token(consumer=self.consumer, token_type=Token.REQUEST, timestamp=self.timestamp, resource=resource, callback=callback, callback_confirmed=callback_confirmed) return self.request_token
def get_request_token(self): response = self.oauth_request(self.request_token_url()) token = self.oauth_parse_response(response) try: self.token = oauth.OAuthConsumer(token['oauth_token'],token['oauth_token_secret']) return token except: raise oauth.OAuthError('Invalid oauth_token')
class AuthorizeHandler(webapp.RequestHandler): """HTTP request handler with OAuth support.""" def get(self, *args): logger.debug("!!!START REQUEST!!!") """Handler method for OAuth GET requests.""" logger.debug("!!!Req URL: %s" % self.request.url) # user authorization #TODO: put up a screen explaining what this authorization is for before #approving the request_token, and allowing the user to decide if they #want to proceed- now it just approves right away. If the user rejects #the approval , redirect to the callback with an error parameter logger.debug("!!!Entering AUTHORIZATION_URL") # get the request token oauth_server, oauth_request = initialize_server_request(self.request) if oauth_server is None: return send_oauth_error( oauth.OAuthError('Invalid request parameters.'), self.response) else: logger.debug("!!!OAuth Params: %s" % oauth_request.parameters) try: # get the request token token = oauth_server.fetch_request_token(oauth_request) except oauth.OAuthError, err: logger.exception("Failed accessing request token") return send_oauth_error(err, self.response) try: # get the request callback, though there might not be one if this is OAuth 1.0a callback = oauth_server.get_callback(oauth_request) # OAuth 1.0a: this parameter should not be present on this version if token.callback_confirmed: return send_oauth_error( oauth.OAuthError( "Cannot specify oauth_callback at authorization step for 1.0a protocol" ), self.response) if not check_valid_callback(callback): return send_oauth_error( oauth.OAuthError("Invalid callback URL"), self.response) except oauth.OAuthError, err: callback = None
def oauth_required(method): def wrapper(self, *args, **kwargs): if is_valid_request(self.request): try: consumer, token, parameters = validate_token(self.request) if consumer and token: return method(self, *args, **kwargs) except oauth.OAuthError, e: send_oauth_error(e, self.response) return send_oauth_error(oauth.OAuthError("Invalid OAuth parameters"), self.response) return
def oauth_user_auth_anon(request, method): from piston.authentication import initialize_server_request, send_oauth_error, get_callable, INVALID_PARAMS_RESPONSE oauth_server, oauth_request = initialize_server_request(request) if oauth_request is None: logger.error("OAuth: INVALID_PARAMS_RESPONSE") return INVALID_PARAMS_RESPONSE try: token = oauth_server.fetch_request_token(oauth_request) if token is None: raise oauth.OAuthError("no token") except oauth.OAuthError, err: logger.error("OAuthError: %s", err.message) return send_oauth_error(err)
def fetch_access_token(self, oauth_consumer, oauth_token, oauth_verifier): if (oauth_consumer.key_ == self.consumer.key_ and oauth_token.key_ == self.request_token.key_ and self.request_token.is_approved): # OAuth 1.0a: if there is a callback confirmed, check the verifier if ((self.request_token.callback_confirmed and oauth_verifier == self.request_token.verifier) or not self.request_token.callback_confirmed): self.access_token = Token.create_token( consumer=self.consumer, token_type=Token.ACCESS, timestamp=self.timestamp, user=self.request_token.user, resource=self.request_token.resource) return self.access_token raise oauth.OAuthError( "Consumer key or token key does not match. " + "Make sure your request token is approved. " + "Check your verifier too if you use OAuth 1.0a.")
def fetch_access_token(self, oauth_consumer, oauth_token, oauth_verifier): logger.warning("!!! IN MockOAuthDataStore.fetch_access_token args: %s"%locals()) if oauth_consumer.key_ == self.consumer.key_ \ and oauth_token.key_ == self.request_token.key_ \ and self.request_token.is_approved: # OAuth 1.0a: if there is a callback confirmed, check the verifier if (self.request_token.callback_confirmed \ and oauth_verifier == self.request_token.verifier) \ or not self.request_token.callback_confirmed: self.access_token = Token.create_token(consumer=self.consumer, token_type=Token.ACCESS, timestamp=self.timestamp, user=self.request_token.user, resource=self.request_token.resource) return self.access_token raise oauth.OAuthError('Consumer key or token key does not match. ' \ +'Make sure your request token is approved. ' \ +'Check your verifier too if you use OAuth 1.0a.')
if oauth_request is None: return INVALID_PARAMS_RESPONSE try: token = oauth_server.fetch_access_token(oauth_request) if token: return HttpResponse(token.to_string()) else: return INVALID_PARAMS_RESPONSE except oauth.OAuthError, err: return send_oauth_error(err) INVALID_PARAMS_RESPONSE = send_oauth_error( oauth.OAuthError('Invalid request parameters.')) class OAuthAuthentication(object): """ OAuth authentication. Based on work by Leah Culver. """ def __init__(self, realm='API'): self.realm = realm self.builder = oauth.build_authenticate_header def is_authenticated(self, request): """ Checks whether a means of specifying authentication is provided, and if so, if it is a valid token.
return response @csrf_exempt def oauth_access_token(request): oauth_server, oauth_request = initialize_server_request(request) if oauth_request is None: return INVALID_PARAMS_RESPONSE try: token = oauth_server.fetch_access_token(oauth_request, required=True) return HttpResponse(token.to_string()) except oauth.OAuthError, err: return send_oauth_error(err) INVALID_PARAMS_RESPONSE = send_oauth_error(oauth.OAuthError('Invalid request parameters.')) class OAuthAuthentication(object): """ OAuth authentication. Based on work by Leah Culver. """ def __init__(self, realm='API'): self.realm = realm self.builder = oauth.build_authenticate_header def is_authenticated(self, request): """ Checks whether a means of specifying authentication is provided, and if so, if it is a valid token. Read the documentation on `HttpBasicAuthentication`
if oauth_request is None: return INVALID_PARAMS_RESPONSE try: token = oauth_server.fetch_access_token(oauth_request) if token: return HttpResponse(token.to_string()) else: return INVALID_PARAMS_RESPONSE except oauth.OAuthError as err: return send_oauth_error(err) INVALID_PARAMS_RESPONSE = send_oauth_error( oauth.OAuthError("Invalid request parameters.") ) class OAuthAuthentication(object): """ OAuth authentication. Based on work by Leah Culver. """ def __init__(self, realm="API"): self.realm = realm self.builder = oauth.build_authenticate_header def is_authenticated(self, request): """ Checks whether a means of specifying authentication