def get(self, *args):
logger.debug("!!!START REQUEST!!!")
"""Handler method for OAuth GET requests."""
logger.debug("!!!Req URL: %s" % self.request.url)
# access token
logger.debug("!!!Entering ACESS_TOKEN_URL")
oauth_server, oauth_request = initialize_server_request(self.request)
if oauth_server is None:
return send_oauth_error(
oauth.OAuthError('Invalid request parameters.'), self.response)
else:
logger.debug("!!!OAuth Params: %s" % oauth_request.parameters)
try:
# create an access token
token = oauth_server.fetch_access_token(oauth_request)
if token == None:
logger.debug(
"!!! oauth_server.fetch_access_token returning None")
send_oauth_error(
oauth.OAuthError(
"Cannot find corresponding access token."),
self.response)
return
# send okay response
self.response.set_status(200, 'OK')
# return the token
self.response.out.write(token.to_string())
except oauth.OAuthError, err:
send_oauth_error(err, self.response)
def fetch_request_token(self, oauth_consumer, oauth_callback):
if oauth_consumer.key != self.consumer.key:
raise OAuthError('Consumer key does not match.')
# OAuth 1.0a: if there is a callback, check its validity
callback = None
callback_confirmed = False
if oauth_callback:
if oauth_callback != OUT_OF_BAND:
if check_valid_callback(oauth_callback):
callback = oauth_callback
callback_confirmed = True
else:
raise oauth.OAuthError('Invalid callback URL.')
# Not going to implement scope just yet-so just hard code this for now
# We create a default resource if it doesn't already exist.
resource = Resource.get_or_insert("default", name="default")
#try:
# resource = Resource.objects.get(name=self.scope)
#except:
# raise OAuthError('Resource %s does not exist.' % escape(self.scope))
self.request_token = Token.create_token(
consumer=self.consumer,
token_type=Token.REQUEST,
timestamp=self.timestamp,
resource=resource,
callback=callback,
callback_confirmed=callback_confirmed)
return self.request_token
def get(self, *args):
logger.debug("!!!START REQUEST!!!")
"""Handler method for OAuth GET requests."""
logger.debug("!!!Req URL: %s" % self.request.url)
# user authorization
#TODO: put up a screen explaining what this authorization is for before
#approving the request_token, and allowing the user to decide if they
#want to proceed- now it just approves right away. If the user rejects
#the approval , redirect to the callback with an error parameter
logger.debug("!!!Entering AUTHORIZATION_URL")
# get the request token
oauth_server, oauth_request = initialize_server_request(self.request)
if oauth_server is None:
return send_oauth_error(
oauth.OAuthError('Invalid request parameters.'), self.response)
else:
logger.debug("!!!OAuth Params: %s" % oauth_request.parameters)
try:
# get the request token
token = oauth_server.fetch_request_token(oauth_request)
except oauth.OAuthError, err:
logger.exception("Failed accessing request token")
return send_oauth_error(err, self.response)
def get(self, *args):
logger.debug("!!!START REQUEST!!!")
"""Handler method for OAuth GET requests."""
logger.debug("!!!Req URL: %s" % self.request.url)
logger.debug("!!!Entering REQUEST_TOKEN_URL")
oauth_server, oauth_request = initialize_server_request(self.request)
if oauth_server is None:
send_oauth_error(oauth.OAuthError('Invalid request parameters.'),
self.response)
return
else:
logger.debug("!!!OAuth Params: %s" % oauth_request.parameters)
try:
# create a request token
token = oauth_server.fetch_request_token(oauth_request)
# return the token
self.response.set_status(200, 'OK')
self.response.out.write(token.to_string())
except oauth.OAuthError, err:
logger.exception("Error when trying to do a request_token")
send_oauth_error(err, self.response)
return
def fetch_request_token(self, oauth_consumer, oauth_callback):
logger.warning("!!! In MockOAuthDataStore.fetch_request_token args: %s"%locals())
if oauth_consumer.key != self.consumer.key:
raise OAuthError('Consumer key does not match.')
# OAuth 1.0a: if there is a callback, check its validity
callback = None
callback_confirmed = False
if oauth_callback:
if oauth_callback != OUT_OF_BAND:
if check_valid_callback(oauth_callback):
callback = oauth_callback
callback_confirmed = True
else:
raise oauth.OAuthError('Invalid callback URL.')
#not going to implement scope just yet-so just hard code this for now
resource = Resource.all().filter("name =","default")[0]
#try:
# resource = Resource.objects.get(name=self.scope)
#except:
# raise OAuthError('Resource %s does not exist.' % escape(self.scope))
self.request_token = Token.create_token(consumer=self.consumer,
token_type=Token.REQUEST,
timestamp=self.timestamp,
resource=resource,
callback=callback,
callback_confirmed=callback_confirmed)
return self.request_token
def get_request_token(self):
response = self.oauth_request(self.request_token_url())
token = self.oauth_parse_response(response)
try:
self.token = oauth.OAuthConsumer(token['oauth_token'],token['oauth_token_secret'])
return token
except:
raise oauth.OAuthError('Invalid oauth_token')
class AuthorizeHandler(webapp.RequestHandler):
"""HTTP request handler with OAuth support."""
def get(self, *args):
logger.debug("!!!START REQUEST!!!")
"""Handler method for OAuth GET requests."""
logger.debug("!!!Req URL: %s" % self.request.url)
# user authorization
#TODO: put up a screen explaining what this authorization is for before
#approving the request_token, and allowing the user to decide if they
#want to proceed- now it just approves right away. If the user rejects
#the approval , redirect to the callback with an error parameter
logger.debug("!!!Entering AUTHORIZATION_URL")
# get the request token
oauth_server, oauth_request = initialize_server_request(self.request)
if oauth_server is None:
return send_oauth_error(
oauth.OAuthError('Invalid request parameters.'), self.response)
else:
logger.debug("!!!OAuth Params: %s" % oauth_request.parameters)
try:
# get the request token
token = oauth_server.fetch_request_token(oauth_request)
except oauth.OAuthError, err:
logger.exception("Failed accessing request token")
return send_oauth_error(err, self.response)
try:
# get the request callback, though there might not be one if this is OAuth 1.0a
callback = oauth_server.get_callback(oauth_request)
# OAuth 1.0a: this parameter should not be present on this version
if token.callback_confirmed:
return send_oauth_error(
oauth.OAuthError(
"Cannot specify oauth_callback at authorization step for 1.0a protocol"
), self.response)
if not check_valid_callback(callback):
return send_oauth_error(
oauth.OAuthError("Invalid callback URL"), self.response)
except oauth.OAuthError, err:
callback = None
def oauth_required(method):
def wrapper(self, *args, **kwargs):
if is_valid_request(self.request):
try:
consumer, token, parameters = validate_token(self.request)
if consumer and token:
return method(self, *args, **kwargs)
except oauth.OAuthError, e:
send_oauth_error(e, self.response)
return
send_oauth_error(oauth.OAuthError("Invalid OAuth parameters"),
self.response)
return
def oauth_user_auth_anon(request, method):
from piston.authentication import initialize_server_request, send_oauth_error, get_callable, INVALID_PARAMS_RESPONSE
oauth_server, oauth_request = initialize_server_request(request)
if oauth_request is None:
logger.error("OAuth: INVALID_PARAMS_RESPONSE")
return INVALID_PARAMS_RESPONSE
try:
token = oauth_server.fetch_request_token(oauth_request)
if token is None:
raise oauth.OAuthError("no token")
except oauth.OAuthError, err:
logger.error("OAuthError: %s", err.message)
return send_oauth_error(err)
def fetch_access_token(self, oauth_consumer, oauth_token, oauth_verifier):
if (oauth_consumer.key_ == self.consumer.key_
and oauth_token.key_ == self.request_token.key_
and self.request_token.is_approved):
# OAuth 1.0a: if there is a callback confirmed, check the verifier
if ((self.request_token.callback_confirmed
and oauth_verifier == self.request_token.verifier)
or not self.request_token.callback_confirmed):
self.access_token = Token.create_token(
consumer=self.consumer,
token_type=Token.ACCESS,
timestamp=self.timestamp,
user=self.request_token.user,
resource=self.request_token.resource)
return self.access_token
raise oauth.OAuthError(
"Consumer key or token key does not match. " +
"Make sure your request token is approved. " +
"Check your verifier too if you use OAuth 1.0a.")
def fetch_access_token(self, oauth_consumer, oauth_token, oauth_verifier):
logger.warning("!!! IN MockOAuthDataStore.fetch_access_token args: %s"%locals())
if oauth_consumer.key_ == self.consumer.key_ \
and oauth_token.key_ == self.request_token.key_ \
and self.request_token.is_approved:
# OAuth 1.0a: if there is a callback confirmed, check the verifier
if (self.request_token.callback_confirmed \
and oauth_verifier == self.request_token.verifier) \
or not self.request_token.callback_confirmed:
self.access_token = Token.create_token(consumer=self.consumer,
token_type=Token.ACCESS,
timestamp=self.timestamp,
user=self.request_token.user,
resource=self.request_token.resource)
return self.access_token
raise oauth.OAuthError('Consumer key or token key does not match. ' \
+'Make sure your request token is approved. ' \
+'Check your verifier too if you use OAuth 1.0a.')
if oauth_request is None:
return INVALID_PARAMS_RESPONSE
try:
token = oauth_server.fetch_access_token(oauth_request)
if token:
return HttpResponse(token.to_string())
else:
return INVALID_PARAMS_RESPONSE
except oauth.OAuthError, err:
return send_oauth_error(err)
INVALID_PARAMS_RESPONSE = send_oauth_error(
oauth.OAuthError('Invalid request parameters.'))
class OAuthAuthentication(object):
"""
OAuth authentication. Based on work by Leah Culver.
"""
def __init__(self, realm='API'):
self.realm = realm
self.builder = oauth.build_authenticate_header
def is_authenticated(self, request):
"""
Checks whether a means of specifying authentication
is provided, and if so, if it is a valid token.
return response
@csrf_exempt
def oauth_access_token(request):
oauth_server, oauth_request = initialize_server_request(request)
if oauth_request is None:
return INVALID_PARAMS_RESPONSE
try:
token = oauth_server.fetch_access_token(oauth_request, required=True)
return HttpResponse(token.to_string())
except oauth.OAuthError, err:
return send_oauth_error(err)
INVALID_PARAMS_RESPONSE = send_oauth_error(oauth.OAuthError('Invalid request parameters.'))
class OAuthAuthentication(object):
"""
OAuth authentication. Based on work by Leah Culver.
"""
def __init__(self, realm='API'):
self.realm = realm
self.builder = oauth.build_authenticate_header
def is_authenticated(self, request):
"""
Checks whether a means of specifying authentication
is provided, and if so, if it is a valid token.
Read the documentation on `HttpBasicAuthentication`
if oauth_request is None:
return INVALID_PARAMS_RESPONSE
try:
token = oauth_server.fetch_access_token(oauth_request)
if token:
return HttpResponse(token.to_string())
else:
return INVALID_PARAMS_RESPONSE
except oauth.OAuthError as err:
return send_oauth_error(err)
INVALID_PARAMS_RESPONSE = send_oauth_error(
oauth.OAuthError("Invalid request parameters.")
)
class OAuthAuthentication(object):
"""
OAuth authentication. Based on work by Leah Culver.
"""
def __init__(self, realm="API"):
self.realm = realm
self.builder = oauth.build_authenticate_header
def is_authenticated(self, request):
"""
Checks whether a means of specifying authentication
