示例#1
0
 def to_postdata(self):
     """Serialize as post data for a POST request."""
     logging.info("starting to create post request. param")
     try:
         foo = "&".join(["%s=%s" % (escape(str(k)), escape(str(v))) for k, v in self.parameters.iteritems()])
     except Exception, e:
         logging.warn("error from creating post body" + str(e))
示例#2
0
  def get_signature_base_string(self, method, url, params):
    """
    Builds the signature base string (as defined by OAuth) for this request.

    Args:
      method: string The HTTP method used for signing the request.
      url: string The fully-qualified url of the request.
      params: string Parameters used to sign the request.  Should be a merged
          set of all querystring, form-urlencoded POST body, and header params.
      
    Returns: string A signature base string as defined by the OAuth spec.
    """
    encoded_params = {}
    for key, value in params.items():
      encoded_params[key] = value.encode('utf-8', 'ignore')

    oauth_request = oauth.OAuthRequest(
        http_method=method.upper(), 
        http_url=url, 
        parameters=encoded_params)

    base_str = '&'.join((
        oauth.escape(oauth_request.get_normalized_http_method()),
        oauth.escape(oauth_request.get_normalized_http_url()),
        oauth.escape(oauth_request.get_normalized_parameters())))

    return base_str
示例#3
0
文件: api.py 项目: concealed/test-app
  def _isValidSignature(self):
    # Construct a RSA.pubkey object
    exponent = 65537
    public_key_str = """0x\
00b1e057678343866db89d7dec2518\
99261bf2f5e0d95f5d868f81d600c9\
a101c9e6da20606290228308551ed3\
acf9921421dcd01ef1de35dd3275cd\
4983c7be0be325ce8dfc3af6860f7a\
b0bf32742cd9fb2fcd1cd1756bbc40\
0b743f73acefb45d26694caf4f26b9\
765b9f65665245524de957e8c547c3\
58781fdfb68ec056d1"""
    public_key_long = long(public_key_str, 16)
    public_key = RSA.construct((public_key_long, exponent))
        
    # Rebuild the message hash locally
    oauth_request = oauth.OAuthRequest(http_method=self.request.method, 
                                       http_url=self.request.url, 
                                       parameters=self.request.params.mixed())
    message = '&'.join((oauth.escape(oauth_request.get_normalized_http_method()),
                        oauth.escape(oauth_request.get_normalized_http_url()),
                        oauth.escape(oauth_request.get_normalized_parameters()),))
    local_hash = hashlib.sha1(message).digest()

    # Apply the public key to the signature from the remote host
    sig = base64.decodestring(urllib.unquote(self.request.params.mixed()["oauth_signature"]))
    remote_hash = public_key.encrypt(sig, '')[0][-20:]
    
    # Verify that the locally-built value matches the value from the remote server.
    if local_hash==remote_hash:
      return True
    else:
      return False
    def get_signature_base_string(self, method, url, params):
        """
    Builds the signature base string (as defined by OAuth) for this request.

    Args:
      method: string The HTTP method used for signing the request.
      url: string The fully-qualified url of the request.
      params: string Parameters used to sign the request.  Should be a merged
          set of all querystring, form-urlencoded POST body, and header params.
      
    Returns: string A signature base string as defined by the OAuth spec.
    """
        encoded_params = {}
        for key, value in params.items():
            encoded_params[key] = value.encode('utf-8', 'ignore')

        oauth_request = oauth.OAuthRequest(http_method=method.upper(),
                                           http_url=url,
                                           parameters=encoded_params)

        base_str = '&'.join(
            (oauth.escape(oauth_request.get_normalized_http_method()),
             oauth.escape(oauth_request.get_normalized_http_url()),
             oauth.escape(oauth_request.get_normalized_parameters())))

        return base_str
示例#5
0
 def to_postdata(self):
     """Serialize as post data for a POST request."""
     logging.info('starting to create post request. param')
     try:
         foo = '&'.join(['%s=%s' % (escape(str(k)), escape(str(v))) \
                  for k, v in self.parameters.iteritems()])
     except Exception, e:
         logging.warn('error from creating post body' + str(e))
示例#6
0
 def build_signature_base_string(self, oauth_request, consumer, token):
     sig = (
         oauth.escape(oauth_request.get_normalized_http_method()),
         oauth.escape(oauth_request.get_normalized_http_url()),
         oauth.escape(oauth_request.get_normalized_parameters()),
     )
     key = ''
     raw = '&'.join(sig)
     return key, raw
示例#7
0
    def base_string(self):
        """
        Generates the Signature Base String.

        http://oauth.net/core/1.0/#rfc.section.A.5.1

        """

        return '&'.join((
            escape(self.request.http_method),
            escape(self.request.url),
            escape(self.request.normalized_request_params),
        ))
示例#8
0
    def base_string(self):
        """
        Generates the Signature Base String.

        http://oauth.net/core/1.0/#rfc.section.A.5.1

        """

        return '&'.join((
            escape(self.request.http_method),
            escape(self.request.url),
            escape(self.request.normalized_request_params),
        ))
示例#9
0
    def request(self, api_url, method="GET", parameters=None, body=None,
            raw_response=False, converter=gdata.photos.AnyFeedFromString):
        access_token = self.token
        if parameters is None:
            parameters = {'max-results': 10000}

        http_method = "POST" if method in ["POST", "PUT"] else method
        oauth_request = oauth.OAuthRequest.from_consumer_and_token(
                self.consumer, token=access_token, http_method=http_method,
                http_url=api_url, parameters=parameters)
        oauth_request.sign_request(self.signature_method, self.consumer,
                access_token)
        
        headers = oauth_request.to_header()

        request_url = oauth_request.to_url()

        if method == "PUT":
            headers["X-HTTP-Method-Override"] = "PUT"

        if body is not None and http_method == "POST":
            body += "&".join(
                    "%s=%s" % (oauth.escape(str(k)),oauth.escape(str(v))) for k, v in parameters.iteritems())

        if http_method == "POST":
            qs = urlparse.urlparse(oauth_request.to_url()).query
            qparams = oauth_request._split_url_string(qs)
            qs = "&".join("%s=%s" % (oauth.escape(str(k)), oauth.escape(str(v))) for k, v in qparams.iteritems())
            request_url = oauth_request.get_normalized_http_url() + "?" + qs
        else:
            if parameters:
                request_url = "%s?%s" % (oauth_request.http_url, urllib.urlencode(parameters))
            else:
                request_url = oauth_request.http_url

        req = urllib2.Request(request_url, data=body, headers=headers)
        resp = urllib2.urlopen(req)

        self.last_response = resp

        resp_content = resp.read()
        if resp.code > 201:
            raise Exception('API returned an error', resp_content)
        
        #print "%s" % resp_content

        feed = converter(resp_content)

        return feed
示例#10
0
    def base_secrets(self):
        """
        Returns the concatenated encoded values of the Consumer Secret and
        Token Secret, separated by a ‘&’ character (ASCII code 38), even if
        either secret is empty.

        """

        key = ''
        if self.consumer and 'oauth_consumer_secret' in self.consumer:
            key += escape(self.consumer['oauth_consumer_secret'])
        key += '&'
        if self.token and 'oauth_token_secret' in self.token:
            key += escape(self.token['oauth_token_secret'])

        return key.encode('ascii')
示例#11
0
 def prepareRequest(self, postParams):
     """
     The prepareRequest method is used to initialise the request in preparation to sending to twitter.  
     The method returns the url of the resource we are trying to access, and additionally post parameters
     can be pushed into the postParams argument.
     """
     
     # get the action and the extra parameters
     (fnresult, extra_params) = self.getActionAndParams()
     
     # if the next page is set, then use that url
     if self.nextPage is not None:
         fnresult += self.nextPage
     # otherwise, build a suitable url
     else:
         fnresult += "?rpp=50"
         
         if self.highTweetId > 0:
             fnresult += "&since_id=%s" % (self.highTweetId)
         
         # if the language code has been set, then specify the language code also
         if self.language is not None:
             fnresult += "&lang=" + self.language
             
         # TODO: one day use the map, filter or reduce function once I become enlightened in functional programming
         for k,v in extra_params.iteritems():
             fnresult += "&%s=%s" % (k, oauth.escape(v))
         
     return fnresult
示例#12
0
    def prepareRequest(self, postParams):
        """
        The prepareRequest method is used to initialise the request in preparation to sending to twitter.  
        The method returns the url of the resource we are trying to access, and additionally post parameters
        can be pushed into the postParams argument.
        """

        # get the action and the extra parameters
        (fnresult, extra_params) = self.getActionAndParams()

        # if the next page is set, then use that url
        if self.nextPage is not None:
            fnresult += self.nextPage
        # otherwise, build a suitable url
        else:
            fnresult += "?rpp=50"

            if self.highTweetId > 0:
                fnresult += "&since_id=%s" % (self.highTweetId)

            # if the language code has been set, then specify the language code also
            if self.language is not None:
                fnresult += "&lang=" + self.language

            # TODO: one day use the map, filter or reduce function once I become enlightened in functional programming
            for k, v in extra_params.iteritems():
                fnresult += "&%s=%s" % (k, oauth.escape(v))

        return fnresult
示例#13
0
    def base_secrets(self):
        """
        Returns the concatenated encoded values of the Consumer Secret and
        Token Secret, separated by a ‘&’ character (ASCII code 38), even if
        either secret is empty.

        """

        key = ''
        if self.consumer and 'oauth_token_secret' in self.consumer:
            key += escape(self.consumer['oauth_token_secret'])
        key += '&'
        if self.token and 'oauth_token_secret' in self.token:
            key += escape(self.token['oauth_token_secret'])

        return key
示例#14
0
 def to_header(self, realm=''):
     """Serialize as a header for an HTTPAuth request."""
     auth_header = 'OAuth realm="%s"' % realm
     # Add the oauth parameters.
     if self.parameters:
         for k, v in self.parameters.iteritems():
             auth_header += ', %s="%s"' % (k, escape(str(v)))
     return {'Authorization': auth_header}
示例#15
0
 def to_header(self, realm=""):
     """Serialize as a header for an HTTPAuth request."""
     auth_header = 'OAuth realm="%s"' % realm
     # Add the oauth parameters.
     if self.parameters:
         for k, v in self.parameters.iteritems():
             auth_header += ', %s="%s"' % (k, escape(str(v)))
     return {"Authorization": auth_header}
示例#16
0
def request_to_header(request, realm=''):
    """Serialize as a header for an HTTPAuth request."""
    auth_header = 'OAuth realm="%s"' % realm
        # Add the oauth parameters.
    if request.parameters:
        for k, v in request.parameters.iteritems():
            if k.startswith('oauth_') or k.startswith('x_auth_'):
                auth_header += ', %s="%s"' % (k, oauth.escape(str(v)))
    return {'Authorization': auth_header}
示例#17
0
def request_to_header(request, realm=''):
    """Serialize as a header for an HTTPAuth request."""
    auth_header = 'OAuth realm="%s"' % realm
    # Add the oauth parameters.
    if request.parameters:
        for k, v in request.parameters.iteritems():
            if k.startswith('oauth_') or k.startswith('x_auth_'):
                auth_header += ', %s="%s"' % (k, oauth.escape(str(v)))
    return {'Authorization': auth_header}
示例#18
0
def _isValidSignature(self):

    # Code lab hack:
    # If the container is 'appengine' (e.g. app is running on localhost), return True
    if self.request.get('oauth_consumer_key') == 'appengine':
        return True

    # Construct a RSA.pubkey object
    exponent = 65537
    public_key_str = """0x\
00b1e057678343866db89d7dec2518\
99261bf2f5e0d95f5d868f81d600c9\
a101c9e6da20606290228308551ed3\
acf9921421dcd01ef1de35dd3275cd\
4983c7be0be325ce8dfc3af6860f7a\
b0bf32742cd9fb2fcd1cd1756bbc40\
0b743f73acefb45d26694caf4f26b9\
765b9f65665245524de957e8c547c3\
58781fdfb68ec056d1"""
    public_key_long = long(public_key_str, 16)
    public_key = RSA.construct((public_key_long, exponent))

    # Rebuild the message hash locally
    oauth_request = oauth.OAuthRequest(http_method=self.request.method,
                                       http_url=self.request.url,
                                       parameters=self.request.params.mixed())
    message = '&'.join((
        oauth.escape(oauth_request.get_normalized_http_method()),
        oauth.escape(oauth_request.get_normalized_http_url()),
        oauth.escape(oauth_request.get_normalized_parameters()),
    ))
    local_hash = hashlib.sha1(message).digest()

    # Apply the public key to the signature from the remote host
    sig = base64.decodestring(
        urllib.unquote(self.request.params.mixed()["oauth_signature"]))
    remote_hash = public_key.encrypt(sig, '')[0][-20:]

    # Verify that the locally-built value matches the value from the remote server.
    if local_hash == remote_hash:
        return True
    else:
        return False
示例#19
0
 def request_to_header(self,request, realm=''):
     '''Serialize as a header for an HTTPAuth request.'''
     logging.info('Building Request Header...')
     auth_header = 'OAuth realm=\'%s\'' % realm
     if request.parameters:
         for k, v in request.parameters.iteritems():
             if k.startswith('oauth_') or k.startswith('x_auth_'):
                 auth_header += ', %s="%s"' % (k, oauth.escape(str(v)))
     logging.info('Header ready....')
     return {'Authorization': auth_header}
示例#20
0
 def __init__(self, key):
   """
   Creates a validator based off of the HMAC-SHA1 signing mechanism.
   
   Args:
     key: string The shared secret key used to sign this request.  Typically,
         this value will be shared with the owner of an application at the
         time the application is registered with the container.
     exponent: int The RSA public key exponent.
   """
   self.hmac_key = '%s&' % oauth.escape(key)
 def __init__(self, key):
     """
 Creates a validator based off of the HMAC-SHA1 signing mechanism.
 
 Args:
   key: string The shared secret key used to sign this request.  Typically,
       this value will be shared with the owner of an application at the
       time the application is registered with the container.
   exponent: int The RSA public key exponent.
 """
     self.hmac_key = '%s&' % oauth.escape(key)
示例#22
0
def update_all_distributed(request):
    """
    """
    logging.debug("Getting data.")

    params = {
        "callback": request.build_absolute_uri(reverse("update_all_distributed_callback")),
        "user_id": request.session["facility_user"].id,
    }

    query_string = "&".join(["%s=%s" % (k,oauth.escape(v)) for k,v in params.items()])
    central_url = CENTRAL_SERVER_URL + reverse("update_all_central") + "?" + query_string

    return HttpResponseRedirect(central_url)
示例#23
0
    def request(self, api_url, method="GET", parameters=None, body=None,
            raw_response=False, gdata_service=None, converter=None):
        access_token = self.token

        http_method = "POST" if method in ["POST", "PUT"] else method
        oauth_request = oauth.OAuthRequest.from_consumer_and_token(
                self.consumer, token=access_token, http_method=http_method,
                http_url=api_url, parameters=parameters)
        oauth_request.sign_request(self.signature_method, self.consumer,
                access_token)
        
        headers = oauth_request.to_header()

        request_url = oauth_request.to_url()

        if method == "PUT":
            headers["X-HTTP-Method-Override"] = "PUT"

        if body is not None and http_method == "POST":
            body += "&".join(
                    "%s=%s" % (oauth.escape(str(k)),oauth.escape(str(v))) for k, v in parameters.iteritems())

        if http_method == "POST":
            qs = urlparse.urlparse(oauth_request.to_url()).query
            qparams = oauth_request._split_url_string(qs)
            qs = "&".join("%s=%s" % (oauth.escape(str(k)), oauth.escape(str(v))) for k, v in qparams.iteritems())
            request_url = oauth_request.get_normalized_http_url() + "?" + qs
        else:
            if parameters:
                request_url = "%s?%s" % (oauth_request.http_url, urllib.urlencode(parameters))
            else:
                request_url = oauth_request.http_url

        resp = gdata_service.GetFeed(request_url, extra_headers=headers,
                converter=converter)

        return resp
示例#24
0
    def request(self, api_url, method="GET", parameters=None, body=None, raw_response=False):
        access_token = self.token
        
        http_method = "POST" if method in ["POST", "PUT"] else method
        oauth_request = oauth.OAuthRequest.from_consumer_and_token(
                self.consumer, token=access_token, http_method=http_method,
                http_url=api_url, parameters=parameters)
        oauth_request.sign_request(self.signature_method, self.consumer,
                access_token)

        headers = {}
        if method == "PUT":
            headers["X-HTTP-Method-Override"] = "PUT"

        if body is not None and http_method == "POST":
            body += "&".join(
                    "%s=%s" % (oauth.escape(str(k)),oauth.escape(str(v))) for k, v in parameters.iteritems())

        request_url = oauth_request.to_url()
        if http_method == "POST":
            qs = urlparse.urlparse(oauth_request.to_url()).query
            qparams = oauth_request._split_url_string(qs)
            qs = "&".join("%s=%s" % (oauth.escape(str(k)), oauth.escape(str(v))) for k, v in qparams.iteritems())
            request_url = oauth_request.get_normalized_http_url() + "?" + qs

        #resp = urlfetch.fetch(request_url, payload=body, headers=headers, method=http_method)
        req = urllib2.Request(request_url, data=body, headers=headers)
        resp = urllib2.urlopen(req)

        self.last_response = resp
        resp_content = resp.read()
        if resp.code > 201:
            raise Exception("API returned an error", resp_content)

        api_response = resp_content if raw_response else simplejson.loads(resp_content)
        return api_response
示例#25
0
def update_all_distributed(request):
    """
    """
    logging.debug("Getting data.")

    params = {
        "callback":
        request.build_absolute_uri(reverse("update_all_distributed_callback")),
        "user_id":
        request.session["facility_user"].id,
    }

    query_string = "&".join(
        ["%s=%s" % (k, oauth.escape(v)) for k, v in params.items()])
    central_url = CENTRAL_SERVER_URL + reverse(
        "update_all_central") + "?" + query_string

    return HttpResponseRedirect(central_url)
示例#26
0
 def test_escape(self):
     string = 'http://whatever.com/~someuser/?test=test&other=other'
     self.assert_('~' in oauth.escape(string))
     string = '../../../../../../../etc/passwd'
     self.assert_('../' not in oauth.escape(string))