示例#1
0
 def build_signature_base_string(self, oauth_request, consumer, token): # XXX consumer und token ungenutzt?
     sig = (oauth.escape(oauth_request.method),
            oauth.escape(oauth_request.normalized_url),
            oauth.escape(oauth_request.get_normalized_parameters()),
           )
     raw = '&'.join(sig)
     return raw
示例#2
0
    def signing_base(self, request, consumer, token):
        sig = (escape(request.method), escape(request.path_url), escape(get_normalized_parameters(request)))

        key = "%s&" % escape(consumer.secret)
        if token:
            key += escape(token.secret)
        raw = "&".join(sig)
        return key, raw
示例#3
0
 def signing_base(self, request):
     """Calculates the string that needs to be signed."""
     sig = (
         oauth2.escape(request.method),
         oauth2.escape(request.normalized_url),
         oauth2.escape(request.get_normalized_parameters()),
     )
     raw = '&'.join(sig)
     return raw
示例#4
0
 def signing_base(self, request):
     """
     Calculates the string that needs to be signed.
     """
     sig = (oauth2.escape(request.method),
            oauth2.escape(request.normalized_url),
            oauth2.escape(request.get_normalized_parameters()))
     raw = '&'.join(sig)
     return raw
示例#5
0
    def signing_base(self, request, consumer, token):
        if not hasattr(request, "normalized_url") or request.normalized_url is None:
            raise ValueError("Base URL for request is not set.")

        sig = (escape(request.method), escape(request.normalized_url), escape(request.get_normalized_parameters()))

        key = "%s&" % escape(consumer.secret)
        if token:
            key += escape(token.secret)
        raw = "&".join(sig)
        return key, raw
示例#6
0
    def signing_base(self, request, consumer, token):
        sig = (
            escape(request.method),
            escape(request.path_url),
            escape(get_normalized_parameters(request)),
        )

        key = '%s&' % escape(consumer.secret)
        if token:
            key += escape(token.secret)
        raw = '&'.join(sig)
        return key, raw
示例#7
0
    def signing_base(self, request, consumer, token):
        if not hasattr(request, 'normalized_url') or request.normalized_url is None:
            raise ValueError("Base URL for request is not set.")

        sig = (
            oauth.escape(request.method),
            oauth.escape(request.normalized_url),
            oauth.escape(request.get_normalized_parameters()),
        )

        key = '%s&' % oauth.escape(consumer.secret)
        if token:
            key += oauth.escape(token.secret)
        raw = '&'.join(sig)
        return key, raw
示例#8
0
    def signing_base(self, request, consumer, token):
        if not hasattr(request, 'normalized_url') or request.normalized_url is None:
            raise ValueError("Base URL for request is not set.")

        sig = (
            oauth.escape(request.method),
            oauth.escape(request.normalized_url),
            oauth.escape(request.get_normalized_parameters()),
        )

        key = '%s&' % oauth.escape(consumer.secret)
        if token:
            key += oauth.escape(token.secret)
        raw = '&'.join(sig)
        return key, raw
示例#9
0
        def signing_base(self, request: oauth2.Request,
                         consumer: oauth2.Consumer,
                         token: oauth2.Token) -> Tuple[str, str]:
            if not hasattr(request,
                           'normalized_url') or request.normalized_url is None:
                raise ValueError("Base URL for request is not set.")

            sig = (
                oauth2.escape(request.method),
                oauth2.escape(request.normalized_url),
                oauth2.escape(request.get_normalized_parameters()),
            )

            key = f'oauth.escape(consumer.secret)&{oauth2.escape(token.secret) if token else ""}'
            raw = '&'.join(sig)
            return key, raw
示例#10
0
    def _get_oauth_header(self, postdata):
        """Return the content of the OAuth 1.0a Authorization: header."""
        # Note: This is a little weird in that we use a library (oauth2) that
        # is itself completely capable of making HTTP requests, but only to
        # generate the auth header. We do this, instead of adapting the above
        # to use oauth2 instead of urllib2, because oauth2 cannot (AFAICT)
        # open a persistent stream, which obviously we need.
        #
        # FIXME: This method is untested with non-empty postdata.
        conr = oauth2.Consumer(self._consumer_key, self._consumer_secret)
        token = oauth2.Token(self._access_token, self._access_secret)
        parms = { 'oauth_version': '1.0',
                  'oauth_nonce': oauth2.generate_nonce(),
                  'oauth_timestamp': str(int(time.time())) }
        method = 'GET'
        if (postdata):
            parms.update(postdata)
            method = 'POST'

        oauths = oauth2.Request(method=method, url=self.url, parameters=parms)
        # Setting is_form_encoded prevents 'oauth_body_hash', which causes
        # authentication failure, from being included in the OAuth parameters.
        # See <https://dev.twitter.com/discussions/4776>. (No, it doesn't make
        # any sense.)
        oauths.is_form_encoded = True
        oauths.sign_request(oauth2.SignatureMethod_HMAC_SHA1(), conr, token)
        #pprint(oauths)

        # oauths2.Request.to_header() adds a bogus "realm" parameter, so we
        # mostly stringify ourselves, according to
        # <https://dev.twitter.com/docs/auth/authorizing-request>.
        return ('OAuth ' + ', '.join('%s="%s"' % (k, oauth2.escape(v))
                                     for (k, v) in oauths.iteritems()))
示例#11
0
def request_to_header(request, realm=''):
    """Serialize as a header for an HTTPAuth request."""
    auth_header = 'OAuth realm="%s"' % realm
    for k, v in request.iteritems():
        if k.startswith('oauth_') or k.startswith('x_auth_'):
            auth_header += ', %s="%s"' % (k, oauth.escape(str(v)))
    return {'Authorization': auth_header}
示例#12
0
def request_to_header(request, realm=''):
    """Serialize as a header for an HTTPAuth request."""
    auth_header = 'OAuth realm="%s"' % realm
    for k, v in request.iteritems():
        if k.startswith('oauth_') or k.startswith('x_auth_'):
            auth_header += ', %s="%s"' % (k, oauth.escape(str(v)))
    return {'Authorization': auth_header}
示例#13
0
def oauth_sign(method, url, params, data, private_key_path):
    """Returns oauth_signature for a given request"""

    # Use oauth2 Request() to normalize the payload
    request = oauth2.Request(method, url, params, data)
    raw = '&'.join([
        oauth2.escape(request.method),
        oauth2.escape(request.normalized_url),
        oauth2.escape(request.get_normalized_parameters()),
    ])

    # Load the private keyfile
    with open(private_key_path, 'r') as f:
        privatekey = keyfactory.parsePrivateKey(f.read())

    # Calculate signature and return it as a b64-encoded string
    return base64.b64encode(privatekey.hashAndSign(raw))
示例#14
0
    def signing_base(self, request, consumer, token):
        """
        Overriden, to avoid forcing request have the attribute `normalized_url`
        and method `get_normalized_parameters`
        """
        normalized_url = OAuthHook.get_normalized_url(request.url)
        if normalized_url is None:
            raise ValueError("normalized URL for request is not set.")

        sig = (
            escape(request.method),
            escape(normalized_url),
            escape(OAuthHook.get_normalized_parameters(request)),
        )

        key = '%s&' % escape(consumer.secret)
        if token:
            key += escape(token.secret)
        raw = '&'.join(sig)
        return key, raw
示例#15
0
def request_to_header(request, realm=''):
    """Serialize as a header for an HTTPAuth request."""
    auth_header = 'OAuth realm="%s"' % realm
        # Add the oauth parameters.
    #if request.parameters:
    #    for k, v in request.parameters.iteritems():
    #        if k.startswith('oauth_') or k.startswith('x_auth_'):
    #            auth_header += ', %s="%s"' % (k, oauth.escape(str(v)))

    ''' 这里少个判断request是否没有参数'''
    for k, v in request.iteritems():
        if k.startswith('oauth_') or k.startswith('x_auth_'):
            auth_header += ', %s="%s"' % (k, oauth.escape(str(v)))
    return {'Authorization': auth_header}
示例#16
0
    def signing_base(self, request, consumer, token):
        """
        Base functionality to sign requests.
        :param request: http request
        :param consumer: oauth consumer
        :param token: oauth token
        :return: key and key bytes
        """
        if not hasattr(request,
                       'normalized_url') or request.normalized_url is None:
            raise ValueError("Base URL for request is not set.")

        sig = (
            oauth.escape(request.method),
            oauth.escape(request.normalized_url),
            oauth.escape(request.get_normalized_parameters()),
        )

        key = '%s&' % oauth.escape(consumer.secret)
        if token:
            key += oauth.escape(token.secret)
        raw = '&'.join(sig)
        return key, bytes(raw, 'utf-8')
示例#17
0
    def to_header(self, req, realm=''):
        """Serialize as a header for an HTTPAuth request."""
        oauth_params = ((k, v) for k, v in req.items() 
                            if k.startswith('oauth_'))
        stringy_params = ((k, oauth.escape(str(v))) for k, v in oauth_params)
        header_params = ('%s="%s"' % (k, v) for k, v in stringy_params)
        params_header = ', '.join(header_params)
 
        auth_header = 'OAuth'
        if realm != '':
            auth_header = '%s realm="%s"' % (auth_header,realm)
            if params_header:
                auth_header = "%s, %s" % (auth_header, params_header)
        else:
            if params_header:
                auth_header = "%s %s" % (auth_header, params_header)
 
        return {'Authorization': auth_header}
示例#18
0
    def to_header(self, req, realm=''):
        """Serialize as a header for an HTTPAuth request."""
        oauth_params = ((k, v) for k, v in req.items()
                        if k.startswith('oauth_'))
        stringy_params = ((k, oauth.escape(str(v))) for k, v in oauth_params)
        header_params = ('%s="%s"' % (k, v) for k, v in stringy_params)
        params_header = ', '.join(header_params)

        auth_header = 'OAuth'
        if realm != '':
            auth_header = '%s realm="%s"' % (auth_header, realm)
            if params_header:
                auth_header = "%s, %s" % (auth_header, params_header)
        else:
            if params_header:
                auth_header = "%s %s" % (auth_header, params_header)

        return {'Authorization': auth_header}
示例#19
0
    def create_access_token(self, request, oauth_request, consumer, request_token):
        try:
            scope = oauth_request.get_parameter('scope')
        except oauth.Error:
            scope = 'all'
        try:
            resource = Resource.objects.get(name=scope)
        except Resource.DoesNotExist:
            raise oauth.Error('Resource %s does not exist.' % oauth.escape(scope))

        access_token = Token.objects.create_token(
            token_type=Token.ACCESS,
            timestamp=oauth_request['oauth_timestamp'],
            consumer=Consumer.objects.get(key=consumer.key),
            user=request_token.user,
            resource=resource,
        )
        request_token.delete()
        return access_token
示例#20
0
    def create_request_token(self, request, oauth_request, consumer, callback):
        try:
            scope = oauth_request.get_parameter('scope')
        except oauth.Error:
            scope = 'all'
        try:
            resource = Resource.objects.get(name=scope)
        except Resource.DoesNotExist:
            raise oauth.Error('Resource %s does not exist.' % oauth.escape(scope))
        
        token = Token.objects.create_token(
            token_type=Token.REQUEST,
            consumer=Consumer.objects.get(key=oauth_request['oauth_consumer_key']),
            timestamp=oauth_request['oauth_timestamp'],
            resource=resource,
        )
        token.set_callback(callback)
        token.save()

        return token
示例#21
0
def add_signature(settings, url, data):
    method = 'POST'
    encoded = [(oauth2.escape(k), oauth2.escape(v)) for k, v in data.items()]
    encoded = sorted(encoded, key=lambda t: t[0])
    items = ['{}={}'.format(k, v) for k, v in encoded]
    param_string = '&'.join(items)
    signature_base = '&'.join(
        [method, oauth2.escape(url),
         oauth2.escape(param_string)])
    c_secret = settings['consumer_secret']
    o_secret = settings['access_token_secret']
    key = '&'.join([oauth2.escape(c_secret), oauth2.escape(o_secret)])
    hashed = hmac.new(bytes(key, 'utf-8'), bytes(signature_base, 'utf-8'),
                      hashlib.sha1)
    signature = base64.b64encode(hashed.digest()).decode()
    data['oauth_signature'] = signature
示例#22
0
def sign_get(path, query=None):
    """
    Signed GET-Requests are broken in the oauth2 lib
    as it tries to create a body signature
    """
    session = request.environ.get('beaker.session')
       
    method = "GET"    
    consumer = oauth.Consumer(key=XING_API_KEY, secret=XING_API_SECRET)
    
    url = XING_API_ROOT + "/v1/" + path
    params = {
      'oauth_version': "1.0",
      'oauth_signature_method': "HMAC-SHA1",
      'oauth_nonce': oauth.generate_nonce(),
      'oauth_timestamp': int(time.time()),
      'oauth_token': session['oauth_token'],
      'oauth_consumer_key': XING_API_KEY,
    }
    if query is not None:
        for q in query:
            params[q] = query[q]
    
    sig_method = oauth.SignatureMethod_HMAC_SHA1()
    req = oauth.Request(method=method, url=url, parameters=params)
    token = oauth.Token(session['oauth_token'], session['oauth_token_secret'])
    signature = sig_method.sign(req, consumer, token)
    signed_url = req.to_url() + '&oauth_signature=' + oauth.escape(signature)
    
    client = httplib2.Http()
    resp, content = client.request(signed_url)
    
    data = json.loads(content)
    if (int(resp['status']) > 400):
        print "Signed GET request failed: " + signed_url
        print data
        return []
    return data
示例#23
0
 def test_escape(self):
     string = 'http://whatever.com/~someuser/?test=test&other=other'
     self.assert_('~' in oauth.escape(string))
     string = '../../../../../../../etc/passwd'
     self.assert_('../' not in oauth.escape(string))
示例#24
0
 def test_escape(self):
     string = "http://whatever.com/~someuser/?test=test&other=other"
     self.assert_("~" in oauth.escape(string))
     string = "../../../../../../../etc/passwd"
     self.assert_("../" not in oauth.escape(string))
示例#25
0
 def test_escape(self):
     string = 'http://whatever.com/~someuser/?test=test&other=other'
     self.assert_('~' in oauth.escape(string))
     string = '../../../../../../../etc/passwd'
     self.assert_('../' not in oauth.escape(string))