def _record_api_access_for_authenticated_user(self, api_method_wrapper, request_time, usage_statistics): oauth_server = oauth2.Server(signature_methods={'HMAC-SHA1': oauth2.SignatureMethod_HMAC_SHA1()}) #oauth_server.timestamp_threshold = 500000 auth_header = {} key = None if 'Authorization' in self._request.headers: auth_header = {'Authorization':self._request.headers['Authorization']} key = extract_oauth_consumer_key_from_auth_header_string(auth_header['Authorization']) req = oauth2.Request.from_request( self._request.method, self._request.url.split('?')[0], headers=auth_header, parameters=dict([(k,v) for k,v in self._request.values.iteritems()])) #If key not present in the auth header try form the params if not key: key = self._request.values.get('oauth_consumer_key') #if still no key then quit if not key: return_data = RecordAPIAccessReturn() return_data.access_status = 'denied' return_data.access_message = "Sorry, we didn't find an oauth_consumer_key in the Authorization header of your request" return return_data user = get_authenticated_user_app_by_key(key) if user is None: return_data = RecordAPIAccessReturn() return_data.access_status = 'denied' return_data.access_message = "Sorry, we didn't find a user account that matches the Oauth customer key %s, are you sure you have it correct?" % key return return_data user_app = filter(lambda x: x.key == key, user.apps)[0] usage_statistics['app_id'] = user_app.key try: oauth_server.verify_request(req, user_app, None) except oauth2.Error, e: return_data = RecordAPIAccessReturn() return_data.access_status = 'denied' return_data.access_message = "%s" % e baselogger.error("OAUTH REQUEST DENIED, |%s|" % return_data.access_message) return return_data
def test_pass_usingoauth2header(self): params = { 'oauth_version': "1.0", 'oauth_nonce': "4572616e48616d6d65724c61686176", 'oauth_timestamp': "137131200", 'oauth_consumer_key': "0685bd9184jfhq22", 'oauth_signature_method': "HMAC-SHA1", 'oauth_signature': "wOJIO9A2W5mFwDgiDvZbTSMK%2FPY%3D", } request = oauth.Request("GET", "http://SomeOtherUrl.com", params) header = request.to_header() auth_header_string = header['Authorization'] result = extract_oauth_consumer_key_from_auth_header_string(auth_header_string) self.assertEqual(result, '0685bd9184jfhq22')
def test_pass_withjustconsumerkey(self): header = 'oauth_consumer_key="test"' result = extract_oauth_consumer_key_from_auth_header_string(header) self.assertEqual(result, 'test')
def test_pass_withfullheaderstring(self): header = 'OAuth realm="", oauth_body_hash="2jmj7l5rSw0yVb%2FvlWAYkK%2FYBwk%3D", oauth_nonce="4572616e48616d6d65724c61686176", oauth_timestamp="137131200", oauth_consumer_key="test", oauth_signature_method="HMAC-SHA1", oauth_version="1.0", oauth_token="ad180jjd733klru7", oauth_signature="DMGKIfmjk5s4EbyG6qDT5zu0BRw%3D"' result = extract_oauth_consumer_key_from_auth_header_string(header) self.assertEqual(result, 'test')