Ensures endpoint queries with @oauth_required are validated
This commit is contained in:
xray7224
parent
1e2675b0c0
commit
49a47ec991
@ -292,8 +292,10 @@ def oauth_required(controller):
|
|||||||
body=request.get_data(),
|
body=request.get_data(),
|
||||||
headers=dict(request.headers),
|
headers=dict(request.headers),
|
||||||
)
|
)
|
||||||
#print "[VALID] %s" % valid
|
|
||||||
#print "[REQUEST] %s" % request
|
if not valid:
|
||||||
|
error = "Invalid oauth prarameter."
|
||||||
|
return json_response({"error": error}, status=400)
|
||||||
|
|
||||||
return controller(request, *args, **kwargs)
|
return controller(request, *args, **kwargs)
|
||||||
|
|
||||||
|
|||||||
@ -62,6 +62,51 @@ class GMGRequestValidator(RequestValidator):
|
|||||||
""" Currently a stub - called when making AccessTokens """
|
""" Currently a stub - called when making AccessTokens """
|
||||||
return list()
|
return list()
|
||||||
|
|
||||||
|
def validate_timestamp_and_nonce(self, client_key, timestamp,
|
||||||
|
nonce, request, request_token=None,
|
||||||
|
access_token=None):
|
||||||
|
return True # TODO!!! - SECURITY RISK IF NOT DONE
|
||||||
|
|
||||||
|
def validate_client_key(self, client_key, request):
|
||||||
|
""" Verifies client exists with id of client_key """
|
||||||
|
client = Client.query.filter_by(id=client_key).first()
|
||||||
|
if client is None:
|
||||||
|
return False
|
||||||
|
|
||||||
|
return True
|
||||||
|
|
||||||
|
def validate_access_token(self, client_key, token, request):
|
||||||
|
""" Verifies token exists for client with id of client_key """
|
||||||
|
client = Client.query.filter_by(id=client_key).first()
|
||||||
|
token = AccessToken.query.filter_by(token=token)
|
||||||
|
token = token.first()
|
||||||
|
|
||||||
|
if token is None:
|
||||||
|
return False
|
||||||
|
|
||||||
|
request_token = RequestToken.query.filter_by(token=token.request_token)
|
||||||
|
request_token = request_token.first()
|
||||||
|
|
||||||
|
if client.id != request_token.client:
|
||||||
|
return False
|
||||||
|
|
||||||
|
return True
|
||||||
|
|
||||||
|
def validate_realms(self, *args, **kwargs):
|
||||||
|
""" Would validate reals however not using these yet. """
|
||||||
|
return True # implement when realms are implemented
|
||||||
|
|
||||||
|
|
||||||
|
def get_client_secret(self, client_key, request):
|
||||||
|
""" Retrives a client secret with from a client with an id of client_key """
|
||||||
|
client = Client.query.filter_by(id=client_key).first()
|
||||||
|
return client.secret
|
||||||
|
|
||||||
|
def get_access_token_secret(self, client_key, token, request):
|
||||||
|
client = Client.query.filter_by(id=client_key).first()
|
||||||
|
access_token = AccessToken.query.filter_by(token=token).first()
|
||||||
|
return access_token.secret
|
||||||
|
|
||||||
class GMGRequest(Request):
|
class GMGRequest(Request):
|
||||||
"""
|
"""
|
||||||
Fills in data to produce a oauth.common.Request object from a
|
Fills in data to produce a oauth.common.Request object from a
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user