heckyel/mediagoblin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Cleans up some of the OAuth code

Browse Source
This commit is contained in:
xray7224 2013-07-11 19:43:00 +01:00
parent 2b60a56cbe
commit 786bbd79e8
7 changed files with 134 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
mediagoblin/decorators.py
View File

@ -22,10 +22,11 @@ from werkzeug.exceptions import Forbidden, NotFound
from mediagoblin import mg_globals as mgg from mediagoblin import mg_globals as mgg
from mediagoblin import messages from mediagoblin import messages
from mediagoblin.db.models import MediaEntry, User from mediagoblin.db.models import MediaEntry, User
from mediagoblin.tools.request import decode_authorization_header
from mediagoblin.tools.response import json_response, redirect, render_404 from mediagoblin.tools.response import json_response, redirect, render_404
from mediagoblin.tools.translate import pass_to_ugettext as _ from mediagoblin.tools.translate import pass_to_ugettext as _
from mediagoblin.federation.tools.request import decode_authorization_header
from mediagoblin.federation.oauth import GMGRequestValidator
def require_active_login(controller): def require_active_login(controller):
""" """
@ -282,3 +283,4 @@ def oauth_requeired(controller):
return json_response({"error": error}, status=400) return json_response({"error": error}, status=400)

18
mediagoblin/federation/exceptions.py Normal file
View File

@ -0,0 +1,18 @@
# GNU MediaGoblin -- federated, autonomous media hosting
# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
class ValidationException(Exception):
pass

80
mediagoblin/federation/oauth.py Normal file
View File

@ -0,0 +1,80 @@
# GNU MediaGoblin -- federated, autonomous media hosting
# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from oauthlib.common import Request
from oauthlib.oauth1 import (AuthorizationEndpoint, RequestValidator,
RequestTokenEndpoint, AccessTokenEndpoint)
from mediagoblin.db.models import Client, RequestToken, AccessToken
class GMGRequestValidator(RequestValidator):
def __init__(self, data=None):
self.POST = data
def save_request_token(self, token, request):
""" Saves request token in db """
client_id = self.POST[u"oauth_consumer_key"]
request_token = RequestToken(
token=token["oauth_token"],
secret=token["oauth_token_secret"],
)
request_token.client = client_id
request_token.callback = token.get("oauth_callback", None)
request_token.save()
def save_verifier(self, token, verifier, request):
""" Saves the oauth request verifier """
request_token = RequestToken.query.filter_by(token=token).first()
request_token.verifier = verifier["oauth_verifier"]
request_token.save()
def save_access_token(self, token, request):
""" Saves access token in db """
access_token = AccessToken(
token=token["oauth_token"],
secret=token["oauth_token_secret"],
)
access_token.request_token = request.oauth_token
request_token = RequestToken.query.filter_by(token=request.oauth_token).first()
access_token.user = request_token.user
access_token.save()
def get_realms(*args, **kwargs):
""" Currently a stub - called when making AccessTokens """
return list()
class GMGRequest(Request):
"""
Fills in data to produce a oauth.common.Request object from a
werkzeug Request object
"""
def __init__(self, request, *args, **kwargs):
"""
:param request: werkzeug request object
any extra params are passed to oauthlib.common.Request object
"""
kwargs["uri"] = kwargs.get("uri", request.url)
kwargs["http_method"] = kwargs.get("http_method", request.method)
kwargs["body"] = kwargs.get("body", request.get_data())
kwargs["headers"] = kwargs.get("headers", dict(request.headers))
super(GMGRequest, self).__init__(*args, **kwargs)

0
mediagoblin/federation/tools/__init__.py Normal file
View File

27
mediagoblin/federation/tools/request.py Normal file
View File

@ -0,0 +1,27 @@
# GNU MediaGoblin -- federated, autonomous media hosting
# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import re
# Regex for parsing Authorization string
auth_header_re = re.compile('(\w+)[:=] ?"?(\w+)"?')
def decode_authorization_header(header):
""" Decodes a HTTP Authorization Header to python dictionary """
authorization = header.get("Authorization", "")
tokens = dict(auth_header_re.findall(authorization))
return tokens

56
mediagoblin/federation/views.py
View File

@ -16,21 +16,23 @@
import datetime import datetime
import oauthlib.common
from oauthlib.oauth1 import (AuthorizationEndpoint, RequestValidator, from oauthlib.oauth1 import (AuthorizationEndpoint, RequestValidator,
RequestTokenEndpoint, AccessTokenEndpoint) RequestTokenEndpoint, AccessTokenEndpoint)
from mediagoblin.decorators import require_active_login from mediagoblin.decorators import require_active_login
from mediagoblin.tools.translate import pass_to_ugettext from mediagoblin.tools.translate import pass_to_ugettext
from mediagoblin.meddleware.csrf import csrf_exempt from mediagoblin.meddleware.csrf import csrf_exempt
from mediagoblin.tools.request import decode_request, decode_authorization_header from mediagoblin.tools.request import decode_request
from mediagoblin.tools.response import (render_to_response, redirect, from mediagoblin.tools.response import (render_to_response, redirect,
json_response, render_400, json_response, render_400,
form_response) form_response)
from mediagoblin.tools.crypto import random_string from mediagoblin.tools.crypto import random_string
from mediagoblin.tools.validator import validate_email, validate_url from mediagoblin.tools.validator import validate_email, validate_url
from mediagoblin.db.models import User, Client, RequestToken, AccessToken
from mediagoblin.federation.forms import AuthorizeForm from mediagoblin.federation.forms import AuthorizeForm
from mediagoblin.federation.exceptions import ValidationException
from mediagoblin.federation.oauth import GMGRequestValidator, GMGRequest
from mediagoblin.federation.tools.request import decode_authorization_header
from mediagoblin.db.models import Client, RequestToken, AccessToken
# possible client types # possible client types
client_types = ["web", "native"] # currently what pump supports client_types = ["web", "native"] # currently what pump supports
@ -175,47 +177,6 @@ def client_register(request):
"expires_at": expirey, "expires_at": expirey,
}) })
class ValidationException(Exception):
pass
class GMGRequestValidator(RequestValidator):
def __init__(self, data=None):
self.POST = data
def save_request_token(self, token, request):
""" Saves request token in db """
client_id = self.POST[u"oauth_consumer_key"]
request_token = RequestToken(
token=token["oauth_token"],
secret=token["oauth_token_secret"],
)
request_token.client = client_id
request_token.callback = token.get("oauth_callback", None)
request_token.save()
def save_verifier(self, token, verifier, request):
""" Saves the oauth request verifier """
request_token = RequestToken.query.filter_by(token=token).first()
request_token.verifier = verifier["oauth_verifier"]
request_token.save()
def save_access_token(self, token, request):
""" Saves access token in db """
access_token = AccessToken(
token=token["oauth_token"],
secret=token["oauth_token_secret"],
)
access_token.request_token = request.oauth_token
request_token = RequestToken.query.filter_by(token=request.oauth_token).first()
access_token.user = request_token.user
access_token.save()
def get_realms(*args, **kwargs):
""" Currently a stub - called when making AccessTokens """
return list()
@csrf_exempt @csrf_exempt
def request_token(request): def request_token(request):
""" Returns request token """ """ Returns request token """
@ -288,12 +249,7 @@ def authorize(request):
return authorize_finish(request) return authorize_finish(request)
if oauth_request.verifier is None: if oauth_request.verifier is None:
orequest = oauthlib.common.Request( orequest = GMGRequest(request)
uri=request.url,
http_method=request.method,
body=request.get_data(),
headers=request.headers
)
request_validator = GMGRequestValidator() request_validator = GMGRequestValidator()
auth_endpoint = AuthorizationEndpoint(request_validator) auth_endpoint = AuthorizationEndpoint(request_validator)
verifier = auth_endpoint.create_verifier(orequest, {}) verifier = auth_endpoint.create_verifier(orequest, {})

9
mediagoblin/tools/request.py
View File

@ -14,7 +14,6 @@
# You should have received a copy of the GNU Affero General Public License # You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>. # along with this program. If not, see <http://www.gnu.org/licenses/>.
import re
import json import json
import logging import logging
from mediagoblin.db.models import User from mediagoblin.db.models import User
@ -26,8 +25,6 @@ _log = logging.getLogger(__name__)
form_encoded = "application/x-www-form-urlencoded" form_encoded = "application/x-www-form-urlencoded"
json_encoded = "application/json" json_encoded = "application/json"
# Regex for Authorization header
auth_header_re = re.compile('(\w+)[:=] ?"?(\w+)"?')
def setup_user_in_request(request): def setup_user_in_request(request):
""" """
@ -57,9 +54,3 @@ def decode_request(request):
else: else:
data = "" data = ""
return data return data
def decode_authorization_header(header):
""" Decodes a HTTP Authorization Header to python dictionary """
authorization = header.get("Authorization", "")
tokens = dict(auth_header_re.findall(authorization))
return tokens