heckyel/mediagoblin
0
0
Fork 0
Code Issues Pull Requests Releases Activity

Added client registration caps to OAuth plugin

Browse Source 
THE MIGRATIONS SUPPLIED WITH THIS COMMIT WILL DROP AND RE-CREATE YOUR
oauth__tokens AND oauth__codes TABLES. ALL YOUR OAUTH CODES AND TOKENS
WILL BE LOST.

- Fixed pylint issues in db/sql/migrations.
- Added __repr__ to the User model.
- Added _disable_cors option to json_response.
- Added crude error handling to the api.tools.api_auth decorator
- Updated the OAuth README.
- Added client registration, client overview, connection overview,
  client authorization views and templates.
- Added error handling to the OAuthAuth Auth object.
- Added AuthorizationForm, ClientRegistrationForm in oauth/forms.
- Added migrations for OAuth, added client registration migration.
- Added OAuthClient, OAuthUserClient models.
- Added oauth/tools with require_client_auth decorator method.
This commit is contained in:
Joar Wandborg
2012-09-21 13:02:35 +02:00
parent d4c066abf0
commit 88a9662be4
14 changed files with 602 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
mediagoblin/plugins/api/tools.py
View File

@@ -52,7 +52,7 @@ class Auth(object):
raise NotImplemented()
def json_response(serializable, *args, **kw):
def json_response(serializable, _disable_cors=False, *args, **kw):
'''
Serializes a json objects and returns a webob.Response object with the
serialized value as the response body and Content-Type: application/json.
@@ -64,11 +64,14 @@ def json_response(serializable, *args, **kw):
'''
response = Response(json.dumps(serializable), *args, **kw)
response.headers['Content-Type'] = 'application/json'
cors_headers = {
'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Methods': 'POST, GET, OPTIONS',
'Access-Control-Allow-Headers': 'Content-Type, X-Requested-With'}
response.headers.update(cors_headers)
if not _disable_cors:
cors_headers = {
'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Methods': 'POST, GET, OPTIONS',
'Access-Control-Allow-Headers': 'Content-Type, X-Requested-With'}
response.headers.update(cors_headers)
return response
@@ -149,6 +152,11 @@ def api_auth(controller):
auth, request.url))
if not auth(request, *args, **kw):
if getattr(auth, 'errors', []):
return json_response({
'status': 403,
'errors': auth.errors})
return exc.HTTPForbidden()
return controller(request, *args, **kw)