heckyel/mediagoblin
0
0
Fork 0
Code Issues Pull Requests Releases Activity

Merge branch 'master' into merge-python3-port

Browse Source 
Has some issues, will iteratively fix!

Conflicts:
	mediagoblin/gmg_commands/__init__.py
	mediagoblin/gmg_commands/deletemedia.py
	mediagoblin/gmg_commands/users.py
	mediagoblin/oauth/views.py
	mediagoblin/plugins/api/views.py
	mediagoblin/tests/test_api.py
	mediagoblin/tests/test_edit.py
	mediagoblin/tests/test_oauth1.py
	mediagoblin/tests/test_util.py
	mediagoblin/tools/mail.py
	mediagoblin/webfinger/views.py
	setup.py
This commit is contained in:
Christopher Allan Webber
2014-09-16 14:01:43 -05:00
parent 5b64c92e08 1b4e199668
commit f6bad0eb26
215 changed files with 50324 additions and 10613 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
mediagoblin/oauth/oauth.py
View File

@@ -15,12 +15,10 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from oauthlib.common import Request
from oauthlib.oauth1 import RequestValidator
from oauthlib.oauth1 import RequestValidator
from mediagoblin.db.models import NonceTimestamp, Client, RequestToken, AccessToken
class GMGRequestValidator(RequestValidator):
enforce_ssl = False
@@ -63,14 +61,14 @@ class GMGRequestValidator(RequestValidator):
""" Currently a stub - called when making AccessTokens """
return list()
def validate_timestamp_and_nonce(self, client_key, timestamp,
nonce, request, request_token=None,
def validate_timestamp_and_nonce(self, client_key, timestamp,
nonce, request, request_token=None,
access_token=None):
nc = NonceTimestamp.query.filter_by(timestamp=timestamp, nonce=nonce)
nc = nc.first()
if nc is None:
return True
return False
def validate_client_key(self, client_key, request):
@@ -78,7 +76,7 @@ class GMGRequestValidator(RequestValidator):
client = Client.query.filter_by(id=client_key).first()
if client is None:
return False
return True
def validate_access_token(self, client_key, token, request):
@@ -119,14 +117,14 @@ class GMGRequest(Request):
"""
def __init__(self, request, *args, **kwargs):
"""
"""
:param request: werkzeug request object
any extra params are passed to oauthlib.common.Request object
"""
kwargs["uri"] = kwargs.get("uri", request.url)
kwargs["http_method"] = kwargs.get("http_method", request.method)
kwargs["body"] = kwargs.get("body", request.get_data())
kwargs["body"] = kwargs.get("body", request.data)
kwargs["headers"] = kwargs.get("headers", dict(request.headers))
super(GMGRequest, self).__init__(*args, **kwargs)

8
mediagoblin/oauth/routing.py
View File

@@ -18,25 +18,25 @@ from mediagoblin.tools.routing import add_route
# client registration & oauth
add_route(
"mediagoblin.oauth",
"mediagoblin.oauth.client_register",
"/api/client/register",
"mediagoblin.oauth.views:client_register"
)
add_route(
"mediagoblin.oauth",
"mediagoblin.oauth.request_token",
"/oauth/request_token",
"mediagoblin.oauth.views:request_token"
)
add_route(
"mediagoblin.oauth",
"mediagoblin.oauth.authorize",
"/oauth/authorize",
"mediagoblin.oauth.views:authorize",
)
add_route(
"mediagoblin.oauth",
"mediagoblin.oauth.access_token",
"/oauth/access_token",
"mediagoblin.oauth.views:access_token"
)

15
mediagoblin/oauth/views.py
View File

@@ -18,6 +18,7 @@ import datetime
import six
from oauthlib.oauth1.rfc5849.utils import UNICODE_ASCII_CHARACTER_SET
from oauthlib.oauth1 import (RequestTokenEndpoint, AuthorizationEndpoint,
AccessTokenEndpoint)
@@ -37,7 +38,7 @@ from mediagoblin.oauth.tools.forms import WTFormData
from mediagoblin.db.models import NonceTimestamp, Client, RequestToken
# possible client types
client_types = ["web", "native"] # currently what pump supports
CLIENT_TYPES = ["web", "native"] # currently what pump supports
@csrf_exempt
def client_register(request):
@@ -55,7 +56,7 @@ def client_register(request):
if "type" not in data:
error = "No registration type provided."
return json_response({"error": error}, status=400)
if data.get("application_type", None) not in client_types:
if data.get("application_type", None) not in CLIENT_TYPES:
error = "Unknown application_type."
return json_response({"error": error}, status=400)
@@ -90,7 +91,7 @@ def client_register(request):
)
app_name = ("application_type", client.application_name)
if app_name in client_types:
if app_name in CLIENT_TYPES:
client.application_name = app_name
elif client_type == "client_associate":
@@ -106,8 +107,8 @@ def client_register(request):
return json_response({"error": error}, status=400)
# generate the client_id and client_secret
client_id = random_string(22) # seems to be what pump uses
client_secret = random_string(43) # again, seems to be what pump uses
client_id = random_string(22, UNICODE_ASCII_CHARACTER_SET)
client_secret = random_string(43, UNICODE_ASCII_CHARACTER_SET)
expirey = 0 # for now, lets not have it expire
expirey_db = None if expirey == 0 else expirey
application_type = data["application_type"]
@@ -251,6 +252,7 @@ def authorize(request):
if oauth_request.verifier is None:
orequest = GMGRequest(request)
orequest.resource_owner_key = token
request_validator = GMGRequestValidator()
auth_endpoint = AuthorizationEndpoint(request_validator)
verifier = auth_endpoint.create_verifier(orequest, {})
@@ -332,10 +334,9 @@ def access_token(request):
error = "Missing required parameter."
return json_response({"error": error}, status=400)
request.resource_owner_key = parsed_tokens["oauth_consumer_key"]
request.oauth_token = parsed_tokens["oauth_token"]
request_validator = GMGRequestValidator(data)
av = AccessTokenEndpoint(request_validator)
tokens = av.create_access_token(request, {})
return form_response(tokens)