Commit | Line | Data |
---|---|---|
f46e2a4d JW |
1 | # GNU MediaGoblin -- federated, autonomous media hosting |
2 | # Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS. | |
3 | # | |
4 | # This program is free software: you can redistribute it and/or modify | |
5 | # it under the terms of the GNU Affero General Public License as published by | |
6 | # the Free Software Foundation, either version 3 of the License, or | |
7 | # (at your option) any later version. | |
8 | # | |
9 | # This program is distributed in the hope that it will be useful, | |
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
12 | # GNU Affero General Public License for more details. | |
13 | # | |
14 | # You should have received a copy of the GNU Affero General Public License | |
15 | # along with this program. If not, see <http://www.gnu.org/licenses/>. | |
16 | ||
17 | import os | |
18 | import logging | |
19 | ||
f46e2a4d | 20 | from mediagoblin.tools import pluginapi |
88a9662b JW |
21 | from mediagoblin.plugins.oauth.models import OAuthToken, OAuthClient, \ |
22 | OAuthUserClient | |
42c83752 | 23 | from mediagoblin.plugins.api.tools import Auth |
f46e2a4d JW |
24 | |
25 | _log = logging.getLogger(__name__) | |
26 | ||
27 | PLUGIN_DIR = os.path.dirname(__file__) | |
28 | ||
29 | ||
30 | def setup_plugin(): | |
31 | config = pluginapi.get_config('mediagoblin.plugins.oauth') | |
32 | ||
33 | _log.info('Setting up OAuth...') | |
34 | _log.debug('OAuth config: {0}'.format(config)) | |
35 | ||
36 | routes = [ | |
d56e8263 JW |
37 | ('mediagoblin.plugins.oauth.authorize', |
38 | '/oauth/authorize', | |
7742dcc1 | 39 | 'mediagoblin.plugins.oauth.views:authorize'), |
d56e8263 JW |
40 | ('mediagoblin.plugins.oauth.authorize_client', |
41 | '/oauth/client/authorize', | |
7742dcc1 | 42 | 'mediagoblin.plugins.oauth.views:authorize_client'), |
7742dcc1 | 43 | ('mediagoblin.plugins.oauth.access_token', |
d56e8263 JW |
44 | '/oauth/access_token', |
45 | 'mediagoblin.plugins.oauth.views:access_token'), | |
46 | ('mediagoblin.plugins.oauth.list_connections', | |
88a9662b | 47 | '/oauth/client/connections', |
7742dcc1 JW |
48 | 'mediagoblin.plugins.oauth.views:list_connections'), |
49 | ('mediagoblin.plugins.oauth.register_client', | |
88a9662b | 50 | '/oauth/client/register', |
7742dcc1 JW |
51 | 'mediagoblin.plugins.oauth.views:register_client'), |
52 | ('mediagoblin.plugins.oauth.list_clients', | |
88a9662b | 53 | '/oauth/client/list', |
7742dcc1 | 54 | 'mediagoblin.plugins.oauth.views:list_clients')] |
f46e2a4d JW |
55 | |
56 | pluginapi.register_routes(routes) | |
57 | pluginapi.register_template_path(os.path.join(PLUGIN_DIR, 'templates')) | |
58 | ||
59 | ||
42c83752 | 60 | class OAuthAuth(Auth): |
f46e2a4d | 61 | def trigger(self, request): |
f26224d4 JW |
62 | if 'access_token' in request.GET: |
63 | return True | |
64 | ||
65 | return False | |
f46e2a4d JW |
66 | |
67 | def __call__(self, request, *args, **kw): | |
88a9662b JW |
68 | self.errors = [] |
69 | # TODO: Add suport for client credentials authorization | |
70 | client_id = request.GET.get('client_id') # TODO: Not used | |
71 | client_secret = request.GET.get('client_secret') # TODO: Not used | |
f46e2a4d | 72 | access_token = request.GET.get('access_token') |
88a9662b JW |
73 | |
74 | _log.debug('Authorizing request {0}'.format(request.url)) | |
75 | ||
f46e2a4d JW |
76 | if access_token: |
77 | token = OAuthToken.query.filter(OAuthToken.token == access_token)\ | |
78 | .first() | |
79 | ||
80 | if not token: | |
88a9662b JW |
81 | self.errors.append('Invalid access token') |
82 | return False | |
83 | ||
84 | _log.debug('Access token: {0}'.format(token)) | |
85 | _log.debug('Client: {0}'.format(token.client)) | |
86 | ||
87 | relation = OAuthUserClient.query.filter( | |
88 | (OAuthUserClient.user == token.user) | |
89 | & (OAuthUserClient.client == token.client) | |
90 | & (OAuthUserClient.state == u'approved')).first() | |
91 | ||
92 | _log.debug('Relation: {0}'.format(relation)) | |
93 | ||
94 | if not relation: | |
95 | self.errors.append( | |
96 | u'Client has not been approved by the resource owner') | |
f46e2a4d JW |
97 | return False |
98 | ||
99 | request.user = token.user | |
f26224d4 | 100 | return True |
f46e2a4d | 101 | |
88a9662b JW |
102 | self.errors.append(u'No access_token specified') |
103 | ||
f26224d4 | 104 | return False |
f46e2a4d JW |
105 | |
106 | hooks = { | |
107 | 'setup': setup_plugin, | |
108 | 'auth': OAuthAuth() | |
109 | } |