Commit | Line | Data |
---|---|---|
03ae172a | 1 | # GNU MediaGoblin -- federated, autonomous media hosting |
cf29e8a8 | 2 | # Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS. |
03ae172a AW |
3 | # |
4 | # This program is free software: you can redistribute it and/or modify | |
5 | # it under the terms of the GNU Affero General Public License as published by | |
6 | # the Free Software Foundation, either version 3 of the License, or | |
7 | # (at your option) any later version. | |
8 | # | |
9 | # This program is distributed in the hope that it will be useful, | |
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
12 | # GNU Affero General Public License for more details. | |
13 | # | |
14 | # You should have received a copy of the GNU Affero General Public License | |
15 | # along with this program. If not, see <http://www.gnu.org/licenses/>. | |
16 | ||
d41c6a53 | 17 | import json |
cc9f9a1d | 18 | import logging |
967df5ef | 19 | |
fa9c0576 | 20 | import six |
2fdc14a2 BS |
21 | from werkzeug.http import parse_options_header |
22 | ||
967df5ef JT |
23 | from mediagoblin.db.models import User, AccessToken |
24 | from mediagoblin.oauth.tools.request import decode_authorization_header | |
03ae172a | 25 | |
cc9f9a1d E |
26 | _log = logging.getLogger(__name__) |
27 | ||
28 | ||
d41c6a53 | 29 | # MIME-Types |
30 | form_encoded = "application/x-www-form-urlencoded" | |
31 | json_encoded = "application/json" | |
32 | ||
2b60a56c | 33 | |
03ae172a AW |
34 | def setup_user_in_request(request): |
35 | """ | |
36 | Examine a request and tack on a request.user parameter if that's | |
37 | appropriate. | |
38 | """ | |
967df5ef JT |
39 | # If API request the user will be associated with the access token |
40 | authorization = decode_authorization_header(request.headers) | |
41 | ||
42 | if authorization.get(u"access_token"): | |
43 | # Check authorization header. | |
44 | token = authorization[u"oauth_token"] | |
45 | token = AccessToken.query.filter_by(token=token).first() | |
46 | if token is not None: | |
47 | request.user = token.user | |
48 | return | |
49 | ||
50 | ||
04453ccf | 51 | if 'user_id' not in request.session: |
03ae172a AW |
52 | request.user = None |
53 | return | |
54 | ||
7c029a1f | 55 | request.user = User.query.get(request.session['user_id']) |
03ae172a | 56 | |
7c029a1f | 57 | if not request.user: |
03ae172a AW |
58 | # Something's wrong... this user doesn't exist? Invalidate |
59 | # this session. | |
cc9f9a1d | 60 | _log.warn("Killing session for user id %r", request.session['user_id']) |
c7424612 | 61 | request.session.delete() |
d41c6a53 | 62 | |
63 | def decode_request(request): | |
64 | """ Decodes a request based on MIME-Type """ | |
d4a21d7e | 65 | data = request.data |
2fdc14a2 | 66 | content_type, _ = parse_options_header(request.content_type) |
967df5ef | 67 | |
2fdc14a2 | 68 | if content_type == json_encoded: |
fa9c0576 | 69 | data = json.loads(six.text_type(data, "utf-8")) |
2fdc14a2 | 70 | elif content_type == form_encoded or content_type == "": |
d41c6a53 | 71 | data = request.form |
72 | else: | |
73 | data = "" | |
74 | return data |