Commit | Line | Data |
---|---|---|
03ae172a | 1 | # GNU MediaGoblin -- federated, autonomous media hosting |
cf29e8a8 | 2 | # Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS. |
03ae172a AW |
3 | # |
4 | # This program is free software: you can redistribute it and/or modify | |
5 | # it under the terms of the GNU Affero General Public License as published by | |
6 | # the Free Software Foundation, either version 3 of the License, or | |
7 | # (at your option) any later version. | |
8 | # | |
9 | # This program is distributed in the hope that it will be useful, | |
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
12 | # GNU Affero General Public License for more details. | |
13 | # | |
14 | # You should have received a copy of the GNU Affero General Public License | |
15 | # along with this program. If not, see <http://www.gnu.org/licenses/>. | |
16 | ||
d41c6a53 | 17 | import json |
cc9f9a1d | 18 | import logging |
967df5ef | 19 | |
2fdc14a2 BS |
20 | from werkzeug.http import parse_options_header |
21 | ||
967df5ef JT |
22 | from mediagoblin.db.models import User, AccessToken |
23 | from mediagoblin.oauth.tools.request import decode_authorization_header | |
03ae172a | 24 | |
cc9f9a1d E |
25 | _log = logging.getLogger(__name__) |
26 | ||
27 | ||
d41c6a53 | 28 | # MIME-Types |
29 | form_encoded = "application/x-www-form-urlencoded" | |
30 | json_encoded = "application/json" | |
31 | ||
2b60a56c | 32 | |
03ae172a AW |
33 | def setup_user_in_request(request): |
34 | """ | |
35 | Examine a request and tack on a request.user parameter if that's | |
36 | appropriate. | |
37 | """ | |
967df5ef JT |
38 | # If API request the user will be associated with the access token |
39 | authorization = decode_authorization_header(request.headers) | |
40 | ||
41 | if authorization.get(u"access_token"): | |
42 | # Check authorization header. | |
43 | token = authorization[u"oauth_token"] | |
44 | token = AccessToken.query.filter_by(token=token).first() | |
45 | if token is not None: | |
46 | request.user = token.user | |
47 | return | |
48 | ||
49 | ||
04453ccf | 50 | if 'user_id' not in request.session: |
03ae172a AW |
51 | request.user = None |
52 | return | |
53 | ||
7c029a1f | 54 | request.user = User.query.get(request.session['user_id']) |
03ae172a | 55 | |
7c029a1f | 56 | if not request.user: |
03ae172a AW |
57 | # Something's wrong... this user doesn't exist? Invalidate |
58 | # this session. | |
cc9f9a1d | 59 | _log.warn("Killing session for user id %r", request.session['user_id']) |
c7424612 | 60 | request.session.delete() |
d41c6a53 | 61 | |
62 | def decode_request(request): | |
63 | """ Decodes a request based on MIME-Type """ | |
d4a21d7e | 64 | data = request.data |
2fdc14a2 | 65 | content_type, _ = parse_options_header(request.content_type) |
967df5ef | 66 | |
2fdc14a2 | 67 | if content_type == json_encoded: |
d41c6a53 | 68 | data = json.loads(data) |
2fdc14a2 | 69 | elif content_type == form_encoded or content_type == "": |
d41c6a53 | 70 | data = request.form |
71 | else: | |
72 | data = "" | |
73 | return data |