| 1 | # GNU MediaGoblin -- federated, autonomous media hosting |
| 2 | # Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS. |
| 3 | # |
| 4 | # This program is free software: you can redistribute it and/or modify |
| 5 | # it under the terms of the GNU Affero General Public License as published by |
| 6 | # the Free Software Foundation, either version 3 of the License, or |
| 7 | # (at your option) any later version. |
| 8 | # |
| 9 | # This program is distributed in the hope that it will be useful, |
| 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 12 | # GNU Affero General Public License for more details. |
| 13 | # |
| 14 | # You should have received a copy of the GNU Affero General Public License |
| 15 | # along with this program. If not, see <http://www.gnu.org/licenses/>. |
| 16 | |
| 17 | from oauthlib.common import Request |
| 18 | from oauthlib.oauth1 import RequestValidator |
| 19 | |
| 20 | from mediagoblin.db.models import NonceTimestamp, Client, RequestToken, AccessToken |
| 21 | |
| 22 | |
| 23 | |
| 24 | class GMGRequestValidator(RequestValidator): |
| 25 | |
| 26 | enforce_ssl = False |
| 27 | |
| 28 | def __init__(self, data=None, *args, **kwargs): |
| 29 | self.POST = data |
| 30 | super(GMGRequestValidator, self).__init__(*args, **kwargs) |
| 31 | |
| 32 | def save_request_token(self, token, request): |
| 33 | """ Saves request token in db """ |
| 34 | client_id = self.POST[u"oauth_consumer_key"] |
| 35 | |
| 36 | request_token = RequestToken( |
| 37 | token=token["oauth_token"], |
| 38 | secret=token["oauth_token_secret"], |
| 39 | ) |
| 40 | request_token.client = client_id |
| 41 | if u"oauth_callback" in self.POST: |
| 42 | request_token.callback = self.POST[u"oauth_callback"] |
| 43 | request_token.save() |
| 44 | |
| 45 | def save_verifier(self, token, verifier, request): |
| 46 | """ Saves the oauth request verifier """ |
| 47 | request_token = RequestToken.query.filter_by(token=token).first() |
| 48 | request_token.verifier = verifier["oauth_verifier"] |
| 49 | request_token.save() |
| 50 | |
| 51 | def save_access_token(self, token, request): |
| 52 | """ Saves access token in db """ |
| 53 | access_token = AccessToken( |
| 54 | token=token["oauth_token"], |
| 55 | secret=token["oauth_token_secret"], |
| 56 | ) |
| 57 | access_token.request_token = request.oauth_token |
| 58 | request_token = RequestToken.query.filter_by(token=request.oauth_token).first() |
| 59 | access_token.user = request_token.user |
| 60 | access_token.save() |
| 61 | |
| 62 | def get_realms(*args, **kwargs): |
| 63 | """ Currently a stub - called when making AccessTokens """ |
| 64 | return list() |
| 65 | |
| 66 | def validate_timestamp_and_nonce(self, client_key, timestamp, |
| 67 | nonce, request, request_token=None, |
| 68 | access_token=None): |
| 69 | nc = NonceTimestamp.query.filter_by(timestamp=timestamp, nonce=nonce) |
| 70 | nc = nc.first() |
| 71 | if nc is None: |
| 72 | return True |
| 73 | |
| 74 | return False |
| 75 | |
| 76 | def validate_client_key(self, client_key, request): |
| 77 | """ Verifies client exists with id of client_key """ |
| 78 | client = Client.query.filter_by(id=client_key).first() |
| 79 | if client is None: |
| 80 | return False |
| 81 | |
| 82 | return True |
| 83 | |
| 84 | def validate_access_token(self, client_key, token, request): |
| 85 | """ Verifies token exists for client with id of client_key """ |
| 86 | client = Client.query.filter_by(id=client_key).first() |
| 87 | token = AccessToken.query.filter_by(token=token) |
| 88 | token = token.first() |
| 89 | |
| 90 | if token is None: |
| 91 | return False |
| 92 | |
| 93 | request_token = RequestToken.query.filter_by(token=token.request_token) |
| 94 | request_token = request_token.first() |
| 95 | |
| 96 | if client.id != request_token.client: |
| 97 | return False |
| 98 | |
| 99 | return True |
| 100 | |
| 101 | def validate_realms(self, *args, **kwargs): |
| 102 | """ Would validate reals however not using these yet. """ |
| 103 | return True # implement when realms are implemented |
| 104 | |
| 105 | |
| 106 | def get_client_secret(self, client_key, request): |
| 107 | """ Retrives a client secret with from a client with an id of client_key """ |
| 108 | client = Client.query.filter_by(id=client_key).first() |
| 109 | return client.secret |
| 110 | |
| 111 | def get_access_token_secret(self, client_key, token, request): |
| 112 | access_token = AccessToken.query.filter_by(token=token).first() |
| 113 | return access_token.secret |
| 114 | |
| 115 | class GMGRequest(Request): |
| 116 | """ |
| 117 | Fills in data to produce a oauth.common.Request object from a |
| 118 | werkzeug Request object |
| 119 | """ |
| 120 | |
| 121 | def __init__(self, request, *args, **kwargs): |
| 122 | """ |
| 123 | :param request: werkzeug request object |
| 124 | |
| 125 | any extra params are passed to oauthlib.common.Request object |
| 126 | """ |
| 127 | kwargs["uri"] = kwargs.get("uri", request.url) |
| 128 | kwargs["http_method"] = kwargs.get("http_method", request.method) |
| 129 | kwargs["body"] = kwargs.get("body", request.get_data()) |
| 130 | kwargs["headers"] = kwargs.get("headers", dict(request.headers)) |
| 131 | |
| 132 | super(GMGRequest, self).__init__(*args, **kwargs) |