mediagoblin/oauth/oauth.py

   1 # GNU MediaGoblin -- federated, autonomous media hosting
   2 # Copyright (C) 2011, 2012 MediaGoblin contributors.  See AUTHORS.
   3 #
   4 # This program is free software: you can redistribute it and/or modify
   5 # it under the terms of the GNU Affero General Public License as published by
   6 # the Free Software Foundation, either version 3 of the License, or
   7 # (at your option) any later version.
   8 #
   9 # This program is distributed in the hope that it will be useful,
  10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12 # GNU Affero General Public License for more details.
  13 #
  14 # You should have received a copy of the GNU Affero General Public License
  15 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
  16 import datetime
  17
  18 from oauthlib.common import Request
  19 from oauthlib.oauth1 import RequestValidator
  20
  21 from mediagoblin.db.models import NonceTimestamp, Client, RequestToken, AccessToken
  22
  23 class GMGRequestValidator(RequestValidator):
  24
  25     enforce_ssl = False
  26
  27     def __init__(self, data=None, *args, **kwargs):
  28         self.POST = data
  29         super(GMGRequestValidator, self).__init__(*args, **kwargs)
  30
  31     def save_request_token(self, token, request):
  32         """ Saves request token in db """
  33         client_id = self.POST[u"oauth_consumer_key"]
  34
  35         request_token = RequestToken(
  36                 token=token["oauth_token"],
  37                 secret=token["oauth_token_secret"],
  38                 )
  39         request_token.client = client_id
  40         if u"oauth_callback" in self.POST:
  41             request_token.callback = self.POST[u"oauth_callback"]
  42         request_token.save()
  43
  44     def save_verifier(self, token, verifier, request):
  45         """ Saves the oauth request verifier """
  46         request_token = RequestToken.query.filter_by(token=token).first()
  47         request_token.verifier = verifier["oauth_verifier"]
  48         request_token.save()
  49
  50     def save_access_token(self, token, request):
  51         """ Saves access token in db """
  52         access_token = AccessToken(
  53                 token=token["oauth_token"],
  54                 secret=token["oauth_token_secret"],
  55         )
  56         access_token.request_token = request.oauth_token
  57         request_token = RequestToken.query.filter_by(token=request.oauth_token).first()
  58         access_token.user = request_token.user
  59         access_token.save()
  60
  61     def get_realms(*args, **kwargs):
  62         """ Currently a stub - called when making AccessTokens """
  63         return list()
  64
  65     def validate_timestamp_and_nonce(self, client_key, timestamp,
  66                                      nonce, request, request_token=None,
  67                                      access_token=None):
  68         # RFC5849 (OAuth 1.0) section 3.3 says the timestamp is going
  69         # to be seconds after the epoch, we need to convert for postgres
  70         try:
  71             timestamp = datetime.datetime.fromtimestamp(float(timestamp))
  72         except ValueError:
  73             # Well, the client must have passed up something ridiculous
  74             return False
  75
  76         nc = NonceTimestamp.query.filter_by(timestamp=timestamp, nonce=nonce)
  77         nc = nc.first()
  78         if nc is None:
  79             return True
  80
  81         return False
  82
  83     def validate_client_key(self, client_key, request):
  84         """ Verifies client exists with id of client_key """
  85         client = Client.query.filter_by(id=client_key).first()
  86         if client is None:
  87             return False
  88
  89         return True
  90
  91     def validate_access_token(self, client_key, token, request):
  92         """ Verifies token exists for client with id of client_key """
  93         client = Client.query.filter_by(id=client_key).first()
  94         token = AccessToken.query.filter_by(token=token)
  95         token = token.first()
  96
  97         if token is None:
  98             return False
  99
 100         request_token = RequestToken.query.filter_by(token=token.request_token)
 101         request_token = request_token.first()
 102
 103         if client.id != request_token.client:
 104             return False
 105
 106         return True
 107
 108     def validate_realms(self, *args, **kwargs):
 109         """ Would validate reals however not using these yet. """
 110         return True # implement when realms are implemented
 111
 112
 113     def get_client_secret(self, client_key, request):
 114         """ Retrives a client secret with from a client with an id of client_key """
 115         client = Client.query.filter_by(id=client_key).first()
 116         return client.secret
 117
 118     def get_access_token_secret(self, client_key, token, request):
 119         access_token = AccessToken.query.filter_by(token=token).first()
 120         return access_token.secret
 121
 122 class GMGRequest(Request):
 123     """
 124         Fills in data to produce a oauth.common.Request object from a
 125         werkzeug Request object
 126     """
 127
 128     def __init__(self, request, *args, **kwargs):
 129         """
 130             :param request: werkzeug request object
 131
 132             any extra params are passed to oauthlib.common.Request object
 133         """
 134         kwargs["uri"] = kwargs.get("uri", request.url)
 135         kwargs["http_method"] = kwargs.get("http_method", request.method)
 136         kwargs["body"] = kwargs.get("body", request.data)
 137         kwargs["headers"] = kwargs.get("headers", dict(request.headers))
 138
 139         super(GMGRequest, self).__init__(*args, **kwargs)