projects / mediagoblin.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch '577_denoise_video_transcoding'
[mediagoblin.git] / mediagoblin / plugins / oauth / __init__.py
1 # GNU MediaGoblin -- federated, autonomous media hosting
2 # Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
3 #
4 # This program is free software: you can redistribute it and/or modify
5 # it under the terms of the GNU Affero General Public License as published by
6 # the Free Software Foundation, either version 3 of the License, or
7 # (at your option) any later version.
8 #
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU Affero General Public License for more details.
13 #
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16
17 import os
18 import logging
19
20 from mediagoblin.tools import pluginapi
21 from mediagoblin.plugins.oauth.models import OAuthToken, OAuthClient, \
22 OAuthUserClient
23 from mediagoblin.plugins.api.tools import Auth
24
25 _log = logging.getLogger(__name__)
26
27 PLUGIN_DIR = os.path.dirname(__file__)
28
29
30 def setup_plugin():
31 config = pluginapi.get_config('mediagoblin.plugins.oauth')
32
33 _log.info('Setting up OAuth...')
34 _log.debug('OAuth config: {0}'.format(config))
35
36 routes = [
37 ('mediagoblin.plugins.oauth.authorize',
38 '/oauth/authorize',
39 'mediagoblin.plugins.oauth.views:authorize'),
40 ('mediagoblin.plugins.oauth.authorize_client',
41 '/oauth/client/authorize',
42 'mediagoblin.plugins.oauth.views:authorize_client'),
43 ('mediagoblin.plugins.oauth.access_token',
44 '/oauth/access_token',
45 'mediagoblin.plugins.oauth.views:access_token'),
46 ('mediagoblin.plugins.oauth.list_connections',
47 '/oauth/client/connections',
48 'mediagoblin.plugins.oauth.views:list_connections'),
49 ('mediagoblin.plugins.oauth.register_client',
50 '/oauth/client/register',
51 'mediagoblin.plugins.oauth.views:register_client'),
52 ('mediagoblin.plugins.oauth.list_clients',
53 '/oauth/client/list',
54 'mediagoblin.plugins.oauth.views:list_clients')]
55
56 pluginapi.register_routes(routes)
57 pluginapi.register_template_path(os.path.join(PLUGIN_DIR, 'templates'))
58
59
60 class OAuthAuth(Auth):
61 def trigger(self, request):
62 if 'access_token' in request.GET:
63 return True
64
65 return False
66
67 def __call__(self, request, *args, **kw):
68 self.errors = []
69 # TODO: Add suport for client credentials authorization
70 client_id = request.GET.get('client_id') # TODO: Not used
71 client_secret = request.GET.get('client_secret') # TODO: Not used
72 access_token = request.GET.get('access_token')
73
74 _log.debug('Authorizing request {0}'.format(request.url))
75
76 if access_token:
77 token = OAuthToken.query.filter(OAuthToken.token == access_token)\
78 .first()
79
80 if not token:
81 self.errors.append('Invalid access token')
82 return False
83
84 _log.debug('Access token: {0}'.format(token))
85 _log.debug('Client: {0}'.format(token.client))
86
87 relation = OAuthUserClient.query.filter(
88 (OAuthUserClient.user == token.user)
89 & (OAuthUserClient.client == token.client)
90 & (OAuthUserClient.state == u'approved')).first()
91
92 _log.debug('Relation: {0}'.format(relation))
93
94 if not relation:
95 self.errors.append(
96 u'Client has not been approved by the resource owner')
97 return False
98
99 request.user = token.user
100 return True
101
102 self.errors.append(u'No access_token specified')
103
104 return False
105
106 hooks = {
107 'setup': setup_plugin,
108 'auth': OAuthAuth()
109 }
Unnamed repository; edit this file 'description' to name the repository.