1 # GNU MediaGoblin -- federated, autonomous media hosting
2 # Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
4 # This program is free software: you can redistribute it and/or modify
5 # it under the terms of the GNU Affero General Public License as published by
6 # the Free Software Foundation, either version 3 of the License, or
7 # (at your option) any later version.
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU Affero General Public License for more details.
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
20 from mediagoblin
.tools
import pluginapi
21 from mediagoblin
.plugins
.oauth
.models
import OAuthToken
, OAuthClient
, \
23 from mediagoblin
.plugins
.api
.tools
import Auth
25 _log
= logging
.getLogger(__name__
)
27 PLUGIN_DIR
= os
.path
.dirname(__file__
)
31 config
= pluginapi
.get_config('mediagoblin.plugins.oauth')
33 _log
.info('Setting up OAuth...')
34 _log
.debug('OAuth config: {0}'.format(config
))
37 ('mediagoblin.plugins.oauth.authorize',
39 'mediagoblin.plugins.oauth.views:authorize'),
40 ('mediagoblin.plugins.oauth.authorize_client',
41 '/oauth/client/authorize',
42 'mediagoblin.plugins.oauth.views:authorize_client'),
43 ('mediagoblin.plugins.oauth.access_token',
44 '/oauth/access_token',
45 'mediagoblin.plugins.oauth.views:access_token'),
46 ('mediagoblin.plugins.oauth.list_connections',
47 '/oauth/client/connections',
48 'mediagoblin.plugins.oauth.views:list_connections'),
49 ('mediagoblin.plugins.oauth.register_client',
50 '/oauth/client/register',
51 'mediagoblin.plugins.oauth.views:register_client'),
52 ('mediagoblin.plugins.oauth.list_clients',
54 'mediagoblin.plugins.oauth.views:list_clients')]
56 pluginapi
.register_routes(routes
)
57 pluginapi
.register_template_path(os
.path
.join(PLUGIN_DIR
, 'templates'))
60 class OAuthAuth(Auth
):
61 def trigger(self
, request
):
62 if 'access_token' in request
.GET
:
67 def __call__(self
, request
, *args
, **kw
):
69 # TODO: Add suport for client credentials authorization
70 client_id
= request
.GET
.get('client_id') # TODO: Not used
71 client_secret
= request
.GET
.get('client_secret') # TODO: Not used
72 access_token
= request
.GET
.get('access_token')
74 _log
.debug('Authorizing request {0}'.format(request
.url
))
77 token
= OAuthToken
.query
.filter(OAuthToken
.token
== access_token
)\
81 self
.errors
.append('Invalid access token')
84 _log
.debug('Access token: {0}'.format(token
))
85 _log
.debug('Client: {0}'.format(token
.client
))
87 relation
= OAuthUserClient
.query
.filter(
88 (OAuthUserClient
.user
== token
.user
)
89 & (OAuthUserClient
.client
== token
.client
)
90 & (OAuthUserClient
.state
== u
'approved')).first()
92 _log
.debug('Relation: {0}'.format(relation
))
96 u
'Client has not been approved by the resource owner')
99 request
.user
= token
.user
102 self
.errors
.append(u
'No access_token specified')
107 'setup': setup_plugin
,