gvsig-scripting / org.gvsig.scripting / trunk / org.gvsig.scripting / org.gvsig.scripting.app / org.gvsig.scripting.app.mainplugin / src / main / resources-plugin / scripting / lib / oauthlib / oauth1 / rfc5849 / endpoints / authorization.py @ 564
History | View | Annotate | Download (6.66 KB)
1 |
# -*- coding: utf-8 -*-
|
---|---|
2 |
"""
|
3 |
oauthlib.oauth1.rfc5849.endpoints.authorization
|
4 |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
5 |
|
6 |
This module is an implementation of various logic needed
|
7 |
for signing and checking OAuth 1.0 RFC 5849 requests.
|
8 |
"""
|
9 |
from __future__ import absolute_import, unicode_literals |
10 |
|
11 |
from oauthlib.common import Request, add_params_to_uri |
12 |
|
13 |
from .base import BaseEndpoint |
14 |
from .. import errors
|
15 |
try:
|
16 |
from urllib import urlencode |
17 |
except ImportError: |
18 |
from urllib.parse import urlencode |
19 |
|
20 |
|
21 |
class AuthorizationEndpoint(BaseEndpoint): |
22 |
|
23 |
"""An endpoint responsible for letting authenticated users authorize access
|
24 |
to their protected resources to a client.
|
25 |
|
26 |
Typical use would be to have two views, one for displaying the authorization
|
27 |
form and one to process said form on submission.
|
28 |
|
29 |
The first view will want to utilize ``get_realms_and_credentials`` to fetch
|
30 |
requested realms and useful client credentials, such as name and
|
31 |
description, to be used when creating the authorization form.
|
32 |
|
33 |
During form processing you can use ``create_authorization_response`` to
|
34 |
validate the request, create a verifier as well as prepare the final
|
35 |
redirection URI used to send the user back to the client.
|
36 |
|
37 |
See :doc:`/oauth1/validator` for details on which validator methods to implement
|
38 |
for this endpoint.
|
39 |
"""
|
40 |
|
41 |
def create_verifier(self, request, credentials): |
42 |
"""Create and save a new request token.
|
43 |
|
44 |
:param request: An oauthlib.common.Request object.
|
45 |
:param credentials: A dict of extra token credentials.
|
46 |
:returns: The verifier as a dict.
|
47 |
"""
|
48 |
verifier = { |
49 |
'oauth_token': request.resource_owner_key,
|
50 |
'oauth_verifier': self.token_generator(), |
51 |
} |
52 |
verifier.update(credentials) |
53 |
self.request_validator.save_verifier(
|
54 |
request.resource_owner_key, verifier, request) |
55 |
return verifier
|
56 |
|
57 |
def create_authorization_response(self, uri, http_method='GET', body=None, |
58 |
headers=None, realms=None, credentials=None): |
59 |
"""Create an authorization response, with a new request token if valid.
|
60 |
|
61 |
:param uri: The full URI of the token request.
|
62 |
:param http_method: A valid HTTP verb, i.e. GET, POST, PUT, HEAD, etc.
|
63 |
:param body: The request body as a string.
|
64 |
:param headers: The request headers as a dict.
|
65 |
:param credentials: A list of credentials to include in the verifier.
|
66 |
:returns: A tuple of 3 elements.
|
67 |
1. A dict of headers to set on the response.
|
68 |
2. The response body as a string.
|
69 |
3. The response status code as an integer.
|
70 |
|
71 |
If the callback URI tied to the current token is "oob", a response with
|
72 |
a 200 status code will be returned. In this case, it may be desirable to
|
73 |
modify the response to better display the verifier to the client.
|
74 |
|
75 |
An example of an authorization request::
|
76 |
|
77 |
>>> from your_validator import your_validator
|
78 |
>>> from oauthlib.oauth1 import AuthorizationEndpoint
|
79 |
>>> endpoint = AuthorizationEndpoint(your_validator)
|
80 |
>>> h, b, s = endpoint.create_authorization_response(
|
81 |
... 'https://your.provider/authorize?oauth_token=...',
|
82 |
... credentials={
|
83 |
... 'extra': 'argument',
|
84 |
... })
|
85 |
>>> h
|
86 |
{'Location': 'https://the.client/callback?oauth_verifier=...&extra=argument'}
|
87 |
>>> b
|
88 |
None
|
89 |
>>> s
|
90 |
302
|
91 |
|
92 |
An example of a request with an "oob" callback::
|
93 |
|
94 |
>>> from your_validator import your_validator
|
95 |
>>> from oauthlib.oauth1 import AuthorizationEndpoint
|
96 |
>>> endpoint = AuthorizationEndpoint(your_validator)
|
97 |
>>> h, b, s = endpoint.create_authorization_response(
|
98 |
... 'https://your.provider/authorize?foo=bar',
|
99 |
... credentials={
|
100 |
... 'extra': 'argument',
|
101 |
... })
|
102 |
>>> h
|
103 |
{'Content-Type': 'application/x-www-form-urlencoded'}
|
104 |
>>> b
|
105 |
'oauth_verifier=...&extra=argument'
|
106 |
>>> s
|
107 |
200
|
108 |
"""
|
109 |
request = self._create_request(uri, http_method=http_method, body=body,
|
110 |
headers=headers) |
111 |
|
112 |
if not request.resource_owner_key: |
113 |
raise errors.InvalidRequestError(
|
114 |
'Missing mandatory parameter oauth_token.')
|
115 |
if not self.request_validator.verify_request_token( |
116 |
request.resource_owner_key, request): |
117 |
raise errors.InvalidClientError()
|
118 |
|
119 |
request.realms = realms |
120 |
if (request.realms and not self.request_validator.verify_realms( |
121 |
request.resource_owner_key, request.realms, request)): |
122 |
raise errors.InvalidRequestError(
|
123 |
description=('User granted access to realms outside of '
|
124 |
'what the client may request.'))
|
125 |
|
126 |
verifier = self.create_verifier(request, credentials or {}) |
127 |
redirect_uri = self.request_validator.get_redirect_uri(
|
128 |
request.resource_owner_key, request) |
129 |
if redirect_uri == 'oob': |
130 |
response_headers = { |
131 |
'Content-Type': 'application/x-www-form-urlencoded'} |
132 |
response_body = urlencode(verifier) |
133 |
return response_headers, response_body, 200 |
134 |
else:
|
135 |
populated_redirect = add_params_to_uri( |
136 |
redirect_uri, verifier.items()) |
137 |
return {'Location': populated_redirect}, None, 302 |
138 |
|
139 |
def get_realms_and_credentials(self, uri, http_method='GET', body=None, |
140 |
headers=None):
|
141 |
"""Fetch realms and credentials for the presented request token.
|
142 |
|
143 |
:param uri: The full URI of the token request.
|
144 |
:param http_method: A valid HTTP verb, i.e. GET, POST, PUT, HEAD, etc.
|
145 |
:param body: The request body as a string.
|
146 |
:param headers: The request headers as a dict.
|
147 |
:returns: A tuple of 2 elements.
|
148 |
1. A list of request realms.
|
149 |
2. A dict of credentials which may be useful in creating the
|
150 |
authorization form.
|
151 |
"""
|
152 |
request = self._create_request(uri, http_method=http_method, body=body,
|
153 |
headers=headers) |
154 |
|
155 |
if not self.request_validator.verify_request_token( |
156 |
request.resource_owner_key, request): |
157 |
raise errors.InvalidClientError()
|
158 |
|
159 |
realms = self.request_validator.get_realms(
|
160 |
request.resource_owner_key, request) |
161 |
return realms, {'resource_owner_key': request.resource_owner_key} |