6e3c0c22b29eef2904bd1433a0850685d20e171c
[wolnelektury.git] / src / api / request_validator.py
1 # -*- coding: utf-8 -*-
2 # This file is part of Wolnelektury, licensed under GNU Affero GPLv3 or later.
3 # Copyright © Fundacja Nowoczesna Polska. See NOTICE for more information.
4 #
5 import time
6 from oauthlib.oauth1 import RequestValidator
7 from piston.models import Consumer, Nonce, Token
8
9
10 class PistonRequestValidator(RequestValidator):
11     timestamp_threshold = 300
12
13     dummy_access_token = '!'
14     realms = ['API']
15
16     # Just for the tests.
17     # It'd be a little more kosher to use test client with secure=True.
18     enforce_ssl = False
19
20     # iOS app generates 8-char nonces.
21     nonce_length = 8, 250
22
23     # Because piston.models.Token.key is char(18).
24     access_token_length = 18, 32
25
26     def check_client_key(self, client_key):
27         """We control the keys anyway."""
28         return True
29
30     def get_access_token_secret(self, client_key, token, request):
31         return request.token.secret
32
33     def get_default_realms(self, client_key, request):
34         return ['API']
35
36     def validate_access_token(self, client_key, token, request):
37         try:
38             token = Token.objects.get(
39                 token_type=Token.ACCESS,
40                 consumer__key=client_key,
41                 key=token
42             )
43         except Token.DoesNotExist:
44             return False
45         else:
46             request.token = token
47             return True
48
49     def validate_timestamp_and_nonce(self, client_key, timestamp, nonce,
50                                      request, request_token=None, access_token=None):
51         if abs(time.time() - int(timestamp)) > self.timestamp_threshold:
52             return False
53         token = request_token or access_token
54         # Yes, this is what Piston did.
55         if token is None:
56             return True
57
58         nonce, created = Nonce.objects.get_or_create(consumer_key=client_key,
59                                                      token_key=token,
60                                                      key=nonce)
61         return created
62
63     def validate_client_key(self, client_key, request):
64         try:
65             request.oauth_consumer = Consumer.objects.get(key=client_key)
66         except Consumer.DoesNotExist:
67             return False
68         return True
69
70     def validate_realms(self, client_key, token, request, uri=None, realms=None):
71         return True
72
73     def validate_requested_realms(self, *args, **kwargs):
74         return True
75
76     def validate_redirect_uri(self, *args, **kwargs):
77         return True
78
79     def get_client_secret(self, client_key, request):
80         return request.oauth_consumer.secret
81
82     def save_request_token(self, token, request):
83         Token.objects.create(
84             token_type=Token.REQUEST,
85             timestamp=request.timestamp,
86             key=token['oauth_token'],
87             secret=token['oauth_token_secret'],
88             consumer=request.oauth_consumer,
89         )
90
91     def verify_request_token(self, token, request):
92         return Token.objects.filter(
93             token_type=Token.REQUEST, key=token, is_approved=False
94         ).exists()
95
96     def get_realms(self, *args, **kwargs):
97         return []
98
99     def save_verifier(self, token, verifier, request):
100         Token.objects.filter(
101             token_type=Token.REQUEST,
102             key=token,
103             is_approved=False
104         ).update(
105             is_approved=True,
106             user=verifier['user']
107         )
108
109     def get_redirect_uri(self, token, request):
110         return request.redirect_uri