1 # -*- coding: utf-8 -*-
2 # This file is part of Wolnelektury, licensed under GNU Affero GPLv3 or later.
3 # Copyright © Fundacja Nowoczesna Polska. See NOTICE for more information.
6 from oauthlib.oauth1 import RequestValidator
7 from api.models import Consumer, Nonce, Token
10 class PistonRequestValidator(RequestValidator):
11 timestamp_threshold = 300
13 dummy_access_token = '!'
17 # It'd be a little more kosher to use test client with secure=True.
20 # iOS app generates 8-char nonces.
23 # Because Token.key is char(18).
24 request_token_length = 18, 32
25 access_token_length = 18, 32
26 # TODO: oauthlib request-access switch.
28 def check_client_key(self, client_key):
29 """We control the keys anyway."""
32 def get_request_token_secret(self, client_key, token, request):
33 return request.token.secret
35 def get_access_token_secret(self, client_key, token, request):
36 return request.token.secret
38 def get_default_realms(self, client_key, request):
41 def validate_request_token(self, client_key, token, request):
43 token = Token.objects.get(
44 token_type=Token.REQUEST,
45 consumer__key=client_key,
49 except Token.DoesNotExist:
55 def validate_access_token(self, client_key, token, request):
57 token = Token.objects.get(
58 token_type=Token.ACCESS,
59 consumer__key=client_key,
62 except Token.DoesNotExist:
68 def validate_timestamp_and_nonce(self, client_key, timestamp, nonce,
69 request, request_token=None, access_token=None):
70 if abs(time.time() - int(timestamp)) > self.timestamp_threshold:
72 token = request_token or access_token
73 # Yes, this is what Piston did.
77 nonce, created = Nonce.objects.get_or_create(consumer_key=client_key,
82 def validate_client_key(self, client_key, request):
84 request.oauth_consumer = Consumer.objects.get(key=client_key)
85 except Consumer.DoesNotExist:
89 def validate_realms(self, client_key, token, request, uri=None, realms=None):
92 def validate_requested_realms(self, *args, **kwargs):
95 def validate_redirect_uri(self, *args, **kwargs):
98 def validate_verifier(self, client_key, token, verifier, request):
101 def get_client_secret(self, client_key, request):
102 return request.oauth_consumer.secret
104 def save_request_token(self, token, request):
105 Token.objects.create(
106 token_type=Token.REQUEST,
107 timestamp=request.timestamp,
108 key=token['oauth_token'],
109 secret=token['oauth_token_secret'],
110 consumer=request.oauth_consumer,
113 def save_access_token(self, token, request):
114 Token.objects.create(
115 token_type=Token.ACCESS,
116 timestamp=request.timestamp,
117 key=token['oauth_token'],
118 secret=token['oauth_token_secret'],
119 consumer=request.oauth_consumer,
120 user=request.token.user,
123 def verify_request_token(self, token, request):
124 return Token.objects.filter(
125 token_type=Token.REQUEST, key=token, is_approved=False
128 def get_realms(self, *args, **kwargs):
131 def save_verifier(self, token, verifier, request):
132 Token.objects.filter(
133 token_type=Token.REQUEST,
138 user=verifier['user']
141 def get_redirect_uri(self, token, request):
142 return request.redirect_uri
144 def invalidate_request_token(self, client_key, request_token, request):
145 Token.objects.filter(
146 token_type=Token.REQUEST,
148 consumer__key=client_key,