src/api/request_validator.py

   1 # -*- coding: utf-8 -*-
   2 # This file is part of Wolnelektury, licensed under GNU Affero GPLv3 or later.
   3 # Copyright © Fundacja Nowoczesna Polska. See NOTICE for more information.
   4 #
   5 from oauthlib.oauth1 import RequestValidator
   6 from piston.models import Consumer, Nonce, Token
   7
   8
   9 class PistonRequestValidator(RequestValidator):
  10     dummy_access_token = '!'
  11     realms = ['API']
  12
  13     # Just for the tests.
  14     # It'd be a little more kosher to use test client with secure=True.
  15     enforce_ssl = False
  16
  17     # iOS app generates 8-char nonces.
  18     nonce_length = 8, 250
  19
  20     # Because piston.models.Token.key is char(18).
  21     access_token_length = 18, 32
  22
  23     def check_client_key(self, client_key):
  24         """We control the keys anyway."""
  25         return True
  26
  27     def get_access_token_secret(self, client_key, token, request):
  28         return request.token.secret
  29
  30     def get_default_realms(self, client_key, request):
  31         return ['API']
  32
  33     def validate_access_token(self, client_key, token, request):
  34         try:
  35             token = Token.objects.get(
  36                 token_type=Token.ACCESS,
  37                 consumer__key=client_key,
  38                 key=token
  39             )
  40         except Token.DoesNotExist:
  41             return False
  42         else:
  43             request.token = token
  44             return True
  45
  46     def validate_timestamp_and_nonce(self, client_key, timestamp, nonce,
  47                                      request, request_token=None, access_token=None):
  48         # TODO: validate the timestamp
  49         token = request_token or access_token
  50         # Yes, this is what Piston did.
  51         if token is None:
  52             return True
  53
  54         nonce, created = Nonce.objects.get_or_create(consumer_key=client_key,
  55                                                      token_key=token,
  56                                                      key=nonce)
  57         return created
  58
  59     def validate_client_key(self, client_key, request):
  60         try:
  61             request.oauth_consumer = Consumer.objects.get(key=client_key)
  62         except Consumer.DoesNotExist:
  63             return False
  64         return True
  65
  66     def validate_realms(self, client_key, token, request, uri=None, realms=None):
  67         return True
  68
  69     def validate_requested_realms(self, *args, **kwargs):
  70         return True
  71
  72     def validate_redirect_uri(self, *args, **kwargs):
  73         return True
  74
  75     def get_client_secret(self, client_key, request):
  76         return request.oauth_consumer.secret
  77
  78     def save_request_token(self, token, request):
  79         Token.objects.create(
  80             token_type=Token.REQUEST,
  81             timestamp=request.timestamp,
  82             key=token['oauth_token'],
  83             secret=token['oauth_token_secret'],
  84             consumer=request.oauth_consumer,
  85         )