- csrf_signature = forms.CharField(widget=forms.HiddenInput)
-
- def __init__(self, *args, **kwargs):
- forms.Form.__init__(self, *args, **kwargs)
-
- self.fields['csrf_signature'].initial = self.initial_csrf_signature
-
- def clean_csrf_signature(self):
- sig = self.cleaned_data['csrf_signature']
- token = self.cleaned_data['oauth_token']
-
- sig1 = OAuthAuthenticationForm.get_csrf_signature(settings.SECRET_KEY, token)
-
- if sig != sig1:
- raise forms.ValidationError("CSRF signature is not valid")
-
- return sig
-
- def initial_csrf_signature(self):
- token = self.initial['oauth_token']
- return OAuthAuthenticationForm.get_csrf_signature(settings.SECRET_KEY, token)
-
- @staticmethod
- def get_csrf_signature(key, token):
- # Check signature...
- import hashlib # 2.5
- hashed = hmac.new(key, token, hashlib.sha1)
-
- # calculate the digest base 64
- return base64.b64encode(hashed.digest())
-
-
-# The only thing changed in the views below is the form used
-
-
-def oauth_auth_view(request, token, callback, params):
- form = OAuthAuthenticationForm(initial={
- 'oauth_token': token.key,
- 'oauth_callback': callback,
- })
-
- return render_to_response('piston/authorize_token.html',
- {'form': form}, RequestContext(request))