X-Git-Url: https://git.mdrn.pl/wolnelektury.git/blobdiff_plain/0e87ae0739ed3e72301b7b718098f97a7f06a5d8..1c5c96529bfa119cad5fef9bcaf260fae0bd305d:/apps/piston/authentication.py diff --git a/apps/piston/authentication.py b/apps/piston/authentication.py index 7d09707cb..19b8e829d 100644 --- a/apps/piston/authentication.py +++ b/apps/piston/authentication.py @@ -26,7 +26,7 @@ class NoAuthentication(object): class HttpBasicAuthentication(object): """ Basic HTTP authenticater. Synopsis: - + Authentication handlers must implement two methods: - `is_authenticated`: Will be called when checking for authentication. Receives a `request` object, please @@ -46,7 +46,7 @@ class HttpBasicAuthentication(object): if not auth_string: return False - + try: (authmeth, auth) = auth_string.split(" ", 1) @@ -57,12 +57,12 @@ class HttpBasicAuthentication(object): (username, password) = auth.split(':', 1) except (ValueError, binascii.Error): return False - + request.user = self.auth_func(username=username, password=password) \ or AnonymousUser() - + return not request.user in (False, None, AnonymousUser()) - + def challenge(self): resp = HttpResponse("Authorization Required") resp['WWW-Authenticate'] = 'Basic realm="%s"' % self.realm @@ -78,7 +78,7 @@ class HttpBasicSimple(HttpBasicAuthentication): self.password = password super(HttpBasicSimple, self).__init__(auth_func=self.hash, realm=realm) - + def hash(self, username, password): if username == self.user.username and password == self.password: return self.user @@ -122,17 +122,17 @@ def initialize_server_request(request): request.META['Authorization'] = request.META.get('HTTP_AUTHORIZATION', '') oauth_request = oauth.OAuthRequest.from_request( - request.method, request.build_absolute_uri(), + request.method, request.build_absolute_uri(), headers=request.META, parameters=params, query_string=request.environ.get('QUERY_STRING', '')) - + if oauth_request: oauth_server = oauth.OAuthServer(oauth_datastore(oauth_request)) oauth_server.add_signature_method(oauth.OAuthSignatureMethod_PLAINTEXT()) oauth_server.add_signature_method(oauth.OAuthSignatureMethod_HMAC_SHA1()) else: oauth_server = None - + return oauth_server, oauth_request def send_oauth_error(err=None): @@ -152,7 +152,7 @@ def send_oauth_error(err=None): def oauth_request_token(request): oauth_server, oauth_request = initialize_server_request(request) - + if oauth_server is None: return INVALID_PARAMS_RESPONSE try: @@ -176,20 +176,20 @@ def oauth_auth_view(request, token, callback, params): @login_required def oauth_user_auth(request): oauth_server, oauth_request = initialize_server_request(request) - + if oauth_request is None: return INVALID_PARAMS_RESPONSE - + try: token = oauth_server.fetch_request_token(oauth_request) except oauth.OAuthError, err: return send_oauth_error(err) - + try: callback = oauth_server.get_callback(oauth_request) except: callback = None - + if request.method == "GET": params = oauth_request.get_normalized_parameters() @@ -207,26 +207,26 @@ def oauth_user_auth(request): else: args = '?error=%s' % 'Access not granted by user.' print "FORM ERROR", form.errors - + if not callback: callback = getattr(settings, 'OAUTH_CALLBACK_VIEW') return get_callable(callback)(request, token) - + response = HttpResponseRedirect(callback+args) - + except oauth.OAuthError, err: response = send_oauth_error(err) else: response = HttpResponse('Action not allowed.') - + return response def oauth_access_token(request): oauth_server, oauth_request = initialize_server_request(request) - + if oauth_request is None: return INVALID_PARAMS_RESPONSE - + try: token = oauth_server.fetch_access_token(oauth_request) return HttpResponse(token.to_string()) @@ -234,7 +234,7 @@ def oauth_access_token(request): return send_oauth_error(err) INVALID_PARAMS_RESPONSE = send_oauth_error(oauth.OAuthError('Invalid request parameters.')) - + class OAuthAuthentication(object): """ OAuth authentication. Based on work by Leah Culver. @@ -242,12 +242,12 @@ class OAuthAuthentication(object): def __init__(self, realm='API'): self.realm = realm self.builder = oauth.build_authenticate_header - + def is_authenticated(self, request): """ Checks whether a means of specifying authentication is provided, and if so, if it is a valid token. - + Read the documentation on `HttpBasicAuthentication` for more information about what goes on here. """ @@ -263,14 +263,14 @@ class OAuthAuthentication(object): request.consumer = consumer request.throttle_extra = token.consumer.id return True - + return False - + def challenge(self): """ Returns a 401 response with a small bit on what OAuth is, and where to learn more about it. - + When this was written, browsers did not understand OAuth authentication on the browser side, and hence the helpful template we render. Maybe some day in the @@ -290,7 +290,7 @@ class OAuthAuthentication(object): response.content = tmpl return response - + @staticmethod def is_valid_request(request): """ @@ -302,14 +302,14 @@ class OAuthAuthentication(object): must_have = [ 'oauth_'+s for s in [ 'consumer_key', 'token', 'signature', 'signature_method', 'timestamp', 'nonce' ] ] - + is_in = lambda l: all([ (p in l) for p in must_have ]) auth_params = request.META.get("HTTP_AUTHORIZATION", "") req_params = request.REQUEST - + return is_in(auth_params) or is_in(req_params) - + @staticmethod def validate_token(request, check_timestamp=True, check_nonce=True): oauth_server, oauth_request = initialize_server_request(request)