X-Git-Url: https://git.mdrn.pl/wolnelektury.git/blobdiff_plain/1434b3dfc0495e885921acb726df6cc06e00c5ed..HEAD:/src/api/request_validator.py

diff --git a/src/api/request_validator.py b/src/api/request_validator.py
index 6e3c0c22b..78834ffa2 100644
--- a/src/api/request_validator.py
+++ b/src/api/request_validator.py
@@ -1,10 +1,9 @@
-# -*- coding: utf-8 -*-
-# This file is part of Wolnelektury, licensed under GNU Affero GPLv3 or later.
-# Copyright Â© Fundacja Nowoczesna Polska. See NOTICE for more information.
+# This file is part of Wolne Lektury, licensed under GNU Affero GPLv3 or later.
+# Copyright Â© Fundacja Wolne Lektury. See NOTICE for more information.
 #
 import time
 from oauthlib.oauth1 import RequestValidator
-from piston.models import Consumer, Nonce, Token
+from api.models import Consumer, Nonce, Token
 
 
 class PistonRequestValidator(RequestValidator):
@@ -20,19 +19,48 @@ class PistonRequestValidator(RequestValidator):
     # iOS app generates 8-char nonces.
     nonce_length = 8, 250
 
-    # Because piston.models.Token.key is char(18).
+    # Because Token.key is char(18).
+    request_token_length = 18, 32
     access_token_length = 18, 32
+    # TODO: oauthlib request-access switch.
 
     def check_client_key(self, client_key):
         """We control the keys anyway."""
         return True
 
-    def get_access_token_secret(self, client_key, token, request):
+    def get_request_token_secret(self, client_key, token, request):
         return request.token.secret
 
+    def get_access_token_secret(self, client_key, token, request):
+        if request.token:
+            return request.token.secret
+        else:
+            try:
+                token = Token.objects.get(
+                    token_type=Token.ACCESS,
+                    consumer__key=client_key,
+                    key=token
+                )
+            except: return None
+            return token.secret
+
     def get_default_realms(self, client_key, request):
         return ['API']
 
+    def validate_request_token(self, client_key, token, request):
+        try:
+            token = Token.objects.get(
+                token_type=Token.REQUEST,
+                consumer__key=client_key,
+                key=token,
+                is_approved=True,
+            )
+        except Token.DoesNotExist:
+            return False
+        else:
+            request.token = token
+            return True
+
     def validate_access_token(self, client_key, token, request):
         try:
             token = Token.objects.get(
@@ -76,6 +104,9 @@ class PistonRequestValidator(RequestValidator):
     def validate_redirect_uri(self, *args, **kwargs):
         return True
 
+    def validate_verifier(self, client_key, token, verifier, request):
+        return True
+
     def get_client_secret(self, client_key, request):
         return request.oauth_consumer.secret
 
@@ -88,6 +119,16 @@ class PistonRequestValidator(RequestValidator):
             consumer=request.oauth_consumer,
         )
 
+    def save_access_token(self, token, request):
+        Token.objects.create(
+            token_type=Token.ACCESS,
+            timestamp=request.timestamp,
+            key=token['oauth_token'],
+            secret=token['oauth_token_secret'],
+            consumer=request.oauth_consumer,
+            user=request.token.user,
+        )
+
     def verify_request_token(self, token, request):
         return Token.objects.filter(
             token_type=Token.REQUEST, key=token, is_approved=False
@@ -108,3 +149,10 @@ class PistonRequestValidator(RequestValidator):
 
     def get_redirect_uri(self, token, request):
         return request.redirect_uri
+
+    def invalidate_request_token(self, client_key, request_token, request):
+        Token.objects.filter(
+            token_type=Token.REQUEST,
+            key=request_token,
+            consumer__key=client_key,
+        )