X-Git-Url: https://git.mdrn.pl/wolnelektury.git/blobdiff_plain/24f677a3979ba3f1bdfe420c03ad5e3f8b0398c2..26ae84cfef946f135a2b2ea91e6af4dd05048750:/src/api/drf_auth.py?ds=sidebyside diff --git a/src/api/drf_auth.py b/src/api/drf_auth.py index 26018c61e..813d9298e 100644 --- a/src/api/drf_auth.py +++ b/src/api/drf_auth.py @@ -1,20 +1,28 @@ -""" -Transitional code: bridge between Piston's OAuth implementation -and DRF views. -""" -from piston.authentication import OAuthAuthentication -from rest_framework.authentication import BaseAuthentication +# This file is part of Wolne Lektury, licensed under GNU Affero GPLv3 or later. +# Copyright © Fundacja Wolne Lektury. See NOTICE for more information. +# +from oauthlib.oauth1 import ResourceEndpoint +from rest_framework.authentication import BaseAuthentication, TokenAuthentication +from .request_validator import PistonRequestValidator +from .utils import oauthlib_request +from .models import Token class PistonOAuthAuthentication(BaseAuthentication): def __init__(self): - self.piston_auth = OAuthAuthentication() + validator = PistonRequestValidator() + self.provider = ResourceEndpoint(validator) def authenticate_header(self, request): return 'OAuth realm="API"' def authenticate(self, request): - if self.piston_auth.is_valid_request(request): - consumer, token, parameters = self.piston_auth.validate_token(request) - if consumer and token: - return token.user, token + v, r = self.provider.validate_protected_resource_request( + **oauthlib_request(request) + ) + if v: + return r.token.user, r.token + + +class WLTokenAuthentication(TokenAuthentication): + model = Token