X-Git-Url: https://git.mdrn.pl/wolnelektury.git/blobdiff_plain/540e76dd8e04d7bab431da696565e826788bd218..86530a9e72f32d28ef1971ac9fa705c85b1bd3b6:/src/api/drf_auth.py diff --git a/src/api/drf_auth.py b/src/api/drf_auth.py index 26018c61e..adee780d3 100644 --- a/src/api/drf_auth.py +++ b/src/api/drf_auth.py @@ -1,20 +1,23 @@ -""" -Transitional code: bridge between Piston's OAuth implementation -and DRF views. -""" -from piston.authentication import OAuthAuthentication +# This file is part of Wolne Lektury, licensed under GNU Affero GPLv3 or later. +# Copyright © Fundacja Wolne Lektury. See NOTICE for more information. +# +from oauthlib.oauth1 import ResourceEndpoint from rest_framework.authentication import BaseAuthentication +from .request_validator import PistonRequestValidator +from .utils import oauthlib_request class PistonOAuthAuthentication(BaseAuthentication): def __init__(self): - self.piston_auth = OAuthAuthentication() + validator = PistonRequestValidator() + self.provider = ResourceEndpoint(validator) def authenticate_header(self, request): return 'OAuth realm="API"' def authenticate(self, request): - if self.piston_auth.is_valid_request(request): - consumer, token, parameters = self.piston_auth.validate_token(request) - if consumer and token: - return token.user, token + v, r = self.provider.validate_protected_resource_request( + **oauthlib_request(request) + ) + if v: + return r.token.user, r.token