david / django-oauth (http://oauth.net/)
Support of OAuth in Django. Note that http://code.welldev.org/django-oauth-plus will use python-oauth2 if you're interested in it.
| commit 29: | 2710c95e00c6 |
| parent 28: | 8579a1562b16 |
| branch: | default |
Steal a more clever way to check if an OAuth request is valid from piston
12 months ago
Changed (Δ744 bytes):
raw changeset »
oauth_provider/consts.py (4 lines added, 0 lines removed)
oauth_provider/decorators.py (10 lines added, 25 lines removed)
Up to file-list oauth_provider/consts.py:
| … | … | @@ -16,3 +16,7 @@ CONSUMER_STATES = ( |
16 |
16 |
(CANCELED, _('Canceled')), |
17 |
17 |
(REJECTED, _('Rejected')), |
18 |
18 |
) |
19 |
||
20 |
PARAMETERS_NAMES = ('consumer_key', 'token', 'signature', |
|
21 |
'signature_method', 'timestamp', 'nonce') |
|
22 |
OAUTH_PARAMETERS_NAMES = ['oauth_'+s for s in PARAMETERS_NAMES] |
Up to file-list oauth_provider/decorators.py:
| … | … | @@ -9,6 +9,7 @@ from django.contrib.auth import REDIRECT |
9 |
9 |
from django.utils.translation import ugettext as _ |
10 |
10 |
|
11 |
11 |
from utils import initialize_server_request, send_oauth_error |
12 |
from consts import OAUTH_PARAMETERS_NAMES |
|
12 |
13 |
|
13 |
14 |
def oauth_required(view_func=None, resource_name=None): |
14 |
15 |
return CheckOAuth(view_func, resource_name) |
| … | … | @@ -48,33 +49,17 @@ class CheckOAuth(object): |
48 |
49 |
|
49 |
50 |
@staticmethod |
50 |
51 |
def is_valid_request(request): |
51 |
# first check the HTTP Authorization header |
|
52 |
# - this is the preferred way to pass parameters, according to the oauth spec. |
|
53 |
try: |
|
54 |
auth_params = request.META["HTTP_AUTHORIZATION"] |
|
55 |
except KeyError: |
|
56 |
in_auth = False |
|
57 |
else: |
|
58 |
in_auth = 'oauth_consumer_key' in auth_params \ |
|
59 |
and 'oauth_token' in auth_params \ |
|
60 |
and 'oauth_signature_method' in auth_params \ |
|
61 |
and 'oauth_signature' in auth_params \ |
|
62 |
and 'oauth_timestamp' in auth_params \ |
|
63 |
and 'oauth_nonce' in auth_params |
|
64 |
||
65 |
# also try the request, which covers POST and GET |
|
66 |
req_params = request.REQUEST |
|
67 |
in_req = 'oauth_consumer_key' in req_params \ |
|
68 |
and 'oauth_token' in req_params \ |
|
69 |
and 'oauth_signature_method' in req_params \ |
|
70 |
and 'oauth_signature' in req_params \ |
|
71 |
and 'oauth_timestamp' in req_params \ |
|
72 |
and 'oauth_nonce' in req_params |
|
73 |
||
74 |
return in_auth or in_req |
|
52 |
""" |
|
53 |
Checks whether the required parameters are either in |
|
54 |
the http-authorization header sent by some clients, |
|
55 |
which is by the way the preferred method according to |
|
56 |
OAuth spec, but otherwise fall back to `GET` and `POST`. |
|
57 |
""" |
|
58 |
is_in = lambda l: all((p in l) for p in OAUTH_PARAMETERS_NAMES) |
|
59 |
auth_params = request.META.get("HTTP_AUTHORIZATION", []) |
|
60 |
return is_in(auth_params) or is_in(request.REQUEST) |
|
75 |
61 |
|
76 |
62 |
@staticmethod |
77 |
63 |
def validate_token(request): |
78 |
64 |
oauth_server, oauth_request = initialize_server_request(request) |
79 |
65 |
return oauth_server.verify_request(oauth_request) |
80 |