david / django-oauth (http://oauth.net/)
Support of OAuth in Django. Note that http://code.welldev.org/django-oauth-plus will use python-oauth2 if you're interested in it.
| commit 38: | c80b48e63390 |
| parent 37: | cf6929353bd9 |
| branch: | default |
Add a way to restrict signature methods (to avoid plaintext for instance). Thanks Toby White.
11 months ago
Changed (Δ463 bytes):
raw changeset »
oauth_provider/tests.py (9 lines added, 0 lines removed)
oauth_provider/utils.py (7 lines added, 5 lines removed)
Up to file-list oauth_provider/tests.py:
| … | … | @@ -112,6 +112,15 @@ URL hostnames, it must be a list of blac |
112 |
112 |
|
113 |
113 |
OAUTH_BLACKLISTED_HOSTNAMES = ['localhost', '127.0.0.1'] |
114 |
114 |
|
115 |
Default is an empty list. |
|
116 |
||
117 |
The ``OAUTH_SIGNATURE_METHODS`` setting allows you to restrict signatures' |
|
118 |
methods you'd like to use. For example if you don't want plaintext signature:: |
|
119 |
||
120 |
OAUTH_SIGNATURE_METHODS = ['hmac-sha1',] |
|
121 |
||
122 |
Default is ``['plaintext', 'hmac-sha1']``. |
|
123 |
||
115 |
124 |
A complete example is available in ``oauth_examples/provider/`` folder, you |
116 |
125 |
can run tests from this example with this command:: |
117 |
126 |
Up to file-list oauth_provider/utils.py:
| … | … | @@ -6,7 +6,8 @@ from django.http import HttpResponse |
6 |
6 |
|
7 |
7 |
from stores import DataStore |
8 |
8 |
|
9 |
OAUTH_REALM_KEY_NAME = |
|
9 |
OAUTH_REALM_KEY_NAME = getattr(settings, 'OAUTH_REALM_KEY_NAME', '') |
|
10 |
OAUTH_SIGNATURE_METHODS = getattr(settings, 'OAUTH_SIGNATURE_METHODS', ['plaintext', 'hmac-sha1']) |
|
10 |
11 |
|
11 |
12 |
def initialize_server_request(request): |
12 |
13 |
"""Shortcut for initialization.""" |
| … | … | @@ -25,8 +26,10 @@ def initialize_server_request(request): |
25 |
26 |
query_string=request.environ.get('QUERY_STRING', '')) |
26 |
27 |
if oauth_request: |
27 |
28 |
oauth_server = OAuthServer(DataStore(oauth_request)) |
28 |
oauth_server.add_signature_method(OAuthSignatureMethod_PLAINTEXT()) |
|
29 |
oauth_server.add_signature_method(OAuthSignatureMethod_HMAC_SHA1()) |
|
29 |
if 'plaintext' in OAUTH_SIGNATURE_METHODS: |
|
30 |
oauth_server.add_signature_method(OAuthSignatureMethod_PLAINTEXT()) |
|
31 |
if 'hmac-sha1' in OAUTH_SIGNATURE_METHODS: |
|
32 |
oauth_server.add_signature_method(OAuthSignatureMethod_HMAC_SHA1()) |
|
30 |
33 |
else: |
31 |
34 |
oauth_server = None |
32 |
35 |
return oauth_server, oauth_request |
| … | … | @@ -37,8 +40,7 @@ def send_oauth_error(err=None): |
37 |
40 |
response = HttpResponse(err.message.encode('utf-8'), mimetype="text/plain") |
38 |
41 |
response.status_code = 401 |
39 |
42 |
# return the authenticate header |
40 |
realm = getattr(settings, OAUTH_REALM_KEY_NAME, '') |
|
41 |
header = build_authenticate_header(realm=realm) |
|
43 |
header = build_authenticate_header(realm=OAUTH_REALM_KEY_NAME) |
|
42 |
44 |
for k, v in header.iteritems(): |
43 |
45 |
response[k] = v |
44 |
46 |
return response |