david / django-roa / changeset / 668d9e16c459

Up to file-list piston/authentication.py:

@@ -97,9 +97,19 @@ def initialize_server_request(request):
     """
     Shortcut for initialization.
     """
     if request.method == "POST": #and \
 #       request.META['CONTENT_TYPE'] == "application/x-www-form-urlencoded":
         params = dict(request.REQUEST.items())
     else:
         params = { }
     # Seems that we want to put HTTP_AUTHORIZATION into 'Authorization'
     # for oauth.py to understand. Lovely.
     request.META['Authorization'] = request.META.get('HTTP_AUTHORIZATION', '')
     oauth_request = oauth.OAuthRequest.from_request(
         request.method, request.build_absolute_uri(),
-        headers=request.META, parameters=dict(request.REQUEST.items()),
+        headers=request.META, parameters=params,
         query_string=request.environ.get('QUERY_STRING', ''))
     if oauth_request:
@@ -143,8 +153,8 @@ def oauth_request_token(request):
 def oauth_auth_view(request, token, callback, params):
     form = forms.OAuthAuthenticationForm(initial={
         'oauth_token': token.key,
         'oauth_callback': callback,
         })
         'oauth_callback': token.get_callback_url() or callback,
       })
     return render_to_response('piston/authorize_token.html',
             { 'form': form }, RequestContext(request))
@@ -165,7 +175,7 @@ def oauth_user_auth(request):
         callback = oauth_server.get_callback(oauth_request)
     except:
         callback = None
     if request.method == "GET":
         params = oauth_request.get_normalized_parameters()
@@ -182,6 +192,7 @@ def oauth_user_auth(request):
                 args = '?'+token.to_string(only_key=True)
             else:
                 args = '?error=%s' % 'Access not granted by user.'
                 print "FORM ERROR", form.errors
             if not callback:
                 callback = getattr(settings, 'OAUTH_CALLBACK_VIEW')
@@ -235,6 +246,7 @@ class OAuthAuthentication(object):
             if consumer and token:
                 request.user = token.user
                 request.consumer = consumer
                 request.throttle_extra = token.consumer.id
                 return True

Up to file-list piston/doc.py:

@@ -84,7 +84,11 @@ class HandlerDocumentation(object):
     def get_methods(self, include_default=False):
         for method in "read create update delete".split():
-            met = getattr(self.handler, method)
+            met = getattr(self.handler, method, None)
             if not met:
                 continue
             stale = inspect.getmodule(met) is handler
             if not self.handler.is_anonymous:

Up to file-list piston/emitters.py:

@@ -25,6 +25,7 @@ from django.db.models import Model, perm
 from django.utils import simplejson
 from django.utils.xmlutils import SimplerXMLGenerator
 from django.utils.encoding import smart_unicode
 from django.core.urlresolvers import reverse, NoReverseMatch
 from django.core.serializers.json import DateTimeAwareJSONEncoder
 from django.http import HttpResponse
 from django.core import serializers
@@ -41,6 +42,9 @@ try:
 except ImportError:
     import pickle
 # Allow people to change the reverser (default `permalink`).
 reverser = permalink
 class Emitter(object):
     """
     Super emitter. All other emitters should subclass
@@ -48,8 +52,15 @@ class Emitter(object):
     conveniently returns a serialized `dict`. This is
     usually the only method you want to use in your
     emitter. See below for examples.
     `RESERVED_FIELDS` was introduced when better resource
     method detection came, and we accidentially caught these
     as the methods on the handler. Issue58 says that's no good.
     """
     EMITTERS = { }
     RESERVED_FIELDS = set([ 'read', 'update', 'create',
                             'delete', 'model', 'anonymous',
                             'allowed_methods', 'fields', 'exclude' ])
     def __init__(self, payload, typemapper, handler, fields=(), anonymous=True):
         self.typemapper = typemapper
@@ -61,17 +72,18 @@ class Emitter(object):
         if isinstance(self.data, Exception):
             raise
     def method_fields(self, data, fields):
         if not data:
     def method_fields(self, handler, fields):
         if not handler:
             return { }
         has = dir(data)
         ret = dict()
         for field in fields:
             if field in has and callable(field):
                 ret[field] = getattr(data, field)
         for field in fields - Emitter.RESERVED_FIELDS:
             t = getattr(handler, str(field), None)
             if t and callable(t):
                 ret[field] = t
         return ret
     def construct(self):
@@ -107,6 +119,8 @@ class Emitter(object):
                 f = thing.__emittable__
                 if inspect.ismethod(f) and len(inspect.getargspec(f)[0]) == 1:
                     ret = _any(f())
             elif repr(thing).startswith("<django.db.models.fields.related.RelatedManager"):
                 ret = _any(thing.all())
             else:
                 ret = smart_unicode(thing, strings_only=True)
@@ -172,7 +186,7 @@ class Emitter(object):
                     get_fields = set(fields)
                 met_fields = self.method_fields(handler, get_fields)
                 for f in data._meta.local_fields:
                     if f.serialize and not any([ p in met_fields for p in [ f.attname, f.name ]]):
                         if not f.rel:
@@ -239,9 +253,12 @@ class Emitter(object):
             if self.in_typemapper(type(data), self.anonymous):
                 handler = self.in_typemapper(type(data), self.anonymous)
                 if hasattr(handler, 'resource_uri'):
                     url_id, fields = handler.resource_uri()
                     ret['resource_uri'] = permalink( lambda: (url_id,
-                        (getattr(data, f) for f in fields) ) )()
+                    url_id, fields = handler.resource_uri(data)
                     try:
                         ret['resource_uri'] = reverser( lambda: (url_id, fields) )()
                     except NoReverseMatch, e:
                         pass
             if hasattr(data, 'get_api_url') and 'resource_uri' not in ret:
                 try: ret['resource_uri'] = data.get_api_url()

Up to file-list piston/forms.py:

@@ -23,7 +23,7 @@ class ModelForm(forms.ModelForm):
 class OAuthAuthenticationForm(forms.Form):
     oauth_token = forms.CharField(widget=forms.HiddenInput)
-    oauth_callback = forms.CharField(widget=forms.HiddenInput)
+    oauth_callback = forms.CharField(widget=forms.HiddenInput, required=False)
     authorize_access = forms.BooleanField(required=True)
     csrf_signature = forms.CharField(widget=forms.HiddenInput)

Up to file-list piston/handler.py:

 import warnings
 from utils import rc
 from django.core.exceptions import ObjectDoesNotExist, MultipleObjectsReturned
 from django.conf import settings
 typemapper = { }
 handler_tracker = [ ]
@@ -11,9 +14,21 @@ class HandlerMetaClass(type):
     """
     def __new__(cls, name, bases, attrs):
         new_cls = type.__new__(cls, name, bases, attrs)
         def already_registered(model, anon):
             for k, (m, a) in typemapper.iteritems():
                 if model == m and anon == a:
                     return k
         if hasattr(new_cls, 'model'):
             if already_registered(new_cls.model, new_cls.is_anonymous):
                 if not getattr(settings, 'PISTON_IGNORE_DUPE_MODELS', False):
                     warnings.warn("Handler already registered for model %s, "
                         "you may experience inconsistent results." % new_cls.model.__name__)
             typemapper[new_cls] = (new_cls.model, new_cls.is_anonymous)
         else:
             typemapper[new_cls] = (None, new_cls.is_anonymous)
         if name not in ('BaseHandler', 'AnonymousBaseHandler'):
             handler_tracker.append(new_cls)

Up to file-list piston/models.py:

-import urllib
+import urllib, time, urlparse
 # Django imports
 from django.db.models.signals import post_save, post_delete
 from django.db import models
 from django.contrib.auth.models import User
 from django.contrib import admin
 from django.conf import settings
 from django.core.mail import send_mail, mail_admins
 from django.template import loader
 from managers import TokenManager, ConsumerManager, ResourceManager, KEY_SIZE, SECRET_SIZE
 # Piston imports
 from managers import TokenManager, ConsumerManager, ResourceManager
 from signals import consumer_post_save, consumer_post_delete
 KEY_SIZE = 18
 SECRET_SIZE = 32
 VERIFIER_SIZE = 10
 CONSUMER_STATES = (
-    ('pending', 'Pending approval'),
+    ('pending', 'Pending'),
     ('accepted', 'Accepted'),
     ('canceled', 'Canceled'),
     ('rejected', 'Rejected')
+)
 def generate_random(length=SECRET_SIZE):
     return User.objects.make_random_password(length=length)
 class Nonce(models.Model):
     token_key = models.CharField(max_length=KEY_SIZE)
     consumer_key = models.CharField(max_length=KEY_SIZE)
@@ -24,18 +35,6 @@ class Nonce(models.Model):
 admin.site.register(Nonce)
 class Resource(models.Model):
     name = models.CharField(max_length=255)
     url = models.TextField(max_length=2047)
     is_readonly = models.BooleanField(default=True)
     objects = ResourceManager()
     def __unicode__(self):
         return u"Resource %s with url %s" % (self.name, self.url)
 admin.site.register(Resource)
 class Consumer(models.Model):
     name = models.CharField(max_length=255)
     description = models.TextField()
@@ -51,39 +50,26 @@ class Consumer(models.Model):
     def __unicode__(self):
         return u"Consumer %s with key %s" % (self.name, self.key)
     def save(self, **kwargs):
         super(Consumer, self).save(**kwargs)
         if self.id and self.user:
             subject = "API Consumer"
             rcpt = [ self.user.email, ]
     def generate_random_codes(self):
         """
         Used to generate random key/secret pairings. Use this after you've
         added the other data in place of save().
             if self.status == "accepted":
                 template = "api/mails/consumer_accepted.txt"
                 subject += " was accepted!"
             elif self.status == "canceled":
                 template = "api/mails/consumer_canceled.txt"
                 subject += " has been canceled"
             else:
                 template = "api/mails/consumer_pending.txt"
                 subject += " application received"
                 for admin in settings.ADMINS:
                     bcc.append(admin[1])
         c = Consumer()
         c.name = "My consumer"
         c.description = "An app that makes ponies from the API."
         c.user = some_user_object
         c.generate_random_codes()
         """
         key = User.objects.make_random_password(length=KEY_SIZE)
         secret = generate_random(SECRET_SIZE)
             body = loader.render_to_string(template,
                     { 'consumer': self, 'user': self.user })
             send_mail(subject, body, settings.DEFAULT_FROM_EMAIL,
                         rcpt, fail_silently=True)
             if self.status == 'pending':
                 mail_admins(subject, body, fail_silently=True)
             if settings.DEBUG:
                 print "Mail being sent, to=%s" % rcpt
                 print "Subject: %s" % subject
-                print body
+        while Consumer.objects.filter(key__exact=key, secret__exact=secret).count():
             secret = generate_random(SECRET_SIZE)
         self.key = key
         self.secret = secret
         self.save()
 admin.site.register(Consumer)
@@ -94,13 +80,17 @@ class Token(models.Model):
     key = models.CharField(max_length=KEY_SIZE)
     secret = models.CharField(max_length=SECRET_SIZE)
     verifier = models.CharField(max_length=VERIFIER_SIZE)
     token_type = models.IntegerField(choices=TOKEN_TYPES)
-    timestamp = models.IntegerField()
+    timestamp = models.IntegerField(default=long(time.time()))
     is_approved = models.BooleanField(default=False)
     user = models.ForeignKey(User, null=True, blank=True, related_name='tokens')
     consumer = models.ForeignKey(Consumer)
     callback = models.CharField(max_length=255, null=True, blank=True)
     callback_confirmed = models.BooleanField(default=False)
     objects = TokenManager()
     def __unicode__(self):
@@ -109,10 +99,52 @@ class Token(models.Model):
     def to_string(self, only_key=False):
         token_dict = {
             'oauth_token': self.key,
-            'oauth_token_secret': self.secret
+            'oauth_token_secret': self.secret,
             'oauth_callback_confirmed': 'true',
+        }
         if self.verifier:
             token_dict.update({ 'oauth_verifier': self.verifier })
         if only_key:
             del token_dict['oauth_token_secret']
         return urllib.urlencode(token_dict)
     def generate_random_codes(self):
         key = User.objects.make_random_password(length=KEY_SIZE)
         secret = generate_random(SECRET_SIZE)
         while Token.objects.filter(key__exact=key, secret__exact=secret).count():
             secret = generate_random(SECRET_SIZE)
         self.key = key
         self.secret = secret
         self.save()
     # -- OAuth 1.0a stuff
     def get_callback_url(self):
         if self.callback and self.verifier:
             # Append the oauth_verifier.
             parts = urlparse.urlparse(self.callback)
             scheme, netloc, path, params, query, fragment = parts[:6]
             if query:
                 query = '%s&oauth_verifier=%s' % (query, self.verifier)
             else:
                 query = 'oauth_verifier=%s' % self.verifier
             return urlparse.urlunparse((scheme, netloc, path, params,
                 query, fragment))
         return self.callback
     def set_callback(self, callback):
         if callback != "oob": # out of band, says "we can't do this!"
             self.callback = callback
             self.callback_confirmed = True
             self.save()
 admin.site.register(Token)
 # Attach our signals
 post_save.connect(consumer_post_save, sender=Consumer)
 post_delete.connect(consumer_post_delete, sender=Consumer)

Up to file-list piston/oauth.py:

 """
 The MIT License
 Copyright (c) 2007 Leah Culver
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
 in the Software without restriction, including without limitation the rights
 to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 copies of the Software, and to permit persons to whom the Software is
 furnished to do so, subject to the following conditions:
 The above copyright notice and this permission notice shall be included in
 all copies or substantial portions of the Software.
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 THE SOFTWARE.
 """
 import cgi
 import urllib
 import time
 import random
 import urlparse
 import hmac
-import base64
+import binascii
 VERSION = '1.0' # Hi Blaine!
 HTTP_METHOD = 'GET'
 SIGNATURE_METHOD = 'PLAINTEXT'
 # Generic exception class
 class OAuthError(RuntimeError):
     def get_message(self):
         return self._message
     def set_message(self, message):
         self._message = message
     message = property(get_message, set_message)
     """Generic exception class."""
     def __init__(self, message='OAuth error occured.'):
         self.message = message
 # optional WWW-Authenticate header (401 error)
 def build_authenticate_header(realm=''):
-    return { 'WWW-Authenticate': 'OAuth realm="%s"' % realm }
+    """Optional WWW-Authenticate header (401 error)"""
     return {'WWW-Authenticate': 'OAuth realm="%s"' % realm}
 # url escape
 def escape(s):
-    # escape '/' too
+    """Escape a URL including any /."""
     return urllib.quote(s, safe='~')
 # util function: current timestamp
 # seconds since epoch (UTC)
 def _utf8_str(s):
     """Convert unicode to utf-8."""
     if isinstance(s, unicode):
         return s.encode("utf-8")
     else:
         return str(s)
 def generate_timestamp():
     """Get seconds since epoch (UTC)."""
     return int(time.time())
 # util function: nonce
 # pseudorandom number
 def generate_nonce(length=8):
-    return ''.join(str(random.randint(0, 9)) for i in range(length))
+    """Generate pseudorandom number."""
     return ''.join([str(random.randint(0, 9)) for i in range(length)])
 # OAuthConsumer is a data type that represents the identity of the Consumer
 # via its shared secret with the Service Provider.
 def generate_verifier(length=8):
     """Generate pseudorandom number."""
     return ''.join([str(random.randint(0, 9)) for i in range(length)])
 class OAuthConsumer(object):
     """Consumer of OAuth authentication.
     OAuthConsumer is a data type that represents the identity of the Consumer
     via its shared secret with the Service Provider.
     """
     key = None
     secret = None
@@ -52,39 +83,79 @@ class OAuthConsumer(object):
         self.key = key
         self.secret = secret
 # OAuthToken is a data type that represents an End User via either an access
 # or request token.
 class OAuthToken(object):
-    # access tokens and request tokens
+    """OAuthToken is a data type that represents an End User via either an access
     or request token.
     key -- the token
     secret -- the token secret
     """
     key = None
     secret = None
     callback = None
     callback_confirmed = None
     verifier = None
     '''
     key = the token
     secret = the token secret
     '''
     def __init__(self, key, secret):
         self.key = key
         self.secret = secret
     def set_callback(self, callback):
         self.callback = callback
         self.callback_confirmed = 'true'
     def set_verifier(self, verifier=None):
         if verifier is not None:
             self.verifier = verifier
         else:
             self.verifier = generate_verifier()
     def get_callback_url(self):
         if self.callback and self.verifier:
             # Append the oauth_verifier.
             parts = urlparse.urlparse(self.callback)
             scheme, netloc, path, params, query, fragment = parts[:6]
             if query:
                 query = '%s&oauth_verifier=%s' % (query, self.verifier)
             else:
                 query = 'oauth_verifier=%s' % self.verifier
             return urlparse.urlunparse((scheme, netloc, path, params,
                 query, fragment))
         return self.callback
     def to_string(self):
         return urllib.urlencode({'oauth_token': self.key, 'oauth_token_secret': self.secret})
     # return a token from something like:
     # oauth_token_secret=digg&oauth_token=digg
-    @staticmethod
+        data = {
             'oauth_token': self.key,
             'oauth_token_secret': self.secret,
+        }
         if self.callback_confirmed is not None:
             data['oauth_callback_confirmed'] = self.callback_confirmed
         return urllib.urlencode(data)
     def from_string(s):
         """ Returns a token from something like:
         oauth_token_secret=xxx&oauth_token=xxx
         """
         params = cgi.parse_qs(s, keep_blank_values=False)
         key = params['oauth_token'][0]
         secret = params['oauth_token_secret'][0]
-        return OAuthToken(key, secret)
+        token = OAuthToken(key, secret)
         try:
             token.callback_confirmed = params['oauth_callback_confirmed'][0]
         except KeyError:
             pass # 1.0, no callback confirmed.
         return token
     from_string = staticmethod(from_string)
     def __str__(self):
         return self.to_string()
 # OAuthRequest represents the request and can be serialized
 class OAuthRequest(object):
-    '''
+    """OAuthRequest represents the request and can be serialized.
     OAuth parameters:
         - oauth_consumer_key
         - oauth_token
@@ -93,9 +164,10 @@ class OAuthRequest(object):
         - oauth_timestamp
         - oauth_nonce
         - oauth_version
         - oauth_verifier
         ... any additional parameters, as defined by the Service Provider.
     '''
     parameters = None # oauth parameters
     """
     parameters = None # OAuth parameters.
     http_method = HTTP_METHOD
     http_url = None
     version = VERSION
@@ -115,93 +187,107 @@ class OAuthRequest(object):
             raise OAuthError('Parameter not found: %s' % parameter)
     def _get_timestamp_nonce(self):
-        return self.get_parameter('oauth_timestamp'), self.get_parameter('oauth_nonce')
+        return self.get_parameter('oauth_timestamp'), self.get_parameter(
             'oauth_nonce')
     # get any non-oauth parameters
     def get_nonoauth_parameters(self):
         """Get any non-OAuth parameters."""
         parameters = {}
         for k, v in self.parameters.iteritems():
-            # ignore oauth parameters
+            # Ignore oauth parameters.
             if k.find('oauth_') < 0:
                 parameters[k] = v
         return parameters
     # serialize as a header for an HTTPAuth request
     def to_header(self, realm=''):
         """Serialize as a header for an HTTPAuth request."""
         auth_header = 'OAuth realm="%s"' % realm
-        # add the oauth parameters
+        # Add the oauth parameters.
         if self.parameters:
             for k, v in self.parameters.iteritems():
-                auth_header += ', %s="%s"' % (k, escape(str(v)))
+                if k[:6] == 'oauth_':
                     auth_header += ', %s="%s"' % (k, escape(str(v)))
         return {'Authorization': auth_header}
     # serialize as post data for a POST request
     def to_postdata(self):
-        return '&'.join('%s=%s' % (escape(str(k)), escape(str(v))) for k, v in self.parameters.iteritems())
+        """Serialize as post data for a POST request."""
         return '&'.join(['%s=%s' % (escape(str(k)), escape(str(v))) \
             for k, v in self.parameters.iteritems()])
     # serialize as a url for a GET request
     def to_url(self):
         """Serialize as a URL for a GET request."""
         return '%s?%s' % (self.get_normalized_http_url(), self.to_postdata())
     # return a string that consists of all the parameters that need to be signed
     def get_normalized_parameters(self):
         """Return a string that contains the parameters that must be signed."""
         params = self.parameters
         try:
-            # exclude the signature if it exists
+            # Exclude the signature if it exists.
             del params['oauth_signature']
         except:
             pass
         key_values = params.items()
         # sort lexicographically, first after key, then after value
         # Escape key values before sorting.
         key_values = [(escape(_utf8_str(k)), escape(_utf8_str(v))) \
             for k,v in params.items()]
         # Sort lexicographically, first after key, then after value.
         key_values.sort()
         # combine key value pairs in string and escape
         return '&'.join('%s=%s' % (escape(str(k)), escape(str(v))) for k, v in key_values)
         # Combine key value pairs into a string.
         return '&'.join(['%s=%s' % (k, v) for k, v in key_values])
     # just uppercases the http method
     def get_normalized_http_method(self):
         """Uppercases the http method."""
         return self.http_method.upper()
     # parses the url and rebuilds it to be scheme://host/path
     def get_normalized_http_url(self):
         """Parses the URL and rebuilds it to be scheme://host/path."""
         parts = urlparse.urlparse(self.http_url)
         url_string = '%s://%s%s' % (parts[0], parts[1], parts[2]) # scheme, netloc, path
         return url_string
     # set the signature parameter to the result of build_signature
         scheme, netloc, path = parts[:3]
         # Exclude default port numbers.
         if scheme == 'http' and netloc[-3:] == ':80':
             netloc = netloc[:-3]
         elif scheme == 'https' and netloc[-4:] == ':443':
             netloc = netloc[:-4]
         return '%s://%s%s' % (scheme, netloc, path)
     def sign_request(self, signature_method, consumer, token):
         # set the signature method
         self.set_parameter('oauth_signature_method', signature_method.get_name())
         # set the signature
         self.set_parameter('oauth_signature', self.build_signature(signature_method, consumer, token))
         """Set the signature parameter to the result of build_signature."""
         # Set the signature method.
         self.set_parameter('oauth_signature_method',
             signature_method.get_name())
         # Set the signature.
         self.set_parameter('oauth_signature',
             self.build_signature(signature_method, consumer, token))
     def build_signature(self, signature_method, consumer, token):
-        # call the build signature method within the signature method
+        """Calls the build signature method within the signature method."""
         return signature_method.build_signature(self, consumer, token)
     @staticmethod
     def from_request(http_method, http_url, headers=None, parameters=None, query_string=None):
-        # combine multiple parameter sources
+    def from_request(http_method, http_url, headers=None, parameters=None,
             query_string=None):
         """Combines multiple parameter sources."""
         if parameters is None:
             parameters = {}
         # headers
         if headers and 'HTTP_AUTHORIZATION' in headers:
             auth_header = headers['HTTP_AUTHORIZATION']
             # check that the authorization header is OAuth
-            if auth_header.index('OAuth') > -1:
+        # Headers
         if headers and 'Authorization' in headers:
             auth_header = headers['Authorization']
             # Check that the authorization header is OAuth.
             if auth_header[:6] == 'OAuth ':
                 auth_header = auth_header[6:]
                 try:
-                    # get the parameters from the header
+                    # Get the parameters from the header.
                     header_params = OAuthRequest._split_header(auth_header)
                     parameters.update(header_params)
                 except:
-                    raise OAuthError('Unable to parse OAuth parameters from Authorization header.')
+                    raise OAuthError('Unable to parse OAuth parameters from '
                         'Authorization header.')
-        # GET or POST query string
+        # GET or POST query string.
         if query_string:
             query_params = OAuthRequest._split_url_string(query_string)
             parameters.update(query_params)
-        # URL parameters
+        # URL parameters.
         param_str = urlparse.urlparse(http_url)[4] # query
         url_params = OAuthRequest._split_url_string(param_str)
         parameters.update(url_params)
@@ -210,9 +296,11 @@ class OAuthRequest(object):
             return OAuthRequest(http_method, http_url, parameters)
         return None
     from_request = staticmethod(from_request)
     @staticmethod
     def from_consumer_and_token(oauth_consumer, token=None, http_method=HTTP_METHOD, http_url=None, parameters=None):
     def from_consumer_and_token(oauth_consumer, token=None,
             callback=None, verifier=None, http_method=HTTP_METHOD,
             http_url=None, parameters=None):
         if not parameters:
             parameters = {}
@@ -228,50 +316,57 @@ class OAuthRequest(object):
         if token:
             parameters['oauth_token'] = token.key
             parameters['oauth_callback'] = token.callback
             # 1.0a support for verifier.
             parameters['oauth_verifier'] = verifier
         elif callback:
             # 1.0a support for callback in the request token request.
             parameters['oauth_callback'] = callback
         return OAuthRequest(http_method, http_url, parameters)
     from_consumer_and_token = staticmethod(from_consumer_and_token)
     @staticmethod
     def from_token_and_callback(token, callback=None, http_method=HTTP_METHOD, http_url=None, parameters=None):
     def from_token_and_callback(token, callback=None, http_method=HTTP_METHOD,
             http_url=None, parameters=None):
         if not parameters:
             parameters = {}
         parameters['oauth_token'] = token.key
         if callback:
-            parameters['oauth_callback'] = escape(callback)
+            parameters['oauth_callback'] = callback
         return OAuthRequest(http_method, http_url, parameters)
     from_token_and_callback = staticmethod(from_token_and_callback)
     # util function: turn Authorization: header into parameters, has to do some unescaping
     @staticmethod
     def _split_header(header):
         """Turn Authorization: header into parameters."""
         params = {}
         header = header.replace('OAuth ', '', 1)
         parts = header.split(',')
         for param in parts:
-            # ignore realm parameter
+            # Ignore realm parameter.
             if param.find('realm') > -1:
                 continue
-            # remove whitespace
+            # Remove whitespace.
             param = param.strip()
-            # split key-value
+            # Split key-value.
             param_parts = param.split('=', 1)
-            # remove quotes and unescape the value
+            # Remove quotes and unescape the value.
             params[param_parts[0]] = urllib.unquote(param_parts[1].strip('\"'))
         return params
     # util function: turn url string into parameters, has to do some unescaping
-    @staticmethod
+    _split_header = staticmethod(_split_header)
     def _split_url_string(param_str):
         """Turn URL string into parameters."""
         parameters = cgi.parse_qs(param_str, keep_blank_values=False)
         for k, v in parameters.iteritems():
             parameters[k] = urllib.unquote(v[0])
         return parameters
     _split_url_string = staticmethod(_split_url_string)
 # OAuthServer is a worker to check a requests validity against a data store
 class OAuthServer(object):
-    timestamp_threshold = 300 # in seconds, five minutes
+    """A worker to check the validity of a request against a data store."""
     timestamp_threshold = 300 # In seconds, five minutes.
     version = VERSION
     signature_methods = None
     data_store = None
@@ -280,7 +375,7 @@ class OAuthServer(object):
         self.data_store = data_store
         self.signature_methods = signature_methods or {}
-    def set_data_store(self, oauth_data_store):
+    def set_data_store(self, data_store):
         self.data_store = data_store
     def get_data_store(self):
@@ -290,57 +385,64 @@ class OAuthServer(object):
         self.signature_methods[signature_method.get_name()] = signature_method
         return self.signature_methods
     # process a request_token request
     # returns the request token on success
     def fetch_request_token(self, oauth_request):
         """Processes a request_token request and returns the
         request token on success.
         """
         try:
-            # get the request token for authorization
+            # Get the request token for authorization.
             token = self._get_token(oauth_request, 'request')
         except OAuthError:
-            # no token required for the initial token request
+            # No token required for the initial token request.
             version = self._get_version(oauth_request)
             consumer = self._get_consumer(oauth_request)
             try:
                 callback = self.get_callback(oauth_request)
             except OAuthError:
                 callback = None # 1.0, no callback specified.
             self._check_signature(oauth_request, consumer, None)
             # fetch a new token
             token = self.data_store.fetch_request_token(consumer)
             # Fetch a new token.
             token = self.data_store.fetch_request_token(consumer, callback)
         return token
     # process an access_token request
     # returns the access token on success
     def fetch_access_token(self, oauth_request):
         """Processes an access_token request and returns the
         access token on success.
         """
         version = self._get_version(oauth_request)
         consumer = self._get_consumer(oauth_request)
-        # get the request token
+        verifier = self._get_verifier(oauth_request)
         # Get the request token.
         token = self._get_token(oauth_request, 'request')
         self._check_signature(oauth_request, consumer, token)
-        new_token = self.data_store.fetch_access_token(consumer, token)
+        new_token = self.data_store.fetch_access_token(consumer, token, verifier)
         return new_token
     # verify an api call, checks all the parameters
     def verify_request(self, oauth_request):
         """Verifies an api call and checks all the parameters."""
         # -> consumer and token
         version = self._get_version(oauth_request)
         consumer = self._get_consumer(oauth_request)
-        # get the access token
+        # Get the access token.
         token = self._get_token(oauth_request, 'access')
         self._check_signature(oauth_request, consumer, token)
         parameters = oauth_request.get_nonoauth_parameters()
         return consumer, token, parameters
     # authorize a request token
     def authorize_token(self, token, user):
         """Authorize a request token."""
         return self.data_store.authorize_request_token(token, user)
     # get the callback url
     def get_callback(self, oauth_request):
         """Get the callback URL."""
         return oauth_request.get_parameter('oauth_callback')
     # optional support for the authenticate header
     def build_authenticate_header(self, realm=''):
         """Optional support for the authenticate header."""
         return {'WWW-Authenticate': 'OAuth realm="%s"' % realm}
     # verify the correct version request for this server
     def _get_version(self, oauth_request):
         """Verify the correct version request for this server."""
         try:
             version = oauth_request.get_parameter('oauth_version')
         except:
@@ -349,37 +451,40 @@ class OAuthServer(object):
             raise OAuthError('OAuth version %s not supported.' % str(version))
         return version
     # figure out the signature with some defaults
     def _get_signature_method(self, oauth_request):
         """Figure out the signature with some defaults."""
         try:
-            signature_method = oauth_request.get_parameter('oauth_signature_method')
+            signature_method = oauth_request.get_parameter(
                 'oauth_signature_method')
         except:
             signature_method = SIGNATURE_METHOD
         try:
-            # get the signature method object
+            # Get the signature method object.
             signature_method = self.signature_methods[signature_method]
         except:
             signature_method_names = ', '.join(self.signature_methods.keys())
-            raise OAuthError('Signature method %s not supported try one of the following: %s' % (signature_method, signature_method_names))
+            raise OAuthError('Signature method %s not supported try one of the '
                 'following: %s' % (signature_method, signature_method_names))
         return signature_method
     def _get_consumer(self, oauth_request):
         consumer_key = oauth_request.get_parameter('oauth_consumer_key')
         if not consumer_key:
             raise OAuthError('Invalid consumer key.')
         consumer = self.data_store.lookup_consumer(consumer_key)
         if not consumer:
             raise OAuthError('Invalid consumer.')
         return consumer
     # try to find the token for the provided request token key
     def _get_token(self, oauth_request, token_type='access'):
         """Try to find the token for the provided request token key."""
         token_field = oauth_request.get_parameter('oauth_token')
         token = self.data_store.lookup_token(token_type, token_field)
         if not token:
             raise OAuthError('Invalid %s token: %s' % (token_type, token_field))
         return token
     def _get_verifier(self, oauth_request):
         return oauth_request.get_parameter('oauth_verifier')
     def _check_signature(self, oauth_request, consumer, token):
         timestamp, nonce = oauth_request._get_timestamp_nonce()
@@ -390,29 +495,35 @@ class OAuthServer(object):
             signature = oauth_request.get_parameter('oauth_signature')
         except:
             raise OAuthError('Missing signature.')
         # validate the signature
         valid_sig = signature_method.check_signature(oauth_request, consumer, token, signature)
         # Validate the signature.
         valid_sig = signature_method.check_signature(oauth_request, consumer,
             token, signature)
         if not valid_sig:
             key, base = signature_method.build_signature_base_string(oauth_request, consumer, token)
             raise OAuthError('Invalid signature. Expected signature base string: %s' % base)
             key, base = signature_method.build_signature_base_string(
                 oauth_request, consumer, token)
             raise OAuthError('Invalid signature. Expected signature base '
                 'string: %s' % base)
         built = signature_method.build_signature(oauth_request, consumer, token)
     def _check_timestamp(self, timestamp):
-        # verify that timestamp is recentish
+        """Verify that timestamp is recentish."""
         timestamp = int(timestamp)
         now = int(time.time())
         lapsed = now - timestamp
         if lapsed > self.timestamp_threshold:
-            raise OAuthError('Expired timestamp: given %d and now %s has a greater difference than threshold %d' % (timestamp, now, self.timestamp_threshold))
+            raise OAuthError('Expired timestamp: given %d and now %s has a '
                 'greater difference than threshold %d' %
                 (timestamp, now, self.timestamp_threshold))
     def _check_nonce(self, consumer, token, nonce):
-        # verify that the nonce is uniqueish
+        """Verify that the nonce is uniqueish."""
         nonce = self.data_store.lookup_nonce(consumer, token, nonce)
         if nonce:
             raise OAuthError('Nonce already used: %s' % str(nonce))
 # OAuthClient is a worker to attempt to execute a request
 class OAuthClient(object):
     """OAuthClient is a worker to attempt to execute a request."""
     consumer = None
     token = None
@@ -427,62 +538,65 @@ class OAuthClient(object):
         return self.token
     def fetch_request_token(self, oauth_request):
-        # -> OAuthToken
+        """-> OAuthToken."""
         raise NotImplementedError
     def fetch_access_token(self, oauth_request):
-        # -> OAuthToken
+        """-> OAuthToken."""
         raise NotImplementedError
     def access_resource(self, oauth_request):
-        # -> some protected resource
+        """-> Some protected resource."""
         raise NotImplementedError
 # OAuthDataStore is a database abstraction used to lookup consumers and tokens
 class OAuthDataStore(object):
     """A database abstraction used to lookup consumers and tokens."""
     def lookup_consumer(self, key):
-        # -> OAuthConsumer
+        """-> OAuthConsumer."""
         raise NotImplementedError
     def lookup_token(self, oauth_consumer, token_type, token_token):
-        # -> OAuthToken
+        """-> OAuthToken."""
         raise NotImplementedError
     def lookup_nonce(self, oauth_consumer, oauth_token, nonce, timestamp):
         # -> OAuthToken
     def lookup_nonce(self, oauth_consumer, oauth_token, nonce):
         """-> OAuthToken."""
         raise NotImplementedError
     def fetch_request_token(self, oauth_consumer):
         # -> OAuthToken
     def fetch_request_token(self, oauth_consumer, oauth_callback):
         """-> OAuthToken."""
         raise NotImplementedError
     def fetch_access_token(self, oauth_consumer, oauth_token):
         # -> OAuthToken
     def fetch_access_token(self, oauth_consumer, oauth_token, oauth_verifier):
         """-> OAuthToken."""
         raise NotImplementedError
     def authorize_request_token(self, oauth_token, user):
-        # -> OAuthToken
+        """-> OAuthToken."""
         raise NotImplementedError
 # OAuthSignatureMethod is a strategy class that implements a signature method
 class OAuthSignatureMethod(object):
     """A strategy class that implements a signature method."""
     def get_name(self):
-        # -> str
+        """-> str."""
         raise NotImplementedError
     def build_signature_base_string(self, oauth_request, oauth_consumer, oauth_token):
-        # -> str key, str raw
+        """-> str key, str raw."""
         raise NotImplementedError
     def build_signature(self, oauth_request, oauth_consumer, oauth_token):
-        # -> str
+        """-> str."""
         raise NotImplementedError
     def check_signature(self, oauth_request, consumer, token, signature):
         built = self.build_signature(oauth_request, consumer, token)
         return built == signature
 class OAuthSignatureMethod_HMAC_SHA1(OAuthSignatureMethod):
     def get_name(self):
@@ -502,19 +616,21 @@ class OAuthSignatureMethod_HMAC_SHA1(OAu
         return key, raw
     def build_signature(self, oauth_request, consumer, token):
         # build the base signature string
         key, raw = self.build_signature_base_string(oauth_request, consumer, token)
         """Builds the base signature string."""
         key, raw = self.build_signature_base_string(oauth_request, consumer,
             token)
-        # hmac object
+        # HMAC object.
         try:
             import hashlib # 2.5
             hashed = hmac.new(key, raw, hashlib.sha1)
         except:
-            import sha # deprecated
+            import sha # Deprecated
             hashed = hmac.new(key, raw, sha)
         # calculate the digest base 64
         return base64.b64encode(hashed.digest())
         # Calculate the digest base 64.
         return binascii.b2a_base64(hashed.digest())[:-1]
 class OAuthSignatureMethod_PLAINTEXT(OAuthSignatureMethod):
@@ -522,11 +638,13 @@ class OAuthSignatureMethod_PLAINTEXT(OAu
         return 'PLAINTEXT'
     def build_signature_base_string(self, oauth_request, consumer, token):
         # concatenate the consumer key and secret
         sig = escape(consumer.secret) + '&'
         """Concatenates the consumer key and secret."""
         sig = '%s&' % escape(consumer.secret)
         if token:
             sig = sig + escape(token.secret)
-        return sig
+        return sig, sig
     def build_signature(self, oauth_request, consumer, token):
-        return self.build_signature_base_string(oauth_request, consumer, token)
+        key, raw = self.build_signature_base_string(oauth_request, consumer,
             token)
         return key

Up to file-list piston/resource.py:

@@ -7,6 +7,7 @@ from django.views.decorators.vary import
 from django.conf import settings
 from django.core.mail import send_mail, EmailMessage
 from django.db.models.query import QuerySet
 from django.http import Http404
 from emitters import Emitter
 from handler import typemapper
@@ -59,6 +60,26 @@ class Resource(object):
         return em
     @property
     def anonymous(self):
         """
         Gets the anonymous handler. Also tries to grab a class
         if the `anonymous` value is a string, so that we can define
         anonymous handlers that aren't defined yet (like, when
         you're subclassing your basehandler into an anonymous one.)
         """
         if hasattr(self.handler, 'anonymous'):
             anon = self.handler.anonymous
             if callable(anon):
                 return anon
             for klass in typemapper.keys():
                 if anon == klass.__name__:
                     return klass
         return None
     @vary_on_headers('Authorization')
     def __call__(self, request, *args, **kwargs):
         """
@@ -73,11 +94,10 @@ class Resource(object):
             coerce_put_post(request)
         if not self.authentication.is_authenticated(request):
             if hasattr(self.handler, 'anonymous') and \
                 callable(self.handler.anonymous) and \
-                rm in self.handler.anonymous.allowed_methods:
+            if self.anonymous and \
                 rm in self.anonymous.allowed_methods:
-                handler = self.handler.anonymous()
+                handler = self.anonymous()
                 anonymous = True
             else:
                 return self.authentication.challenge()
@@ -113,12 +133,14 @@ class Resource(object):
         try:
             result = meth(request, *args, **kwargs)
         except FormValidationError, e:
             # TODO: Use rc.BAD_REQUEST here
             return HttpResponse("Bad Request: %s" % e.form.errors, status=400)
             resp = rc.BAD_REQUEST
             resp.write(' '+str(e.form.errors))
             return resp
         except TypeError, e:
             result = rc.BAD_REQUEST
             hm = HandlerMethod(meth)
-            sig = hm.get_signature()
+            sig = hm.signature
             msg = 'Method signature does not match.\n\n'
@@ -131,8 +153,9 @@ class Resource(object):
                 msg += '\n\nException was: %s' % str(e)
             result.content = format_error(msg)
         except Http404:
             return rc.NOT_FOUND
         except HttpStatusCode, e:
             #result = e ## why is this being passed on and not just dealt with now?
             return e.response
         except Exception, e:
             """
@@ -177,7 +200,10 @@ class Resource(object):
             if self.stream: stream = srl.stream_render(request)
             else: stream = srl.render(request)
-            resp = HttpResponse(stream, mimetype=ct)
+            if not isinstance(stream, HttpResponse):
                 resp = HttpResponse(stream, mimetype=ct)
             else:
                 resp = stream
             resp.streaming = self.stream

Up to file-list piston/store.py:

 import oauth
 from models import Nonce, Token, Consumer
 from models import generate_random, VERIFIER_SIZE
 class DataStore(oauth.OAuthDataStore):
     """Layer between Python OAuth and Django database."""
@@ -39,17 +40,22 @@ class DataStore(oauth.OAuthDataStore):
         else:
             return nonce.key
-    def fetch_request_token(self, oauth_consumer):
+    def fetch_request_token(self, oauth_consumer, oauth_callback):
         if oauth_consumer.key == self.consumer.key:
             self.request_token = Token.objects.create_token(consumer=self.consumer,
                                                             token_type=Token.REQUEST,
                                                             timestamp=self.timestamp)
             if oauth_callback:
                 self.request_token.set_callback(oauth_callback)
             return self.request_token
         return None
-    def fetch_access_token(self, oauth_consumer, oauth_token):
+    def fetch_access_token(self, oauth_consumer, oauth_token, oauth_verifier):
         if oauth_consumer.key == self.consumer.key \
         and oauth_token.key == self.request_token.key \
         and oauth_verifier == self.request_token.verifier \
         and self.request_token.is_approved:
             self.access_token = Token.objects.create_token(consumer=self.consumer,
                                                            token_type=Token.ACCESS,
@@ -63,6 +69,7 @@ class DataStore(oauth.OAuthDataStore):
             # authorize the request token in the store
             self.request_token.is_approved = True
             self.request_token.user = user
             self.request_token.verifier = generate_random(VERIFIER_SIZE)
             self.request_token.save()
             return self.request_token
         return None

Up to file-list piston/utils.py:

 import time
 from django.http import HttpResponseNotAllowed, HttpResponseForbidden, HttpResponse, HttpResponseBadRequest
 from django.core.urlresolvers import reverse
 from django.core.cache import cache
 from django import get_version as django_version
 from django.core.mail import send_mail, mail_admins
 from django.conf import settings
 from django.utils.translation import ugettext as _
 from django.template import loader, TemplateDoesNotExist
 from django.contrib.sites.models import Site
 from decorator import decorator
 from datetime import datetime, timedelta
-__version__ = '0.2.2'
+__version__ = '0.2.3rc1'
 def get_version():
     return __version__
@@ -27,6 +33,7 @@ class rc_factory(object):
                  NOT_FOUND = ('Not Found', 404),
                  DUPLICATE_ENTRY = ('Conflict/Duplicate', 409),
                  NOT_HERE = ('Gone', 410),
                  INTERNAL_ERROR = ('Internal Error', 500),
                  NOT_IMPLEMENTED = ('Not Implemented', 501),
                  THROTTLED = ('Throttled', 503))
@@ -102,24 +109,20 @@ def throttle(max_requests, timeout=60*60
             """
             ident += ':%s' % extra
             now = datetime.now()
             ts_key = 'throttle:ts:%s' % ident
             timestamp = cache.get(ts_key)
             offset = now + timedelta(seconds=timeout)
             if timestamp and timestamp < offset:
             now = time.time()
             count, expiration = cache.get(ident, (1, None))
             if expiration is None:
                 expiration = now + timeout
             if count >= max_requests and expiration > now:
                 t = rc.THROTTLED
-                wait = timeout - (offset-timestamp).seconds
+                wait = int(expiration - now)
                 t.content = 'Throttled, wait %d seconds.' % wait
+                t['Retry-After'] = wait
                 return t
             count = cache.get(ident, 1)
             cache.set(ident, count+1)
             if count >= max_requests:
                 cache.set(ts_key, offset, timeout)
                 cache.set(ident, 1)
             cache.set(ident, (count+1, expiration), (expiration - now))
         return f(self, request, *args, **kwargs)
     return wrap
@@ -211,15 +214,15 @@ class Mimer(object):
         if not self.is_multipart() and ctype:
             loadee = self.loader_for_type(ctype)
             if loadee:
                 try:
-                    self.request.data = loadee(self.request.raw_post_data)
+            try:
                 self.request.data = loadee(self.request.raw_post_data)
                     # Reset both POST and PUT from request, as its
                     # misleading having their presence around.
                     self.request.POST = self.request.PUT = dict()
                 except (TypeError, ValueError):
-                    raise MimerDataException
+                # Reset both POST and PUT from request, as its
                 # misleading having their presence around.
                 self.request.POST = self.request.PUT = dict()
             except (TypeError, ValueError):
                 # This also catches if loadee is None.
                 raise MimerDataException
         return self.request
@@ -261,3 +264,47 @@ def require_mime(*mimes):
 require_extended = require_mime('json', 'yaml', 'xml', 'pickle')
 def send_consumer_mail(consumer):
     """
     Send a consumer an email depending on what their status is.
     """
     try:
         subject = settings.PISTON_OAUTH_EMAIL_SUBJECTS[consumer.status]
     except AttributeError:
         subject = "Your API Consumer for %s " % Site.objects.get_current().name
         if consumer.status == "accepted":
             subject += "was accepted!"
         elif consumer.status == "canceled":
             subject += "has been canceled."
         elif consumer.status == "rejected":
             subject += "has been rejected."
         else:
             subject += "is awaiting approval."
     template = "piston/mails/consumer_%s.txt" % consumer.status
     try:
         body = loader.render_to_string(template,
             { 'consumer' : consumer, 'user' : consumer.user })
     except TemplateDoesNotExist:
         """
         They haven't set up the templates, which means they might not want
         these emails sent.
         """
         return
     try:
         sender = settings.PISTON_FROM_EMAIL
     except AttributeError:
         sender = settings.DEFAULT_FROM_EMAIL
     send_mail(_(subject), body, sender, [consumer.user.email], fail_silently=True)
     if consumer.status == 'pending' and len(settings.ADMINS):
         mail_admins(_(subject), body, fail_silently=True)
     if settings.DEBUG:
         print "Mail being sent, to=%s" % consumer.user.email
         print "Subject: %s" % _(subject)
         print body

commit 120:	668d9e16c459
parent 119:	7f0bf6ff404a
branch:	default

david / django-roa (http://welldev.org/)