]> git.openstreetmap.org Git - osqa.git/blob - forum_modules/oauthauth/consumer.py
fix breach in award points that allows user to award infinite points
[osqa.git] / forum_modules / oauthauth / consumer.py
1 import urllib
2 import urllib2
3 import httplib
4 import time
5
6 from forum.settings import APP_URL
7 from forum.authentication.base import AuthenticationConsumer, InvalidAuthentication
8 from django.utils.translation import ugettext as _
9 from django.core.urlresolvers import reverse
10
11 from settings import TWITTER_AUTO_CALLBACK_REDIRECT
12 from lib import oauth2
13
14 class OAuthAbstractAuthConsumer(AuthenticationConsumer):
15
16     def __init__(self, consumer_key, consumer_secret, server_url, request_token_url, access_token_url, authorization_url):
17         self.consumer_secret = consumer_secret
18         self.consumer_key = consumer_key
19
20         self.consumer = oauth2.Consumer(consumer_key, consumer_secret)
21         self.signature_method = oauth2.SignatureMethod_HMAC_SHA1()
22
23         self.server_url = server_url
24         self.request_token_url = request_token_url
25         self.access_token_url = access_token_url
26         self.authorization_url = authorization_url
27
28     def prepare_authentication_request(self, request, redirect_to):
29         request_token = self.fetch_request_token()
30         request.session['unauthed_token'] = request_token.to_string()
31         return self.authorize_token_url(request_token)
32
33     def process_authentication_request(self, request):
34         unauthed_token = request.session.get('unauthed_token', None)
35         if not unauthed_token:
36              raise InvalidAuthentication(_('Error, the oauth token is not on the server'))
37
38         token = oauth2.Token.from_string(unauthed_token)
39
40         if token.key != request.GET.get('oauth_token', 'no-token'):
41             raise InvalidAuthentication(_("Something went wrong! Auth tokens do not match"))
42
43         access_token = self.fetch_access_token(token, request.GET.get('oauth_verifier', '')) 
44
45         return access_token.to_string()
46
47     def get_user_data(self, key):
48         #token = oauth.OAuthToken.from_string(access_token)
49         return {}
50         
51     def fetch_request_token(self):
52         parameters = {}
53         # If the installation is configured to automatically redirect to the Twitter provider done page -- do it.
54         if bool(TWITTER_AUTO_CALLBACK_REDIRECT):
55             callback_url = '%s%s' % (APP_URL, reverse('auth_provider_done', prefix='/', kwargs={'provider' : 'twitter'}))
56             # Pass
57             parameters.update({
58                 'oauth_callback' : callback_url,
59             })
60
61         oauth_request = oauth2.Request.from_consumer_and_token(self.consumer, http_url=self.request_token_url, parameters=parameters)
62         oauth_request.sign_request(self.signature_method, self.consumer, None)
63         params = oauth_request
64         data = urllib.urlencode(params)
65         full_url='%s?%s'%(self.request_token_url, data)
66         response = urllib2.urlopen(full_url)
67         return oauth2.Token.from_string(response.read())
68
69     def authorize_token_url(self, token, callback_url=None):
70         oauth_request = oauth2.Request.from_token_and_callback(token=token,\
71                         callback=callback_url, http_url=self.authorization_url)
72         params = oauth_request
73         data = urllib.urlencode(params)
74         full_url='%s?%s'%(self.authorization_url, data)
75         return full_url
76
77     def fetch_access_token(self, token, oauth_verifier): 
78         oauth_request = oauth2.Request.from_consumer_and_token(self.consumer, token=token, http_url=self.access_token_url)
79         oauth_request['oauth_verifier'] = oauth_verifier 
80         oauth_request.sign_request(self.signature_method, self.consumer, token)
81         params = oauth_request
82         data = urllib.urlencode(params)
83         full_url='%s?%s'%(self.access_token_url, data)
84         response = urllib2.urlopen(full_url)
85         return oauth2.Token.from_string(response.read())
86
87     def fetch_data(self, token, http_url, parameters=None):
88         access_token = oauth2.Token.from_string(token)
89         oauth_request = oauth2.Request.from_consumer_and_token(
90             self.consumer, token=access_token, http_method="GET",
91             http_url=http_url, parameters=parameters,
92         )
93         oauth_request.sign_request(self.signature_method, self.consumer, access_token)
94
95         url = oauth_request.to_url()
96         connection = httplib.HTTPSConnection(self.server_url)
97         connection.request("GET", url)
98
99         return connection.getresponse().read()
100