3
# Copyright 2014 Canonical Ltd.
5
# This program is free software: you can redistribute it and/or modify it
6
# under the terms of the GNU Affero General Public License version 3, as
7
# published by the Free Software Foundation.
9
# This program is distributed in the hope that it will be useful, but
10
# WITHOUT ANY WARRANTY; without even the implied warranties of
11
# MERCHANTABILITY, SATISFACTORY QUALITY, or FITNESS FOR A PARTICULAR
12
# PURPOSE. See the GNU Affero General Public License for more details.
14
# You should have received a copy of the GNU Affero General Public License
15
# along with this program. If not, see <http://www.gnu.org/licenses/>.
17
from oauthlib.oauth1 import RequestValidator, WebApplicationServer
18
from pyramid.httpexceptions import HTTPForbidden
21
from nfss import database
24
class NFSSRequestValidator(RequestValidator):
26
def __init__(self, database_connection):
28
self._database = database_connection
31
def enforce_ssl(self):
35
def dummy_client(self):
36
return "dummy-client-access-token"
38
def validate_client_key(self, client_key, request):
39
return database.get_auth_client_key_exists(self._database, client_key)
41
def validate_access_token(self, client_key, resource_owner_key, request):
42
return database.get_auth_resource_owner_key_for_client_key(
47
def validate_timestamp_and_nonce(self, client_key, timestamp, nonce,
48
request, request_token=None,
50
token = request_token or access_token
51
if not database.get_auth_nonce_already_used(
68
def validate_realms(self, client_key, token, request, uri=None,
70
# Realms are used so we can split the app into several sections with
71
# different authentications in each. We're not using realms, so we
72
# just return True straight away:
75
def get_client_secret(self, client_key, request):
76
# We don't use the client secret, so this will always return the
80
def get_access_token_secret(self, client_key, owner_key, request):
81
return database.get_auth_resource_owner_secret_for_client_key(
87
def oauth_protected(realms=None):
90
def verify_oauth(request, *args, **kwargs):
91
provider = WebApplicationServer(
96
v, r = provider.validate_protected_resource_request(
98
http_method=request.method,
100
headers=request.headers,
104
return f(request, r, *args, **kwargs)
106
raise HTTPForbidden()