0001-misc-move-some-util-functions-in-a-utils.py-file-168.patch
| fargo/oauth2/utils.py | ||
|---|---|---|
| 1 |
import cgi |
|
| 2 |
import base64 |
|
| 3 |
from urllib import unquote |
|
| 4 | ||
| 5 |
from .models import OAuth2Authorize, OAuth2Client |
|
| 6 | ||
| 7 | ||
| 8 |
def authenticate_bearer(request): |
|
| 9 |
authorization = request.META.get('HTTP_AUTHORIZATION')
|
|
| 10 |
if not authorization: |
|
| 11 |
return False |
|
| 12 |
splitted = authorization.split() |
|
| 13 |
if len(splitted) < 2: |
|
| 14 |
return False |
|
| 15 |
if splitted[0] != 'Bearer': |
|
| 16 |
return False |
|
| 17 |
token = splitted[1] |
|
| 18 |
try: |
|
| 19 |
return OAuth2Authorize.objects.get(access_token=token) |
|
| 20 |
except OAuth2Authorize.DoesNotExist: |
|
| 21 |
return False |
|
| 22 | ||
| 23 | ||
| 24 |
def authenticate_client(request, client=False): |
|
| 25 |
'''Authenticate client on the token endpoint''' |
|
| 26 | ||
| 27 |
if 'HTTP_AUTHORIZATION' in request.META: |
|
| 28 |
authorization = request.META['HTTP_AUTHORIZATION'].split() |
|
| 29 |
if authorization[0] != 'Basic' or len(authorization) != 2: |
|
| 30 |
return False |
|
| 31 |
try: |
|
| 32 |
decoded = base64.b64decode(authorization[1]) |
|
| 33 |
except TypeError: |
|
| 34 |
return False |
|
| 35 |
parts = decoded.split(':')
|
|
| 36 |
if len(parts) != 2: |
|
| 37 |
return False |
|
| 38 |
client_id, client_secret = parts |
|
| 39 |
elif 'client_id' in request.POST: |
|
| 40 |
client_id = request.POST['client_id'] |
|
| 41 |
client_secret = request.POST.get('client_secret', '')
|
|
| 42 |
else: |
|
| 43 |
return False |
|
| 44 |
if not client: |
|
| 45 |
try: |
|
| 46 |
client = OAuth2Client.objects.get(client_id=client_id) |
|
| 47 |
except OAuth2Client.DoesNotExist: |
|
| 48 |
return False |
|
| 49 |
if client.client_secret != client_secret: |
|
| 50 |
return False |
|
| 51 |
return client |
|
| 52 | ||
| 53 | ||
| 54 |
def get_content_disposition_value(request): |
|
| 55 |
if 'HTTP_CONTENT_DISPOSITION' not in request.META: |
|
| 56 |
return None, 'missing content-disposition header' |
|
| 57 |
content_header = request.META['HTTP_CONTENT_DISPOSITION'] |
|
| 58 |
disposition_type, filename = cgi.parse_header(content_header) |
|
| 59 |
if disposition_type != 'attachement': |
|
| 60 |
return None, 'wrong disposition type: attachement excpected' |
|
| 61 |
if 'filename*' in filename: |
|
| 62 |
encode, country, name = filename['filename*'].split("'")
|
|
| 63 | ||
| 64 |
# check accepted charset from rfc 5987 |
|
| 65 |
if encode == 'UTF-8': |
|
| 66 |
return unquote(name.decode('utf8')), None
|
|
| 67 |
elif encode == 'ISO-8859-1': |
|
| 68 |
return unquote(name.decode('iso-8859-1')), None
|
|
| 69 |
else: |
|
| 70 |
return None, 'unknown encoding: UTF-8 or ISO-8859-1 allowed' |
|
| 71 |
elif 'filename' in filename: |
|
| 72 |
return filename['filename'], None |
|
| 73 |
else: |
|
| 74 |
# no filename in header |
|
| 75 |
return None, 'missing filename(*) parameter in header' |
|
| fargo/oauth2/views.py | ||
|---|---|---|
| 14 | 14 |
# You should have received a copy of the GNU Affero General Public License |
| 15 | 15 |
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
| 16 | 16 | |
| 17 |
import cgi |
|
| 18 |
import base64 |
|
| 19 | 17 |
import urllib |
| 20 |
from urllib import quote, unquote
|
|
| 18 |
from urllib import quote |
|
| 21 | 19 | |
| 22 | 20 |
from django.core.files.base import ContentFile |
| 23 | 21 |
from django.core.urlresolvers import reverse |
| ... | ... | |
| 28 | 26 | |
| 29 | 27 |
from .forms import OAuth2AuthorizeForm |
| 30 | 28 |
from .models import OAuth2Authorize, OAuth2Client, OAuth2TempFile |
| 29 |
from .utils import authenticate_bearer, authenticate_client, get_content_disposition_value |
|
| 31 | 30 | |
| 32 | 31 |
from fargo.fargo.models import UserDocument, Document |
| 33 | 32 | |
| ... | ... | |
| 140 | 139 |
return response |
| 141 | 140 | |
| 142 | 141 | |
| 143 |
def authenticate_bearer(request): |
|
| 144 |
authorization = request.META.get('HTTP_AUTHORIZATION')
|
|
| 145 |
if not authorization: |
|
| 146 |
return False |
|
| 147 |
splitted = authorization.split() |
|
| 148 |
if len(splitted) < 2: |
|
| 149 |
return False |
|
| 150 |
if splitted[0] != 'Bearer': |
|
| 151 |
return False |
|
| 152 |
token = splitted[1] |
|
| 153 |
try: |
|
| 154 |
return OAuth2Authorize.objects.get(access_token=token) |
|
| 155 |
except OAuth2Authorize.DoesNotExist: |
|
| 156 |
return False |
|
| 157 | ||
| 158 | ||
| 159 |
def authenticate_client(request, client=False): |
|
| 160 |
'''Authenticate client on the token endpoint''' |
|
| 161 | ||
| 162 |
if 'HTTP_AUTHORIZATION' in request.META: |
|
| 163 |
authorization = request.META['HTTP_AUTHORIZATION'].split() |
|
| 164 |
if authorization[0] != 'Basic' or len(authorization) != 2: |
|
| 165 |
return False |
|
| 166 |
try: |
|
| 167 |
decoded = base64.b64decode(authorization[1]) |
|
| 168 |
except TypeError: |
|
| 169 |
return False |
|
| 170 |
parts = decoded.split(':')
|
|
| 171 |
if len(parts) != 2: |
|
| 172 |
return False |
|
| 173 |
client_id, client_secret = parts |
|
| 174 |
elif 'client_id' in request.POST: |
|
| 175 |
client_id = request.POST['client_id'] |
|
| 176 |
client_secret = request.POST.get('client_secret', '')
|
|
| 177 |
else: |
|
| 178 |
return False |
|
| 179 |
if not client: |
|
| 180 |
try: |
|
| 181 |
client = OAuth2Client.objects.get(client_id=client_id) |
|
| 182 |
except OAuth2Client.DoesNotExist: |
|
| 183 |
return False |
|
| 184 |
if client.client_secret != client_secret: |
|
| 185 |
return False |
|
| 186 |
return client |
|
| 187 | ||
| 188 | ||
| 189 |
def get_content_disposition_value(request): |
|
| 190 |
if 'HTTP_CONTENT_DISPOSITION' not in request.META: |
|
| 191 |
return None, 'missing content-disposition header' |
|
| 192 |
content_header = request.META['HTTP_CONTENT_DISPOSITION'] |
|
| 193 |
disposition_type, filename = cgi.parse_header(content_header) |
|
| 194 |
if disposition_type != 'attachement': |
|
| 195 |
return None, 'wrong disposition type: attachement excpected' |
|
| 196 |
if 'filename*' in filename: |
|
| 197 |
encode, country, name = filename['filename*'].split("'")
|
|
| 198 | ||
| 199 |
# check accepted charset from rfc 5987 |
|
| 200 |
if encode == 'UTF-8': |
|
| 201 |
return unquote(name.decode('utf8')), None
|
|
| 202 |
elif encode == 'ISO-8859-1': |
|
| 203 |
return unquote(name.decode('iso-8859-1')), None
|
|
| 204 |
else: |
|
| 205 |
return None, 'unknown encoding: UTF-8 or ISO-8859-1 allowed' |
|
| 206 |
elif 'filename' in filename: |
|
| 207 |
return filename['filename'], None |
|
| 208 |
else: |
|
| 209 |
# no filename in header |
|
| 210 |
return None, 'missing filename(*) parameter in header' |
|
| 211 | ||
| 212 | ||
| 213 | 142 |
@csrf_exempt |
| 214 | 143 |
def put_document(request): |
| 215 | 144 |
client = authenticate_client(request) |
| 216 |
- |
|