# HG changeset patch # User wakimd # Date 1290186777 -3600 # Node ID 7cf81d58a968d2a13e472b621784dc55350e1f97 # Parent 683ce4109c28e48a4798c78fcde24aa863a86786 oauth start diff -r 683ce4109c28 -r 7cf81d58a968 sbin/virtualenv/create_python_env.py --- a/sbin/virtualenv/create_python_env.py Fri Nov 19 14:29:17 2010 +0100 +++ b/sbin/virtualenv/create_python_env.py Fri Nov 19 18:12:57 2010 +0100 @@ -49,6 +49,7 @@ EXTRA_TEXT += " 'DJANGO-EXTENSIONS' : { 'setup': 'django-extensions', 'url':'http://django-command-extensions.googlecode.com/files/django-extensions-0.4.1.tar.gz', 'local':'"+ os.path.abspath(os.path.join(src_base,"django-extensions-0.4.1.tar.gz"))+"' },\n" EXTRA_TEXT += " 'DJANGO-REGISTRATION' : { 'setup': 'django-registration', 'url':'http://bitbucket.org/ubernostrum/django-registration/get/tip.tar.gz', 'local':'"+ os.path.abspath(os.path.join(src_base,"django-registration.tar.gz"))+"' },\n" EXTRA_TEXT += " 'DJANGO-TAGGING' : { 'setup': 'django-tagging', 'url':'http://django-tagging.googlecode.com/files/django-tagging-0.3.1.tar.gz', 'local':'"+ os.path.abspath(os.path.join(src_base,"django-tagging-0.3.1.tar.gz"))+"' },\n" +EXTRA_TEXT += " 'DJANGO-OAUTH' : { 'setup': 'django-oauth', 'url':'http://code.welldev.org/django-oauth/get/549a34c81394.gz', 'local':'"+ os.path.abspath(os.path.join(src_base,"django-oauth.gz"))+"' },\n" EXTRA_TEXT += " 'LXML' : { 'setup': 'lxml', 'url': '"+ os.path.abspath(os.path.join(src_base,"lxml_2.2.8.tar.gz"))+"', 'local': '"+ os.path.abspath(os.path.join(src_base,"lxml-2.2.8.tar.gz"))+"'},\n" EXTRA_TEXT += "}\n" @@ -211,6 +212,7 @@ ('DJANGO-EXTENSIONS', 'pip', None, None), ('DJANGO-REGISTRATION', 'easy_install', '-Z', None), ('DJANGO-TAGGING', 'pip', None, None), + ('DJANGO-OAUTH', 'pip', None, None), ] if system_str == "Darwin": diff -r 683ce4109c28 -r 7cf81d58a968 sbin/virtualenv/res/src/django-oauth-plus.gz Binary file sbin/virtualenv/res/src/django-oauth-plus.gz has changed diff -r 683ce4109c28 -r 7cf81d58a968 sbin/virtualenv/res/src/django-oauth.gz Binary file sbin/virtualenv/res/src/django-oauth.gz has changed diff -r 683ce4109c28 -r 7cf81d58a968 web/ldt/text/tests.py --- a/web/ldt/text/tests.py Fri Nov 19 14:29:17 2010 +0100 +++ b/web/ldt/text/tests.py Fri Nov 19 18:12:57 2010 +0100 @@ -17,6 +17,16 @@ from django.test.client import Client from ldt.text import VERSION_STR from django.db import transaction +from django.contrib.auth.models import User +from oauth_provider.models import Resource, Consumer +import time +from oauth_provider.models import Token +from oauth.oauth import OAuthRequest, OAuthSignatureMethod_HMAC_SHA1 +from django.contrib.auth.models import User +from oauth_provider.models import Resource, Consumer, Token, Nonce +import time +from oauth_provider.consts import OUT_OF_BAND +from oauth.oauth import OAuthRequest, OAuthSignatureMethod_PLAINTEXT, generate_nonce # This test creates an annotation and checks that: @@ -209,5 +219,135 @@ delete = urllib.urlopen("http://127.0.0.1:8000/api/"+VERSION_STR+"/text/delete/", self.id) delete = urllib.urlopen("http://127.0.0.1:8000/api/"+VERSION_STR+"/text/delete/", self.id2) + - \ No newline at end of file +class OauthTestDelete(unittest.TestCase): + def setUp(self): + #create a user + self.jane = User.objects.create_user('jane', 'jane@example.com', 'toto') + + resource = Resource(name='delete', url='/api/1.0/text/delete/') + resource.save() + + self.CONSUMER_KEY = 'dpf43f3p2l4k3l03' + self.CONSUMER_SECRET = 'kd94hf93k423kf44' + self.consumer = Consumer(key=self.CONSUMER_KEY, secret=self.CONSUMER_SECRET, name='printer.example.com', user=self.jane) + self.consumer.save() + + self.nonce = generate_nonce(8) + + #auth parameters + self.parameters = { + 'oauth_consumer_key': self.CONSUMER_KEY, + 'oauth_signature_method': 'PLAINTEXT', + 'oauth_signature': '%s&' % self.CONSUMER_SECRET, + 'oauth_timestamp': str(int(time.time())), + 'oauth_nonce': self.nonce, + 'oauth_version': '1.0', + 'oauth_callback': 'http://printer.example.com/request_token_ready', + 'scope':'delete' + } + + #test client + self.c = Client() + + self.annotation = Annotation(external_id="d2c1d1fa-629d-4520-a3d2-955b4f2582c0",title="titre de l\'annotation",text="texte selectionne lors de la creation de l\'annotation",color="#AAAAAA", creation_date="2010-09-06T12:33:53.417550", update_date="2010-09-06T12:33:53.420459") + self.annotation.save() + + def tearDown(self): + Token.objects.all().delete() + Resource.objects.all().delete() + Consumer.objects.all().delete() + Nonce.objects.all().delete() + User.objects.all().delete() + + + def test_auth_access_delete(self): + ## REQUEST TOKEN + + response = self.c.get("/oauth/request_token/", self.parameters) + #self.assertEqual(response.content," ") + self.assertEqual(response.status_code,200) + token = list(Token.objects.all())[-1] + self.assertTrue(token.key in response.content) + self.assertTrue(token.secret in response.content) + self.assertEqual(token.callback, u'http://printer.example.com/request_token_ready'), + self.assertTrue(token.callback_confirmed) + +# token.callback = OUT_OF_BAND +# token.save() +# + ## USER AUTHORIZATION + + parameters = { + 'oauth_token': token.key, + } + + response = self.c.get("/oauth/authorize/", parameters) + self.assertEqual(response.status_code,302) + self.assertTrue(token.key in response['Location']) + + self.c.login(username='jane', password='toto') + + response = self.c.get("/oauth/authorize/", parameters) + self.assertEqual(response.status_code,200) + self.assertEqual(response.content,'Fake authorize view for printer.example.com.') + +# parameters['authorize_access'] = 0 +# response = self.c.post("/oauth/authorize/", parameters) +# self.assertEqual(response.content, "Fake callback view.") + + # fake authorization by the user + parameters['authorize_access'] = 1 + response = self.c.post("/oauth/authorize/", parameters) + self.assertEqual(response.status_code,302) + token = list(Token.objects.all())[-1] + self.assertTrue(token.key in response['Location']) + self.assertTrue(token.is_approved) + + ## ACCESS TOKEN + + parameters = { + 'oauth_consumer_key': self.CONSUMER_KEY, + 'oauth_token': token.key, + 'oauth_signature_method': 'PLAINTEXT', + 'oauth_signature': '%s&%s' % (self.CONSUMER_SECRET, token.secret), + 'oauth_timestamp': str(int(time.time())), + 'oauth_nonce': self.nonce, + 'oauth_version': '1.0', + 'oauth_verifier': token.verifier, + } + response = self.c.get("/oauth/access_token/", parameters) + + access_token = list(Token.objects.filter(token_type=Token.ACCESS))[-1] + self.assertTrue(access_token.key in response.content) + self.assertTrue(access_token.secret in response.content) + self.assertEqual(access_token.user.username, u'jane') + + ## ACCESSING PROTECTED VIEW + + parameters = { + 'oauth_consumer_key': self.CONSUMER_KEY, + 'oauth_token': access_token.key, + 'oauth_signature_method': 'HMAC-SHA1', + 'oauth_timestamp': str(int(time.time())), + 'oauth_nonce': self.nonce, + 'oauth_version': '1.0', + } + + oauth_request = OAuthRequest.from_token_and_callback(access_token, http_url='/api/1.0/text/delete/', parameters=parameters) + signature_method = OAuthSignatureMethod_HMAC_SHA1() + signature = signature_method.build_signature(oauth_request, self.consumer, access_token) + + parameters['oauth_signature'] = signature + #self.assertEqual(signature, " ") + parameters['id'] = 'd2c1d1fa-629d-4520-a3d2-955b4f2582c0' + response = self.c.post("/api/1.0/text/delete/", parameters) + self.assertEqual(response.content, " ") + self.assertEqual(response.status_code,200) + + self.c.logout() + access_token.delete() +#/api/1.0/text/delete/ +#/api/1.0/text/update/ +#/api/1.0/text/create/ \ No newline at end of file diff -r 683ce4109c28 -r 7cf81d58a968 web/ldt/text/views.py --- a/web/ldt/text/views.py Fri Nov 19 14:29:17 2010 +0100 +++ b/web/ldt/text/views.py Fri Nov 19 18:12:57 2010 +0100 @@ -32,6 +32,7 @@ import tempfile import uuid from tagging.models import Tag +from oauth_provider.decorators import * ## Filters the annotation depending on the request parameters ## Returns an xml containing the resulting annotations @@ -65,7 +66,7 @@ ## Creates an annotation from a urlencoded xml content ## Returns an xml-structured annotation -#@login_required +@oauth_required @csrf_exempt def create_annotation(request): cont = request.POST["content"] @@ -144,7 +145,7 @@ ## Deletes an annotation (from its id) ## Returns an empty xml-structured annotation -#@login_required +@oauth_required @csrf_exempt def delete_annotation(request): try: @@ -159,7 +160,7 @@ ## Updates the content of an annotation ## Returns the xml-structured updated annotation -#@login_required +@oauth_required @csrf_exempt def update_annotation(request): try: diff -r 683ce4109c28 -r 7cf81d58a968 web/leezam/settings.py --- a/web/leezam/settings.py Fri Nov 19 14:29:17 2010 +0100 +++ b/web/leezam/settings.py Fri Nov 19 18:12:57 2010 +0100 @@ -104,6 +104,10 @@ os.path.join(os.path.basename(__file__), 'templates'), ) +FIXTURES_DIRS = ( + os.path.join(os.path.basename(__file__), 'fixtures'), +) + INSTALLED_APPS = ( 'jogging', 'django_extensions', @@ -114,6 +118,7 @@ 'django.contrib.messages', 'django.contrib.admin', 'leezam', + 'oauth_provider', 'registration', 'tagging', 'ldt', @@ -137,6 +142,10 @@ LDT_MAX_SEARCH_NUMBER = 50 LDT_JSON_DEFAULT_INDENT = 2 +OAUTH_AUTHORIZE_VIEW = 'oauth_provider.views.fake_authorize_view' +OAUTH_CALLBACK_VIEW = 'oauth_provider.views.fake_callback_view' + + from config import * LOGIN_URL = BASE_URL + 'leezam/accounts/login/' diff -r 683ce4109c28 -r 7cf81d58a968 web/leezam/urls.py --- a/web/leezam/urls.py Fri Nov 19 14:29:17 2010 +0100 +++ b/web/leezam/urls.py Fri Nov 19 18:12:57 2010 +0100 @@ -22,6 +22,7 @@ (r'^user/', include('ldt.user.urls')), (r'^accounts/', include('registration.backends.simple.urls')), + (r'^oauth/', include('oauth_provider.urls')), (r'^/?$', 'django.views.generic.simple.redirect_to', {'url': 'api/'}), )