leezam: changeset 19:7cf81d58a968

--- a/sbin/virtualenv/create_python_env.py	Fri Nov 19 14:29:17 2010 +0100
+++ b/sbin/virtualenv/create_python_env.py	Fri Nov 19 18:12:57 2010 +0100
@@ -49,6 +49,7 @@
 EXTRA_TEXT += "    'DJANGO-EXTENSIONS' : { 'setup': 'django-extensions', 'url':'http://django-command-extensions.googlecode.com/files/django-extensions-0.4.1.tar.gz', 'local':'"+ os.path.abspath(os.path.join(src_base,"django-extensions-0.4.1.tar.gz"))+"' },\n"
 EXTRA_TEXT += "    'DJANGO-REGISTRATION' : { 'setup': 'django-registration', 'url':'http://bitbucket.org/ubernostrum/django-registration/get/tip.tar.gz', 'local':'"+ os.path.abspath(os.path.join(src_base,"django-registration.tar.gz"))+"' },\n"
 EXTRA_TEXT += "    'DJANGO-TAGGING' : { 'setup': 'django-tagging', 'url':'http://django-tagging.googlecode.com/files/django-tagging-0.3.1.tar.gz', 'local':'"+ os.path.abspath(os.path.join(src_base,"django-tagging-0.3.1.tar.gz"))+"' },\n"
+EXTRA_TEXT += "    'DJANGO-OAUTH' : { 'setup': 'django-oauth', 'url':'http://code.welldev.org/django-oauth/get/549a34c81394.gz', 'local':'"+ os.path.abspath(os.path.join(src_base,"django-oauth.gz"))+"' },\n"
 EXTRA_TEXT += "    'LXML' : { 'setup': 'lxml', 'url': '"+ os.path.abspath(os.path.join(src_base,"lxml_2.2.8.tar.gz"))+"', 'local': '"+ os.path.abspath(os.path.join(src_base,"lxml-2.2.8.tar.gz"))+"'},\n"
 EXTRA_TEXT += "}\n"
 
@@ -211,6 +212,7 @@
             ('DJANGO-EXTENSIONS', 'pip', None, None),
             ('DJANGO-REGISTRATION', 'easy_install', '-Z', None),
             ('DJANGO-TAGGING', 'pip', None, None),
+            ('DJANGO-OAUTH', 'pip', None, None),
             ]
             
         if system_str == "Darwin":

Binary file sbin/virtualenv/res/src/django-oauth-plus.gz has changed

Binary file sbin/virtualenv/res/src/django-oauth.gz has changed

--- a/web/ldt/text/tests.py	Fri Nov 19 14:29:17 2010 +0100
+++ b/web/ldt/text/tests.py	Fri Nov 19 18:12:57 2010 +0100
@@ -17,6 +17,16 @@
 from django.test.client import Client
 from ldt.text import VERSION_STR
 from django.db import transaction
+from django.contrib.auth.models import User
+from oauth_provider.models import Resource, Consumer
+import time
+from oauth_provider.models import Token
+from oauth.oauth import OAuthRequest, OAuthSignatureMethod_HMAC_SHA1
+from django.contrib.auth.models import User
+from oauth_provider.models import Resource, Consumer, Token, Nonce
+import time
+from oauth_provider.consts import OUT_OF_BAND
+from oauth.oauth import OAuthRequest, OAuthSignatureMethod_PLAINTEXT, generate_nonce
 
 
 # This test creates an annotation and checks that:
@@ -209,5 +219,135 @@
         
         delete = urllib.urlopen("http://127.0.0.1:8000/api/"+VERSION_STR+"/text/delete/", self.id)
         delete = urllib.urlopen("http://127.0.0.1:8000/api/"+VERSION_STR+"/text/delete/", self.id2)
+
         
-        
\ No newline at end of file
+class OauthTestDelete(unittest.TestCase):
+    def setUp(self):
+        #create a user
+        self.jane = User.objects.create_user('jane', 'jane@example.com', 'toto')
+
+        resource = Resource(name='delete', url='/api/1.0/text/delete/')
+        resource.save()
+
+        self.CONSUMER_KEY = 'dpf43f3p2l4k3l03'
+        self.CONSUMER_SECRET = 'kd94hf93k423kf44'
+        self.consumer = Consumer(key=self.CONSUMER_KEY, secret=self.CONSUMER_SECRET, name='printer.example.com', user=self.jane)
+        self.consumer.save()
+        
+        self.nonce = generate_nonce(8)
+        
+        #auth parameters
+        self.parameters = {
+            'oauth_consumer_key': self.CONSUMER_KEY,
+            'oauth_signature_method': 'PLAINTEXT',
+            'oauth_signature': '%s&' % self.CONSUMER_SECRET,
+            'oauth_timestamp': str(int(time.time())),
+            'oauth_nonce': self.nonce,
+            'oauth_version': '1.0',
+            'oauth_callback': 'http://printer.example.com/request_token_ready',
+            'scope':'delete'
+        }
+        
+        #test client
+        self.c = Client()
+        
+        self.annotation = Annotation(external_id="d2c1d1fa-629d-4520-a3d2-955b4f2582c0",title="titre de l\'annotation",text="texte selectionne lors de la creation de l\'annotation",color="#AAAAAA", creation_date="2010-09-06T12:33:53.417550", update_date="2010-09-06T12:33:53.420459")
+        self.annotation.save()
+        
+    def tearDown(self):
+        Token.objects.all().delete()
+        Resource.objects.all().delete()
+        Consumer.objects.all().delete()
+        Nonce.objects.all().delete()
+        User.objects.all().delete()
+
+        
+    def test_auth_access_delete(self):
+        ## REQUEST TOKEN
+        
+        response = self.c.get("/oauth/request_token/", self.parameters)
+        #self.assertEqual(response.content,"  ")
+        self.assertEqual(response.status_code,200)   
+        token = list(Token.objects.all())[-1]
+        self.assertTrue(token.key in response.content)
+        self.assertTrue(token.secret in response.content)
+        self.assertEqual(token.callback, u'http://printer.example.com/request_token_ready'),
+        self.assertTrue(token.callback_confirmed)
+
+#        token.callback = OUT_OF_BAND
+#        token.save()
+#        
+        ## USER AUTHORIZATION
+        
+        parameters = {
+            'oauth_token': token.key,
+        }
+        
+        response = self.c.get("/oauth/authorize/", parameters)
+        self.assertEqual(response.status_code,302)
+        self.assertTrue(token.key in response['Location'])
+        
+        self.c.login(username='jane', password='toto')
+        
+        response = self.c.get("/oauth/authorize/", parameters)
+        self.assertEqual(response.status_code,200)
+        self.assertEqual(response.content,'Fake authorize view for printer.example.com.')
+    
+#        parameters['authorize_access'] = 0
+#        response = self.c.post("/oauth/authorize/", parameters)
+#        self.assertEqual(response.content, "Fake callback view.")
+        
+        # fake authorization by the user
+        parameters['authorize_access'] = 1
+        response = self.c.post("/oauth/authorize/", parameters)
+        self.assertEqual(response.status_code,302)
+        token = list(Token.objects.all())[-1]
+        self.assertTrue(token.key in response['Location'])
+        self.assertTrue(token.is_approved)
+        
+        ## ACCESS TOKEN
+        
+        parameters = {
+            'oauth_consumer_key': self.CONSUMER_KEY,
+            'oauth_token': token.key,
+            'oauth_signature_method': 'PLAINTEXT',
+            'oauth_signature': '%s&%s' % (self.CONSUMER_SECRET, token.secret),
+            'oauth_timestamp': str(int(time.time())),
+            'oauth_nonce': self.nonce,
+            'oauth_version': '1.0',
+            'oauth_verifier': token.verifier,
+        }
+        response = self.c.get("/oauth/access_token/", parameters)
+        
+        access_token = list(Token.objects.filter(token_type=Token.ACCESS))[-1]
+        self.assertTrue(access_token.key in response.content)
+        self.assertTrue(access_token.secret in response.content)
+        self.assertEqual(access_token.user.username, u'jane')
+        
+        ## ACCESSING PROTECTED VIEW
+        
+        parameters = {
+            'oauth_consumer_key': self.CONSUMER_KEY,
+            'oauth_token': access_token.key,
+            'oauth_signature_method': 'HMAC-SHA1',
+            'oauth_timestamp': str(int(time.time())),
+            'oauth_nonce': self.nonce,
+            'oauth_version': '1.0',
+        }
+        
+        oauth_request = OAuthRequest.from_token_and_callback(access_token, http_url='/api/1.0/text/delete/', parameters=parameters)
+        signature_method = OAuthSignatureMethod_HMAC_SHA1()
+        signature = signature_method.build_signature(oauth_request, self.consumer, access_token)
+
+        parameters['oauth_signature'] = signature
+        #self.assertEqual(signature, "  ")
+        parameters['id'] = 'd2c1d1fa-629d-4520-a3d2-955b4f2582c0'
+        response = self.c.post("/api/1.0/text/delete/", parameters)
+        self.assertEqual(response.content, "  ")
+        self.assertEqual(response.status_code,200)
+        
+        self.c.logout()
+        access_token.delete()
+#/api/1.0/text/delete/
+#/api/1.0/text/update/
+#/api/1.0/text/create/        
\ No newline at end of file

--- a/web/ldt/text/views.py	Fri Nov 19 14:29:17 2010 +0100
+++ b/web/ldt/text/views.py	Fri Nov 19 18:12:57 2010 +0100
@@ -32,6 +32,7 @@
 import tempfile
 import uuid
 from tagging.models import Tag
+from oauth_provider.decorators import * 
 
 ## Filters the annotation depending on the request parameters
 ## Returns an xml containing the resulting annotations
@@ -65,7 +66,7 @@
 
 ## Creates an annotation from a urlencoded xml content
 ## Returns an xml-structured annotation
-#@login_required
+@oauth_required
 @csrf_exempt
 def create_annotation(request):
     cont = request.POST["content"]
@@ -144,7 +145,7 @@
 
 ## Deletes an annotation (from its id)
 ## Returns an empty xml-structured annotation
-#@login_required
+@oauth_required
 @csrf_exempt
 def delete_annotation(request):
     try:
@@ -159,7 +160,7 @@
 
 ## Updates the content of an annotation
 ## Returns the xml-structured updated annotation
-#@login_required
+@oauth_required
 @csrf_exempt
 def update_annotation(request):
     try:

--- a/web/leezam/settings.py	Fri Nov 19 14:29:17 2010 +0100
+++ b/web/leezam/settings.py	Fri Nov 19 18:12:57 2010 +0100
@@ -104,6 +104,10 @@
     os.path.join(os.path.basename(__file__), 'templates'),
 )
 
+FIXTURES_DIRS = (
+    os.path.join(os.path.basename(__file__), 'fixtures'),
+)
+
 INSTALLED_APPS = (
     'jogging',
     'django_extensions',
@@ -114,6 +118,7 @@
     'django.contrib.messages',
     'django.contrib.admin',
     'leezam',
+    'oauth_provider',
     'registration',
     'tagging',
     'ldt',
@@ -137,6 +142,10 @@
 LDT_MAX_SEARCH_NUMBER = 50
 LDT_JSON_DEFAULT_INDENT = 2
 
+OAUTH_AUTHORIZE_VIEW = 'oauth_provider.views.fake_authorize_view'
+OAUTH_CALLBACK_VIEW = 'oauth_provider.views.fake_callback_view'
+
+
 from config import *
 
 LOGIN_URL = BASE_URL + 'leezam/accounts/login/'

--- a/web/leezam/urls.py	Fri Nov 19 14:29:17 2010 +0100
+++ b/web/leezam/urls.py	Fri Nov 19 18:12:57 2010 +0100
@@ -22,6 +22,7 @@
     (r'^user/', include('ldt.user.urls')),
 
     (r'^accounts/', include('registration.backends.simple.urls')),
+    (r'^oauth/', include('oauth_provider.urls')),
     
     (r'^/?$', 'django.views.generic.simple.redirect_to', {'url': 'api/'}),
 )

author	wakimd
	Fri, 19 Nov 2010 18:12:57 +0100
changeset 19	7cf81d58a968
parent 17	683ce4109c28
child 20	20c41a7e2173

sbin/virtualenv/create_python_env.py		file \| annotate \| diff \| comparison \| revisions
sbin/virtualenv/res/src/django-oauth-plus.gz		file \| annotate \| diff \| comparison \| revisions
sbin/virtualenv/res/src/django-oauth.gz		file \| annotate \| diff \| comparison \| revisions
web/ldt/text/tests.py		file \| annotate \| diff \| comparison \| revisions
web/ldt/text/views.py		file \| annotate \| diff \| comparison \| revisions
web/leezam/settings.py		file \| annotate \| diff \| comparison \| revisions
web/leezam/urls.py		file \| annotate \| diff \| comparison \| revisions